Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

E090 RA040 I/O error while requesting Ambari, Can't get connection, Password verification failed, Keystore was tampered with, or password was incorrect

Labels:
avatar
author-rank Munir7894
Explorer

Created ‎10-26-2017 06:22 AM

Facing above issue when i go for Yarn Queue Manager, logs are attached.1.jpeg2.jpeg

2,794 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank Kartik_Agarwal author-rank
Master Collaborator

Created ‎10-11-2021 08:35 AM 

To resolve the issue, import the Ambari certificates to the Ambari truststore. To import the Ambari certificates, do the following: 

STEP 1: 
Get certificate from ambari-server 
echo | openssl s_client -showcerts -connect <AMBARI_HOst>:<AMBARI_HTTPs_PORT> 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ambari_certificate.cr 

STEP 2: 
Get path of ambari trustore and truststore password from Ambari properties 
cat /etc/ambari-server/conf/ambari.properties |grep truststore 

As per your ambari.properties below is the path and password :-
ssl.trustStore.password=refer from ambari.property file
ssl.trustStore.path=/etc/ambari-server/conf/ambari-server-truststore

STEP 3: 
keytool -importcert -file /tmp/ambari_certificate.crt -keystore <keystore-path> 

STEP 4: 
ambari-server restart

View solution in original post

2,115 Views
0 Kudos
5 REPLIES 5

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎10-26-2017 07:49 AM

@MUNIR

Looks like you might be running your ambari server With HTTPS and the configured ambari truststore file is somehow corrupted or changed. Can you please check if you are able to do a "keytool -list" on you ambari keystore & truststore to see if you are able to list it ?

Example:

# $JAVA_HOME/bin/keytool -list -v -keystore <AMBARI_JKS> -storepass <CLIENT_TRUSTSTORE_PASSWORD>

.

2,627 Views
0 Kudos

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎10-26-2017 07:51 AM

@MUNIR

Something similar is discussed here: https://community.hortonworks.com/questions/91725/yarn-queue-manager-error.html

In general this error"Keystore was tampered with, or password was incorrect."indicates that

1. the storepassword that you have specified in the ambari is not correct2. may be somehow the store password is not written in ambari.properties properly (or there may be some extra padding in the file)

3. ambari might be pointing to some other store file. (ambari.properties can be checked to verify the same)

4. It is also possible when your "KeyPass" is different from "StorePass" in your keystore.

I will suggest if you can either try regenerating a new truststore and then perform the "ambari-server setup-security" as mentioned in the following article again.https://community.hortonworks.com/articles/39865/enabling-https-for-ambariserver-and-troubleshootin....

2,627 Views
0 Kudos

avatar
author-rank Kartik_Agarwal author-rank
Master Collaborator

Created ‎10-11-2021 08:35 AM 

To resolve the issue, import the Ambari certificates to the Ambari truststore. To import the Ambari certificates, do the following: 

STEP 1: 
Get certificate from ambari-server 
echo | openssl s_client -showcerts -connect <AMBARI_HOst>:<AMBARI_HTTPs_PORT> 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ambari_certificate.cr 

STEP 2: 
Get path of ambari trustore and truststore password from Ambari properties 
cat /etc/ambari-server/conf/ambari.properties |grep truststore 

As per your ambari.properties below is the path and password :-
ssl.trustStore.password=refer from ambari.property file
ssl.trustStore.path=/etc/ambari-server/conf/ambari-server-truststore

STEP 3: 
keytool -importcert -file /tmp/ambari_certificate.crt -keystore <keystore-path> 

STEP 4: 
ambari-server restart
2,116 Views
0 Kudos

avatar
author-rank Munir7894
Explorer

Created ‎10-31-2017 09:49 AM

@Jay Kumar SenSharma Yes, running ambari server with HTTPS.

I guess truststore file is changed, or
because i don't have root privileges,
i am unable to do keytool -list,

I didn't perform the second check for the same reason, can run ambari-server restart, but it might affect to business.

Also thanks for links and support.

2,627 Views
0 Kudos

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎10-31-2017 10:43 AM

@MUNIR

Can you copy the ambari keystore on "/tmp" directory where you will have the read permission on the keystore and then try to see if you are able to list the keystore keys to verify if the store Password that you are using is correct and if the keystore is correct.

# $JAVA_HOME/bin/keytool -list -v -keystore /tmp/<AMBARI_JKS> -storepass <CLIENT_TRUSTSTORE_PASSWORD>

.

2,627 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements