Support Questions

balajeeulaganat · ‎04-05-2016

Knox gateway failed to start after installation using ambari.

os : rhel 6.5

ambari : 2.1.2-377

knox : 0.6.0.2.3

java :jdk1.8.0_40

stderr: /var/lib/ambari-agent/data/errors-556.txt

Traceback (most recent call last):
  File "/var/lib/ambari-agent/cache/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py", line 267, in <module>
    KnoxGateway().execute()
  File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 219, in execute
    method(env)
  File "/var/lib/ambari-agent/cache/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py", line 159, in start
    not_if=no_op_test
  File "/usr/lib/python2.6/site-packages/resource_management/core/base.py", line 154, in __init__
    self.env.run()
  File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 152, in run
    self.run_action(resource, action)
  File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 118, in run_action
    provider_action()
  File "/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py", line 260, in action_run
    tries=self.resource.tries, try_sleep=self.resource.try_sleep)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 70, in inner
    result = function(command, **kwargs)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 92, in checked_call
    tries=tries, try_sleep=try_sleep)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 140, in _call_wrapper
    result = _call(command, **kwargs_copy)
  File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 291, in _call
    raise Fail(err_msg)
resource_management.core.exceptions.Fail: Execution of '/usr/hdp/current/knox-server/bin/gateway.sh start' returned 1. Starting Gateway failed.

stdout: /var/lib/ambari-agent/data/output-556.txt

2016-04-05 18:41:17,752 - Group['spark'] {}
2016-04-05 18:41:17,754 - Group['hadoop'] {}
2016-04-05 18:41:17,754 - Group['users'] {}
2016-04-05 18:41:17,754 - Group['knox'] {}
2016-04-05 18:41:17,755 - User['hive'] {'gid': 'hadoop', 'groups': ['hadoop']}
2016-04-05 18:41:17,756 - User['storm'] {'gid': 'hadoop', 'groups': ['hadoop']}
2016-04-05 18:41:17,757 - User['zookeeper'] {'gid': 'hadoop', 'groups': ['hadoop']}
2016-04-05 18:41:17,758 - User['oozie'] {'gid': 'hadoop', 'groups': ['users']}
2016-04-05 18:41:17,758 - User['atlas'] {'gid': 'hadoop', 'groups': ['hadoop']}
2016-04-05 18:41:17,759 - User['ams'] {'gid': 'hadoop', 'groups': ['hadoop']}
2016-04-05 18:41:17,760 - User['falcon'] {'gid': 'hadoop', 'groups': ['users']}
2016-04-05 18:41:17,761 - User['tez'] {'gid': 'hadoop', 'groups': ['users']}
2016-04-05 18:41:17,762 - User['accumulo'] {'gid': 'hadoop', 'groups': ['hadoop']}
2016-04-05 18:41:17,763 - User['mahout'] {'gid': 'hadoop', 'groups': ['hadoop']}
2016-04-05 18:41:17,764 - User['spark'] {'gid': 'hadoop', 'groups': ['hadoop']}
2016-04-05 18:41:17,765 - User['ambari-qa'] {'gid': 'hadoop', 'groups': ['users']}
2016-04-05 18:41:17,766 - User['flume'] {'gid': 'hadoop', 'groups': ['hadoop']}
2016-04-05 18:41:17,766 - User['kafka'] {'gid': 'hadoop', 'groups': ['hadoop']}
2016-04-05 18:41:17,767 - User['hdfs'] {'gid': 'hadoop', 'groups': ['hadoop']}
2016-04-05 18:41:17,769 - User['sqoop'] {'gid': 'hadoop', 'groups': ['hadoop']}
2016-04-05 18:41:17,770 - User['yarn'] {'gid': 'hadoop', 'groups': ['hadoop']}
2016-04-05 18:41:17,770 - User['mapred'] {'gid': 'hadoop', 'groups': ['hadoop']}
2016-04-05 18:41:17,771 - User['hbase'] {'gid': 'hadoop', 'groups': ['hadoop']}
2016-04-05 18:41:17,772 - User['knox'] {'gid': 'hadoop', 'groups': ['hadoop']}
2016-04-05 18:41:17,773 - User['hcat'] {'gid': 'hadoop', 'groups': ['hadoop']}
2016-04-05 18:41:17,774 - File['/var/lib/ambari-agent/tmp/changeUid.sh'] {'content': StaticFile('changeToSecureUid.sh'), 'mode': 0555}
2016-04-05 18:41:17,776 - Execute['/var/lib/ambari-agent/tmp/changeUid.sh ambari-qa /tmp/hadoop-ambari-qa,/tmp/hsperfdata_ambari-qa,/home/ambari-qa,/tmp/ambari-qa,/tmp/sqoop-ambari-qa'] {'not_if': '(test $(id -u ambari-qa) -gt 1000) || (false)'}
2016-04-05 18:41:17,788 - Skipping Execute['/var/lib/ambari-agent/tmp/changeUid.sh ambari-qa /tmp/hadoop-ambari-qa,/tmp/hsperfdata_ambari-qa,/home/ambari-qa,/tmp/ambari-qa,/tmp/sqoop-ambari-qa'] due to not_if
2016-04-05 18:41:17,788 - Directory['/tmp/hbase-hbase'] {'owner': 'hbase', 'recursive': True, 'mode': 0775, 'cd_access': 'a'}
2016-04-05 18:41:17,789 - File['/var/lib/ambari-agent/tmp/changeUid.sh'] {'content': StaticFile('changeToSecureUid.sh'), 'mode': 0555}
2016-04-05 18:41:17,790 - Execute['/var/lib/ambari-agent/tmp/changeUid.sh hbase /home/hbase,/tmp/hbase,/usr/bin/hbase,/var/log/hbase,/tmp/hbase-hbase'] {'not_if': '(test $(id -u hbase) -gt 1000) || (false)'}
2016-04-05 18:41:17,795 - Skipping Execute['/var/lib/ambari-agent/tmp/changeUid.sh hbase /home/hbase,/tmp/hbase,/usr/bin/hbase,/var/log/hbase,/tmp/hbase-hbase'] due to not_if
2016-04-05 18:41:17,796 - Group['hdfs'] {'ignore_failures': False}
2016-04-05 18:41:17,796 - User['hdfs'] {'ignore_failures': False, 'groups': ['hadoop', 'hdfs']}
2016-04-05 18:41:17,797 - Directory['/etc/hadoop'] {'mode': 0755}
2016-04-05 18:41:17,813 - File['/usr/hdp/current/hadoop-client/conf/hadoop-env.sh'] {'content': InlineTemplate(...), 'owner': 'hdfs', 'group': 'hadoop'}
2016-04-05 18:41:17,814 - Directory['/var/lib/ambari-agent/tmp/hadoop_java_io_tmpdir'] {'owner': 'hdfs', 'group': 'hadoop', 'mode': 0777}
2016-04-05 18:41:17,825 - Execute[('setenforce', '0')] {'not_if': '(! which getenforce ) || (which getenforce && getenforce | grep -q Disabled)', 'sudo': True, 'only_if': 'test -f /selinux/enforce'}
2016-04-05 18:41:17,844 - Directory['/var/log/hadoop'] {'owner': 'root', 'mode': 0775, 'group': 'hadoop', 'recursive': True, 'cd_access': 'a'}
2016-04-05 18:41:17,846 - Directory['/var/run/hadoop'] {'owner': 'root', 'group': 'root', 'recursive': True, 'cd_access': 'a'}
2016-04-05 18:41:17,847 - Directory['/tmp/hadoop-hdfs'] {'owner': 'hdfs', 'recursive': True, 'cd_access': 'a'}
2016-04-05 18:41:17,852 - File['/usr/hdp/current/hadoop-client/conf/commons-logging.properties'] {'content': Template('commons-logging.properties.j2'), 'owner': 'hdfs'}
2016-04-05 18:41:17,854 - File['/usr/hdp/current/hadoop-client/conf/health_check'] {'content': Template('health_check.j2'), 'owner': 'hdfs'}
2016-04-05 18:41:17,855 - File['/usr/hdp/current/hadoop-client/conf/log4j.properties'] {'content': ..., 'owner': 'hdfs', 'group': 'hadoop', 'mode': 0644}
2016-04-05 18:41:17,866 - File['/usr/hdp/current/hadoop-client/conf/hadoop-metrics2.properties'] {'content': Template('hadoop-metrics2.properties.j2'), 'owner': 'hdfs'}
2016-04-05 18:41:17,867 - File['/usr/hdp/current/hadoop-client/conf/task-log4j.properties'] {'content': StaticFile('task-log4j.properties'), 'mode': 0755}
2016-04-05 18:41:17,868 - File['/usr/hdp/current/hadoop-client/conf/configuration.xsl'] {'owner': 'hdfs', 'group': 'hadoop'}
2016-04-05 18:41:17,874 - File['/etc/hadoop/conf/topology_mappings.data'] {'owner': 'hdfs', 'content': Template('topology_mappings.data.j2'), 'only_if': 'test -d /etc/hadoop/conf', 'group': 'hadoop'}
2016-04-05 18:41:17,878 - File['/etc/hadoop/conf/topology_script.py'] {'content': StaticFile('topology_script.py'), 'only_if': 'test -d /etc/hadoop/conf', 'mode': 0755}
2016-04-05 18:41:18,156 - HDP version to use is 2.3.4.0
2016-04-05 18:41:18,156 - Detected HDP with stack version 2.3.4.0-3485, will use knox_data_dir = /usr/hdp/2.3.4.0-3485/knox/data
2016-04-05 18:41:18,160 - Directory['/usr/hdp/current/knox-server/data/'] {'owner': 'knox', 'group': 'knox', 'recursive': True}
2016-04-05 18:41:18,162 - Directory['/var/log/knox'] {'owner': 'knox', 'group': 'knox', 'recursive': True}
2016-04-05 18:41:18,163 - Directory['/var/run/knox'] {'owner': 'knox', 'group': 'knox', 'recursive': True}
2016-04-05 18:41:18,163 - Directory['/usr/hdp/current/knox-server/conf'] {'owner': 'knox', 'group': 'knox', 'recursive': True}
2016-04-05 18:41:18,164 - Directory['/usr/hdp/current/knox-server/conf/topologies'] {'owner': 'knox', 'group': 'knox', 'recursive': True}
2016-04-05 18:41:18,164 - XmlConfig['gateway-site.xml'] {'owner': 'knox', 'group': 'knox', 'conf_dir': '/usr/hdp/current/knox-server/conf', 'configuration_attributes': {}, 'configurations': ...}
2016-04-05 18:41:18,178 - Generating config: /usr/hdp/current/knox-server/conf/gateway-site.xml
2016-04-05 18:41:18,179 - File['/usr/hdp/current/knox-server/conf/gateway-site.xml'] {'owner': 'knox', 'content': InlineTemplate(...), 'group': 'knox', 'mode': None, 'encoding': 'UTF-8'}
2016-04-05 18:41:18,185 - File['/usr/hdp/current/knox-server/conf/gateway-log4j.properties'] {'content': ..., 'owner': 'knox', 'group': 'knox', 'mode': 0644}
2016-04-05 18:41:18,193 - File['/usr/hdp/current/knox-server/conf/topologies/default.xml'] {'content': InlineTemplate(...), 'owner': 'knox', 'group': 'knox'}
2016-04-05 18:41:18,194 - Execute[('chown', '-R', 'knox:knox', '/usr/hdp/current/knox-server/data/', '/var/log/knox', '/var/run/knox', '/usr/hdp/current/knox-server/conf', '/usr/hdp/current/knox-server/conf/topologies')] {'sudo': True}
2016-04-05 18:41:18,202 - Execute['/usr/hdp/current/knox-server/bin/knoxcli.sh create-master --master [PROTECTED]'] {'environment': {'JAVA_HOME': '/usr/jdk64/jdk1.8.0_40'}, 'not_if': "ambari-sudo.sh su knox -l -s /bin/bash -c 'test -f /usr/hdp/current/knox-server/data/security/master'", 'user': 'knox'}
2016-04-05 18:41:18,301 - Skipping Execute['/usr/hdp/current/knox-server/bin/knoxcli.sh create-master --master [PROTECTED]'] due to not_if
2016-04-05 18:41:18,302 - Execute['/usr/hdp/current/knox-server/bin/knoxcli.sh create-cert --hostname fssstrat.fss.india'] {'environment': {'JAVA_HOME': '/usr/jdk64/jdk1.8.0_40'}, 'not_if': "ambari-sudo.sh su knox -l -s /bin/bash -c 'test -f /usr/hdp/current/knox-server/data/security/keystores/gateway.jks'", 'user': 'knox'}
2016-04-05 18:41:18,377 - Skipping Execute['/usr/hdp/current/knox-server/bin/knoxcli.sh create-cert --hostname fssstrat.fss.india'] due to not_if
2016-04-05 18:41:18,378 - File['/usr/hdp/current/knox-server/conf/ldap-log4j.properties'] {'content': ..., 'owner': 'knox', 'group': 'knox', 'mode': 0644}
2016-04-05 18:41:18,379 - File['/usr/hdp/current/knox-server/conf/users.ldif'] {'content': ..., 'owner': 'knox', 'group': 'knox', 'mode': 0644}
2016-04-05 18:41:18,379 - Ranger admin not installed
2016-04-05 18:41:18,379 - Link['/usr/hdp/current/knox-server/pids'] {'to': '/var/run/knox'}
2016-04-05 18:41:18,380 - Execute['/usr/hdp/current/knox-server/bin/gateway.sh start'] {'environment': {'JAVA_HOME': '/usr/jdk64/jdk1.8.0_40'}, 'not_if': 'ls /var/run/knox/gateway.pid >/dev/null 2>&1 && ps -p `cat /var/run/knox/gateway.pid` >/dev/null 2>&1', 'user': 'knox'}

helmi_khalifa · ‎06-20-2019

Hi

rename the file gateway.jks mv /var/lib/knox/data-2.6.4.0-91/security/keystores/gateway.jks /var/lib/knox/data-2.6.4.0-91/security/keystores/gateway.jks.bck

when you start the know instance it will create a new certificate.

Best,

Helmi KHALIFA

Arthur_ · ‎11-10-2021

Hi, it should.

But when You need to use certs signed with Your organisation use:

convert .p12 to pfx (you will need also pem file)

openssl pkcs12 -export -out YOUROWNNAME.pfx -inkey YOUR_KEYS.pem -in YOUR_KEYS.pem -certfile YOUR_KEYS.pem

When You manage to get pfx file use:

keytool -importkeystore -srckeystore gateway.pfx -srcstoretype pkcs12
 -srcalias [ALIAS_SRC] -destkeystore [MY_KEYSTORE.jks]
 -deststoretype jks -deststorepass [PASSWORD_JKS] -destalias gateway-identity

[ALIAS_SRC] - read from pfx file to do that use:

keytool -v -list -storetype pkcs12 -keystore YOUROWNNAME.pfx

At end use this:

mv gateway.jks /var/lib/knox/data-2.6.4.0-91/security/keystores/

Cloudera Community

Support Questions

Knox Gateway Start fail