Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

TLS enable failing with SSLError

TLS enable failing with SSLError

New Contributor

Hi,

 

We are trying to enable TLS in our cloudera cluster. When we try to start our agent, we are getting the below error.

 

[02/May/2018 19:16:51 +0000] 65681 Dummy-1 daemonize WARNING Stopping daemon.
[02/May/2018 19:19:17 +0000] 66199 MainThread __init__ INFO Agent UUID file was last modified at 2018-04-30 22:18:50.967064
[02/May/2018 19:19:17 +0000] 66199 MainThread agent INFO ================================================================================
[02/May/2018 19:19:17 +0000] 66199 MainThread agent INFO SCM Agent Version: 5.14.3
[02/May/2018 19:19:17 +0000] 66199 MainThread agent INFO Agent Protocol Version: 4
[02/May/2018 19:19:17 +0000] 66199 MainThread agent INFO Using Host ID: 053c3756-93a9-4c43-9ff5-bd0e1d6b4941
[02/May/2018 19:19:17 +0000] 66199 MainThread agent INFO Using directory: /run/cloudera-scm-agent
[02/May/2018 19:19:17 +0000] 66199 MainThread agent INFO Using supervisor binary path: /usr/lib64/cmf/agent/build/env/bin/supervisord
[02/May/2018 19:19:17 +0000] 66199 MainThread agent INFO Agent Logging Level: DEBUG
[02/May/2018 19:19:17 +0000] 66199 MainThread agent INFO No command line vars
[02/May/2018 19:19:17 +0000] 66199 MainThread https ERROR Error while setting up SSL context
Traceback (most recent call last):
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.14.3-py2.7.egg/cmf/https.py", line 99, in make_ssl_context
lambda * arg, **kw: key_password)
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/SSL/Context.py", line 117, in load_cert_chain
m2.ssl_ctx_use_privkey(self.ctx, keyfile)
SSLError: No such file or directory
[02/May/2018 19:19:17 +0000] 66199 Dummy-1 daemonize WARNING Stopping daemon.

 

We followed the instructions provided below:

https://www.cloudera.com/documentation/enterprise/latest/topics/how_to_configure_cm_tls.html#concept...

 

We are doing self signed certificate. We also create a root certificate and signed the server certificate with the root certificate.  We tried to ensure that agent ini file is appropriately configured. We confirmed the path for the verify certificate file variables and it all looks good.

 

Kinda stuck here. Request assistance. Thanks. 

2 REPLIES 2

Re: TLS enable failing with SSLError

Champion

client_cert_file - does it have pem file? 

Re: TLS enable failing with SSLError

Super Guru

Hi @SPK,

 

This error:

 

2.ssl_ctx_use_privkey(self.ctx, keyfile)
SSLError: No such file or directory

 

Indicates that the private key is missing. Check your /etc/cloudera-scm-agent/config.init for this value:

 

# PEM file containing client private key.
client_key_file=/etc/cdep-ssl-conf/CA_STANDARD/cm_server-enc_key.pem

 

Make sure that the path is correct and that the file specified there exists.  Then, try restarting the agent with "service cloudera-scm-agent restart"

 

-Ben