Support Questions

Find answers, ask questions, and share your expertise

Unable to start ambari-server - Problem with encrypt password

avatar
Explorer

Hello

Ambari-server can't start, i have this error :

 cat /var/log/ambari-server/ambari-server.out
java.security.NoSuchAlgorithmException: PBKDF2WithHmacSHA1 SecretKeyFactory not available
       at javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:122)
       at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:160)
       at org.apache.ambari.server.security.encryption.AESEncryptor.getKeyFromPassword(AESEncryptor.java:104)
       at org.apache.ambari.server.security.encryption.AESEncryptor.getKeyFromPassword(AESEncryptor.java:97)
       at org.apache.ambari.server.security.encryption.AESEncryptor.<init>(AESEncryptor.java:51)
       at org.apache.ambari.server.security.encryption.MasterKeyServiceImpl.<clinit>(MasterKeyServiceImpl.java:44)
       at org.apache.ambari.server.security.encryption.CredentialProvider.<init>(CredentialProvider.java:57)
       at org.apache.ambari.server.configuration.Configuration.loadCredentialProvider(Configuration.java:858)
       at org.apache.ambari.server.configuration.Configuration.readPasswordFromStore(Configuration.java:1494)
       at org.apache.ambari.server.configuration.Configuration.getDatabasePassword(Configuration.java:1442)
       at org.apache.ambari.server.controller.ControllerModule.buildJpaPersistModule(ControllerModule.java:368)
       at org.apache.ambari.server.controller.ControllerModule.configure(ControllerModule.java:313)
       at com.google.inject.AbstractModule.configure(AbstractModule.java:59)
       at com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:223)
       at com.google.inject.spi.Elements.getElements(Elements.java:101)
       at com.google.inject.internal.InjectorShell$Builder.build(InjectorShell.java:133)
       at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:103)
       at com.google.inject.Guice.createInjector(Guice.java:95)
       at com.google.inject.Guice.createInjector(Guice.java:72)
       at com.google.inject.Guice.createInjector(Guice.java:62)
       at org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:803)
Exception in thread "main" java.lang.ExceptionInInitializerError
       at org.apache.ambari.server.security.encryption.CredentialProvider.<init>(CredentialProvider.java:57)
       at org.apache.ambari.server.configuration.Configuration.loadCredentialProvider(Configuration.java:858)
       at org.apache.ambari.server.configuration.Configuration.readPasswordFromStore(Configuration.java:1494)
       at org.apache.ambari.server.configuration.Configuration.getDatabasePassword(Configuration.java:1442)
       at org.apache.ambari.server.controller.ControllerModule.buildJpaPersistModule(ControllerModule.java:368)
       at org.apache.ambari.server.controller.ControllerModule.configure(ControllerModule.java:313)
       at com.google.inject.AbstractModule.configure(AbstractModule.java:59)
       at com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:223)
       at com.google.inject.spi.Elements.getElements(Elements.java:101)
       at com.google.inject.internal.InjectorShell$Builder.build(InjectorShell.java:133)
       at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:103)
       at com.google.inject.Guice.createInjector(Guice.java:95)
       at com.google.inject.Guice.createInjector(Guice.java:72)
       at com.google.inject.Guice.createInjector(Guice.java:62)
       at org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:803)
Caused by: java.lang.NullPointerException
       at org.apache.ambari.server.security.encryption.AESEncryptor.<init>(AESEncryptor.java:52)
       at org.apache.ambari.server.security.encryption.MasterKeyServiceImpl.<clinit>(MasterKeyServiceImpl.java:44)
       ... 15 more

Ambari is unable to read encrypt passwords and i don't know why :

 #  /usr/jdk64/java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.x86_64/bin/java -cp '/etc/ambari-server/conf:/usr/lib/ambari-server/*' org.apache.ambari.server.security.encryption.CredentialProvider GET ambari.db.password
java.security.NoSuchAlgorithmException: PBKDF2WithHmacSHA1 SecretKeyFactory not available
       at javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:122)
       at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:160)
       at org.apache.ambari.server.security.encryption.AESEncryptor.getKeyFromPassword(AESEncryptor.java:104)
       at org.apache.ambari.server.security.encryption.AESEncryptor.getKeyFromPassword(AESEncryptor.java:97)
       at org.apache.ambari.server.security.encryption.AESEncryptor.<init>(AESEncryptor.java:51)
       at org.apache.ambari.server.security.encryption.MasterKeyServiceImpl.<clinit>(MasterKeyServiceImpl.java:44)
       at org.apache.ambari.server.security.encryption.CredentialProvider.<init>(CredentialProvider.java:57)
       at org.apache.ambari.server.security.encryption.CredentialProvider.main(CredentialProvider.java:151)
Exception in thread "main" java.lang.ExceptionInInitializerError
       at org.apache.ambari.server.security.encryption.CredentialProvider.<init>(CredentialProvider.java:57)
       at org.apache.ambari.server.security.encryption.CredentialProvider.main(CredentialProvider.java:151)
Caused by: java.lang.NullPointerException
       at org.apache.ambari.server.security.encryption.AESEncryptor.<init>(AESEncryptor.java:52)
       at org.apache.ambari.server.security.encryption.MasterKeyServiceImpl.<clinit>(MasterKeyServiceImpl.java:44)
       ... 2 more

any idea ?

thanks

1 ACCEPTED SOLUTION

avatar
Explorer

Found it ... some change i have made into java.security file ...

Thanks for your time

View solution in original post

6 REPLIES 6

avatar

Hi @Florent M,

Is JCE installed? It looks like it is using an algorithm you don't have available on your server.

avatar
Explorer

hi Pierre Villard

i think i have jce installed, because it should be included with openjdk

i have this lib with the jdk :

/usr/jdk64/java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.x86_64/jre/lib/jce.jar

Everything works fine until i have rebooted the server

avatar

It is not installed by default with the JDK:

http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.3/bk_security/content/_distribute_and_install_...

To check if it is installed, you can execute the following command:

jrunscript -e ‘exit (javax.crypto.Cipher.getMaxAllowedKeyLength(“RC5”) 
>= 256);’; if [ $? -eq 1 ]; then echo “JCE Unlimited OK”; else echo 
“JCE NOT Unlimited”; fi

jrunscript is located in bin directory where your Java is installed.

avatar
Explorer

it's look like good

/usr/jdk64/java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.x86_64/bin/jrunscript -e 'exit (javax.crypto.Cipher.getMaxAllowedKeyLength("RC5") >= 256);'; if [ $? -eq 1 ]; then echo "JCE Unlimited OK"; else echo "JCE NOT unlimited"; fi
JCE Unlimited OK

avatar
Explorer

Found it ... some change i have made into java.security file ...

Thanks for your time

avatar
Master Mentor

@Florent M can you ellaborate on what the issue was, that this can be used as reference material.