After configuring the YARN Queue Manager the error am getting on the "YARN QUEUE MANAGER" . The error belong to incorrect password. The log is below, i have tried to change ambari admin password but still getting the error. Is there any help on this would be appreciated.
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) at java.security.KeyStore.load(KeyStore.java:1445) at org.apache.ambari.server.controller.internal.URLStreamProvider.getSSLConnection(URLStreamProvider.java:293) ... 98 more Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778) ... 103 more
Check-1). Please check if you have used the correct truststore & keystore passwords while setting up ssl for ambari. Are you able to list the ambari keystore/truststore using those credentials?
# grep ssl /etc/ambari-server/conf/ambari.properties ssl.trustStore.type=jks client.api.ssl.key_name=https.key client.api.ssl.port=8443 api.ssl=true ssl.trustStore.path=/etc/ambari-server/certs/jss1.example.com.jks client.api.ssl.cert_name=https.crt ssl.trustStore.password=amb1amb
The check if you can list the keystore using that crendetial?
# $JAVA_HOME/bin/keytool -list -keystore /etc/ambari-server/certs/jss1.example.com.jks
Check-2). Just for testing ... to see if it helps us in isolating the issue. 1. Edit /etc/ambari-server/conf/ambari.properties to set the empty values (Better take a backup of this file)
2. Restart ambari server
Some steps on setting up the truststore on ambari can be found at: https://community.hortonworks.com/articles/39865/enabling-https-for-ambariserver-and-troubleshootin....
I have tried Check1 the values are fine.
$JAVA_HOME/bin/keytool -list -keystore /etc/ambari-server/certs/jss1.example.com.jks
we hae here /etc/ambari-server/key/lday.keystore.jks
so mostly doing through ldap.
I didn't perform the second check as business will be affected by restarting the server right now. Any other help ...
In general this error "Keystore was tampered with, or password was incorrect." indicates that
1. the storepassword that you have specified in the ambari is not correct
2. may be somehow the store password is not written in ambari.properties properly (or there may be some extra padding in the file)
3. ambari might be pointing to some other store file. (ambari.properties can be checked to verify the same)
4. It is also possible when your "KeyPass" is different from "StorePass" in your keystore.
I will suggest if you can either try regenerating a new truststore and then perform the "ambari-server setup-security" as mentioned in the following article again. https://community.hortonworks.com/articles/39865/enabling-https-for-ambariserver-and-troubleshootin....