Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

getting SSLError: unknown group in the agent logs when enabling TLS encryption for Manager

getting SSLError: unknown group in the agent logs when enabling TLS encryption for Manager

New Contributor

OS:CentOS6.5 CDH5.1.0 

 

I followed this document to configuring TLS Encryption only for Cloudera Manager

http://www.cloudera.com/content/cloudera/en/documentation/cloudera-manager/v5-latest/Cloudera-Manage...

 

[root@SH01 ~]keytool -validity 1095 -keystore /etc/cloudera-scm-server/keystore/scm-keystore -alias jetty -genkeypair -keyalg RSA

 

"What is your first and last name?" I valued: SH01.com

 

[root@SH01 ~]# hostname

SH01

 

[root@SH01 ~]hostname -f

SH01.com

 

[root@SH01 ~]# vi /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

190.16.1.38 SH01.com SH01
190.16.1.39 SH02.com SH02
190.16.1.40 SH03.com SH03
190.16.1.41 SH04.com SH04
190.16.1.42 SH05.com SH05
190.16.1.43 SH06.com SH06
190.16.1.44 SH07.com SH07
190.16.1.45 SH08.com SH08

 

I can login CM mainpage but I can't start CM service after I finished all steps and restart all

 

It alert this :Service did not start successfully; not all of the required roles started: Service has only 0 Service Monitor roles running instead of minimum required 1.

 

  • cloudera-scm-server.log:

 

2014-10-11 00:04:09,994 INFO [main:mortbay.log@67] Registered SubjectType IMPALA-IMPALAD
:$
at com.cloudera.server.cmf.components.ClouderaManagerMetricsForwarder.run(ClouderaManagerMetricsForwarder.java:99)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.avro.AvroRemoteException: java.net.ConnectException: Connection refused
at org.apache.avro.ipc.specific.SpecificRequestor.invoke(SpecificRequestor.java:88)
... 11 more
Caused by: java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:211)
at sun.net.www.http.HttpClient.New(HttpClient.java:308)
at sun.net.www.http.HttpClient.New(HttpClient.java:326)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:996)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:932)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:850)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1091)
at org.apache.avro.ipc.HttpTransceiver.writeBuffers(HttpTransceiver.java:71)
at org.apache.avro.ipc.Transceiver.transceive(Transceiver.java:58)
at org.apache.avro.ipc.Transceiver.transceive(Transceiver.java:72)
at org.apache.avro.ipc.Requestor.request(Requestor.java:147)
at org.apache.avro.ipc.Requestor.request(Requestor.java:101)
at org.apache.avro.ipc.specific.SpecificRequestor.invoke(SpecificRequestor.java:72)
... 11 more

 

 

  • cloudera-scm-agent.log:

[15/Oct/2014 00:20:07 +0000] 1762 MainThread agent ERROR Heartbeating to 190.16.1.38:7182 failed.
Traceback (most recent call last):
File "/usr/lib64/cmf/agent/src/cmf/agent.py", line 781, in send_heartbeat
self.max_cert_depth)
File "/usr/lib64/cmf/agent/src/cmf/https.py", line 92, in __init__
self.conn.connect()
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/httpslib.py", line 50, in connect
self.sock.connect((self.host, self.port))
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 185, in connect
ret = self.connect_ssl()
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 178, in connect_ssl
return m2.ssl_connect(self.ssl)
SSLError: unknown group

 

 

 

 

 

3 REPLIES 3

Re: getting SSLError: unknown group in the agent logs when enabling TLS encryption for Manager

New Contributor

Facing similar issue (RHEL 6.5, CM 5.7)

 

 

Was this issues fixed/resolved, appreciate inputs here

Re: getting SSLError: unknown group in the agent logs when enabling TLS encryption for Manager

Super Guru

Hello,

 

The "unknown group" error is usually caused by an older package of OpenSSL being installed on your hosts.

Run rpm -qa openssl

If you see a version like this: openssl-1.0.1e-15.el6 then upgrade your openssl to a later package, restart the agent, then try again.

 

Regards,

 

Ben

Highlighted

Re: getting SSLError: unknown group in the agent logs when enabling TLS encryption for Manager

New Contributor

Thanks Team

 

Yes, the issue was due to older version of ssl, had fixed this issue last week.

Thanks for the details shared.

 

 

Thank you

Kashi