Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

keystore permission denied error when trying to run "service cloudera-scm-server start"

Labels:
avatar
author-rank dodixon3
New Contributor

Created ‎05-24-2017 04:50 AM

Hello All...

 

I have been working to change my cluster over from self-signed certificates to a private CA configuration, using CA provided certificates.  After completing the keystore setup, I executed the following step:

Step 2: Enable HTTPS for the Cloudera Manager Admin Console and Specify Server Keystore Properties

  1. Log into the Cloudera Manager Admin Console.
  2. Select Administration > Settings.
  3. Click the Security category.
  4. Configure the following TLS settings:
    Property Description
    Path to TLS Keystore FileThe complete path to the keystore file. In the example, this path would be:

    /opt/cloudera/security/jks/cmhost-keystore.jks

    Keystore PasswordThe password for keystore: password
    Use TLS Encryption for Admin ConsoleCheck this box to enable TLS encryption for Cloudera Manager.
  5. Click Save Changes to save the settings

 

Now....  I get the following error when I run the command service cloudera-scm-server start.

 

Exception in thread "MainThread" org.apache.avro.AvroRuntimeException: java.io.FileNotFoundException: /opt/cloudera/security/CAcerts/cmhost-keystore.jks (Permission denied)
        at com.cloudera.server.common.HttpConnectorServer.start(HttpConnectorServer.java:89)
        at com.cloudera.server.cmf.Main.startAgentServer(Main.java:571)
        at com.cloudera.server.cmf.Main.startAvro(Main.java:483)
        at com.cloudera.server.cmf.Main.run(Main.java:620)
        at com.cloudera.server.cmf.Main.main(Main.java:217)
Caused by: java.io.FileNotFoundException: /opt/cloudera/security/CAcerts/cmhost-keystore.jks (Permission denied)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:146)
        at org.mortbay.resource.FileResource.getInputStream(FileResource.java:275)
        at org.mortbay.jetty.security.SslSelectChannelConnector.createSSLContext(SslSelectChannelConnector.java:639)
        at org.mortbay.jetty.security.SslSelectChannelConnector.doStart(SslSelectChannelConnector.java:613)
        at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
        at org.mortbay.jetty.Server.doStart(Server.java:235)
        at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
        at com.cloudera.server.common.HttpConnectorServer.start(HttpConnectorServer.java:87)
        ... 4 more

17,974 Views
0 Kudos
0
2 REPLIES 2

avatar
author-rank surajacharya author-rank
Expert Contributor

Created ‎05-25-2017 12:50 PM

From the looks of it, the file permissions on the file : /opt/cloudera/security/CAcerts/cmhost-keystore.jks is incorrect.

 

The process usually runs as cloudera-scm user. So check the permissions on that file.

17,958 Views

avatar
author-rank salimhsheikh
New Contributor

Created ‎02-14-2024 01:34 AM

Hey everyone,

Just wanted to share my experience with the same Solr Server error message I recently encountered. Following @surajacharya advice above, I compared the permissions on the truststore file between a functioning Solr server host and the problematic one. I noticed that the permissions were set to 400 on the problematic host and 644 on the good one.

I went ahead and adjusted the permissions on the truststore file of the problematic host to 644 and then restarted the Solr server. Voila! The issue was resolved. Just thought I'd share this in case someone else runs into a similar problem.

2,999 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements