Support Questions
Find answers, ask questions, and share your expertise

keystore permission denied error when trying to run "service cloudera-scm-server start"

New Contributor

Hello All...

 

I have been working to change my cluster over from self-signed certificates to a private CA configuration, using CA provided certificates.  After completing the keystore setup, I executed the following step:

Step 2: Enable HTTPS for the Cloudera Manager Admin Console and Specify Server Keystore Properties

  1. Log into the Cloudera Manager Admin Console.
  2. Select Administration > Settings.
  3. Click the Security category.
  4. Configure the following TLS settings:
    Property Description
    Path to TLS Keystore FileThe complete path to the keystore file. In the example, this path would be:

    /opt/cloudera/security/jks/cmhost-keystore.jks

    Keystore PasswordThe password for keystore: password
    Use TLS Encryption for Admin ConsoleCheck this box to enable TLS encryption for Cloudera Manager.
  5. Click Save Changes to save the settings

 

Now....  I get the following error when I run the command service cloudera-scm-server start.

 

Exception in thread "MainThread" org.apache.avro.AvroRuntimeException: java.io.FileNotFoundException: /opt/cloudera/security/CAcerts/cmhost-keystore.jks (Permission denied)
        at com.cloudera.server.common.HttpConnectorServer.start(HttpConnectorServer.java:89)
        at com.cloudera.server.cmf.Main.startAgentServer(Main.java:571)
        at com.cloudera.server.cmf.Main.startAvro(Main.java:483)
        at com.cloudera.server.cmf.Main.run(Main.java:620)
        at com.cloudera.server.cmf.Main.main(Main.java:217)
Caused by: java.io.FileNotFoundException: /opt/cloudera/security/CAcerts/cmhost-keystore.jks (Permission denied)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:146)
        at org.mortbay.resource.FileResource.getInputStream(FileResource.java:275)
        at org.mortbay.jetty.security.SslSelectChannelConnector.createSSLContext(SslSelectChannelConnector.java:639)
        at org.mortbay.jetty.security.SslSelectChannelConnector.doStart(SslSelectChannelConnector.java:613)
        at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
        at org.mortbay.jetty.Server.doStart(Server.java:235)
        at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
        at com.cloudera.server.common.HttpConnectorServer.start(HttpConnectorServer.java:87)
        ... 4 more

1 REPLY 1

Rising Star

From the looks of it, the file permissions on the file : /opt/cloudera/security/CAcerts/cmhost-keystore.jks is incorrect.

 

The process usually runs as cloudera-scm user. So check the permissions on that file.

; ;