Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

keystore permission denied error when trying to run "service cloudera-scm-server start"

Labels:
dodixon3
New Contributor

Created ‎05-24-2017 04:50 AM

Hello All...

 

I have been working to change my cluster over from self-signed certificates to a private CA configuration, using CA provided certificates.  After completing the keystore setup, I executed the following step:

Step 2: Enable HTTPS for the Cloudera Manager Admin Console and Specify Server Keystore Properties

  1. Log into the Cloudera Manager Admin Console.
  2. Select Administration > Settings.
  3. Click the Security category.
  4. Configure the following TLS settings:
    Property Description
    Path to TLS Keystore FileThe complete path to the keystore file. In the example, this path would be:

    /opt/cloudera/security/jks/cmhost-keystore.jks

    Keystore PasswordThe password for keystore: password
    Use TLS Encryption for Admin ConsoleCheck this box to enable TLS encryption for Cloudera Manager.
  5. Click Save Changes to save the settings

 

Now....  I get the following error when I run the command service cloudera-scm-server start.

 

Exception in thread "MainThread" org.apache.avro.AvroRuntimeException: java.io.FileNotFoundException: /opt/cloudera/security/CAcerts/cmhost-keystore.jks (Permission denied)
        at com.cloudera.server.common.HttpConnectorServer.start(HttpConnectorServer.java:89)
        at com.cloudera.server.cmf.Main.startAgentServer(Main.java:571)
        at com.cloudera.server.cmf.Main.startAvro(Main.java:483)
        at com.cloudera.server.cmf.Main.run(Main.java:620)
        at com.cloudera.server.cmf.Main.main(Main.java:217)
Caused by: java.io.FileNotFoundException: /opt/cloudera/security/CAcerts/cmhost-keystore.jks (Permission denied)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:146)
        at org.mortbay.resource.FileResource.getInputStream(FileResource.java:275)
        at org.mortbay.jetty.security.SslSelectChannelConnector.createSSLContext(SslSelectChannelConnector.java:639)
        at org.mortbay.jetty.security.SslSelectChannelConnector.doStart(SslSelectChannelConnector.java:613)
        at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
        at org.mortbay.jetty.Server.doStart(Server.java:235)
        at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
        at com.cloudera.server.common.HttpConnectorServer.start(HttpConnectorServer.java:87)
        ... 4 more

12,321 Views
0 Kudos
1 REPLY 1

surajacharya
Rising Star

Created ‎05-25-2017 12:50 PM

From the looks of it, the file permissions on the file : /opt/cloudera/security/CAcerts/cmhost-keystore.jks is incorrect.

 

The process usually runs as cloudera-scm user. So check the permissions on that file.

12,305 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Product Announcements
CDP Public Cloud Release Summary: June 2022
What's New @ Cloudera
Cloudera DataFlow for the Public Cloud 2.1 introduces in-place upgrades as a Technical Preview feature
What's New @ Cloudera
CDP Operational Database (COD) supports CDP Control Planes for multiple regions.
What's New @ Cloudera
CDP Operational Database (COD) supports Multiple Availability Zones (Multi-AZ) on AWS
What's New @ Cloudera
COD now supports the “Store File Tracking” (SFT) as a general availability feature.
View More Announcements
; ;