Created 05-24-2017 04:50 AM
Hello All...
I have been working to change my cluster over from self-signed certificates to a private CA configuration, using CA provided certificates. After completing the keystore setup, I executed the following step:
Step 2: Enable HTTPS for the Cloudera Manager Admin Console and Specify Server Keystore Properties
| Path to TLS Keystore File | The complete path to the keystore file. In the example, this path would be: /opt/cloudera/security/jks/cmhost-keystore.jks | 
| Keystore Password | The password for keystore: password | 
| Use TLS Encryption for Admin Console | Check this box to enable TLS encryption for Cloudera Manager. | 
Now.... I get the following error when I run the command service cloudera-scm-server start.
Exception in thread "MainThread" org.apache.avro.AvroRuntimeException: java.io.FileNotFoundException: /opt/cloudera/security/CAcerts/cmhost-keystore.jks (Permission denied)
        at com.cloudera.server.common.HttpConnectorServer.start(HttpConnectorServer.java:89)
        at com.cloudera.server.cmf.Main.startAgentServer(Main.java:571)
        at com.cloudera.server.cmf.Main.startAvro(Main.java:483)
        at com.cloudera.server.cmf.Main.run(Main.java:620)
        at com.cloudera.server.cmf.Main.main(Main.java:217)
Caused by: java.io.FileNotFoundException: /opt/cloudera/security/CAcerts/cmhost-keystore.jks (Permission denied)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:146)
        at org.mortbay.resource.FileResource.getInputStream(FileResource.java:275)
        at org.mortbay.jetty.security.SslSelectChannelConnector.createSSLContext(SslSelectChannelConnector.java:639)
        at org.mortbay.jetty.security.SslSelectChannelConnector.doStart(SslSelectChannelConnector.java:613)
        at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
        at org.mortbay.jetty.Server.doStart(Server.java:235)
        at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
        at com.cloudera.server.common.HttpConnectorServer.start(HttpConnectorServer.java:87)
        ... 4 more
Created 05-25-2017 12:50 PM
From the looks of it, the file permissions on the file : /opt/cloudera/security/CAcerts/cmhost-keystore.jks is incorrect.
The process usually runs as cloudera-scm user. So check the permissions on that file.
Created 02-14-2024 01:34 AM
Hey everyone,
Just wanted to share my experience with the same Solr Server error message I recently encountered. Following @surajacharya advice above, I compared the permissions on the truststore file between a functioning Solr server host and the problematic one. I noticed that the permissions were set to 400 on the problematic host and 644 on the good one.
I went ahead and adjusted the permissions on the truststore file of the problematic host to 644 and then restarted the Solr server. Voila! The issue was resolved. Just thought I'd share this in case someone else runs into a similar problem.
 
					
				
				
			
		
