Hi, yes it was a problem with incorrect pass phrase being passed to the keystorePassword. ... View more

Hi, I tried following the use case 3. I generated the certificates for all the hosts. When I ran the generateCmCa api, I'm running into this error: Entering HTTP Operation: Method:POST, Path:/v41/cm/commands/generateCmca INFO scm-web-77659:com.cloudera.cmf.service.ServiceHandlerRegistry: Executing Global command GenerateCMCACommand GenerateCmcaCmdArgs{sshPort=22, userName=REDACTED, password=REDACTED, passphrase=REDACTED, privateKey=REDACTED, customCA=true, interpretAsFilenames=true, additionalArguments=null, location=/opt/cloudera/CMCA}. INFO scm-web-77659:com.cloudera.cmf.command.GenerateCmcaCommand: {CLUSTER_NAME} has Kerberos enabled and will be reconfigured to use SASL INFO scm-web-77659:com.cloudera.cmf.command.flow.CmdStep: Executing command 1546436812 work: Execute 14 steps in sequence INFO scm-web-77659:com.cloudera.cmf.command.flow.CmdStep: Executing command 1546436812 work: Generate a CMCA and enable Auto-TLS. INFO scm-web-77659:com.cloudera.cmf.command.GenerateCmcaCmdWork: Determined CMCA location: /var/lib/cloudera-scm-server/certmanager INFO scm-web-77659:com.cloudera.cmf.command.GenerateCmcaCmdWork: Modifying init file if present: /var/lib/cloudera-scm-server/certmanager/cm_init.txt INFO scm-web-77659:com.cloudera.cmf.command.GenerateCmcaCmdWork: Generating CMCA INFO scm-web-77659:com.cloudera.cmf.command.CertmanagerRunner: Running CMCA command with args: [setup_custom_certdir, --host-cert, REDACTED, --host-key, REDACTED, --ca-cert, REDACTED, --keystore-pw-file, /tmp/auto-tls/keys/key.pwd, --truststore-pw-file, REDACTED, --configure-services, --skip-cm-init, --override, keystore_type=jks] ERROR scm-web-77659:com.cloudera.cmf.command.CertmanagerRunner: Failed to run CMCA command, return code: 1, stderr: INFO:root:certmanager not running as root INFO:root:Logging to /var/log/cloudera-scm-agent/certmanager.log Traceback (most recent call last): File "/opt/cloudera/cm-agent/bin/certmanager", line 11, in <module> load_entry_point('cmf==7.6.7', 'console_scripts', 'certmanager')() File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py", line 2857, in main return certmanager(obj=argparse.Namespace()) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/core.py", line 716, in __call__ return self.main(*args, **kwargs) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/core.py", line 696, in main rv = self.invoke(ctx) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/core.py", line 1060, in invoke return _process_result(sub_ctx.command.invoke(sub_ctx)) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/core.py", line 889, in invoke return ctx.invoke(self.callback, **ctx.params) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/core.py", line 534, in invoke return callback(*args, **kwargs) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/click/decorators.py", line 27, in new_func return f(get_current_context().obj, *args, **kwargs) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py", line 2694, in setup_custom_certdir truststore_password) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py", line 2014, in setup_server_with_custom_certs self.copy_node_cert(None, hostname) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py", line 1798, in copy_node_cert keystore_file, hostname, password) File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py", line 1607, in _write_keystore_file raise Exception("Failed to generate host pkcs12 file.") Exception: Failed to generate host pkcs12 file. WARN scm-web-77659:com.cloudera.cmf.command.flow.CmdStep: Command 1546436812 Unexpected exception during doWork java.lang.IllegalStateException: Failed to run CMCA command, return code: 1 The ssh user has root permissions assigned. Can you help me with this please @upadhyayk04  Thank you ... View more