Cloudera Community
Dalier
user rank
Explorer
My Accepted Solutions
Show All

Re: Testing HSM connection falied

by Explorer in Support Questions
‎10-23-2025 02:48 PM
‎10-23-2025 02:48 PM
Update: # curl -k -v http://localhost:9090/test_hsm * Trying ::1... * TCP_NODELAY set * Connected to localhost (::1) port 9090 (#0) > GET /test_hsm HTTP/1.1 > Host: localhost:9090 > User-Agent: curl/7.61.1 > Accept: */* > Warning: Binary output can mess up your terminal. Use "--output -" to tell Warning: curl to output it to your terminal anyway, or consider "--output Warning: <FILE>" to save to a file. * Failed writing body (0 != 7) * Closing connection 0   ... View more

Testing HSM connection falied

by Explorer in Support Questions
‎10-23-2025 09:14 AM
‎10-23-2025 09:14 AM
Hello. I have configured the HSM. However, testing per Validating Key HSM Settings fails. Settings ---------- # sudo service keyhsm settings keyHsm Server Configuration information: keyhsm.management.address : 127.0.0.1 keyhsm.server.port : 9090 keyhsm.management.port : 9899 keyhsm.service.port : 19791 keyhsm.jvm.heap.mx.gb : 2 keyhsm.hardware : ncipher Module OCS Password thales.ocs_password : V6DvCGbrimcD7UPA6QnoOhJb37mFOuoScY30LfWjDwvCybL4E99eT5SKUOcZdu6pq5y66iROKZboNagXzCRxl4x7+N3C3ypKzUJV5UwV3hBjaNS2/qpbyUQD+UUgCoOkm6CxuiOFbOu9CmhnlHBC2UwxqjtnMrtzCR7XMI/Vegm6iZGwR9YWFSeTRRjPkQ/Rhce81hTIqmk7U0+LGHEK+niuARmVt6EG7nmDvZMQufqhOoG2yd4FlYKv2Lv9dDKEKTByv/xoT+/Qh/+Y+8ZbuZHDbEPPzJrq6K848jXhV2wBGTt4RJeKayBzUjwix2LREonTcOctgDf/oJhuIbS2dA== Status -------- [root@cloudera-manager ~]# sudo service keyhsm status Key HSM is running as of Thursday October 23rd, 2025 (10:32 AM), (Started : Thursday October 23rd, 2025 (10:29 AM))   Validation failed  -------------------- What is port 11371? # curl -k https://localhost:11371/test_hsm curl: (7) Failed to connect to localhost port 11371: Connection refused Shouldn’t it be 9090, or 19791? # curl -k https://localhost:9090/test_hsm curl: (35) error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate # curl -k https://localhost:19791/test_hsm curl: (7) Failed to connect to localhost port 19791: Connection refused I completed Generate TLS Certificates. Dalier. ... View more

Ranger KMS HSM configuration

by Explorer in Support Questions
‎10-16-2025 01:00 PM
‎10-16-2025 01:00 PM
Hi! I am getting the following error while restarting the Ranger KMS service after configuring the HSM. Please advise. Dalier. Thu Oct 16 15:36:41 EDT 2025 JAVA_HOME=/usr/lib/jvm/java-openjdk Using -XX:OnOutOfMemoryError=/opt/cloudera/cm-agent/service/common/killparent.sh as CSD_JAVA_OPTS Using /var/run/cloudera-scm-agent/process/1546345804-ranger_kms-RANGER_KMS_SERVER as conf dir Using scripts/control.sh as process script CONF_DIR=/var/run/cloudera-scm-agent/process/1546345804-ranger_kms-RANGER_KMS_SERVER CMF_CONF_DIR= Thu Oct 16 15:36:42 EDT 2025: [I] Using : /opt/cloudera/cm/lib/postgresql-42.5.1.jar and org.postgresql.Driver for postgresql database type ERROR: Hadoop KMS could not be started REASON: java.lang.NullPointerException: Cannot invoke "org.apache.hadoop.crypto.key.kms.server.KeyAuthorizationKeyProvider$KeyACLs.startReloader()" because "this.implKeyACLs" is null Stacktrace: --------------------------------------------------- java.lang.NullPointerException: Cannot invoke "org.apache.hadoop.crypto.key.kms.server.KeyAuthorizationKeyProvider$KeyACLs.startReloader()" because "this.implKeyACLs" is null at org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer.startReloader(RangerKmsAuthorizer.java:184) at org.apache.hadoop.crypto.key.kms.server.KMSWebApp.contextInitialized(KMSWebApp.java:137) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4441) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4899) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1364) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1354) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:840) ---------------------------------------------------   ... View more

No database server found while adding Cloudera Man...

by Explorer in Support Questions
‎08-26-2025 11:41 AM
‎08-26-2025 11:41 AM
I have deployed a single node cluster in my lab.  It consists of two virtual machines implemented in VMware: one manager and one host. Trying to Add Cloudera Management Service to address warning “Unable to issue query: could not connect to host monitor”. This is a test of my database:     [root@cloudera-manager ~]# hostname -A     cloudera-manager.interop.local cloudera-manager     [root@cloudera-manager ~]# psql -d scmdb -U scm -W     Password for user scm:     psql (10.23)     Type "help" for help. I entered the following in the Setup Database  GUI:     Type: PostgreSQL     Database Hostname: cloudera-manager.interop.local     Database Name: scmdb     Usename: scm     Password: xxxxxxx Selecting Test Connection fails. Any ideas? Dalier. ... View more
Labels:

Re: Integration with Entrust HSM

by Explorer in Support Questions
‎08-26-2025 07:01 AM
1 Kudo
‎08-26-2025 07:01 AM
1 Kudo
ymprakash Thanks! # yum install /var/www/html/cloudera-repos/cm7/keytrustee-keyhsm-7.1.7.7.1.9.1000-103.x86_64.rpm Updating Subscription Management repositories. ... Installed: keytrustee-keyhsm-7.1.7.7.1.9.1000-103.x86_64 Complete! ... View more

Integration with HSM

by Explorer in Support Questions
‎08-25-2025 06:39 PM
‎08-25-2025 06:39 PM
Hi! I am testing the integration between Cloudera Manager and HSM . For that purpose I have deployed a singe node cluster in my lab.  It consists of two virtual machines implemented in VMware: one manager and one host. Getting and error trying to complete Installing Cloudera Navigator Key HSM. Here are the steps I took: 1. mkdir -p /var/www/html/cloudera-repos/cm7 2. wget https://xxxxxx:xxxxxx@archive.cloudera.com/p/cm7/7.13.1.0/repo-as-tarball/cm7.13.1.0-redhat8.tar.gz -P /var/www/html/cloudera-repos/cm7/ 3. tar xvfz /var/www/html/cloudera-repos/cm7/cm7.13.1.0-redhat8.tar.gz -C /var/www/html/cloudera-repos/cm7 --strip-components=1 4. sudo chmod -R ugo+rX /var/www/html/cloudera-repos/cm7 5. In another ssh session, start a Python http.server in the /var/www/html directory.  6. Through vSphere launch a WEB console. 7. Launch the browser and go to https://localhost:8900/cloudera-repos/ and verify the extracted files are present. Checked OK. 8. cat /etc/yum.repos.d/cloudera-repo.repo     [cloudera-repo]     name=cloudera-repo     baseurl=http://localhost:8900/cloudera-repos/cm7     enabled=1     gpgcheck=0 9. sudo rpm --import http://localhost:8900/cloudera-repos/cm7/RPM-GPG-KEY-cloudera 10. sudo yum install keytrustee-keyhsm     Updating Subscription Management repositories.     cloudera-repo 22 MB/s | 151 kB 00:00     No match for argument: keytrustee-keyhsm     Error: Unable to find a match: keytrustee-keyhsm Any ideas? Dalier.   ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎10-24-2025 05:32 AM
Community Statistics
Member Since ‎08-25-2025 06:11 PM
Last Visited ‎10-24-2025 05:32 AM
Posts 6
Kudos received 1