About Krish216

Krish216 · ‎02-06-2019

@Lingesh This is not specific to one region. This happens diffferent ones at different time. Region is getting offlined midstream or marks it as not serving exception. There are no inconsistencies reported in hbck - Even hbase master doesn't show any exceptions or errors related to it. What would be the best approach in our case ? Please advise.

Krish216 · ‎02-05-2019

Hello, We're seeing frequent hbase region not serving exception with below error across different region servers [cluster is of 35 regions] - Major compaction is disabled for the envrionment - There are no offpeak and on peak hours added to the config. ast exception: org.apache.hadoop.hbase.NotServingRegionException: org.apache.hadoop.hbase.NotServingRegionException Params in our config are - hbase.hstore.compactionThreshold - 3 , store files has been set to 200.. hstore.blockingWaitTime - 5 sec Here's our application logic which would get the value from specific key and then put to the table using same key. Please let us know if any other ideas to resolve this issue. Thanks in advance.

Krish216 · ‎11-09-2018

@bgooley Thanks for the explanation and help. Intially I have tried with self signed and now I have received signed certificates. Fixed the issue after creating a trustore.

Krish216 · ‎11-08-2018

@bgooley Thank you for the response. I have created keystore file using public cert and the private cert and was able to pass from this issue, but Cloudera management services are not starting. After the creation of keystore, I have copied cacerts from java directory and named it as truststore.jks. This truststore contains root CA , Intermediate CA from the issuing authority. I have added trust store path and password in web console. I see authentication failures in scm server log and cloudera management services are not coming- INFO 285679310@scm-web-11:com.cloudera.server.web.cmf.AuthenticationFailureEventListener: Authentication failure for user: '__cloudera_internal_user__mgmt-ACTIVITYMONITOR-15d443db68f73fcfa654fd83bf04540e' from Host monitor log INFO com.cloudera.cmf.BasicScmProxy: Authentication to SCM required. INFO com.cloudera.cmf.BasicScmProxy: Using encrypted credentials for SCM Please let me know if I'm missing anything.

Krish216 · ‎11-07-2018

Hello, I am facing issues while enabling TLS for Admin console - I have Root CA, Inter CA and server side pub key and priv key. Generate jks file and imported inter ca and pub key into the keystore file referencing it in CM console. But the browser shows it uses self signed CA in keystore file. How can we make CM console use the CA issued certificate ? Please advise. Other way I tried is to convert the server pub key into jks and still it shows server certificate not valid.

Krish216 · ‎09-06-2018

Hi @bgooley, Thank you for the response. Here are the contents - On CM host below CA cert is generated [root@hostname pki]# ls -ltr total 20 -rw-r--r-- 1 root root 1121 Sep 2 12:27 hostname-server.csr -rw-r--r-- 1 root root 1834 Sep 2 12:27 ca-key -rw-r--r-- 1 root root 1314 Sep 2 12:27 ca-cert -rw-r--r-- 1 root root 4198 Sep 2 12:28 hostname.jks lrwxrwxrwx 1 root root 7 Sep 6 10:21 4ba83cc1.0 -> ca-cert [root@hostname pki]# pwd /opt/cloudera/security/pki -> ca cert is imported to keystore along with jsse certs on CM host and same copied to one of the agent hosts. -> copied the contents for ca-cert generate through - openssl req -new -x509 -keyout ca-key -out ca-cert -days 3650 -> created the sym link for the ca-cert, updated the parameters in /etc/cloudera-scm-agent/config.ini along verify_cert_dir -> Here is the output from verification - [root@hostname1.domain cloudera-scm-agent]# openssl s_client -connect hostname:7183 -CAfile /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem < /dev/null CONNECTED(00000003) depth=0 C = Unknown, ST = Unknown, L = Unknown, O = Unknown, OU = Unknown, CN = hostname verify return:1 --- Certificate chain 0 s:/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=hostname i:/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=hostname --- Server certificate -----BEGIN CERTIFICATE----- MIIDmTCCAoGgAwIBAgIEFdAE2jANBgkqhkiG9w0BAQsFADB9MRAwDgYDVQQGEwdV bmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYD VQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMSEwHwYDVQQDExhjc2VraGFy MDIucWU5LmppZ3Nhdy5jb20wHhcNMTgwOTAyMTkyNzAyWhcNMjgwODMwMTkyNzAy WjB9MRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQH EwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMSEw HwYDVQQDExhjc2VraGFyMDIucWU5LmppZ3Nhdy5jb20wggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQCg4ailB41WoGo6h3fepc6wILw37WaRZ3IApxj0ZTO0 n8po151baw0IEk1X+lYXAkuXloycCKsFUhjiOU2AF2iBbVOYXyA9IB5a9a+b507r EG1NqdJrdN6k4kZrsv+91CizYunjNNheDIgUv/gA7U/sSbvvchXUlN+j4y9LpwKH wcbY/kKLZV9EoNeyrJANccHYiHRQgPLfEcQoHJtDRuWt0TIDqZOR+Xe6fICLfDiC 8WRXqpYKRfFoLVwzFEJuilZXT/J9obzhRgxt9sF7eVV86kFa2EIEZ7aAzZGdIeVT s3RpUO/iSq2X5DxQ7BH8Duc6kgfuaAIOCuANeEGO7trxAgMBAAGjITAfMB0GA1Ud DgQWBBTPmi/hBkF9xJxiN4bvB2QehVuM5TANBgkqhkiG9w0BAQsFAAOCAQEAJEgp 747BfFBIKVPoBCOnxopLM0iJ0jhOTMPo2gld8XoHdH52UOKPlnTsYxqRv9qcU2m8 zjlNxpzT2LMEMGWwk8cP+4ikGrW1vI/bUZOVwFg2pDeho/AE9IOgdn6kd9OQXnL+ D2AB8woJwLWEQ755CEETjvk84kC4BVMMCAB4tDhwAEmzhsehg5B1FzVGfNE5k7fS Ey+ZkNMr/9omWYd4lzHja8pCBCISUCVU7c4ybnEdvLfhyGk/uoNzE2Tf11OsmNtj Fqc4Wbfr9BmcEzDWP6pO5ID6hOu93JaKPmMiW6ofzoJfUdF9Mj/q8pEBc88dqpbf aMvL2RAdfPcFFqSEWA== -----END CERTIFICATE----- subject=/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=hostname issuer=/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=hostname --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 1409 bytes and written 415 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 5B91D501E15D42E800371EBAFE7BF3FD673EEEDA1A10E30CBEC808C2431F2325 Session-ID-ctx: Master-Key: A0DD11CA122343D962AFE236893EC2F00371D37DF3BDC340AB3F1CCDC25C8E48F4DC28255A6CC1926654D1708FE23B9A Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1536283905 Timeout : 300 (sec) Verify return code: 0 (ok) --- DONE restarted CM server and agent Please advise if I'm missing anything.

Krish216 · ‎09-06-2018

I did perform rehash after installing open-ssl-perl package. Still we're see SSLError: certificate verify failed on agent logs. [root@hostname pki]# ls -tlr total 16 -rw-r--r-- 1 root root 1834 Sep 5 20:54 ca-key -rw-r--r-- 1 root root 1314 Sep 5 20:59 ca-cert lrwxrwxrwx 1 root root 7 Sep 6 11:58 4ba83bb9.0 -> ca-cert Looks like no where to go further :(. Ideas please ...

Krish216 · ‎09-06-2018

On CM host - Keystore file has been generated and root ca is imported to the same keystore file. In the newly added host, i have copied the cert files under /opt/cloudera/security/pki/ , jsse file and updated the same value in config.ini as indicated in the documentation. I'm not if I missed anything. Any ideas would be really helpful. Thanks.

Krish216 · ‎09-05-2018

We are using CDH 5.8.3 and agent error has SSL: CERTIFICATE_VERIFY_FAILED even the verify cert dir location has specifiied. Below is the error we're seeing in logs : Root ca has been copied to the /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem as instructed in one of the thread along with jsse certs. <<<hostname is valid and we see correct one in logs>>> [05/Sep/2018 21:53:39 +0000] 31359 Thread-13 https ERROR Failed to retrieve/stroe URL: https://<hostname>:7183/cmf/parcel/download/CDH-5.8.3-1.cdh5.8.3.p0.2-el7.parcel.torrent -> /opt/cloudera/parcel-cache/CDH-5.8.3-1.cdh5.8.3.p0.2-el7.parcel.torrent <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)> Traceback (most recent call last): File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.8.3-py2.7.egg/cmf/https.py", line 175, in fetch_to_file resp = self.open(req_url) File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.8.3-py2.7.egg/cmf/https.py", line 170, in open return self.opener(*pargs, **kwargs) File "/usr/lib64/python2.7/urllib2.py", line 431, in open response = self._open(req, data) File "/usr/lib64/python2.7/urllib2.py", line 449, in _open '_open', req) File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain result = func(*args) File "/usr/lib64/python2.7/urllib2.py", line 1258, in https_open context=self._context, check_hostname=self._check_hostname) File "/usr/lib64/python2.7/urllib2.py", line 1214, in do_open raise URLError(err) URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)> Please help.

Krish216 · ‎09-05-2018

Can you check the unknown host exception whether it is a valid hostname. Caused by: java.net.UnknownHostException: masterhost1

Krish216 · ‎03-16-2018

Please check if everything in KDC has been configured and all the processes of KDC master/slaves daemons are running.

Krish216 · ‎03-13-2018

Thanks @bgooley for quick response. Let me check on this and will update the post.

Krish216 · ‎03-12-2018

Hello, When configuring CDH 5.8.3 to Kerberos [MIT KDC, krb5.conf not managed through Cloudera Manager], Cloudera manager is generating all the prinicpals password expiration set to 1965. Restarting the services would fail for the first time and has to modify the prinicpals through kadmin. Regeneration also doesn't work as the expiration was still set to 1965. After modification, services are coming up successfully (which does make sense). Please let us know if we're missing any steps during configuration.

Krish216 · ‎03-12-2018

@bgooley Here is what happened - KDC slave that we're connecting was not running the kpropd demon. Once started we're able to pass the issue. Also, checking on encryption types in kdc.conf made the issue completely resolved. Thank you all the help & suggestions.

Krish216 · ‎03-08-2018

Thanks Gekas for the suggestions. I am able to do kinit with the keytab that is generated without any issue. While starting zookeeper is taking JAVA_HOME as /usr/java/jdk1.8.0 and I have installed the JCE files at the /usr/java/jdk1.8.0/jre/lib/security. There is only one version of java that is installed. I did a netcat from source to KDC hosts and those are working fine as well. Not sure If I'm missing anything.

Krish216 · ‎03-07-2018

Zookeeper service fails to start after kerberos has been enabled with the following error - ERROR org.apache.zookeeper.server.quorum.QuorumPeerMain: Unexpected exception, exiting abnormally java.io.IOException: Could not configure server because SASL configuration did not allow the ZooKeeper server to authenticate itself properly: javax.security.auth.login.LoginException: Checksum failed at org.apache.zookeeper.server.ServerCnxnFactory.configureSaslLogin(ServerCnxnFactory.java:207) at org.apache.zookeeper.server.NIOServerCnxnFactory.configure(NIOServerCnxnFactory.java:87) at org.apache.zookeeper.server.quorum.QuorumPeerMain.runFromConfig(QuorumPeerMain.java:135) at org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:116) at org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:79) please advise. I have been through multiple posts but do not see any solution regarding this.

Krish216 · ‎02-10-2018

@bgooley Yes, uninstalling and re-installing worked. I do agree with the point of usage. Thanks for the help.

Krish216 · ‎02-09-2018

@bgooley Thank you for the response. Activity monitor logs shows there are a token issue with hue user, which is not the correct thing as Generate credentials was workign fine. This issue is coming after spark being added to the existing , even though situation is completed unreal .. if we remove activity monitor and install would help ?

Krish216 · ‎02-07-2018

Activity monitor process comes down immedidately after start. Please let me know how to resolve the issue. Exception in thread "main" java.lang.ExceptionInInitializerError at com.mchange.v2.c3p0.DataSources.<clinit>(DataSources.java:59) at org.hibernate.service.jdbc.connections.internal.C3P0ConnectionProvider.configure(C3P0ConnectionProvider.java:197) at org.hibernate.service.internal.StandardServiceRegistryImpl.configureService(StandardServiceRegistryImpl.java:75) at org.hibernate.service.internal.AbstractServiceRegistryImpl.initializeService(AbstractServiceRegistryImpl.java:159) at org.hibernate.service.internal.AbstractServiceRegistryImpl.getService(AbstractServiceRegistryImpl.java:131) at org.hibernate.engine.jdbc.internal.JdbcServicesImpl.buildJdbcConnectionAccess(JdbcServicesImpl.java:223) at org.hibernate.engine.jdbc.internal.JdbcServicesImpl.configure(JdbcServicesImpl.java:89) at org.hibernate.service.internal.StandardServiceRegistryImpl.configureService(StandardServiceRegistryImpl.java:75) at org.hibernate.service.internal.AbstractServiceRegistryImpl.initializeService(AbstractServiceRegistryImpl.java:159) at org.hibernate.service.internal.AbstractServiceRegistryImpl.getService(AbstractServiceRegistryImpl.java:131) at org.hibernate.cfg.Configuration.buildTypeRegistrations(Configuration.java:1797) at org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:1755) at org.hibernate.ejb.EntityManagerFactoryImpl.<init>(EntityManagerFactoryImpl.java:96) at org.hibernate.ejb.Ejb3Configuration.buildEntityManagerFactory(Ejb3Configuration.java:914) at org.hibernate.ejb.Ejb3Configuration.buildEntityManagerFactory(Ejb3Configuration.java:899) at org.hibernate.ejb.HibernatePersistence.createEntityManagerFactory(HibernatePersistence.java:59) at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:63) at com.cloudera.cmon.FhDatabaseManager.initialize(FhDatabaseManager.java:57) at com.cloudera.cmon.firehose.Main.main(Main.java:484) Caused by: java.util.ConcurrentModificationException at java.util.Hashtable$Enumerator.next(Hashtable.java:1378) at com.mchange.v2.cfg.BasicMultiPropertiesConfig.extractPrefixMapFromRsrcPathMap(BasicMultiPropertiesConfig.java:236) at com.mchange.v2.cfg.BasicMultiPropertiesConfig.<init>(BasicMultiPropertiesConfig.java:129) at com.mchange.v2.cfg.BasicMultiPropertiesConfig.<init>(BasicMultiPropertiesConfig.java:39) at com.mchange.v2.cfg.MultiPropertiesConfig.readVmConfig(MultiPropertiesConfig.java:102) at com.mchange.v2.cfg.MultiPropertiesConfig.readVmConfig(MultiPropertiesConfig.java:74) at com.mchange.v2.log.MLog.<clinit>(MLog.java:48) ... 19 more

Online	Offline
Last Visited	‎02-06-2019 03:13 PM

Date Registered	‎02-07-2018 07:17 PM
Last Visited	‎02-06-2019 03:13 PM
Total Messages Posted	20

Re: Zookeeper service fails to start with checksum...

Re: Activity monitor process comes down after star...

Re: Hbase region not serving exceptions - Table si...

Hbase region not serving exceptions - Table size 1...

Re: Enable TLS for Cloudera Manager Level 1

Re: Enable TLS for Cloudera Manager Level 1

Enable TLS for Cloudera Manager Level 1

Re: Cloudera SCM Agent SSL SSL: CERTIFICATE_VERIFY...

Re: Cloudera SCM Agent SSL SSL: CERTIFICATE_VERIFY...

Re: Cloudera SCM Agent SSL SSL: CERTIFICATE_VERIFY...

Cloudera SCM Agent SSL SSL: CERTIFICATE_VERIFY_FAI...

Re: Cloudera manager installation with external da...

Re: Cloudera - Kerberos GSS initiate failed

Re: Cloudera Manager generating all the Principals...

Cloudera Manager generating all the Principals wit...

Re: Zookeeper service fails to start with checksum...

Re: Zookeeper service fails to start with checksum...

Zookeeper service fails to start with checksum err...

Re: Activity monitor process comes down after star...

Re: Activity monitor process comes down after star...

Activity monitor process comes down after start