Community Articles

Find and share helpful community-sourced technical articles.
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Labels (1)
avatar

When using smartsense 1.2 or below in conjunction with OpenJDK, you get the following error upon startup. It's a none issue which will be resolved in the next smart sense version.

Traceback (most recent call last):
  File "/usr/sbin/hst-agent.py", line 420, in <module> main(sys.argv)
  File "/usr/sbin/hst-agent.py", line 397, in main setup(options)
  File "/usr/sbin/hst-agent.py", line 323, in setup server_hostname = get_server_hostname(server, tries, try_sleep, options.quiet)
  File "/usr/sbin/hst-agent.py", line 107, in get_server_hostname hostname = validate_server_hostname(default_hostname, tries, try_sleep)
  File "/usr/sbin/hst-agent.py", line 125, in validate_server_hostname elif not register_agent(server_hostname):
  File "/usr/sbin/hst-agent.py", line 143, in register_agent if not server_api.register_agent(agent_version):
  File "/usr/hdp/share/hst/hst-agent/lib/hst_agent/ServerAPI.py", line 104, in register_agent content = self.call(request)
  File "/usr/hdp/share/hst/hst-agent/lib/hst_agent/ServerAPI.py", line 52, in call self.cachedconnect = security.CachedHTTPSConnection(self.config)
  File "/usr/hdp/share/hst/hst-agent/lib/hst_agent/security.py", line 111, in __init__ self.connect()
  File "/usr/hdp/share/hst/hst-agent/lib/hst_agent/security.py", line 116, in connect self.httpsconn.connect()
  File "/usr/hdp/share/hst/hst-agent/lib/hst_agent/security.py", line 87, in connect raise err
ssl.SSLError: [Errno 8] _ssl.c:492: EOF occurred in violation of protocol

To fix this issue, you will need to modify the SSL Digest from md5 to sha256.

Here are the steps required to do it.

  • From Ambari stop the SmartSense service ( all components )
  • Backup the old server keys on the HST server host
cp -rp /var/lib/smartsense/hst-server/keys /var/lib/smartsense/hst-server/keys.backup
  • Clean out the old keys on the HST server host
rm -f /var/lib/smartsense/hst-server/keys/ca.key
rm -f /var/lib/smartsense/hst-server/keys/*.csr
rm -f /var/lib/smartsense/hst-server/keys/*.crt
rm -rf /var/lib/smartsense/hst-server/keys/db/*
mkdir /var/lib/smartsense/hst-server/keys/db/newcerts
touch /var/lib/smartsense/hst-server/keys/db/index.txt
echo 01 > /var/lib/smartsense/hst-server/keys/db/serial
  • Modify default digest on HST server host
Edit file /var/lib/smartsense/hst-server/keys/ca.config 
change line "default_md = md5"  to "default_md = sha256"
  • Clean out the old keys on each HST Agent hosts.
rm -f /var/lib/smartsense/hst-agent/keys/*
  • If using HST Gateway, on HST gateway stop the service and remove certs
hst gateway stop
rm -f /var/lib/smartsense/hst-gateway/keys/ca.key
rm -f /var/lib/smartsense/hst-gateway/keys/*.csr
rm -f /var/lib/smartsense/hst-gateway/keys/*.crt
rm -rf /var/lib/smartsense/hst-gateway/keys/db/*
mkdir /var/lib/smartsense/hst-gateway/keys/db/newcerts
touch /var/lib/smartsense/hst-gateway/keys/db/index.txt
echo 01 > /var/lib/smartsense/hst-gateway/keys/db/serial
  • If using HST Gateway, modify default digest on HST gateway host
Edit file /var/lib/smartsense/hst-gateway/keys/ca.config 
change line "default_md = md5"  to "default_md = sha256"
  • If using HST Gateway, on HST server remove old certs
rm -f /var/lib/smartsense/hst-gateway-client/keys
  • If using HST Gateway, on HST Gateway restart service
 hst gateway start
  • Restart SmartSense service from Ambari ( all components ) and verify both Ambari SmartSense service and SmartSense view shows correct number of agents registered.
4,213 Views
Comments
avatar

This occurs on hosts with following JDK versions or newer:

JDK FamilyVersions
Oracle1.8.0_71
Oracle1.7.0_95
Oracle1.6.0_111
OpenJDK1.7.0_45
OpenJDK1.8.0_40

It is also recommended to upgrade to SmartSense 1.2.1+ while applying these changes.

avatar
Rising Star

I had smartsense-hst-1.1.0 packages installed on CentOS 6 (with Oracle JDK 1.8.0_73) affected by this issue.

To follow these instructions I had to replace

/var/lib/smartsense/

with

/usr/hdp/share/hst/

in the paths given above.

E.g instead of

rm -f /var/lib/smartsense/hst-gateway/keys/*.crt

I used

rm -f /usr/hdp/share/hst/hst-gateway/keys/*.crt

Thanks for posting the solution.

Version history
Last update:
‎03-29-2016 12:52 PM
Updated by:
Contributors