You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Ashish Kumar (Jira)" <ji...@apache.org> on 2023/05/31 10:00:00 UTC

[jira] [Comment Edited] (HDDS-7700) Recon server is missing CA certificates

    [ https://issues.apache.org/jira/browse/HDDS-7700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17697854#comment-17697854 ] 

Ashish Kumar edited comment on HDDS-7700 at 5/31/23 9:59 AM:
-------------------------------------------------------------

Hi [~ritesh] , This is related to configuration related to certificate protocol ACL which is already * in master, so recon should able to communicate with SCM to get certificate.


was (Author: JIRAUSER298402):
Hi [~ritesh] , This is related to CM configuration related to certificate protocol ACL which has been fixed and merged. Issue is not applicable for upstream branch.

[~ssulav] can you please help to verify this once with latest build.

> Recon server is missing CA certificates
> ---------------------------------------
>
>                 Key: HDDS-7700
>                 URL: https://issues.apache.org/jira/browse/HDDS-7700
>             Project: Apache Ozone
>          Issue Type: Bug
>          Components: Ozone Recon
>    Affects Versions: 1.2.0
>            Reporter: Soumitra Sulav
>            Assignee: Ashish Kumar
>            Priority: Major
>              Labels: pki
>
> *Issue :*
> Certificates are missing for the Ozone RECON server.
> Neither it's listed in the ozone admin cert list nor we can find it in the certs directory.
> The startup logs of the Recon service confirm that there was an issue with the certificate creation.
> *Error StackTrace :*
> {code:java}
> 2022-12-21 13:43:23,575 INFO org.apache.hadoop.ozone.recon.ReconServer: Recon login successful.
> 2022-12-21 13:43:23,575 INFO org.apache.hadoop.ozone.recon.ReconServer: ReconStorageConfig initialized.Initializing certificate.
> 2022-12-21 13:43:23,575 INFO org.apache.hadoop.ozone.recon.ReconServer: Initializing secure Recon.
> 2022-12-21 13:43:24,246 ERROR org.apache.hadoop.hdds.security.x509.certificate.client.ReconCertificateClient: Default certificate serial id is not set. Can't locate the default certificate for this client.
> 2022-12-21 13:43:24,247 INFO org.apache.hadoop.hdds.security.x509.certificate.client.ReconCertificateClient: Certificate client init case: 6
> 2022-12-21 13:43:24,248 INFO org.apache.hadoop.hdds.security.x509.certificate.client.ReconCertificateClient: Found private and public key but certificate is missing.
> 2022-12-21 13:43:24,359 INFO org.apache.hadoop.ozone.recon.ReconServer: Init response: RECOVER
> 2022-12-21 13:43:24,360 ERROR org.apache.hadoop.ozone.recon.ReconServer: Recon security initialization failed. Recon certificate is missing.
> 2022-12-21 13:43:24,361 ERROR org.apache.hadoop.ozone.recon.ReconServer: Error during initializing Recon certificate
> java.lang.RuntimeException: Recon security initialization failed.
>         at org.apache.hadoop.ozone.recon.ReconServer.initializeCertificateClient(ReconServer.java:204)
>         at org.apache.hadoop.ozone.recon.ReconServer.call(ReconServer.java:125)
>         at org.apache.hadoop.ozone.recon.ReconServer.call(ReconServer.java:71)
>         at picocli.CommandLine.executeUserObject(CommandLine.java:1953)
>         at picocli.CommandLine.access$1300(CommandLine.java:145)
>         at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2352)
>         at picocli.CommandLine$RunLast.handle(CommandLine.java:2346)
>         at picocli.CommandLine$RunLast.handle(CommandLine.java:2311)
>         at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179)
>         at picocli.CommandLine.execute(CommandLine.java:2078)
>         at org.apache.hadoop.hdds.cli.GenericCli.execute(GenericCli.java:100)
>         at org.apache.hadoop.hdds.cli.GenericCli.run(GenericCli.java:91)
>         at org.apache.hadoop.ozone.recon.ReconServer.main(ReconServer.java:92)
> 2022-12-21 13:43:24,364 INFO org.apache.hadoop.ozone.recon.spi.impl.ReconDBProvider: Last known Recon DB : /var/lib/hadoop-ozone/recon/data/recon-container-key.db_1671547060037
> 2022-12-21 13:43:24,626 INFO org.apache.hadoop.ozone.recon.persistence.DefaultDataSourceProvider: JDBC Url for Recon : jdbc:derby:/var/lib/hadoop-ozone/recon/data/ozone_recon_derby.db 
> {code}
> Cluster Details :
> # ozone version
> Using HDDS 1.2.0



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org