You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@slider.apache.org by Rui Zhang <rz...@vertica.com> on 2014/08/14 21:54:28 UTC
ssl error after changing to slider-dev branch
Hi, everyone,
I have changed to the dev branch but now it has this error.
ERROR 2014-08-14 15:52:28,244 NetUtil.py:52 - [Errno 8] _ssl.c:510: EOF
occurred in violation of protocol
ERROR 2014-08-14 15:52:28,244 NetUtil.py:54 - SSLError: Failed to
connect. Please check openssl library versions.
How to solve it?
Thanks
--
Rui Zhang
Software engineer Intern
Vertica, an HP Company
rzhang@vertica.com
Re: ssl error after changing to slider-dev branch
Posted by Rui Zhang <rz...@vertica.com>.
INFO 2014-08-14 20:12:43,671 NetUtil.py:38 - Connecting to the following
url https://vertica2.rzhang.com:58160/ws/v1/slider/agents/
ERROR 2014-08-14 20:12:43,674 NetUtil.py:52 - [Errno 8] _ssl.c:510: EOF
occurred in violation of protocol
ERROR 2014-08-14 20:12:43,675 NetUtil.py:54 - SSLError: Failed to
connect. Please check openssl library versions.
Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more
details.
INFO 2014-08-14 20:12:43,675 NetUtil.py:76 - Server at
https://vertica2.rzhang.com:58160/ws/v1/slider/agents/ is not reachable,
sleeping for 10 seconds...
This part is repeated several times in the agent.log.
I checked the code of NetUtil.py. It is now httplib.HTTPSConnection but
in the previous version it is HTTP. So what should I change in my
configuration file?
Thanks.
On 08/14/2014 04:12 PM, Jon Maron wrote:
> Can you provide more of a stack trace from either the agent logs or the application master log? Thanks!
>
> Going Mobile
>
>
>> On Aug 14, 2014, at 3:54 PM, Rui Zhang <rz...@vertica.com> wrote:
>>
>> Hi, everyone,
>>
>> I have changed to the dev branch but now it has this error.
>>
>> ERROR 2014-08-14 15:52:28,244 NetUtil.py:52 - [Errno 8] _ssl.c:510: EOF occurred in violation of protocol
>> ERROR 2014-08-14 15:52:28,244 NetUtil.py:54 - SSLError: Failed to connect. Please check openssl library versions.
>>
>> How to solve it?
>> Thanks
>>
>> --
>> Rui Zhang
>> Software engineer Intern
>> Vertica, an HP Company
>> rzhang@vertica.com
>>
--
Rui Zhang
Software engineer Intern
Vertica, an HP Company
rzhang@vertica.com
Re: ssl error after changing to slider-dev branch
Posted by Jon Maron <jm...@hortonworks.com>.
Can you provide more of a stack trace from either the agent logs or the application master log? Thanks!
Going Mobile
> On Aug 14, 2014, at 3:54 PM, Rui Zhang <rz...@vertica.com> wrote:
>
> Hi, everyone,
>
> I have changed to the dev branch but now it has this error.
>
> ERROR 2014-08-14 15:52:28,244 NetUtil.py:52 - [Errno 8] _ssl.c:510: EOF occurred in violation of protocol
> ERROR 2014-08-14 15:52:28,244 NetUtil.py:54 - SSLError: Failed to connect. Please check openssl library versions.
>
> How to solve it?
> Thanks
>
> --
> Rui Zhang
> Software engineer Intern
> Vertica, an HP Company
> rzhang@vertica.com
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: ssl error after changing to slider-dev branch
Posted by Rui Zhang <rz...@vertica.com>.
Thanks, Jon!
This is the reason for the error!
I think you should mention this in your documentation.
Just commented out this line:
security.provider.10=sun.security.pkcs11.SunPKCS11
${java.home}/lib/security/nss.cfg
in java.security will make it work.
Thanks again.
On 08/20/2014 02:43 PM, Rui Zhang wrote:
> I found this in the slider-out log:
>
> Extension ec_point_formats, formats: [uncompressed,
> ansiX962_compressed_prime, ansiX962_compressed_char2]
> Extension elliptic_curves, curve names: {sect571r1, sect571k1,
> secp521r1, sect409k1, sect409r1, secp384r1, sect283k1, sect283r1,
> secp256k1, secp256r1, sect239k1, sect233k1, sect233r1, secp224k1,
> secp224r1, sect193r1, sect193r2, secp192k1, secp192r1, sect163k1,
> sect163r1, sect163r2, secp160k1, secp160r1, secp160r2}
> Unsupported extension type_35, data:
> Extension signature_algorithms, signature_algorithms: SHA512withRSA,
> Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA384withRSA,
> Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA256withRSA,
> Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA224withRSA,
> Unknown (hash:0x3, signature:0x2), SHA224withECDSA, SHA1withRSA,
> SHA1withDSA, SHA1withECDSA
> Extension elliptic_curves, curve names: {sect571r1, sect571k1,
> secp521r1, sect409k1, sect409r1, secp384r1, sect283k1, sect283r1,
> secp256k1, secp256r1, sect239k1, sect233k1, sect233r1, secp224k1,
> secp224r1, sect193r1, sect193r2, secp192k1, secp192r1, sect163k1,
> sect163r1, sect163r2, secp160k1, secp160r1, secp160r2}
> Unsupported extension type_15, data: 01
>
> And after googling, I found this:
> https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1006776
>
> It seems an incompatibility between openjdk and openssl1.0.1.
>
> I think this might be the reason for the failure. I will try the
> methods mentioned in the comments.
>
> Thanks,
> Rui
> On 08/20/2014 01:59 PM, Jon Maron wrote:
>> "jvm.heapsize": "256M",
>> "jvm.opts": "-Djavax.net.debug=all"
>
--
Rui Zhang
Software engineer Intern
Vertica, an HP Company
rzhang@vertica.com
Re: ssl error after changing to slider-dev branch
Posted by Rui Zhang <rz...@vertica.com>.
I found this in the slider-out log:
Extension ec_point_formats, formats: [uncompressed,
ansiX962_compressed_prime, ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {sect571r1, sect571k1,
secp521r1, sect409k1, sect409r1, secp384r1, sect283k1, sect283r1,
secp256k1, secp256r1, sect239k1, sect233k1, sect233r1, secp224k1,
secp224r1, sect193r1, sect193r2, secp192k1, secp192r1, sect163k1,
sect163r1, sect163r2, secp160k1, secp160r1, secp160r2}
Unsupported extension type_35, data:
Extension signature_algorithms, signature_algorithms: SHA512withRSA,
Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA384withRSA,
Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA256withRSA,
Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA224withRSA,
Unknown (hash:0x3, signature:0x2), SHA224withECDSA, SHA1withRSA,
SHA1withDSA, SHA1withECDSA
Extension elliptic_curves, curve names: {sect571r1, sect571k1,
secp521r1, sect409k1, sect409r1, secp384r1, sect283k1, sect283r1,
secp256k1, secp256r1, sect239k1, sect233k1, sect233r1, secp224k1,
secp224r1, sect193r1, sect193r2, secp192k1, secp192r1, sect163k1,
sect163r1, sect163r2, secp160k1, secp160r1, secp160r2}
Unsupported extension type_15, data: 01
And after googling, I found this:
https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1006776
It seems an incompatibility between openjdk and openssl1.0.1.
I think this might be the reason for the failure. I will try the methods
mentioned in the comments.
Thanks,
Rui
On 08/20/2014 01:59 PM, Jon Maron wrote:
> "jvm.heapsize": "256M",
> "jvm.opts": "-Djavax.net.debug=all"
--
Rui Zhang
Software engineer Intern
Vertica, an HP Company
rzhang@vertica.com
Re: ssl error after changing to slider-dev branch
Posted by Jon Maron <jm...@hortonworks.com>.
Try adding the following to your appConfig.json:
"components": {
. . .
},
"slider-appmaster": {
"jvm.heapsize": "256M",
"jvm.opts": "-Djavax.net.debug=all"
},
You should see some output from the protocol handshake, probably in slider-out.txt. Maybe that’ll tell us more about the nature of the SSL issue in your environment.
— Jon
On Aug 20, 2014, at 1:37 PM, Rui Zhang <rz...@vertica.com> wrote:
> I found:
>
> 14/08/20 11:37:41 INFO mortbay.log: Started SslSelectChannelConnector@0.0.0.0:36655
> 14/08/20 11:37:41 INFO mortbay.log: Started SslSelectChannelConnector@0.0.0.0:35861
>
> in am log.
>
> And
>
> INFO 2014-08-20 15:38:21,060 NetUtil.py:38 - Connecting to the following url https://rzhang-HP-ZBook-15:36655/ws/v1/slider/agents/
> ERROR 2014-08-20 15:38:21,065 NetUtil.py:52 - [Errno 8] _ssl.c:510: EOF occurred in violation of protocol
> ERROR 2014-08-20 15:38:21,065 NetUtil.py:54 - SSLError: Failed to connect. Please check openssl library versions.
> Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more details.
> INFO 2014-08-20 15:38:21,065 NetUtil.py:76 - Server at https://rzhang-HP-ZBook-15:36655/ws/v1/slider/agents/ is not reachable, sleeping for 10 seconds...
>
> in the agent log.
> It picked the first port. So I think I have already applied the fix.
>
> Thanks.
> Rui
> On 08/20/2014 12:39 PM, Jon Maron wrote:
>> that looks fine. Can you do the following:
>>
>> - Look for logging statements in the AM log like the following:
>>
>> 14/08/20 15:56:04 INFO mortbay.log: Started SslSelectChannelConnector@0.0.0.0:55882
>> 14/08/20 15:56:05 INFO mortbay.log: Started SslSelectChannelConnector@0.0.0.0:48592
>>
>> the connection attempt in you agent side log should be to one of these ports (probably the first)
>>
>> If it’s neither of those then your probably trying to connect to the AM port, which is related in the following log statement:
>>
>> 14/08/20 15:56:05 INFO http.HttpServer2: Jetty bound to port 33238
>> If it’s an attempt to that latter port then you apparently haven’t picked up the fix for SLIDER-333.
>>
>> — Jon
>>
>> On Aug 20, 2014, at 12:17 PM, Rui Zhang <rz...@vertica.com> wrote:
>>
>>> Hi, Jon,
>>>
>>> I tried the new version but the error still exists.
>>>
>>> I attached my slider-client.xml. Is there something wrong with the configuration?
>>>
>>> Rui
>>> On 08/20/2014 10:05 AM, Jon Maron wrote:
>>>> Hi,
>>>>
>>>> A fix for Slider-333 had just been merged and addresses some issues that appear to be similar. You may want to checkout the latest from develop branch and see if that works better.
>>>>
>>>> — Jon
>>>>
>>>> On Aug 19, 2014, at 4:41 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>>
>>>>> Log attached. This is generated when I run the command logger example.
>>>>>
>>>>> On 08/19/2014 03:38 PM, Jon Maron wrote:
>>>>>> I guess send the full agent and AM logs - I just this morning setup a cluster with no issue (admittedly this was on centos 6.4)
>>>>>>
>>>>>> — Jon
>>>>>>
>>>>>> On Aug 19, 2014, at 3:20 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>>>>
>>>>>>> I think it is one-way ssl because I didn't set ssl.server.client.auth to true.
>>>>>>>
>>>>>>> BTW, I am using openssl 1.0.1f, Ubuntu14.04 and Hadoop 2.4.0.
>>>>>>>
>>>>>>> Rui
>>>>>>>
>>>>>>> On 08/19/2014 03:06 PM, Jon Maron wrote:
>>>>>>>> I’m going to attempt this sort of deployment (I’m assuming you’re attempting two way SSL?) this afternoon (finishing up my current patch) and see if I can recreate the issue.
>>>>>>>>
>>>>>>>> — Jon
>>>>>>>>
>>>>>>>> On Aug 19, 2014, at 2:52 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>>>>>>
>>>>>>>>> Tried so many methods.
>>>>>>>>> Changing the signature algorithm to sha256 in the java code and adding the cert to trusted list.
>>>>>>>>>
>>>>>>>>> All does not work and the same error.
>>>>>>>>>
>>>>>>>>> The certificate is generated in /tmp/work/security so I don't know what is wrong. Is there a self-check test for me to know whether I configure correctly or not?
>>>>>>>>>
>>>>>>>>> Thanks.
>>>>>>>>>
>>>>>>>>> On 08/15/2014 12:14 PM, Jon Maron wrote:
>>>>>>>>>> OK. Make sure the AM logs indicate that the openssl commands are succeeding. You should see log statements displaying some openssl command or statements indicating if the server certificate exists.
>>>>>>>>>>
>>>>>>>>>> On Aug 15, 2014, at 12:05 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Having done all of these but still got this error. It also says that it is not verified when I opened the link in the browser.
>>>>>>>>>>>
>>>>>>>>>>> Maybe there is some issue with my openssl. I will try to solve and report to you my progress.
>>>>>>>>>>>
>>>>>>>>>>> Thanks.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 08/15/2014 11:17 AM, Jon Maron wrote:
>>>>>>>>>>>> - the agent code has been modified to communicate via SSL. That code is downloaded to each launched container from /slider/agent HDFS folder (slider-agent.tar.gz). If you have installed an up to date version of slider you’ll need to update that file in HDFS.
>>>>>>>>>>> --
>>>>>>>>>>> Rui Zhang
>>>>>>>>>>> Software engineer Intern
>>>>>>>>>>> Vertica, an HP Company
>>>>>>>>>>> rzhang@vertica.com
>>>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Rui Zhang
>>>>>>>>> Software engineer Intern
>>>>>>>>> Vertica, an HP Company
>>>>>>>>> rzhang@vertica.com
>>>>>>>>>
>>>>>>> --
>>>>>>> Rui Zhang
>>>>>>> Software engineer Intern
>>>>>>> Vertica, an HP Company
>>>>>>> rzhang@vertica.com
>>>>>>>
>>>>> --
>>>>> Rui Zhang
>>>>> Software engineer Intern
>>>>> Vertica, an HP Company
>>>>> rzhang@vertica.com
>>>>>
>>>>> <slider.tar.gz>
>>> --
>>> Rui Zhang
>>> Software engineer Intern
>>> Vertica, an HP Company
>>> rzhang@vertica.com
>>>
>>> <slider-client.xml>
>>
>
> --
> Rui Zhang
> Software engineer Intern
> Vertica, an HP Company
> rzhang@vertica.com
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: ssl error after changing to slider-dev branch
Posted by Rui Zhang <rz...@vertica.com>.
I found:
14/08/20 11:37:41 INFO mortbay.log: Started
SslSelectChannelConnector@0.0.0.0:36655
14/08/20 11:37:41 INFO mortbay.log: Started
SslSelectChannelConnector@0.0.0.0:35861
in am log.
And
INFO 2014-08-20 15:38:21,060 NetUtil.py:38 - Connecting to the following
url https://rzhang-HP-ZBook-15:36655/ws/v1/slider/agents/
ERROR 2014-08-20 15:38:21,065 NetUtil.py:52 - [Errno 8] _ssl.c:510: EOF
occurred in violation of protocol
ERROR 2014-08-20 15:38:21,065 NetUtil.py:54 - SSLError: Failed to
connect. Please check openssl library versions.
Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more
details.
INFO 2014-08-20 15:38:21,065 NetUtil.py:76 - Server at
https://rzhang-HP-ZBook-15:36655/ws/v1/slider/agents/ is not reachable,
sleeping for 10 seconds...
in the agent log.
It picked the first port. So I think I have already applied the fix.
Thanks.
Rui
On 08/20/2014 12:39 PM, Jon Maron wrote:
> that looks fine. Can you do the following:
>
> - Look for logging statements in the AM log like the following:
>
> 14/08/20 15:56:04 INFO mortbay.log: Started SslSelectChannelConnector@0.0.0.0:55882
> 14/08/20 15:56:05 INFO mortbay.log: Started SslSelectChannelConnector@0.0.0.0:48592
>
> the connection attempt in you agent side log should be to one of these ports (probably the first)
>
> If it’s neither of those then your probably trying to connect to the AM port, which is related in the following log statement:
>
> 14/08/20 15:56:05 INFO http.HttpServer2: Jetty bound to port 33238
>
> If it’s an attempt to that latter port then you apparently haven’t picked up the fix for SLIDER-333.
>
> — Jon
>
> On Aug 20, 2014, at 12:17 PM, Rui Zhang <rz...@vertica.com> wrote:
>
>> Hi, Jon,
>>
>> I tried the new version but the error still exists.
>>
>> I attached my slider-client.xml. Is there something wrong with the configuration?
>>
>> Rui
>> On 08/20/2014 10:05 AM, Jon Maron wrote:
>>> Hi,
>>>
>>> A fix for Slider-333 had just been merged and addresses some issues that appear to be similar. You may want to checkout the latest from develop branch and see if that works better.
>>>
>>> — Jon
>>>
>>> On Aug 19, 2014, at 4:41 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>
>>>> Log attached. This is generated when I run the command logger example.
>>>>
>>>> On 08/19/2014 03:38 PM, Jon Maron wrote:
>>>>> I guess send the full agent and AM logs - I just this morning setup a cluster with no issue (admittedly this was on centos 6.4)
>>>>>
>>>>> — Jon
>>>>>
>>>>> On Aug 19, 2014, at 3:20 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>>>
>>>>>> I think it is one-way ssl because I didn't set ssl.server.client.auth to true.
>>>>>>
>>>>>> BTW, I am using openssl 1.0.1f, Ubuntu14.04 and Hadoop 2.4.0.
>>>>>>
>>>>>> Rui
>>>>>>
>>>>>> On 08/19/2014 03:06 PM, Jon Maron wrote:
>>>>>>> I’m going to attempt this sort of deployment (I’m assuming you’re attempting two way SSL?) this afternoon (finishing up my current patch) and see if I can recreate the issue.
>>>>>>>
>>>>>>> — Jon
>>>>>>>
>>>>>>> On Aug 19, 2014, at 2:52 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>>>>>
>>>>>>>> Tried so many methods.
>>>>>>>> Changing the signature algorithm to sha256 in the java code and adding the cert to trusted list.
>>>>>>>>
>>>>>>>> All does not work and the same error.
>>>>>>>>
>>>>>>>> The certificate is generated in /tmp/work/security so I don't know what is wrong. Is there a self-check test for me to know whether I configure correctly or not?
>>>>>>>>
>>>>>>>> Thanks.
>>>>>>>>
>>>>>>>> On 08/15/2014 12:14 PM, Jon Maron wrote:
>>>>>>>>> OK. Make sure the AM logs indicate that the openssl commands are succeeding. You should see log statements displaying some openssl command or statements indicating if the server certificate exists.
>>>>>>>>>
>>>>>>>>> On Aug 15, 2014, at 12:05 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>>>>>>>
>>>>>>>>>> Having done all of these but still got this error. It also says that it is not verified when I opened the link in the browser.
>>>>>>>>>>
>>>>>>>>>> Maybe there is some issue with my openssl. I will try to solve and report to you my progress.
>>>>>>>>>>
>>>>>>>>>> Thanks.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 08/15/2014 11:17 AM, Jon Maron wrote:
>>>>>>>>>>> - the agent code has been modified to communicate via SSL. That code is downloaded to each launched container from /slider/agent HDFS folder (slider-agent.tar.gz). If you have installed an up to date version of slider you’ll need to update that file in HDFS.
>>>>>>>>>> --
>>>>>>>>>> Rui Zhang
>>>>>>>>>> Software engineer Intern
>>>>>>>>>> Vertica, an HP Company
>>>>>>>>>> rzhang@vertica.com
>>>>>>>>>>
>>>>>>>> --
>>>>>>>> Rui Zhang
>>>>>>>> Software engineer Intern
>>>>>>>> Vertica, an HP Company
>>>>>>>> rzhang@vertica.com
>>>>>>>>
>>>>>> --
>>>>>> Rui Zhang
>>>>>> Software engineer Intern
>>>>>> Vertica, an HP Company
>>>>>> rzhang@vertica.com
>>>>>>
>>>> --
>>>> Rui Zhang
>>>> Software engineer Intern
>>>> Vertica, an HP Company
>>>> rzhang@vertica.com
>>>>
>>>> <slider.tar.gz>
>> --
>> Rui Zhang
>> Software engineer Intern
>> Vertica, an HP Company
>> rzhang@vertica.com
>>
>> <slider-client.xml>
>
--
Rui Zhang
Software engineer Intern
Vertica, an HP Company
rzhang@vertica.com
Re: ssl error after changing to slider-dev branch
Posted by Jon Maron <jm...@hortonworks.com>.
that looks fine. Can you do the following:
- Look for logging statements in the AM log like the following:
14/08/20 15:56:04 INFO mortbay.log: Started SslSelectChannelConnector@0.0.0.0:55882
14/08/20 15:56:05 INFO mortbay.log: Started SslSelectChannelConnector@0.0.0.0:48592
the connection attempt in you agent side log should be to one of these ports (probably the first)
If it’s neither of those then your probably trying to connect to the AM port, which is related in the following log statement:
14/08/20 15:56:05 INFO http.HttpServer2: Jetty bound to port 33238
If it’s an attempt to that latter port then you apparently haven’t picked up the fix for SLIDER-333.
— Jon
On Aug 20, 2014, at 12:17 PM, Rui Zhang <rz...@vertica.com> wrote:
> Hi, Jon,
>
> I tried the new version but the error still exists.
>
> I attached my slider-client.xml. Is there something wrong with the configuration?
>
> Rui
> On 08/20/2014 10:05 AM, Jon Maron wrote:
>> Hi,
>>
>> A fix for Slider-333 had just been merged and addresses some issues that appear to be similar. You may want to checkout the latest from develop branch and see if that works better.
>>
>> — Jon
>>
>> On Aug 19, 2014, at 4:41 PM, Rui Zhang <rz...@vertica.com> wrote:
>>
>>> Log attached. This is generated when I run the command logger example.
>>>
>>> On 08/19/2014 03:38 PM, Jon Maron wrote:
>>>> I guess send the full agent and AM logs - I just this morning setup a cluster with no issue (admittedly this was on centos 6.4)
>>>>
>>>> — Jon
>>>>
>>>> On Aug 19, 2014, at 3:20 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>>
>>>>> I think it is one-way ssl because I didn't set ssl.server.client.auth to true.
>>>>>
>>>>> BTW, I am using openssl 1.0.1f, Ubuntu14.04 and Hadoop 2.4.0.
>>>>>
>>>>> Rui
>>>>>
>>>>> On 08/19/2014 03:06 PM, Jon Maron wrote:
>>>>>> I’m going to attempt this sort of deployment (I’m assuming you’re attempting two way SSL?) this afternoon (finishing up my current patch) and see if I can recreate the issue.
>>>>>>
>>>>>> — Jon
>>>>>>
>>>>>> On Aug 19, 2014, at 2:52 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>>>>
>>>>>>> Tried so many methods.
>>>>>>> Changing the signature algorithm to sha256 in the java code and adding the cert to trusted list.
>>>>>>>
>>>>>>> All does not work and the same error.
>>>>>>>
>>>>>>> The certificate is generated in /tmp/work/security so I don't know what is wrong. Is there a self-check test for me to know whether I configure correctly or not?
>>>>>>>
>>>>>>> Thanks.
>>>>>>>
>>>>>>> On 08/15/2014 12:14 PM, Jon Maron wrote:
>>>>>>>> OK. Make sure the AM logs indicate that the openssl commands are succeeding. You should see log statements displaying some openssl command or statements indicating if the server certificate exists.
>>>>>>>>
>>>>>>>> On Aug 15, 2014, at 12:05 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>>>>>>
>>>>>>>>> Having done all of these but still got this error. It also says that it is not verified when I opened the link in the browser.
>>>>>>>>>
>>>>>>>>> Maybe there is some issue with my openssl. I will try to solve and report to you my progress.
>>>>>>>>>
>>>>>>>>> Thanks.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 08/15/2014 11:17 AM, Jon Maron wrote:
>>>>>>>>>> - the agent code has been modified to communicate via SSL. That code is downloaded to each launched container from /slider/agent HDFS folder (slider-agent.tar.gz). If you have installed an up to date version of slider you’ll need to update that file in HDFS.
>>>>>>>>> --
>>>>>>>>> Rui Zhang
>>>>>>>>> Software engineer Intern
>>>>>>>>> Vertica, an HP Company
>>>>>>>>> rzhang@vertica.com
>>>>>>>>>
>>>>>>> --
>>>>>>> Rui Zhang
>>>>>>> Software engineer Intern
>>>>>>> Vertica, an HP Company
>>>>>>> rzhang@vertica.com
>>>>>>>
>>>>> --
>>>>> Rui Zhang
>>>>> Software engineer Intern
>>>>> Vertica, an HP Company
>>>>> rzhang@vertica.com
>>>>>
>>> --
>>> Rui Zhang
>>> Software engineer Intern
>>> Vertica, an HP Company
>>> rzhang@vertica.com
>>>
>>> <slider.tar.gz>
>>
>
> --
> Rui Zhang
> Software engineer Intern
> Vertica, an HP Company
> rzhang@vertica.com
>
> <slider-client.xml>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: ssl error after changing to slider-dev branch
Posted by Rui Zhang <rz...@vertica.com>.
Hi, Jon,
I tried the new version but the error still exists.
I attached my slider-client.xml. Is there something wrong with the
configuration?
Rui
On 08/20/2014 10:05 AM, Jon Maron wrote:
> Hi,
>
> A fix for Slider-333 had just been merged and addresses some issues that appear to be similar. You may want to checkout the latest from develop branch and see if that works better.
>
> — Jon
>
> On Aug 19, 2014, at 4:41 PM, Rui Zhang <rz...@vertica.com> wrote:
>
>> Log attached. This is generated when I run the command logger example.
>>
>> On 08/19/2014 03:38 PM, Jon Maron wrote:
>>> I guess send the full agent and AM logs - I just this morning setup a cluster with no issue (admittedly this was on centos 6.4)
>>>
>>> — Jon
>>>
>>> On Aug 19, 2014, at 3:20 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>
>>>> I think it is one-way ssl because I didn't set ssl.server.client.auth to true.
>>>>
>>>> BTW, I am using openssl 1.0.1f, Ubuntu14.04 and Hadoop 2.4.0.
>>>>
>>>> Rui
>>>>
>>>> On 08/19/2014 03:06 PM, Jon Maron wrote:
>>>>> I’m going to attempt this sort of deployment (I’m assuming you’re attempting two way SSL?) this afternoon (finishing up my current patch) and see if I can recreate the issue.
>>>>>
>>>>> — Jon
>>>>>
>>>>> On Aug 19, 2014, at 2:52 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>>>
>>>>>> Tried so many methods.
>>>>>> Changing the signature algorithm to sha256 in the java code and adding the cert to trusted list.
>>>>>>
>>>>>> All does not work and the same error.
>>>>>>
>>>>>> The certificate is generated in /tmp/work/security so I don't know what is wrong. Is there a self-check test for me to know whether I configure correctly or not?
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>> On 08/15/2014 12:14 PM, Jon Maron wrote:
>>>>>>> OK. Make sure the AM logs indicate that the openssl commands are succeeding. You should see log statements displaying some openssl command or statements indicating if the server certificate exists.
>>>>>>>
>>>>>>> On Aug 15, 2014, at 12:05 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>>>>>
>>>>>>>> Having done all of these but still got this error. It also says that it is not verified when I opened the link in the browser.
>>>>>>>>
>>>>>>>> Maybe there is some issue with my openssl. I will try to solve and report to you my progress.
>>>>>>>>
>>>>>>>> Thanks.
>>>>>>>>
>>>>>>>>
>>>>>>>> On 08/15/2014 11:17 AM, Jon Maron wrote:
>>>>>>>>> - the agent code has been modified to communicate via SSL. That code is downloaded to each launched container from /slider/agent HDFS folder (slider-agent.tar.gz). If you have installed an up to date version of slider you’ll need to update that file in HDFS.
>>>>>>>> --
>>>>>>>> Rui Zhang
>>>>>>>> Software engineer Intern
>>>>>>>> Vertica, an HP Company
>>>>>>>> rzhang@vertica.com
>>>>>>>>
>>>>>> --
>>>>>> Rui Zhang
>>>>>> Software engineer Intern
>>>>>> Vertica, an HP Company
>>>>>> rzhang@vertica.com
>>>>>>
>>>> --
>>>> Rui Zhang
>>>> Software engineer Intern
>>>> Vertica, an HP Company
>>>> rzhang@vertica.com
>>>>
>> --
>> Rui Zhang
>> Software engineer Intern
>> Vertica, an HP Company
>> rzhang@vertica.com
>>
>> <slider.tar.gz>
>
--
Rui Zhang
Software engineer Intern
Vertica, an HP Company
rzhang@vertica.com
Re: ssl error after changing to slider-dev branch
Posted by Jon Maron <jm...@hortonworks.com>.
Hi,
A fix for Slider-333 had just been merged and addresses some issues that appear to be similar. You may want to checkout the latest from develop branch and see if that works better.
— Jon
On Aug 19, 2014, at 4:41 PM, Rui Zhang <rz...@vertica.com> wrote:
> Log attached. This is generated when I run the command logger example.
>
> On 08/19/2014 03:38 PM, Jon Maron wrote:
>> I guess send the full agent and AM logs - I just this morning setup a cluster with no issue (admittedly this was on centos 6.4)
>>
>> — Jon
>>
>> On Aug 19, 2014, at 3:20 PM, Rui Zhang <rz...@vertica.com> wrote:
>>
>>> I think it is one-way ssl because I didn't set ssl.server.client.auth to true.
>>>
>>> BTW, I am using openssl 1.0.1f, Ubuntu14.04 and Hadoop 2.4.0.
>>>
>>> Rui
>>>
>>> On 08/19/2014 03:06 PM, Jon Maron wrote:
>>>> I’m going to attempt this sort of deployment (I’m assuming you’re attempting two way SSL?) this afternoon (finishing up my current patch) and see if I can recreate the issue.
>>>>
>>>> — Jon
>>>>
>>>> On Aug 19, 2014, at 2:52 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>>
>>>>> Tried so many methods.
>>>>> Changing the signature algorithm to sha256 in the java code and adding the cert to trusted list.
>>>>>
>>>>> All does not work and the same error.
>>>>>
>>>>> The certificate is generated in /tmp/work/security so I don't know what is wrong. Is there a self-check test for me to know whether I configure correctly or not?
>>>>>
>>>>> Thanks.
>>>>>
>>>>> On 08/15/2014 12:14 PM, Jon Maron wrote:
>>>>>> OK. Make sure the AM logs indicate that the openssl commands are succeeding. You should see log statements displaying some openssl command or statements indicating if the server certificate exists.
>>>>>>
>>>>>> On Aug 15, 2014, at 12:05 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>>>>
>>>>>>> Having done all of these but still got this error. It also says that it is not verified when I opened the link in the browser.
>>>>>>>
>>>>>>> Maybe there is some issue with my openssl. I will try to solve and report to you my progress.
>>>>>>>
>>>>>>> Thanks.
>>>>>>>
>>>>>>>
>>>>>>> On 08/15/2014 11:17 AM, Jon Maron wrote:
>>>>>>>> - the agent code has been modified to communicate via SSL. That code is downloaded to each launched container from /slider/agent HDFS folder (slider-agent.tar.gz). If you have installed an up to date version of slider you’ll need to update that file in HDFS.
>>>>>>> --
>>>>>>> Rui Zhang
>>>>>>> Software engineer Intern
>>>>>>> Vertica, an HP Company
>>>>>>> rzhang@vertica.com
>>>>>>>
>>>>> --
>>>>> Rui Zhang
>>>>> Software engineer Intern
>>>>> Vertica, an HP Company
>>>>> rzhang@vertica.com
>>>>>
>>> --
>>> Rui Zhang
>>> Software engineer Intern
>>> Vertica, an HP Company
>>> rzhang@vertica.com
>>>
>>
>
> --
> Rui Zhang
> Software engineer Intern
> Vertica, an HP Company
> rzhang@vertica.com
>
> <slider.tar.gz>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: ssl error after changing to slider-dev branch
Posted by Rui Zhang <rz...@vertica.com>.
Log attached. This is generated when I run the command logger example.
On 08/19/2014 03:38 PM, Jon Maron wrote:
> I guess send the full agent and AM logs - I just this morning setup a cluster with no issue (admittedly this was on centos 6.4)
>
> — Jon
>
> On Aug 19, 2014, at 3:20 PM, Rui Zhang <rz...@vertica.com> wrote:
>
>> I think it is one-way ssl because I didn't set ssl.server.client.auth to true.
>>
>> BTW, I am using openssl 1.0.1f, Ubuntu14.04 and Hadoop 2.4.0.
>>
>> Rui
>>
>> On 08/19/2014 03:06 PM, Jon Maron wrote:
>>> I’m going to attempt this sort of deployment (I’m assuming you’re attempting two way SSL?) this afternoon (finishing up my current patch) and see if I can recreate the issue.
>>>
>>> — Jon
>>>
>>> On Aug 19, 2014, at 2:52 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>
>>>> Tried so many methods.
>>>> Changing the signature algorithm to sha256 in the java code and adding the cert to trusted list.
>>>>
>>>> All does not work and the same error.
>>>>
>>>> The certificate is generated in /tmp/work/security so I don't know what is wrong. Is there a self-check test for me to know whether I configure correctly or not?
>>>>
>>>> Thanks.
>>>>
>>>> On 08/15/2014 12:14 PM, Jon Maron wrote:
>>>>> OK. Make sure the AM logs indicate that the openssl commands are succeeding. You should see log statements displaying some openssl command or statements indicating if the server certificate exists.
>>>>>
>>>>> On Aug 15, 2014, at 12:05 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>>>
>>>>>> Having done all of these but still got this error. It also says that it is not verified when I opened the link in the browser.
>>>>>>
>>>>>> Maybe there is some issue with my openssl. I will try to solve and report to you my progress.
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>>
>>>>>> On 08/15/2014 11:17 AM, Jon Maron wrote:
>>>>>>> - the agent code has been modified to communicate via SSL. That code is downloaded to each launched container from /slider/agent HDFS folder (slider-agent.tar.gz). If you have installed an up to date version of slider you’ll need to update that file in HDFS.
>>>>>> --
>>>>>> Rui Zhang
>>>>>> Software engineer Intern
>>>>>> Vertica, an HP Company
>>>>>> rzhang@vertica.com
>>>>>>
>>>> --
>>>> Rui Zhang
>>>> Software engineer Intern
>>>> Vertica, an HP Company
>>>> rzhang@vertica.com
>>>>
>> --
>> Rui Zhang
>> Software engineer Intern
>> Vertica, an HP Company
>> rzhang@vertica.com
>>
>
--
Rui Zhang
Software engineer Intern
Vertica, an HP Company
rzhang@vertica.com
Re: ssl error after changing to slider-dev branch
Posted by Jon Maron <jm...@hortonworks.com>.
I guess send the full agent and AM logs - I just this morning setup a cluster with no issue (admittedly this was on centos 6.4)
— Jon
On Aug 19, 2014, at 3:20 PM, Rui Zhang <rz...@vertica.com> wrote:
> I think it is one-way ssl because I didn't set ssl.server.client.auth to true.
>
> BTW, I am using openssl 1.0.1f, Ubuntu14.04 and Hadoop 2.4.0.
>
> Rui
>
> On 08/19/2014 03:06 PM, Jon Maron wrote:
>> I’m going to attempt this sort of deployment (I’m assuming you’re attempting two way SSL?) this afternoon (finishing up my current patch) and see if I can recreate the issue.
>>
>> — Jon
>>
>> On Aug 19, 2014, at 2:52 PM, Rui Zhang <rz...@vertica.com> wrote:
>>
>>> Tried so many methods.
>>> Changing the signature algorithm to sha256 in the java code and adding the cert to trusted list.
>>>
>>> All does not work and the same error.
>>>
>>> The certificate is generated in /tmp/work/security so I don't know what is wrong. Is there a self-check test for me to know whether I configure correctly or not?
>>>
>>> Thanks.
>>>
>>> On 08/15/2014 12:14 PM, Jon Maron wrote:
>>>> OK. Make sure the AM logs indicate that the openssl commands are succeeding. You should see log statements displaying some openssl command or statements indicating if the server certificate exists.
>>>>
>>>> On Aug 15, 2014, at 12:05 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>>
>>>>> Having done all of these but still got this error. It also says that it is not verified when I opened the link in the browser.
>>>>>
>>>>> Maybe there is some issue with my openssl. I will try to solve and report to you my progress.
>>>>>
>>>>> Thanks.
>>>>>
>>>>>
>>>>> On 08/15/2014 11:17 AM, Jon Maron wrote:
>>>>>> - the agent code has been modified to communicate via SSL. That code is downloaded to each launched container from /slider/agent HDFS folder (slider-agent.tar.gz). If you have installed an up to date version of slider you’ll need to update that file in HDFS.
>>>>> --
>>>>> Rui Zhang
>>>>> Software engineer Intern
>>>>> Vertica, an HP Company
>>>>> rzhang@vertica.com
>>>>>
>>> --
>>> Rui Zhang
>>> Software engineer Intern
>>> Vertica, an HP Company
>>> rzhang@vertica.com
>>>
>>
>
> --
> Rui Zhang
> Software engineer Intern
> Vertica, an HP Company
> rzhang@vertica.com
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: ssl error after changing to slider-dev branch
Posted by Rui Zhang <rz...@vertica.com>.
I think it is one-way ssl because I didn't set ssl.server.client.auth to
true.
BTW, I am using openssl 1.0.1f, Ubuntu14.04 and Hadoop 2.4.0.
Rui
On 08/19/2014 03:06 PM, Jon Maron wrote:
> I’m going to attempt this sort of deployment (I’m assuming you’re attempting two way SSL?) this afternoon (finishing up my current patch) and see if I can recreate the issue.
>
> — Jon
>
> On Aug 19, 2014, at 2:52 PM, Rui Zhang <rz...@vertica.com> wrote:
>
>> Tried so many methods.
>> Changing the signature algorithm to sha256 in the java code and adding the cert to trusted list.
>>
>> All does not work and the same error.
>>
>> The certificate is generated in /tmp/work/security so I don't know what is wrong. Is there a self-check test for me to know whether I configure correctly or not?
>>
>> Thanks.
>>
>> On 08/15/2014 12:14 PM, Jon Maron wrote:
>>> OK. Make sure the AM logs indicate that the openssl commands are succeeding. You should see log statements displaying some openssl command or statements indicating if the server certificate exists.
>>>
>>> On Aug 15, 2014, at 12:05 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>
>>>> Having done all of these but still got this error. It also says that it is not verified when I opened the link in the browser.
>>>>
>>>> Maybe there is some issue with my openssl. I will try to solve and report to you my progress.
>>>>
>>>> Thanks.
>>>>
>>>>
>>>> On 08/15/2014 11:17 AM, Jon Maron wrote:
>>>>> - the agent code has been modified to communicate via SSL. That code is downloaded to each launched container from /slider/agent HDFS folder (slider-agent.tar.gz). If you have installed an up to date version of slider you’ll need to update that file in HDFS.
>>>> --
>>>> Rui Zhang
>>>> Software engineer Intern
>>>> Vertica, an HP Company
>>>> rzhang@vertica.com
>>>>
>> --
>> Rui Zhang
>> Software engineer Intern
>> Vertica, an HP Company
>> rzhang@vertica.com
>>
>
--
Rui Zhang
Software engineer Intern
Vertica, an HP Company
rzhang@vertica.com
Re: ssl error after changing to slider-dev branch
Posted by Jon Maron <jm...@hortonworks.com>.
I’m going to attempt this sort of deployment (I’m assuming you’re attempting two way SSL?) this afternoon (finishing up my current patch) and see if I can recreate the issue.
— Jon
On Aug 19, 2014, at 2:52 PM, Rui Zhang <rz...@vertica.com> wrote:
> Tried so many methods.
> Changing the signature algorithm to sha256 in the java code and adding the cert to trusted list.
>
> All does not work and the same error.
>
> The certificate is generated in /tmp/work/security so I don't know what is wrong. Is there a self-check test for me to know whether I configure correctly or not?
>
> Thanks.
>
> On 08/15/2014 12:14 PM, Jon Maron wrote:
>> OK. Make sure the AM logs indicate that the openssl commands are succeeding. You should see log statements displaying some openssl command or statements indicating if the server certificate exists.
>>
>> On Aug 15, 2014, at 12:05 PM, Rui Zhang <rz...@vertica.com> wrote:
>>
>>> Having done all of these but still got this error. It also says that it is not verified when I opened the link in the browser.
>>>
>>> Maybe there is some issue with my openssl. I will try to solve and report to you my progress.
>>>
>>> Thanks.
>>>
>>>
>>> On 08/15/2014 11:17 AM, Jon Maron wrote:
>>>> - the agent code has been modified to communicate via SSL. That code is downloaded to each launched container from /slider/agent HDFS folder (slider-agent.tar.gz). If you have installed an up to date version of slider you’ll need to update that file in HDFS.
>>> --
>>> Rui Zhang
>>> Software engineer Intern
>>> Vertica, an HP Company
>>> rzhang@vertica.com
>>>
>>
>
> --
> Rui Zhang
> Software engineer Intern
> Vertica, an HP Company
> rzhang@vertica.com
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: ssl error after changing to slider-dev branch
Posted by Rui Zhang <rz...@vertica.com>.
Tried so many methods.
Changing the signature algorithm to sha256 in the java code and adding
the cert to trusted list.
All does not work and the same error.
The certificate is generated in /tmp/work/security so I don't know what
is wrong. Is there a self-check test for me to know whether I configure
correctly or not?
Thanks.
On 08/15/2014 12:14 PM, Jon Maron wrote:
> OK. Make sure the AM logs indicate that the openssl commands are succeeding. You should see log statements displaying some openssl command or statements indicating if the server certificate exists.
>
> On Aug 15, 2014, at 12:05 PM, Rui Zhang <rz...@vertica.com> wrote:
>
>> Having done all of these but still got this error. It also says that it is not verified when I opened the link in the browser.
>>
>> Maybe there is some issue with my openssl. I will try to solve and report to you my progress.
>>
>> Thanks.
>>
>>
>> On 08/15/2014 11:17 AM, Jon Maron wrote:
>>> - the agent code has been modified to communicate via SSL. That code is downloaded to each launched container from /slider/agent HDFS folder (slider-agent.tar.gz). If you have installed an up to date version of slider you’ll need to update that file in HDFS.
>> --
>> Rui Zhang
>> Software engineer Intern
>> Vertica, an HP Company
>> rzhang@vertica.com
>>
>
--
Rui Zhang
Software engineer Intern
Vertica, an HP Company
rzhang@vertica.com
Re: ssl error after changing to slider-dev branch
Posted by Jon Maron <jm...@hortonworks.com>.
OK. Make sure the AM logs indicate that the openssl commands are succeeding. You should see log statements displaying some openssl command or statements indicating if the server certificate exists.
On Aug 15, 2014, at 12:05 PM, Rui Zhang <rz...@vertica.com> wrote:
> Having done all of these but still got this error. It also says that it is not verified when I opened the link in the browser.
>
> Maybe there is some issue with my openssl. I will try to solve and report to you my progress.
>
> Thanks.
>
>
> On 08/15/2014 11:17 AM, Jon Maron wrote:
>> - the agent code has been modified to communicate via SSL. That code is downloaded to each launched container from /slider/agent HDFS folder (slider-agent.tar.gz). If you have installed an up to date version of slider you’ll need to update that file in HDFS.
>
> --
> Rui Zhang
> Software engineer Intern
> Vertica, an HP Company
> rzhang@vertica.com
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: ssl error after changing to slider-dev branch
Posted by Rui Zhang <rz...@vertica.com>.
Having done all of these but still got this error. It also says that it
is not verified when I opened the link in the browser.
Maybe there is some issue with my openssl. I will try to solve and
report to you my progress.
Thanks.
On 08/15/2014 11:17 AM, Jon Maron wrote:
> - the agent code has been modified to communicate via SSL. That code is downloaded to each launched container from /slider/agent HDFS folder (slider-agent.tar.gz). If you have installed an up to date version of slider you’ll need to update that file in HDFS.
--
Rui Zhang
Software engineer Intern
Vertica, an HP Company
rzhang@vertica.com
Re: ssl error after changing to slider-dev branch
Posted by Jon Maron <jm...@hortonworks.com>.
I’m having a hard time understanding exactly what your current setup is, so here are the details:
- the agent code has been modified to communicate via SSL. That code is downloaded to each launched container from /slider/agent HDFS folder (slider-agent.tar.gz). If you have installed an up to date version of slider you’ll need to update that file in HDFS.
- The AM has been updated to support SSL. If you’ve reinstalled slider then that code should be added to the AM as a local resource by yarn
If those two conditions are met, then perhaps you are actually having and issue with openssl - it is being leveraged for certificate and keystone generation of the server side (by default it is one way SSL so there should be no need for the client to generate these resources)
For more information on the SSL setup see http://slider.incubator.apache.org/design/ssl_implementation.html
— Jon
On Aug 15, 2014, at 11:11 AM, Rui Zhang <rz...@vertica.com> wrote:
> The first error solved. Thanks, Steve.
>
> But the ssl error still exists. BTW, I am not using Ambari so is it possible that I missed some configuration related to SSL in Yarn?
>
> Thanks.
>
>
> On 08/15/2014 10:09 AM, Steve Loughran wrote:
>> ok, try now.
>>
>>
>> On 15 August 2014 11:29, Steve Loughran <st...@hortonworks.com> wrote:
>>
>>> On 15 August 2014 06:59, Rui Zhang <rz...@vertica.com> wrote:
>>>
>>>> Exception in thread "main" java.lang.NoClassDefFoundError:
>>>> com/codahale/metrics/MetricRegistry
>>>> at org.apache.slider.server.appmaster.SliderAppMaster.<
>>>> clinit>(SliderAppMaster.java:206)
>>>> Caused by: java.lang.ClassNotFoundException: com.codahale.metrics.
>>>> MetricRegistry
>>>> at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
>>>> at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>> at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
>>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
>>>> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
>>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
>>>> ... 1 more
>>>>
>>> no, I've guessed the cause.. it's not uploading that JAR...my fault
>>>
>>> Will fix ASAP
>>>
>>>
>
> --
> Rui Zhang
> Software engineer Intern
> Vertica, an HP Company
> rzhang@vertica.com
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: ssl error after changing to slider-dev branch
Posted by Rui Zhang <rz...@vertica.com>.
The first error solved. Thanks, Steve.
But the ssl error still exists. BTW, I am not using Ambari so is it
possible that I missed some configuration related to SSL in Yarn?
Thanks.
On 08/15/2014 10:09 AM, Steve Loughran wrote:
> ok, try now.
>
>
> On 15 August 2014 11:29, Steve Loughran <st...@hortonworks.com> wrote:
>
>> On 15 August 2014 06:59, Rui Zhang <rz...@vertica.com> wrote:
>>
>>> Exception in thread "main" java.lang.NoClassDefFoundError:
>>> com/codahale/metrics/MetricRegistry
>>> at org.apache.slider.server.appmaster.SliderAppMaster.<
>>> clinit>(SliderAppMaster.java:206)
>>> Caused by: java.lang.ClassNotFoundException: com.codahale.metrics.
>>> MetricRegistry
>>> at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
>>> at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
>>> at java.security.AccessController.doPrivileged(Native Method)
>>> at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
>>> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
>>> ... 1 more
>>>
>> no, I've guessed the cause.. it's not uploading that JAR...my fault
>>
>> Will fix ASAP
>>
>>
--
Rui Zhang
Software engineer Intern
Vertica, an HP Company
rzhang@vertica.com
Re: ssl error after changing to slider-dev branch
Posted by Steve Loughran <st...@hortonworks.com>.
ok, try now.
On 15 August 2014 11:29, Steve Loughran <st...@hortonworks.com> wrote:
>
> On 15 August 2014 06:59, Rui Zhang <rz...@vertica.com> wrote:
>
>> Exception in thread "main" java.lang.NoClassDefFoundError:
>> com/codahale/metrics/MetricRegistry
>> at org.apache.slider.server.appmaster.SliderAppMaster.<
>> clinit>(SliderAppMaster.java:206)
>> Caused by: java.lang.ClassNotFoundException: com.codahale.metrics.
>> MetricRegistry
>> at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
>> at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
>> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
>> ... 1 more
>>
>
> no, I've guessed the cause.. it's not uploading that JAR...my fault
>
> Will fix ASAP
>
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: ssl error after changing to slider-dev branch
Posted by Steve Loughran <st...@hortonworks.com>.
On 15 August 2014 06:59, Rui Zhang <rz...@vertica.com> wrote:
> Exception in thread "main" java.lang.NoClassDefFoundError:
> com/codahale/metrics/MetricRegistry
> at org.apache.slider.server.appmaster.SliderAppMaster.<
> clinit>(SliderAppMaster.java:206)
> Caused by: java.lang.ClassNotFoundException: com.codahale.metrics.
> MetricRegistry
> at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
> at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
> ... 1 more
>
no, I've guessed the cause.. it's not uploading that JAR...my fault
Will fix ASAP
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: ssl error after changing to slider-dev branch
Posted by Rui Zhang <rz...@vertica.com>.
I tried with the latest installation. It now has another error.
Exception in thread "main" java.lang.NoClassDefFoundError: com/codahale/metrics/MetricRegistry
at org.apache.slider.server.appmaster.SliderAppMaster.<clinit>(SliderAppMaster.java:206)
Caused by: java.lang.ClassNotFoundException: com.codahale.metrics.MetricRegistry
at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
... 1 more
It compiles successfully but shows this error when I run the slider app.
I have checked the lib directory, it has the metrics-core-3.0.1.jar. I don't know why it cannot find this class.
Also, I think the ssl error will appear after this error is fixed.
On 08/14/2014 04:41 PM, Jon Maron wrote:
> I'm not quite sure what you mean. Would it be possible to start with a fresh installation directory and HDFS resources? The default communication mechanism was changed to SSL, and there have been updates to accommodate that update across the board.
>
> Going Mobile
>
>
>> On Aug 14, 2014, at 4:18 PM, Rui Zhang <rz...@vertica.com> wrote:
>>
>> Yes. I removed all the files in the original directory and clone the new branch and then compiled.
>>
>>> On 08/14/2014 04:15 PM, Jon Maron wrote:
>>> Also, can you describe the upgrade process? Did you reinstall or just update the core jar?
>>>
>>> Going Mobile
>>>
>>>
>>>> On Aug 14, 2014, at 3:54 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>>
>>>> Hi, everyone,
>>>>
>>>> I have changed to the dev branch but now it has this error.
>>>>
>>>> ERROR 2014-08-14 15:52:28,244 NetUtil.py:52 - [Errno 8] _ssl.c:510: EOF occurred in violation of protocol
>>>> ERROR 2014-08-14 15:52:28,244 NetUtil.py:54 - SSLError: Failed to connect. Please check openssl library versions.
>>>>
>>>> How to solve it?
>>>> Thanks
>>>>
>>>> --
>>>> Rui Zhang
>>>> Software engineer Intern
>>>> Vertica, an HP Company
>>>> rzhang@vertica.com
>> --
>> Rui Zhang
>> Software engineer Intern
>> Vertica, an HP Company
>> rzhang@vertica.com
>>
--
Rui Zhang
Software engineer Intern
Vertica, an HP Company
rzhang@vertica.com
Re: ssl error after changing to slider-dev branch
Posted by Jon Maron <jm...@hortonworks.com>.
I'm not quite sure what you mean. Would it be possible to start with a fresh installation directory and HDFS resources? The default communication mechanism was changed to SSL, and there have been updates to accommodate that update across the board.
Going Mobile
> On Aug 14, 2014, at 4:18 PM, Rui Zhang <rz...@vertica.com> wrote:
>
> Yes. I removed all the files in the original directory and clone the new branch and then compiled.
>
>> On 08/14/2014 04:15 PM, Jon Maron wrote:
>> Also, can you describe the upgrade process? Did you reinstall or just update the core jar?
>>
>> Going Mobile
>>
>>
>>> On Aug 14, 2014, at 3:54 PM, Rui Zhang <rz...@vertica.com> wrote:
>>>
>>> Hi, everyone,
>>>
>>> I have changed to the dev branch but now it has this error.
>>>
>>> ERROR 2014-08-14 15:52:28,244 NetUtil.py:52 - [Errno 8] _ssl.c:510: EOF occurred in violation of protocol
>>> ERROR 2014-08-14 15:52:28,244 NetUtil.py:54 - SSLError: Failed to connect. Please check openssl library versions.
>>>
>>> How to solve it?
>>> Thanks
>>>
>>> --
>>> Rui Zhang
>>> Software engineer Intern
>>> Vertica, an HP Company
>>> rzhang@vertica.com
>
> --
> Rui Zhang
> Software engineer Intern
> Vertica, an HP Company
> rzhang@vertica.com
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: ssl error after changing to slider-dev branch
Posted by Rui Zhang <rz...@vertica.com>.
Yes. I removed all the files in the original directory and clone the new
branch and then compiled.
On 08/14/2014 04:15 PM, Jon Maron wrote:
> Also, can you describe the upgrade process? Did you reinstall or just update the core jar?
>
> Going Mobile
>
>
>> On Aug 14, 2014, at 3:54 PM, Rui Zhang <rz...@vertica.com> wrote:
>>
>> Hi, everyone,
>>
>> I have changed to the dev branch but now it has this error.
>>
>> ERROR 2014-08-14 15:52:28,244 NetUtil.py:52 - [Errno 8] _ssl.c:510: EOF occurred in violation of protocol
>> ERROR 2014-08-14 15:52:28,244 NetUtil.py:54 - SSLError: Failed to connect. Please check openssl library versions.
>>
>> How to solve it?
>> Thanks
>>
>> --
>> Rui Zhang
>> Software engineer Intern
>> Vertica, an HP Company
>> rzhang@vertica.com
>>
--
Rui Zhang
Software engineer Intern
Vertica, an HP Company
rzhang@vertica.com
Re: ssl error after changing to slider-dev branch
Posted by Jon Maron <jm...@hortonworks.com>.
Also, can you describe the upgrade process? Did you reinstall or just update the core jar?
Going Mobile
> On Aug 14, 2014, at 3:54 PM, Rui Zhang <rz...@vertica.com> wrote:
>
> Hi, everyone,
>
> I have changed to the dev branch but now it has this error.
>
> ERROR 2014-08-14 15:52:28,244 NetUtil.py:52 - [Errno 8] _ssl.c:510: EOF occurred in violation of protocol
> ERROR 2014-08-14 15:52:28,244 NetUtil.py:54 - SSLError: Failed to connect. Please check openssl library versions.
>
> How to solve it?
> Thanks
>
> --
> Rui Zhang
> Software engineer Intern
> Vertica, an HP Company
> rzhang@vertica.com
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.