keystore password verification failed at nexus starting - passwords

I generated my self-signed certificate as follows:
sudo keytool -genkey -keyalg RSA -alias jetty -keystore keystore.jks -storepass myjettypassword -validity 360 -keysize 2048
when keystore.jks was generated, I started nexus(with jetty embedded) but got this error. Please help!
2016-03-17 16:09:04,084-0400 WARN [jetty-main-1] *SYSTEM org.eclipse.jetty.util.component.AbstractLifeCycle - FAILED SslContextFactory#4baf273d(./conf/ssl/keystore.jks,./conf/ssl/keystore.jks): java.io.IOException: Keystore was tampered with, or password was incorrect
jvm 1 | java.io.IOException: Keystore was tampered with, or password was incorrect
jvm 1 | at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) ~[na:1.7.0_95]
jvm 1 | at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) ~[na:1.7.0_95]
jvm 1 | at java.security.KeyStore.load(KeyStore.java:1226) ~[na:1.7.0_95]
jvm 1 | at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:55) ~[jetty-util-8.1.16.v20140903.jar:8.1.16.v20140903]
jvm 1 | at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyStore(SslContextFactory.java:1053) ~[jetty-util-8.1.16.v20140903.jar:8.1.16.v20140903]
jvm 1 | at org.eclipse.jetty.util.ssl.SslContextFactory.loadTrustStore(SslContextFactory.java:1027) ~[jetty-util-8.1.16.v20140903.jar:8.1.16.v20140903]
jvm 1 | at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:265) ~[jetty-util-8.1.16.v20140903.jar:8.1.16.v20140903]
jvm 1 | at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) [jetty-util-8.1.16.v20140903.jar:8.1.16.v20140903]
jvm 1 | at org.eclipse.jetty.server.ssl.SslSelectChannelConnector.doStart(SslSelectChannelConnector.java:612) [jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
jvm 1 | at org.sonatype.nexus.bootstrap.jetty.InstrumentedSslSelectChannelConnector.doStart(InstrumentedSslSelectChannelConnector.java:91) [nexus-bootstrap-2.12.0-01.jar:2.12.0-01]
jvm 1 | at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) [jetty-util-8.1.16.v20140903.jar:8.1.16.v20140903]
jvm 1 | at org.eclipse.jetty.server.Server.doStart(Server.java:293) [jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
jvm 1 | at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) [jetty-util-8.1.16.v20140903.jar:8.1.16.v20140903]
jvm 1 | at org.sonatype.nexus.bootstrap.jetty.JettyServer$JettyMainThread.run(JettyServer.java:247) [nexus-bootstrap-2.12.0-01.jar:2.12.0-01]
jvm 1 | Caused by: java.security.UnrecoverableKeyException: Password verification failed
Caused by: java.security.UnrecoverableKeyException: Password verification failed
jvm 1 | at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770) ~[na:1.7.0_95]
jvm 1 | ... 13 common frames omitted
jvm 1 | 2016-03-17 15:02:20,808-0400 ERROR [WrapperListener_start_runner] *SYSTEM org.sonatype.nexus.bootstrap.jetty.JettyServer - Start failed
jvm 1 | java.io.IOException: Keystore was tampered with, or password was incorrect

From this all I can tell you is that the keystore file is corrupted.
Luckily, you can just delete it:
sonatype-work/nexus/conf/ssl/keystore.jks
It will be rebuilt from certificates stored in the capabilities configuration of Nexus.

Related

Python pyOpenssl server doesn't negotiate TLS 1.3

I'm having hard time with pyOpenssl server to negotiate TLS 1.3. I used openssl s_client(1.3 supported) to connect to the server with no luck. However the server works with version TLS 1.2 and below.
Could you please help what am I missing? Thanks in advance!
tls_server.py
-------------
import socket
from OpenSSL import SSL
sslctx = SSL.Context(SSL.TLSv1_2_METHOD)
sslctx.set_options(SSL.OP_NO_TLSv1_2 | SSL.OP_NO_TLSv1_1 | SSL.OP_NO_TLSv1)
sslctx.set_cipher_list(b"TLS_AES_128_GCM_SHA256:AES128-GCM-SHA256")
sslctx.use_privatekey_file("key.pem")
sslctx.use_certificate_file("cert.pem")
bindsocket = socket.socket()
bindsocket.bind(('', 4433))
bindsocket.listen(5)
while True:
newsocket, fromaddr = bindsocket.accept()
sslconn = SSL.Connection(sslctx, newsocket)
sslconn.set_accept_state()
sslconn.do_handshake()
print(f"List of ciphers: {sslconn.get_cipher_list()}")
req = sslconn.read(4096)
print(req)
sslconn.write(b"HTTP/1.1 200 OK\r\nServer: my-special\r\nContent-length: 10\r\n\r\nHello!\r\n\r\n")
sslconn.set_shutdown(SSL.SENT_SHUTDOWN)
All I'm getting is the below error when I force my client to connect tls1.3 only
$ openssl version
OpenSSL 1.1.1d 10 Sep 2019
$ openssl s_client -connect localhost:4433 -tls1_3
4641068480:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1544:SSL alert number 40
and the server returns the trace:
$ python3.8 tls_server.py
Traceback (most recent call last):
File "tls_server.py", line 18, in <module>
sobj.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1934, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1671, in _raise_ssl_error
_raise_current_error()
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls_post_process_client_hello', 'no shared cipher')]
$
with successful TLS 1.2 connection, I see the server returns the following ciphers confirming TLS 1.3 support.
$ python3.8 tls_server.py
List of ciphers: ['TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256', 'TLS_AES_128_GCM_SHA256', 'AES128-GCM-SHA256']
b'GET /\n'
version of the tools I'm using
$ python3.8 -m OpenSSL.debug
pyOpenSSL: 19.1.0
cryptography: 2.9.2
cffi: 1.13.2
cryptography's compiled against OpenSSL: OpenSSL 1.1.1g 21 Apr 2020
cryptography's linked OpenSSL: OpenSSL 1.1.1g 21 Apr 2020
Pythons's OpenSSL: OpenSSL 1.1.1d 10 Sep 2019
Python executable: /Library/Frameworks/Python.framework/Versions/3.8/bin/python3.8
Python version: 3.8.1 (v3.8.1:1b293b6006, Dec 18 2019, 14:08:53)
[Clang 6.0 (clang-600.0.57)]
Platform: darwin
I'm not sure about this config:
sslctx = SSL.Context(SSL.TLSv1_2_METHOD)
sslctx.set_options(SSL.OP_NO_TLSv1_2 | SSL.OP_NO_TLSv1_1 | SSL.OP_NO_TLSv1)
Aren't you saying to only use TLSv1.2 and then also not to use TLSv1 - TLSv1.2?
Now there is no SSL.TLSv1_3_METHOD option and you’re supposed to use SSL.TLS_METHOD but looks like that is not exposed to pyopenssl yet.
It seems there is a (currently) open issue about how to configure this better but that still doesn’t add SSL.TLS_METHOD.

SonarQube does not start in Linux (localhost)

I am trying to install and configure sonarqube to use it in small poroyect in my machine (Ubuntu 18.04.2 LTS) y have already download the zip Sonarqube 7.7 community edition from the oficial web and unzipped in /opt/. I tryed to do as is say in the guide from sonar and execute ./sonar.sh console in the path /opt/sonarqube/bin/linux-x86-64 and I get problems with the log permisions .
Running SonarQube...
wrapper | ERROR: Could not write pid file /opt/sonarqube/bin/linux-x86-64/./SonarQube.pid: Permission denied
Unable to open logfile ../../logs/sonar.log: Permission denied
So I try the same as superuser and I get
Running SonarQube...
wrapper | --> Wrapper Started as Console
wrapper | Launching a JVM...
jvm 1 | Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org
jvm 1 | Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved.
jvm 1 |
jvm 1 | 2019.04.05 19:55:48 INFO app[][o.s.a.AppFileSystem] Cleaning or creating temp directory /opt/sonarqube/temp
jvm 1 | 2019.04.05 19:55:48 INFO app[][o.s.a.es.EsSettings] Elasticsearch listening on /127.0.0.1:9001
jvm 1 | 2019.04.05 19:55:48 INFO app[][o.s.a.p.ProcessLauncherImpl] Launch process[[key='es', ipcIndex=1, logFilenamePrefix=es]] from [/opt/sonarqube/elasticsearch]: /opt/sonarqube/elasticsearch/bin/elasticsearch
jvm 1 | 2019.04.05 19:55:48 INFO app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
jvm 1 | 2019.04.05 19:55:48 INFO app[][o.e.p.PluginsService] no modules loaded
jvm 1 | 2019.04.05 19:55:48 INFO app[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.transport.Netty4Plugin]
jvm 1 | OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
jvm 1 | 2019.04.05 19:55:51 WARN app[][o.s.a.p.AbstractProcessMonitor] Process exited with exit value [es]: 1
jvm 1 | 2019.04.05 19:55:51 INFO app[][o.s.a.SchedulerImpl] Process [es] is stopped
jvm 1 | 2019.04.05 19:55:51 INFO app[][o.s.a.SchedulerImpl] SonarQube is stopped
jvm 1 | 2019.04.05 19:55:51 INFO app[][o.e.c.t.TransportClientNodesService] failed to get node info for {#transport#-1}{pr4ED0vsRgCYZjgn1jbLlQ}{127.0.0.1}{127.0.0.1:9001}, disconnecting...
jvm 1 | java.lang.IllegalStateException: Future got interrupted
jvm 1 | at org.elasticsearch.common.util.concurrent.FutureUtils.get(FutureUtils.java:60)
jvm 1 | at org.elasticsearch.action.support.AdapterActionFuture.actionGet(AdapterActionFuture.java:34)
jvm 1 | at org.elasticsearch.transport.ConnectionManager.internalOpenConnection(ConnectionManager.java:226)
jvm 1 | at org.elasticsearch.transport.ConnectionManager.openConnection(ConnectionManager.java:85)
jvm 1 | at org.elasticsearch.transport.TransportService.openConnection(TransportService.java:367)
jvm 1 | at org.elasticsearch.client.transport.TransportClientNodesService$SimpleNodeSampler.doSample(TransportClientNodesService.java:410)
jvm 1 | at org.elasticsearch.client.transport.TransportClientNodesService$NodeSampler.sample(TransportClientNodesService.java:361)
jvm 1 | at org.elasticsearch.client.transport.TransportClientNodesService.addTransportAddresses(TransportClientNodesService.java:202)
jvm 1 | at org.elasticsearch.client.transport.TransportClient.addTransportAddress(TransportClient.java:342)
jvm 1 | at org.sonar.application.es.EsConnectorImpl$MinimalTransportClient.<init>(EsConnectorImpl.java:108)
jvm 1 | at org.sonar.application.es.EsConnectorImpl.buildTransportClient(EsConnectorImpl.java:89)
jvm 1 | at org.sonar.application.es.EsConnectorImpl.getTransportClient(EsConnectorImpl.java:74)
jvm 1 | at org.sonar.application.es.EsConnectorImpl.getClusterHealthStatus(EsConnectorImpl.java:61)
jvm 1 | at org.sonar.application.process.EsProcessMonitor.checkStatus(EsProcessMonitor.java:90)
jvm 1 | at org.sonar.application.process.EsProcessMonitor.checkOperational(EsProcessMonitor.java:75)
jvm 1 | at org.sonar.application.process.EsProcessMonitor.isOperational(EsProcessMonitor.java:60)
jvm 1 | at org.sonar.application.process.SQProcess.refreshState(SQProcess.java:161)
jvm 1 | at org.sonar.application.process.SQProcess$EventWatcher.run(SQProcess.java:220)
jvm 1 | Caused by: java.lang.InterruptedException: null
jvm 1 | at java.base/java.util.concurrent.locks.AbstractQueuedSynchronizer.doAcquireSharedInterruptibly(AbstractQueuedSynchronizer.java:1038)
jvm 1 | at java.base/java.util.concurrent.locks.AbstractQueuedSynchronizer.acquireSharedInterruptibly(AbstractQueuedSynchronizer.java:1343)
jvm 1 | at org.elasticsearch.common.util.concurrent.BaseFuture$Sync.get(BaseFuture.java:251)
jvm 1 | at org.elasticsearch.common.util.concurrent.BaseFuture.get(BaseFuture.java:94)
jvm 1 | at org.elasticsearch.common.util.concurrent.FutureUtils.get(FutureUtils.java:57)
jvm 1 | ... 17 common frames omitted
wrapper | <-- Wrapper Stopped
I do not understand the error I get and why it does not start the sonarqube.
Don't try to use superuser. Just change the access rights on the complete SonarQube folder for the user you use.

Docker compose getting stuck

I'm quite new with Docker and I'm trying to use docker-compose in order to set up Apache with PostgreSQL all together.
This is my docker-compose.yml:
version: '2'
services:
db:
image: postgres
apache2:
image: webdevops/apache:latest
ports:
- 8084:80
- 443:443
links:
- db
And every time I execute docker-compose up, it usually gets stuck in
AH00094: Command line: 'apache2 -D FOREGROUND -D APACHE_LOCK_DIR'
This is the output when I execute it.
First gets stuck with some LOG: autovacuum launcher started while installing postgres, and when I Ctrl+C it, and re-execute docker-compose, it get stuck in the apache2 -D FOREGROUND -D APACHE_LOCK_DIR line.
Here is the ouput
docker-compose up
Pulling db (postgres:latest)...
latest: Pulling from library/postgres
cd0a524342ef: Pull complete
9c784d04dcb0: Pull complete
d99dddf7e662: Pull complete
e5bff71e3ce6: Pull complete
cb3e0a865488: Pull complete
31295d654cd5: Pull complete
fc930a4e09f5: Pull complete
8650cce8ef01: Pull complete
61949acd8e52: Pull complete
527a203588c0: Pull complete
26dec14ac775: Pull complete
0efc0ed5a9e5: Pull complete
40cd26695b38: Pull complete
Digest: sha256:fd6c0e2a9d053bebb294bb13765b3e01be7817bf77b01d58c2377ff27a4a46dc
Status: Downloaded newer image for postgres:latest
Pulling apache2 (webdevops/apache:latest)...
latest: Pulling from webdevops/apache
aafe6b5e13de: Pull complete
0a2b43a72660: Pull complete
18bdd1e546d2: Pull complete
8198342c3e05: Pull complete
f56970a44fd4: Pull complete
7d255d8cc29c: Pull complete
6b76599eeb74: Pull complete
ac6a5bdae794: Pull complete
bfe65de9caf3: Pull complete
45f407574293: Pull complete
5f28b0c8228a: Pull complete
ceb4b3de72bc: Pull complete
Digest: sha256:acf3049ddc1cf7f615eb4751250881d31dccfc50752ac3a1261169b684f430cb
Status: Downloaded newer image for webdevops/apache:latest
Creating dockertest7_db_1
Creating dockertest7_apache2_1
Attaching to dockertest7_db_1, dockertest7_apache2_1
apache2_1 | 2017-05-09 01:36:54,332 CRIT Set uid to user 0
apache2_1 | 2017-05-09 01:36:54,332 WARN Included extra file "/opt/docker/etc/supervisor.d/apache.conf" during parsing
apache2_1 | 2017-05-09 01:36:54,332 WARN Included extra file "/opt/docker/etc/supervisor.d/cron.conf" during parsing
apache2_1 | 2017-05-09 01:36:54,332 WARN Included extra file "/opt/docker/etc/supervisor.d/dnsmasq.conf" during parsing
apache2_1 | 2017-05-09 01:36:54,332 WARN Included extra file "/opt/docker/etc/supervisor.d/postfix.conf" during parsing
apache2_1 | 2017-05-09 01:36:54,332 WARN Included extra file "/opt/docker/etc/supervisor.d/ssh.conf" during parsing
apache2_1 | 2017-05-09 01:36:54,332 WARN Included extra file "/opt/docker/etc/supervisor.d/syslog.conf" during parsing
apache2_1 | 2017-05-09 01:36:54,340 INFO RPC interface 'supervisor' initialized
apache2_1 | 2017-05-09 01:36:54,340 INFO supervisord started with pid 1
db_1 | The files belonging to this database system will be owned by user "postgres".
db_1 | This user must also own the server process.
db_1 |
db_1 | The database cluster will be initialized with locale "en_US.utf8".
db_1 | The default database encoding has accordingly been set to "UTF8".
db_1 | The default text search configuration will be set to "english".
db_1 |
db_1 | Data page checksums are disabled.
db_1 |
db_1 | fixing permissions on existing directory /var/lib/postgresql/data ... ok
db_1 | creating subdirectories ... ok
db_1 | selecting default max_connections ... 100
db_1 | selecting default shared_buffers ... 128MB
db_1 | selecting dynamic shared memory implementation ... posix
db_1 | creating configuration files ... ok
apache2_1 | 2017-05-09 01:36:55,345 INFO spawned: 'apached' with pid 17
apache2_1 | 2017-05-09 01:36:55,404 INFO success: apached entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
apache2_1 | [Tue May 09 01:36:55.414084 2017] [mpm_event:notice] [pid 17:tid 140039054796672] AH00489: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
apache2_1 | [Tue May 09 01:36:55.414134 2017] [core:notice] [pid 17:tid 140039054796672] AH00094: Command line: 'apache2 -D FOREGROUND -D APACHE_LOCK_DIR'
db_1 | running bootstrap script ... ok
db_1 | performing post-bootstrap initialization ... ok
db_1 | syncing data to disk ...
db_1 | WARNING: enabling "trust" authentication for local connections
db_1 | You can change this by editing pg_hba.conf or using the option -A, or
db_1 | --auth-local and --auth-host, the next time you run initdb.
db_1 | ok
db_1 |
db_1 | Success. You can now start the database server using:
db_1 |
db_1 | pg_ctl -D /var/lib/postgresql/data -l logfile start
db_1 |
db_1 | ****************************************************
db_1 | WARNING: No password has been set for the database.
db_1 | This will allow anyone with access to the
db_1 | Postgres port to access your database. In
db_1 | Docker's default configuration, this is
db_1 | effectively any other container on the same
db_1 | system.
db_1 |
db_1 | Use "-e POSTGRES_PASSWORD=password" to set
db_1 | it in "docker run".
db_1 | ****************************************************
db_1 | waiting for server to start....LOG: database system was shut down at 2017-05-09 01:36:56 UTC
db_1 | LOG: MultiXact member wraparound protections are now enabled
db_1 | LOG: database system is ready to accept connections
db_1 | LOG: autovacuum launcher started
db_1 | done
db_1 | server started
db_1 | ALTER ROLE
db_1 |
db_1 |
db_1 | /usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*
db_1 |
db_1 | LOG: received fast shutdown request
db_1 | LOG: aborting any active transactions
db_1 | waiting for server to shut down...LOG: autovacuum launcher shutting down
db_1 | .LOG: shutting down
db_1 | LOG: database system is shut down
db_1 | done
db_1 | server stopped
db_1 |
db_1 | PostgreSQL init process complete; ready for start up.
db_1 |
db_1 | LOG: database system was shut down at 2017-05-09 01:36:58 UTC
db_1 | LOG: MultiXact member wraparound protections are now enabled
db_1 | LOG: database system is ready to accept connections
db_1 | LOG: autovacuum launcher started
Here I cancel it, cause it got stuck, and execute docker-compose again:
docker-compose up
Starting dockertest7_db_1
Starting dockertest7_apache2_1
Attaching to dockertest7_db_1, dockertest7_apache2_1
db_1 | LOG: database system was interrupted; last known up at 2017-05-09 01:37:00 UTC
db_1 | LOG: database system was not properly shut down; automatic recovery in progress
db_1 | LOG: invalid record length at 0/14EE238: wanted 24, got 0
db_1 | LOG: redo is not required
db_1 | LOG: MultiXact member wraparound protections are now enabled
db_1 | LOG: database system is ready to accept connections
db_1 | LOG: autovacuum launcher started
apache2_1 | 2017-05-09 01:41:17,903 CRIT Set uid to user 0
apache2_1 | 2017-05-09 01:41:17,903 WARN Included extra file "/opt/docker/etc/supervisor.d/apache.conf" during parsing
apache2_1 | 2017-05-09 01:41:17,903 WARN Included extra file "/opt/docker/etc/supervisor.d/cron.conf" during parsing
apache2_1 | 2017-05-09 01:41:17,903 WARN Included extra file "/opt/docker/etc/supervisor.d/dnsmasq.conf" during parsing
apache2_1 | 2017-05-09 01:41:17,903 WARN Included extra file "/opt/docker/etc/supervisor.d/postfix.conf" during parsing
apache2_1 | 2017-05-09 01:41:17,903 WARN Included extra file "/opt/docker/etc/supervisor.d/ssh.conf" during parsing
apache2_1 | 2017-05-09 01:41:17,903 WARN Included extra file "/opt/docker/etc/supervisor.d/syslog.conf" during parsing
apache2_1 | Unlinking stale socket /.supervisor.sock
apache2_1 | 2017-05-09 01:41:18,226 INFO RPC interface 'supervisor' initialized
apache2_1 | 2017-05-09 01:41:18,226 INFO supervisord started with pid 1
apache2_1 | 2017-05-09 01:41:19,230 INFO spawned: 'apached' with pid 17
apache2_1 | 2017-05-09 01:41:19,307 INFO success: apached entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
apache2_1 | [Tue May 09 01:41:19.316042 2017] [mpm_event:notice] [pid 17:tid 139733962508160] AH00489: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
apache2_1 | [Tue May 09 01:41:19.316085 2017] [core:notice] [pid 17:tid 139733962508160] AH00094: Command line: 'apache2 -D FOREGROUND -D APACHE_LOCK_DIR'
Am I missing something? Maybe a basic stuff, configuration or something?
There are couple things with this installation.
One is obviously postgres that did not start up properly, and is now left in unstable state. Following article shows how to fix that.
For the rest, I cannot tell if you are having some incompatibility issues with systemd, or it is a consequence of the stalled db install, and then compose not starting up the dependencies (apache) properly.
Either way, I would remove all images, all temporary files, and try to rebuild and restart.

/var/lib/ambari-server/keys/keystore.p12 file not being generated while starting ambari-server

I've added a new stack in amabari-server and built it. now after installing the ambari-server rpm on new hosts, when i start ambari-server,
it give following error:
20 Jun 2016 16:25:53,020 INFO [main] Configuration:1067 - Web App DIR test /usr/lib/ambari-server/web
20 Jun 2016 16:25:53,027 INFO [main] CertificateManager:68 - Initialization of root certificate
20 Jun 2016 16:25:53,027 INFO [main] CertificateManager:70 - Certificate exists:false
20 Jun 2016 16:25:53,027 INFO [main] CertificateManager:137 - Generation of server certificate
20 Jun 2016 16:25:55,627 INFO [main] ShellCommandUtil:44 - Command openssl genrsa -des3 -passout pass:**** -out /var/lib/ambari-server/keys/ca.key 4096 was finished with exit code: 0 - the operation was completely successfully.
20 Jun 2016 16:25:55,644 INFO [main] ShellCommandUtil:44 - Command openssl req -passin pass:**** -new -key /var/lib/ambari-server/keys/ca.key -out /var/lib/ambari-server/keys/ca.csr -batch was finished with exit code: 0 - the operation was completely successfully.
20 Jun 2016 16:25:55,654 WARN [main] ShellCommandUtil:46 - Command openssl ca -create_serial -out /var/lib/ambari-server/keys/ca.crt -days 365 -keyfile /var/lib/ambari-server/keys/ca.key -key **** -selfsign -extensions jdk7_ca -config /var/lib/ambari-server/keys/ca.config -batch -infiles /var/lib/ambari-server/keys/ca.csr was finished with exit code: 1 - an error occurred parsing the command options.
20 Jun 2016 16:25:55,663 WARN [main] ShellCommandUtil:46 - Command openssl pkcs12 -export -in /var/lib/ambari-server/keys/ca.crt -inkey /var/lib/ambari-server/keys/ca.key -certfile /var/lib/ambari-server/keys/ca.crt -out /var/lib/ambari-server/keys/keystore.p12 -password pass:**** -passin pass:****
was finished with exit code: 1 - an error occurred parsing the command options.
20 Jun 2016 16:25:55,696 INFO [main] AmbariServer:611 - Jetty is configuring qtp-ambari-agent with 4 reserved acceptors/selectors and a total pool size of 25 for 4 processors.
20 Jun 2016 16:25:55,717 INFO [main] ViewRegistry:1538 - Reading view archive /var/lib/ambari-server/resources/views/ambari-admin-2.2.2.1.0.jar.
20 Jun 2016 16:26:02,549 WARN [main] AbstractLifeCycle:204 - FAILED SslContextFactory#38aed8ad(/var/lib/ambari-server/keys/keystore.p12,/var/lib/ambari-server/keys/keystore.p12): java.io.FileNotFoundException: /var/lib/ambari-server/keys/keystore.p12 (No such file or directory)
java.io.FileNotFoundException: /var/lib/ambari-server/keys/keystore.p12 (No such file or directory)
Can anyone help with this?
I'm using CentOS7 for ambari-installation.
mkdir /var/lib/ambari-server/keys/db/newcerts/ ----
I met this problem when I install ambari with the RPM package that built by myself.
Then I find the answer of this question is that missing folder.
This folder missed when I clone the source from my git repository,because it's empty.
So, check the "newcerts" folder in your source or your ambari-server host

RabbitMQ 2.7.1 doesn't start with configuration file; Reason: function_clause

I try to use rabbit on ubuntu 12.04. After installation rabbitmq-server works fine. Than I stop it and add my configuration file.
root#rabbit1:~# tail /etc/rabbitmq/rabbitmq-env.conf
RABBITMQ_CONFIG_FILE=/etc/rabbitmq/myrabbitmq
root#rabbit1:~# tail /etc/rabbitmq/myrabbitmq.config
[{rabbit,
[{cluster_nodes, {['rabbit#rabbit1', 'rabbit#rabbit2'], disc}}]}].
With this files rabbitmq-server says on start:
root#rabbit1:~# rabbitmq-server
Activating RabbitMQ plugins ...
0 plugins activated:
+---+ +---+
| | | |
| | | |
| | | |
| +---+ +-------+
| |
| RabbitMQ +---+ |
| | | |
| v2.7.1 +---+ |
| |
+-------------------+
AMQP 0-9-1 / 0-9 / 0-8
Copyright (C) 2007-2011 VMware, Inc.
Licensed under the MPL. See http://www.rabbitmq.com/
node : rabbit#rabbit1
app descriptor : /usr/lib/rabbitmq/lib/rabbitmq_server-2.7.1/sbin/../ebin/rabbit.app
home dir : /var/lib/rabbitmq
config file(s) : /etc/rabbitmq/myrabbitmq.config
cookie hash : 31CaH3BCSDNL1hDIFQzH2Q==
log : /var/log/rabbitmq/rabbit#rabbit1.log
sasl log : /var/log/rabbitmq/rabbit#rabbit1-sasl.log
database dir : /var/lib/rabbitmq/mnesia/rabbit#rabbit1
erlang version : 5.8.5
-- rabbit boot start
starting file handle cache server ...done
starting worker pool ...done
starting database ...BOOT ERROR: FAILED
Reason: function_clause
Stacktrace: [{lists,usort,[{[rabbit#rabbit1,rabbit#rabbit2],disc}]},
{rabbit_mnesia,init_db,3},
{rabbit_mnesia,init,0},
{rabbit,'-run_boot_step/1-lc$^1/1-1-',1},
{rabbit,run_boot_step,1},
{rabbit,'-start/2-lc$^0/1-0-',1},
{rabbit,start,2},
{application_master,start_it_old,4}]
Erlang has closed
{"Kernel pid terminated",application_controller,"{application_start_failure,rabbit,{bad_return,{{rabbit,start,[normal,[]]},{'EXIT',{rabbit,failure_during_boot}}}}}"}
Kernel pid terminated (application_controller) ({application_start_failure,rabbit,{bad_return,{{rabbit,start,[normal,[]]},{'EXIT',{rabbit,failure_during_boot}}}}})
Have any suggestion what's wrong with my rabbit?
Configuration file should be like this:
root#rabbit1:~# cat /etc/rabbitmq/myrabbitmq.config
[{rabbit,
[{cluster_nodes, ['rabbit#rabbit1', 'rabbit#rabbit2'] }]}].
It seems, that disc or ram node configures in different way than in documentation to latest version of rabbit. In this configuration two disc nodes will be created. If somebody wants ram node this node should be ommitted in configuration of this node (not in other config files).