SupportKB

Problem Description: 
When starting Ranger admin, it fails to start up with the following error:

  1. [I] Java patch PatchPasswordEncryption_J10001 is being applied by some other process

The Ranger Admin service fails to start even after completely removing Ranger service, dropping Ranger database and reinstalling Ranger:

  1. 2017-10-20 13:29:32,536 [JISQL] /usr/java/default/bin/java
  2. -cp /usr/hdp/current/ranger-admin/ews/lib/mysql-connector-java.jar:
  3. /usr/hdp/current/ranger-admin/jisql/lib/*
  4. org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql:
  5. //ost-cdc-asi-nam-c04-data.linux.abc.corp.abc.com/ranger_hdp -u
  6. 'ranger-hdp' -p '********'
  7. -noheader -trim -c \; -query "delete from x_db_version_h where version='J10001' and
  8. active='N' and updated_by='test.support.com';"
  9. SQLException : SQL state: HY000 java.sql.SQLException: null, message from server:
  10. "Host '10.0.0.1' is blocked because of many connection errors; unblock with
  11. 'mysqladmin flush-hosts'" ErrorCode: 1129
  12. 2017-10-20 13:29:32,838 [E] applying java patch PatchPasswordEncryption_J10001 failed

Cause: 
This issue occurs on latest versions of CentOS/RHEL releases (for example CentOS/RHEL 6.7 or later, and CentOS/RHEL 7), where "Encrypted Connections" (SSL) feature is enabled by default in MySQL. If the database client (Ranger in this case) is not configured to use SSL, the connection will fail and the following is displayedin the log as well:

  1. WARN: Establishing SSL connection without server's identity verification is not recommended.
  2. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default
  3. if explicit option isn't set.
  4. For compliance with existing applications not using SSL the verifyServerCertificate property
  5. is set to 'false'.
  6. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

The database client will keep connecting until it reaches the limit of MySQL's crude anti-cybercriminal feature. If MySQL's crude anti-cybercriminal feature has been activated, when a database client has tried and failed to connect MySQL for many times (by default, 100) the MySQL concludes that the machine is compromised and refuses to accept any more connections from it. That's when Ranger admin fails with the "blocked because of many connection error".
Solution:
To resolve this issue, disable the Encrypted Connections (SSL) feature in MySQL by adding skip_ssl in my.cnf and restart mysqld service:

  1. Log in to MySQL and query:
    1. mysql> SHOW VARIABLES LIKE '%ssl%';
  2. The following should be like the following, which suggests the SSL is enabled in MySQL:
    1. +---------------+-----------------+ | Variable_name | Value |
    2. "+---------------+-----------------+ | have_openssl | YES | |
    3. have_ssl | YES | | ssl_ca | ca.pem | | ssl_capath | | | ssl_cert |
    4. server-cert.pem | | ssl_cipher | | | ssl_crl | | | ssl_crlpath | | |
    5. ssl_key | server-key.pem | +---------------+-----------------+ 9 rows in set (0.00 sec)
  3. Edit my.cnf file to add skip_ssl:
    1. [mysqld]
    2. ...
    3. skip_ssl
    4. # disable_ssl
    5. ...
  4. Restart MySQL service:
    1. service mysql restart
  5. Re-log in to MySQL and run the same query. Ensure SSL is disabled:
    1. +---------------+----------+
    2. | Variable_name | Value |
    3. +---------------+----------+
    4. | have_openssl | DISABLED |
    5. | have_ssl | DISABLED |
    6. | ssl_ca | |
    7. | ssl_capath | |
    8. | ssl_cert | |
    9. | ssl_cipher | |
    10. | ssl_crl | |
    11. | ssl_crlpath | |
    12. | ssl_key | |
    13. +---------------+----------+
    14. 9 rows in set (0.00 sec)
  6. Restart Ranger admin service.

About:
This article created by Hortonworks Support (Article: 000006653) on 2017-11-03 14:00
OS: n/a
Type: n/a
Version: n/a

Support ID: 000006653

Error:"Java patch PatchPasswordEncryption_J10001 is being applied by some other process" when starting Ranger Admin的更多相关文章

  1. idea报错:error java compilation failed internal java compiler error

    idea下面报如下问题 error java compilation failed internal java compiler error 解决办法:Setting->Compiler-> ...

  2. idea Error:java: Compilation failed: internal java compiler error

    idea 遇到Error:java: Compilation failed: internal java compiler error 是提示说你当前使用的编译器jdk版本不对. 按住Ctrl+Alt ...

  3. com.sun.xml.internal.ws.server.ServerRtException: Server Runtime Error: java.net.BindException: Cannot assign requested address: bind

    在发布 web service 时报错: Endpoint.publish(publishAddress, hl7MessageReveiver); com.sun.xml.internal.ws.s ...

  4. Error:java:Compilation failed: internal java compiler error

    在IDEA中编译时出现这个错误:Error:java:Compilation failed: internal java compiler error! Information:Using javac ...

  5. IDEA Error:java: 未结束的字符串文字

    首页 > 编程交流 > 基础篇 > IDEA Error:java: 未结束的字符串文字 201601-25 IDEA Error:java: 未结束的字符串文字   IDEA开发, ...

  6. android studio Error:java.lang.OutOfMemoryError: GC overhead limit exceeded

    android studio Error:java.lang.OutOfMemoryError: GC overhead limit exceeded 在app下的build.gradle中找到and ...

  7. hive脚本出现Error: java.lang.RuntimeException: Error in configuring object和Caused by: java.lang.IndexOutOfBoundsException: Index: 9, Size: 9

    是在reduce阶段报的错误,详细错误信息是 朱传豪 19:04:48 Diagnostic Messages for this Task: Error: java.lang.RuntimeExcep ...

  8. 【Xamarin报错】 COMPILETODALVIK : UNEXPECTED TOP-LEVEL error java.lang.OutOfMemoryError: Java heap space

    Xamarin Android 编译报错: COMPILETODALVIK : UNEXPECTED TOP-LEVEL error java.lang.OutOfMemoryError: Java ...

  9. hive分区导致FAILED: Hive Internal Error: java.lang.NullPointerException(null)

    写了一条hive sql ,其中条件中存在 dt>=20150101 and dt<=20150228 这样的条件,原来执行没问题,今天就抛出 FAILED: Hive Internal ...

随机推荐

  1. activemq的消息确认机制ACK

    一.简介 消息消费者有没有接收到消息,需要有一种机制让消息提供者知道,这个机制就是消息确认机制. ACK(Acknowledgement)即确认字符,在数据通信中,接收站发给发送站的一种传输类控制字符 ...

  2. c++右值引用以及使用

    前几天看了一篇文章<4行代码看看右值引用> 觉得写得不错,但是觉得右值引用的内容还有很多可以去挖掘学习,所以总结了一下,希望能对右值引用有一个更加深层次的认识 一.几个基本概念 1.1左值 ...

  3. nake_api_protect 请求保护器——防止请求被恶意刷

    github : https://github.com/xjnotxj/wechat_interaction_auth -- nake_api_protect 接口请求保护器,根据 频率 + 次数 的 ...

  4. Loadrunner三种post格式的请求

    Loadrunner三种post格式的请求 web_custom_request intweb_custom_request(const char *RequestName, <List of ...

  5. 17.app后端如何保证通讯安全--aes对称加密

    在上文<16.app后端如何保证通讯安全--url签名>提到,url签名有两个缺点,这两个缺点,如果使用对称加密方法的话,则完全可以避免这两个缺点.在本文中,会介绍对称加密的具体原理,和详 ...

  6. [Python接口自动化]从零开始学习python自动化(1):环境搭建

    第一步:安装python编译环境 安装python编译环境之前,必须保证已安装jdk哈,如果为安装,请参考https://jingyan.baidu.com/article/6dad5075d1dc4 ...

  7. logger.go

    package app //日志接口 type Logger interface {     Output(maxdepth int, s string) error }

  8. BZOJ_2242_[SDOI2011]计算器_快速幂+扩展GCD+BSGS

    BZOJ_2242_[SDOI2011]计算器_快速幂+扩展GCD+BSGS 题意: 你被要求设计一个计算器完成以下三项任务: 1.给定y,z,p,计算Y^Z Mod P 的值: 2.给定y,z,p, ...

  9. 猴子 JDFZ模拟赛

    猴子(弱) Description 话说NP做梦,梦见自己变成了一只猴子,并且有很多香蕉树,这些香蕉树都种在同一直线上,而NP则在这排香蕉树的第一棵树上.NP当然想吃尽量多的香蕉,但它又不想在地上走, ...

  10. 高数量类别特征(high-cardinality categorical attributes)的预处理方法

    high-cardinality categorical attributes,从字面上理解,即对于某个category特征,不同值的数量非常多,这里暂且把它叫做高数量类别属性.反之,即低数量类别属性 ...