SupportKB

Problem Description: 
When starting Ranger admin, it fails to start up with the following error:

  1. [I] Java patch PatchPasswordEncryption_J10001 is being applied by some other process

The Ranger Admin service fails to start even after completely removing Ranger service, dropping Ranger database and reinstalling Ranger:

  1. 2017-10-20 13:29:32,536 [JISQL] /usr/java/default/bin/java
  2. -cp /usr/hdp/current/ranger-admin/ews/lib/mysql-connector-java.jar:
  3. /usr/hdp/current/ranger-admin/jisql/lib/*
  4. org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql:
  5. //ost-cdc-asi-nam-c04-data.linux.abc.corp.abc.com/ranger_hdp -u
  6. 'ranger-hdp' -p '********'
  7. -noheader -trim -c \; -query "delete from x_db_version_h where version='J10001' and
  8. active='N' and updated_by='test.support.com';"
  9. SQLException : SQL state: HY000 java.sql.SQLException: null, message from server:
  10. "Host '10.0.0.1' is blocked because of many connection errors; unblock with
  11. 'mysqladmin flush-hosts'" ErrorCode: 1129
  12. 2017-10-20 13:29:32,838 [E] applying java patch PatchPasswordEncryption_J10001 failed

Cause: 
This issue occurs on latest versions of CentOS/RHEL releases (for example CentOS/RHEL 6.7 or later, and CentOS/RHEL 7), where "Encrypted Connections" (SSL) feature is enabled by default in MySQL. If the database client (Ranger in this case) is not configured to use SSL, the connection will fail and the following is displayedin the log as well:

  1. WARN: Establishing SSL connection without server's identity verification is not recommended.
  2. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default
  3. if explicit option isn't set.
  4. For compliance with existing applications not using SSL the verifyServerCertificate property
  5. is set to 'false'.
  6. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

The database client will keep connecting until it reaches the limit of MySQL's crude anti-cybercriminal feature. If MySQL's crude anti-cybercriminal feature has been activated, when a database client has tried and failed to connect MySQL for many times (by default, 100) the MySQL concludes that the machine is compromised and refuses to accept any more connections from it. That's when Ranger admin fails with the "blocked because of many connection error".
Solution:
To resolve this issue, disable the Encrypted Connections (SSL) feature in MySQL by adding skip_ssl in my.cnf and restart mysqld service:

  1. Log in to MySQL and query:
    1. mysql> SHOW VARIABLES LIKE '%ssl%';
  2. The following should be like the following, which suggests the SSL is enabled in MySQL:
    1. +---------------+-----------------+ | Variable_name | Value |
    2. "+---------------+-----------------+ | have_openssl | YES | |
    3. have_ssl | YES | | ssl_ca | ca.pem | | ssl_capath | | | ssl_cert |
    4. server-cert.pem | | ssl_cipher | | | ssl_crl | | | ssl_crlpath | | |
    5. ssl_key | server-key.pem | +---------------+-----------------+ 9 rows in set (0.00 sec)
  3. Edit my.cnf file to add skip_ssl:
    1. [mysqld]
    2. ...
    3. skip_ssl
    4. # disable_ssl
    5. ...
  4. Restart MySQL service:
    1. service mysql restart
  5. Re-log in to MySQL and run the same query. Ensure SSL is disabled:
    1. +---------------+----------+
    2. | Variable_name | Value |
    3. +---------------+----------+
    4. | have_openssl | DISABLED |
    5. | have_ssl | DISABLED |
    6. | ssl_ca | |
    7. | ssl_capath | |
    8. | ssl_cert | |
    9. | ssl_cipher | |
    10. | ssl_crl | |
    11. | ssl_crlpath | |
    12. | ssl_key | |
    13. +---------------+----------+
    14. 9 rows in set (0.00 sec)
  6. Restart Ranger admin service.

About:
This article created by Hortonworks Support (Article: 000006653) on 2017-11-03 14:00
OS: n/a
Type: n/a
Version: n/a

Support ID: 000006653

Error:"Java patch PatchPasswordEncryption_J10001 is being applied by some other process" when starting Ranger Admin的更多相关文章

  1. idea报错:error java compilation failed internal java compiler error

    idea下面报如下问题 error java compilation failed internal java compiler error 解决办法:Setting->Compiler-> ...

  2. idea Error:java: Compilation failed: internal java compiler error

    idea 遇到Error:java: Compilation failed: internal java compiler error 是提示说你当前使用的编译器jdk版本不对. 按住Ctrl+Alt ...

  3. com.sun.xml.internal.ws.server.ServerRtException: Server Runtime Error: java.net.BindException: Cannot assign requested address: bind

    在发布 web service 时报错: Endpoint.publish(publishAddress, hl7MessageReveiver); com.sun.xml.internal.ws.s ...

  4. Error:java:Compilation failed: internal java compiler error

    在IDEA中编译时出现这个错误:Error:java:Compilation failed: internal java compiler error! Information:Using javac ...

  5. IDEA Error:java: 未结束的字符串文字

    首页 > 编程交流 > 基础篇 > IDEA Error:java: 未结束的字符串文字 201601-25 IDEA Error:java: 未结束的字符串文字   IDEA开发, ...

  6. android studio Error:java.lang.OutOfMemoryError: GC overhead limit exceeded

    android studio Error:java.lang.OutOfMemoryError: GC overhead limit exceeded 在app下的build.gradle中找到and ...

  7. hive脚本出现Error: java.lang.RuntimeException: Error in configuring object和Caused by: java.lang.IndexOutOfBoundsException: Index: 9, Size: 9

    是在reduce阶段报的错误,详细错误信息是 朱传豪 19:04:48 Diagnostic Messages for this Task: Error: java.lang.RuntimeExcep ...

  8. 【Xamarin报错】 COMPILETODALVIK : UNEXPECTED TOP-LEVEL error java.lang.OutOfMemoryError: Java heap space

    Xamarin Android 编译报错: COMPILETODALVIK : UNEXPECTED TOP-LEVEL error java.lang.OutOfMemoryError: Java ...

  9. hive分区导致FAILED: Hive Internal Error: java.lang.NullPointerException(null)

    写了一条hive sql ,其中条件中存在 dt>=20150101 and dt<=20150228 这样的条件,原来执行没问题,今天就抛出 FAILED: Hive Internal ...

随机推荐

  1. 二十四、Hadoop学记笔记————Spark的架构

    master为主节点 一个集群中可能运行多个application,因此也可能会有多个driver DAG Scheduler就是讲RDD Graph拆分成一个个stage 一个Task对应一个Spa ...

  2. ftp研究

    工作中经常用到ftp,最近闲下心来,仔细研究下ftp这个协议. FTP(文件传输协议)工作原理 目前在网络上,如果你想把文件和其他人共享.最方便的办法莫过于将文件放FTP服务器上,然后其他人通过FTP ...

  3. Selenium webdriver定位iframe里面元素

    在查找元素过程中,直接通过id或者xpath等找不到元素,查看页面源代码发现元素是属于iframe里,例如: <div class="wrap_login"> < ...

  4. Java 读书笔记 (十) 循环

    while循环 只要布尔表达式为true,循环就一直执行下去. public class Test( public static void main(String args[]){ int x=10; ...

  5. 用java代码将从数据库中取出的具有父子关系的数据转成json格式

    思路:①.取出数据中的所有父节点放入一个集合中②.取出数据中所有为该父节点的子节点放入另一个集合中③.用到迭代的方法将子节点一层一层的遍历工具类:package com.assasion.test;i ...

  6. Elasticsearch笔记九之优化

    Elasticsearch笔记九之优化 ).get(); } curl命令可以在linux中建立一个定时任务每天执行一次,同样java代码也可以建立一个定时器来执行. 2:内存设置之前介绍过es集群有 ...

  7. BZOJ_2594_[Wc2006]水管局长数据加强版_LCT

    BZOJ_2594_[Wc2006]水管局长数据加强版_LCT Description SC省MY市有着庞大的地下水管网络,嘟嘟是MY市的水管局长(就是管水管的啦),嘟嘟作为水管局长的工作就是:每天供 ...

  8. BZOJ_3932_[CQOI2015]任务查询系统_主席树

    BZOJ_3932_[CQOI2015]任务查询系统_主席树 题意: 最近实验室正在为其管理的超级计算机编制一套任务管理系统,而你被安排完成其中的查询部分.超级计算机中的 任务用三元组(Si,Ei,P ...

  9. Eureka的功能特性及相关配置

    1.服务提供者1.1服务注册服务提供者启动时,会通过rest请求的方式将自己注册到Eureka Server上,同时带上了自身服务的一些元数据信息.Eureka Server接收到请求后,将元数据信息 ...

  10. C++教程之初识编程

    突然想写一份C++教程,并且此教程会尽量使用通俗语言来描述,进入正题! 如果你从来没有接触过编程语言,希望我的教程能够帮助你! 一.代码示例 ​ 当然我希望你暂时不要纠结我在写什么,把代码贴在前面是想 ...