[
https://issues.apache.org/jira/browse/MAPREDUCE-6276?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14365068#comment-14365068
]
Kuldeep Kulkarni commented on MAPREDUCE-6276:
---------------------------------------------
Hi Rohit,
I have re-checked that all.jks is up to date on all my nodes in the cluster.
output from namenode :
{code}
[root@hdprndmaster ~]# keytool -list -v -keystore $ALL_JKS -storepass
$CLIENT_TRUSTSTORE_PASSWORD
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: hdprndnode.dm.com
Creation date: Mar 16, 2015
Entry type: trustedCertEntry
Owner: CN=hdprndnode.dm.com, OU=hw, O=hw, L=paloalto, ST=ca, C=us
Issuer: CN=hdprndnode.dm.com, OU=hw, O=hw, L=paloalto, ST=ca, C=us
Serial number: 42be4e2e
Valid from: Mon Mar 16 08:03:28 EDT 2015 until: Sun Jun 14 08:03:28 EDT 2015
Certificate fingerprints:
MD5: AC:AB:ED:F7:3C:D9:3D:E1:0B:29:D6:E1:E7:46:69:47
SHA1: 24:78:E9:B0:8C:6C:C8:75:25:E4:BA:FB:67:68:86:4A:57:E2:F3:80
SHA256:
F7:C4:59:D9:6C:52:FA:CB:1C:B5:57:36:F5:6F:95:E2:BA:BA:64:C0:41:93:45:10:D1:91:BC:14:56:AA:CD:46
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C5 47 B5 99 7E CD A8 08 D1 C9 51 F0 C4 E0 ED AA .G........Q.....
0010: EF E1 57 D7 ..W.
]
]
*******************************************
*******************************************
Alias name: hdprndmaster.dm.com
Creation date: Mar 16, 2015
Entry type: trustedCertEntry
Owner: CN=hdprndmaster.dm.com, OU=hw, O=hw, L=paloalto, ST=ca, C=us
Issuer: CN=hdprndmaster.dm.com, OU=hw, O=hw, L=paloalto, ST=ca, C=us
Serial number: 7c93e8d9
Valid from: Mon Mar 16 06:56:15 EDT 2015 until: Sun Jun 14 06:56:15 EDT 2015
Certificate fingerprints:
MD5: 9F:DD:36:C8:88:25:08:ED:F0:DB:82:AB:38:13:FA:B0
SHA1: 9E:8C:3E:A8:74:5C:51:2B:62:BB:46:89:65:8A:EF:A6:C6:F6:D8:75
SHA256:
02:F5:1D:E7:A5:4B:6B:4C:7C:8E:4F:79:0C:B3:A2:8A:E1:AB:DF:5A:87:E9:20:E8:16:BF:D5:F3:D4:C0:A6:44
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C2 47 40 E6 F9 89 EA 0C 28 0D 3F 26 57 05 A6 29 .G@.....(.?&W..)
0010: 4E AE C7 BC N...
]
]
*******************************************
*******************************************
[root@hdprndmaster ~]#
{code}
Output from datanode :
{code}
[root@hdprndnode ~]# keytool -list -v -keystore $ALL_JKS -storepass
$CLIENT_TRUSTSTORE_PASSWORD
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: hdprndnode.dm.com
Creation date: Mar 16, 2015
Entry type: trustedCertEntry
Owner: CN=hdprndnode.dm.com, OU=hw, O=hw, L=paloalto, ST=ca, C=us
Issuer: CN=hdprndnode.dm.com, OU=hw, O=hw, L=paloalto, ST=ca, C=us
Serial number: 42be4e2e
Valid from: Mon Mar 16 08:03:28 EDT 2015 until: Sun Jun 14 08:03:28 EDT 2015
Certificate fingerprints:
MD5: AC:AB:ED:F7:3C:D9:3D:E1:0B:29:D6:E1:E7:46:69:47
SHA1: 24:78:E9:B0:8C:6C:C8:75:25:E4:BA:FB:67:68:86:4A:57:E2:F3:80
SHA256:
F7:C4:59:D9:6C:52:FA:CB:1C:B5:57:36:F5:6F:95:E2:BA:BA:64:C0:41:93:45:10:D1:91:BC:14:56:AA:CD:46
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C5 47 B5 99 7E CD A8 08 D1 C9 51 F0 C4 E0 ED AA .G........Q.....
0010: EF E1 57 D7 ..W.
]
]
*******************************************
*******************************************
Alias name: hdprndmaster.dm.com
Creation date: Mar 16, 2015
Entry type: trustedCertEntry
Owner: CN=hdprndmaster.dm.com, OU=hw, O=hw, L=paloalto, ST=ca, C=us
Issuer: CN=hdprndmaster.dm.com, OU=hw, O=hw, L=paloalto, ST=ca, C=us
Serial number: 7c93e8d9
Valid from: Mon Mar 16 06:56:15 EDT 2015 until: Sun Jun 14 06:56:15 EDT 2015
Certificate fingerprints:
MD5: 9F:DD:36:C8:88:25:08:ED:F0:DB:82:AB:38:13:FA:B0
SHA1: 9E:8C:3E:A8:74:5C:51:2B:62:BB:46:89:65:8A:EF:A6:C6:F6:D8:75
SHA256:
02:F5:1D:E7:A5:4B:6B:4C:7C:8E:4F:79:0C:B3:A2:8A:E1:AB:DF:5A:87:E9:20:E8:16:BF:D5:F3:D4:C0:A6:44
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C2 47 40 E6 F9 89 EA 0C 28 0D 3F 26 57 05 A6 29 .G@.....(.?&W..)
0010: 4E AE C7 BC N...
]
]
*******************************************
*******************************************
[root@hdprndnode ~]#
{code}
> Error in encrypted shuffle
> --------------------------
>
> Key: MAPREDUCE-6276
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-6276
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Environment: Centos 6.5
> Multinode hdp 2.2 cluster
> using mapreduce version 2
> hadoop version 2.6.0
> namenode - hdprndmaster.dm.com (10.200.100.83)
> resourcemanager/datanode/nodemanager - hdprndnode.dm.com (10.200.100.85)
> Reporter: Kuldeep Kulkarni
> Priority: Blocker
> Attachments: capacity-scheduler.xml, commons-logging.properties,
> container-executor.cfg, core-site.xml, dfs.exclude, dfs_data_dir_mount.hist,
> hadoop-env.sh, hadoop-metrics2.properties, hadoop-policy.xml, hdfs-site.xml,
> health_check, log.txt, log4j.properties, mapred-env.sh, mapred-site.xml,
> slaves, ssl-client.xml, ssl-server.xml, task-log4j.properties,
> taskcontroller.cfg, yarn-env.sh, yarn-site.xml
>
>
> Hey Guys,
> After enabling wire encryption my UIs are working fine, I'm able to
> read/write to hdfs securely however encrypted shuffle is not working. I'm
> getting below error, could you please help me ?
> Note - mappers are getting finished successfully however job gets failed
> during shuffle.
> {code}
> 2015-03-17 17:00:54,322 WARN [fetcher#1]
> org.apache.hadoop.mapreduce.task.reduce.Fetcher: Failed to connect to
> hdprndnode.dm.com:13562 with 8 map outputs
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> {code}
> Please find attached full log for more details.
> Thanks,
> Kuldeep
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
