Yesha Vora created HADOOP-9977: ---------------------------------- Summary: Hadoop services won't start with different keypass and keystorepass when https is enabled Key: HADOOP-9977 URL: https://issues.apache.org/jira/browse/HADOOP-9977 Project: Hadoop Common Issue Type: Bug Affects Versions: 2.1.0-beta Reporter: Yesha Vora
Enable ssl in the configuration. While creating keystore, give different keypass and keystore password. (here, keypass = hadoop and storepass=hadoopKey) keytool -genkey -alias host1 -keyalg RSA -keysize 1024 -dname "CN=host1,OU=hw,O=hw,L=palo alto,ST=ca,C=us" -keypass hadoop -keystore keystore.jks -storepass hadoopKey In , ssl-server.xml set below two properties. <property><name>ssl.server.keystore.keypassword</name><value>hadoop</value></property> <property><name>ssl.server.keystore.password</name><value>hadoopKey</value></property> Namenode, ResourceManager, Datanode, Nodemanager, SecondaryNamenode fails to start with below error. 2013-09-17 21:39:00,794 FATAL namenode.NameNode (NameNode.java:main(1325)) - Exception in namenode join java.io.IOException: java.security.UnrecoverableKeyException: Cannot recover key at org.apache.hadoop.http.HttpServer.<init>(HttpServer.java:222) at org.apache.hadoop.http.HttpServer.<init>(HttpServer.java:174) at org.apache.hadoop.hdfs.server.namenode.NameNodeHttpServer$1.<init>(NameNodeHttpServer.java:76) at org.apache.hadoop.hdfs.server.namenode.NameNodeHttpServer.start(NameNodeHttpServer.java:74) at org.apache.hadoop.hdfs.server.namenode.NameNode.startHttpServer(NameNode.java:626) at org.apache.hadoop.hdfs.server.namenode.NameNode.initialize(NameNode.java:488) at org.apache.hadoop.hdfs.server.namenode.NameNode.<init>(NameNode.java:684) at org.apache.hadoop.hdfs.server.namenode.NameNode.<init>(NameNode.java:669) at org.apache.hadoop.hdfs.server.namenode.NameNode.createNameNode(NameNode.java:1254) at org.apache.hadoop.hdfs.server.namenode.NameNode.main(NameNode.java:1320) Caused by: java.security.UnrecoverableKeyException: Cannot recover key at sun.security.provider.KeyProtector.recover(KeyProtector.java:328) at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:138) at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:55) at java.security.KeyStore.getKey(KeyStore.java:792) at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:131) at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:68) at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:259) at org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.init(FileBasedKeyStoresFactory.java:170) at org.apache.hadoop.security.ssl.SSLFactory.init(SSLFactory.java:121) at org.apache.hadoop.http.HttpServer.<init>(HttpServer.java:220) ... 9 more -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira