Closed HirossxD closed 1 year ago
Trying to deploy CDP private cluster with kerberos, ranger and autotls.
playbook execution command:
ansible-playbook /runner/project/cloudera-deploy/main.yml -e "definition_path=/runner/project/cloudera-deploy/examples/sandbox" -e "profile=/home/runner/.config/cloudera-deploy/profiles/default" -t default_cluster,kerberos,tls -i "/runner/project/cloudera-deploy/examples/sandbox/inventory_static.ini" --flush-cache
After execution, playbook fails on the task:
TASK [cloudera.cluster.tls_install_certs : Install signed certificate reply into keystore] *** task path: /opt/cldr-runner/collections/ansible_collections/cloudera/cluster/roles/security/tls_install_certs/tasks/main.yml:126
with error below (on each node)
[ "cmd": "/usr/bin/keytool -importcert -alias \"node1.domain.com\" -file \"/opt/cloudera/security/pki/node1.domain.com.pem\" -keystore \"/opt/cloudera/security/pki/node1.domain.com.jks\" -storepass \"changeme\" -trustcacerts -noprompt](fatal: [node1.domain.com]: FAILED! => {"changed": false, "cmd": "/usr/bin/keytool -importcert -alias \"node1.domain.com\" -file \"/opt/cloudera/security/pki/node1.domain.com.pem\" -keystore \"/opt/cloudera/security/pki/node1.domain.com.jks\" -storepass \"changeme\" -trustcacerts -noprompt\n", "delta": "0:00:00.247693", "end": "2023-01-09 13:27:30.366003", "failed_when_result": true, "msg": "non-zero return code", "rc": 1, "start": "2023-01-09 13:27:30.118310", "stderr": "", "stderr_lines": [], "stdout": "keytool error: java.lang.Exception: Public keys in reply and keystore don't match", "stdout_lines": ["keytool error: java.lang.Exception: Public keys in reply and keystore don't match"]})
Any idea why is this happening ?
I have tried to import certs manually via
/usr/bin/keytool -importcert -alias node1.domain.com -file /opt/cloudera/security/pki/node1.domain.com.pem -keystore /opt/cloudera/security/pki/node1.domain.com.jks -trustcacerts -noprompt
And the cert have been added successfully...
Issue has dissapeared after manually deleting certs from keystore, removing /ca folder from [ca_server] and re-deploying the cluster several times
/ca
[ca_server]
Trying to deploy CDP private cluster with kerberos, ranger and autotls.
playbook execution command:
After execution, playbook fails on the task:
with error below (on each node)
Any idea why is this happening ?
I have tried to import certs manually via
And the cert have been added successfully...