Error:"Java patch PatchPasswordEncryption_J10001 is being applied by some other process" when starting Ranger Admin
SupportKB
Problem Description:
When starting Ranger admin, it fails to start up with the following error:
- [I] Java patch PatchPasswordEncryption_J10001 is being applied by some other process
The Ranger Admin service fails to start even after completely removing Ranger service, dropping Ranger database and reinstalling Ranger:
- 2017-10-20 13:29:32,536 [JISQL] /usr/java/default/bin/java
- -cp /usr/hdp/current/ranger-admin/ews/lib/mysql-connector-java.jar:
- /usr/hdp/current/ranger-admin/jisql/lib/*
- org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql:
- //ost-cdc-asi-nam-c04-data.linux.abc.corp.abc.com/ranger_hdp -u
- 'ranger-hdp' -p '********'
- -noheader -trim -c \; -query "delete from x_db_version_h where version='J10001' and
- active='N' and updated_by='test.support.com';"
- SQLException : SQL state: HY000 java.sql.SQLException: null, message from server:
- "Host '10.0.0.1' is blocked because of many connection errors; unblock with
- 'mysqladmin flush-hosts'" ErrorCode: 1129
- 2017-10-20 13:29:32,838 [E] applying java patch PatchPasswordEncryption_J10001 failed
Cause:
This issue occurs on latest versions of CentOS/RHEL releases (for example CentOS/RHEL 6.7 or later, and CentOS/RHEL 7), where "Encrypted Connections" (SSL) feature is enabled by default in MySQL. If the database client (Ranger in this case) is not configured to use SSL, the connection will fail and the following is displayedin the log as well:
- WARN: Establishing SSL connection without server's identity verification is not recommended.
- According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default
- if explicit option isn't set.
- For compliance with existing applications not using SSL the verifyServerCertificate property
- is set to 'false'.
- You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
The database client will keep connecting until it reaches the limit of MySQL's crude anti-cybercriminal feature. If MySQL's crude anti-cybercriminal feature has been activated, when a database client has tried and failed to connect MySQL for many times (by default, 100) the MySQL concludes that the machine is compromised and refuses to accept any more connections from it. That's when Ranger admin fails with the "blocked because of many connection error".
Solution:
To resolve this issue, disable the Encrypted Connections (SSL) feature in MySQL by adding skip_ssl in my.cnf and restart mysqld service:
- Log in to MySQL and query:
- mysql> SHOW VARIABLES LIKE '%ssl%';
- The following should be like the following, which suggests the SSL is enabled in MySQL:
- +---------------+-----------------+ | Variable_name | Value |
- "+---------------+-----------------+ | have_openssl | YES | |
- have_ssl | YES | | ssl_ca | ca.pem | | ssl_capath | | | ssl_cert |
- server-cert.pem | | ssl_cipher | | | ssl_crl | | | ssl_crlpath | | |
- ssl_key | server-key.pem | +---------------+-----------------+ 9 rows in set (0.00 sec)
- Edit my.cnf file to add skip_ssl:
- [mysqld]
- ...
- skip_ssl
- # disable_ssl
- ...
- Restart MySQL service:
- service mysql restart
- Re-log in to MySQL and run the same query. Ensure SSL is disabled:
- +---------------+----------+
- | Variable_name | Value |
- +---------------+----------+
- | have_openssl | DISABLED |
- | have_ssl | DISABLED |
- | ssl_ca | |
- | ssl_capath | |
- | ssl_cert | |
- | ssl_cipher | |
- | ssl_crl | |
- | ssl_crlpath | |
- | ssl_key | |
- +---------------+----------+
- 9 rows in set (0.00 sec)
- Restart Ranger admin service.
About:
This article created by Hortonworks Support (Article: 000006653) on 2017-11-03 14:00
OS: n/a
Type: n/a
Version: n/a
Error:"Java patch PatchPasswordEncryption_J10001 is being applied by some other process" when starting Ranger Admin的更多相关文章
- idea报错:error java compilation failed internal java compiler error
idea下面报如下问题 error java compilation failed internal java compiler error 解决办法:Setting->Compiler-> ...
- idea Error:java: Compilation failed: internal java compiler error
idea 遇到Error:java: Compilation failed: internal java compiler error 是提示说你当前使用的编译器jdk版本不对. 按住Ctrl+Alt ...
- com.sun.xml.internal.ws.server.ServerRtException: Server Runtime Error: java.net.BindException: Cannot assign requested address: bind
在发布 web service 时报错: Endpoint.publish(publishAddress, hl7MessageReveiver); com.sun.xml.internal.ws.s ...
- Error:java:Compilation failed: internal java compiler error
在IDEA中编译时出现这个错误:Error:java:Compilation failed: internal java compiler error! Information:Using javac ...
- IDEA Error:java: 未结束的字符串文字
首页 > 编程交流 > 基础篇 > IDEA Error:java: 未结束的字符串文字 201601-25 IDEA Error:java: 未结束的字符串文字 IDEA开发, ...
- android studio Error:java.lang.OutOfMemoryError: GC overhead limit exceeded
android studio Error:java.lang.OutOfMemoryError: GC overhead limit exceeded 在app下的build.gradle中找到and ...
- hive脚本出现Error: java.lang.RuntimeException: Error in configuring object和Caused by: java.lang.IndexOutOfBoundsException: Index: 9, Size: 9
是在reduce阶段报的错误,详细错误信息是 朱传豪 19:04:48 Diagnostic Messages for this Task: Error: java.lang.RuntimeExcep ...
- 【Xamarin报错】 COMPILETODALVIK : UNEXPECTED TOP-LEVEL error java.lang.OutOfMemoryError: Java heap space
Xamarin Android 编译报错: COMPILETODALVIK : UNEXPECTED TOP-LEVEL error java.lang.OutOfMemoryError: Java ...
- hive分区导致FAILED: Hive Internal Error: java.lang.NullPointerException(null)
写了一条hive sql ,其中条件中存在 dt>=20150101 and dt<=20150228 这样的条件,原来执行没问题,今天就抛出 FAILED: Hive Internal ...
随机推荐
- 转:visualvm监控远程机器上的Java程序
转自:http://hanwangkun.iteye.com/blog/1195526 JDK里面本身就带了很多的监控工具,如JConsole等.我们今天要讲的这款工具visualvm,就是其中的一款 ...
- SSM-Spring-12:Spring中NameMatchMethodPointcutAdvisor名称匹配方法切入点顾问
------------吾亦无他,唯手熟尔,谦卑若愚,好学若饥------------- advice 是通知advisor 是顾问 顾问(Advisor) 通知Advice是Spring提供的一种切 ...
- 计算两个latitude-longitude点之间的距离? (Haversine公式)
问题描述 如何计算纬度和经度指定的两点之间的距离?为了澄清,我想要距离公里;这些点使用WGS84系统,我想了解可用方法的相对准确性.最佳解决方案 这个link可能对您有帮助,因为它详细说明了使用Hav ...
- 巩固java(六)----java中可变参数方法(非常实用哦)
java提供了可变参数的方法,即方法的参数个数可以不确定,用"..."定义. import java.util.ArrayList; import java.util.List; ...
- 查询订阅某topic的所有consumer group(Java API)
在网上碰到的问题,想了下使用现有的API还是可以实现的. 首先,需要引入Kafka服务器端代码,比如加入Kafka 1.0.0依赖: Maven <dependency> <grou ...
- bzoj 2242 [SDOI2011]计算器 快速幂+扩展欧几里得+BSGS
1:快速幂 2:exgcd 3:exbsgs,题里说是素数,但我打的普通bsgs就wa,exbsgs就A了...... (map就是慢)..... #include<cstdio> # ...
- bzoj 2588 树上主席树
主席树上树,对于每个节点,继承其父亲的,最后跑f[x]+f[y]-f[lca]-f[fa[lca]] 去重竟然要减一,我竟然不知道?? #include<cstdio> #include& ...
- bzoj 1901 主席树+树状数组
修改+查询第k小值 单纯主席树修改会打乱所有,所以再套一个树状数组维护前缀和使得修改,查询都是log 对了,bzoj上不需要读入组数,蜜汁re.. #include<cstdio> #in ...
- MySQL数据同步,出现Slave_SQL_Running:no和slave_io_running:no问题的解决方法
一.问题描述: 当我们配置好MySQL主主同步时,是可以实现主主同步,但是重启机器后就发现无法同步了. 二.Slave两个关键进程: mysql replication 中slave机器上有两个关键的 ...
- Haskell学习-函数式编程初探
原文地址:Haskell学习-函数式编程初探 为什么要学习函数式编程?为什么要学习Haskell? .net到前端,C#和JavaScript对我来说如果谈不上精通,最起码也算是到了非常熟悉的 ...