“Validation is enabled; SSL transport factory requires a valid certfile to be specified” error when logging in to Cassandra
search cancel

“Validation is enabled; SSL transport factory requires a valid certfile to be specified” error when logging in to Cassandra

book

Article ID: 329001

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
  • Logging into Cassandra fails.
  • You see the error similar to:

    Validation is enabled; SSL transport factory requires a valid certfile to be specified. Please provide path to the certfile in [ssl] section as 'certfile' option in /usr/lib/vmware-vcops/user/conf/cassandra/cqlshrc (or use [certfiles] section) or set SSL_CERTFILE environment variable.
  • The $VCOPS_BASE/user/conf/cassandra/cqlshrc file has missing or no configuration.
  • The /storage/vcops/log/cassandra/check.admin.log file contains errors similar to:

    localhost:/storage/vcops/log/cassandra # $ALIVE_BASE/cassandra/apache-cassandra-2.1.8/bin/cqlsh --ssl --cqlshrc $ALIVE_BASE/user/conf/cassandra/cqlshrc
    Validation is enabled; SSL transport factory requires a valid certfile to be specified. Please provide path to the certfile in [ssl] section as 'certfile' option in /usr/lib/vmware-vcops/user/conf/cassandra/cqlshrc (or use [certfiles] section) or set SSL_CERTFILE environment variable.
    2017-05-31 10:58:42,270 INFO vmware.vcops.cassandra.check#_are_enough_nodes_up:214 - Total nodes up=1, total nodes required=1
    2017-05-31 10:58:42,272 ERROR vmware.vcops.cassandra.check#<module>:558 - Find more details in: /usr/lib/vmware-vcops/user/log/cassandra/check.admin.log
    2017-05-31 11:05:32,262 INFO vmware.vcops.cassandra.check#wait_for_cassandra:437 - No retry timeout set; will retry checking Cassandra status until the minimum required number of nodes are up

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.




Environment

VMware vRealize Operations Manager 6.2.x
VMware vRealize Operations Manager 6.1.x
VMware vRealize Operations Manager 6.4.x
VMware vRealize Operations Manager 6.3.x
VMware vRealize Operations Manager 6.5.x

Cause

The configuration in $VCOPS_BASE/user/conf/cassandra/cqlshrc is required to log into Cassandra.

This issue occurs if there is missing or no configuration in vRealize Operation Manager 6.1 and later.

Resolution

To resolve the issue the configuration in $VCOPS_BASE/user/conf/cassandra/cqlshrc must be set correctly.

  1. Log in to the affected analytics node as root via SSH or console.
  2. Run this command to get the Cassandra user password and note the output.

    sed -nre 's/^cassandra\.user\.password\=\s*(.*)$/\1/p' /usr/lib/vmware-vcops/user/conf/persistence/persistence.properties

  3. Open $VCOPS_BASE/user/conf/cassandra/cqlshrc file using a text editor.
  4. Copy and paste these lines into the file:

    [connection]
    hostname = 127.0.0.1
    port = 9042
    client_timeout = 120

    [authentication]
    username = vcops_user
    password = encrypted_password

    [ssl]
    certfile = /storage/vcops/user/conf/ssl/web_chain.pem
    usercert = /storage/vcops/user/conf/ssl/web_cert.pem
    userkey = /storage/vcops/user/conf/ssl/web_key.pem
    validate = true


    Note: Replace encrypted_password with the password found in step 2.

    Example: password = nA1EryqYPn58V5+0MLqiZ6al

  5. Save and close the file.


Powered by Wolken Software