Unlock or Reset of Admin Password in Aria Operations for Logs Fails with error 'Unable to get user data. Possible Cassandra is down.'
search cancel

Unlock or Reset of Admin Password in Aria Operations for Logs Fails with error 'Unable to get user data. Possible Cassandra is down.'

book

Article ID: 415552

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

  • When attempting to reset or unlock the admin account for Aria Operations for Logs using the script "li-reset-admin-passwd.sh", the operation fails with the error message: "Unable to get user data. Possible Cassandra is down."
  • Running the nodetool-no-pass status command reports that the Cassandra service is UP and Normal for all nodes.
  • Attempts to log in to the Cassandra database directly using the cqlsh-no-pass command fail with the following SSL error: 'Unable to connect to any servers', {'127.0.0.1:9042': OSError (136, "Tried connecting to [ ('127.0.0.1', 9042) ]. Last error: [X509: NOCERTIFICATEORCRLFOUND] no certificate or crl found
  • Checking the status of port 9042 with command "netstat -tulpn | grep LISTEN" shows the port is set to LISTEN. The port 9042 set to LISTEN state implies that the service is running but communication is failing due to the missing/corrupt certificate.
  • The following error in /storage/core/loginsight/var/runtime.log reports SSL handshake errors, indicating disrupted SSL communication between system components:
    ["netty-event-loop-28"/##.##.##.## ERROR] [play.core.server.netty.PlayRequestHandler] [Exception caught in Netty]
    io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
            at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:477) ~[netty-codec-4.1.72.Final.jar:4.1.72.Final]
            at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[netty-codec-4.1.72.Final.jar:4.1.72.Final]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.72.Final.jar:4.1.72.Final]

Environment

VMware Aria Operations for Logs 8.18.x

Cause

The cacert.pem file located in the Cassandra configuration directory /storage/core/loginsight/cidata/cassandra/config/ was found to be empty or corrupted.

Resolution

To resolve this issue, perform the following steps:

  1. Access the Aria Operations for Logs node via SSH as root user.

  2. Backup the cacert.pem file before you overwrite it:  
    cp -p /storage/core/loginsight/cidata/cassandra/config/cacert.pem /storage/core/loginsight/cidata/cassandra/config/cacert.pem.backup
  3. Copy the default cluster.pem certificate to the Cassandra configuration directory using the following command:

    cp /usr/lib/loginsight/application/etc/certs/cluster.pem /storage/core/loginsight/cidata/cassandra/config/cacert.pem

    Note: If you have a multi-node cluster, ensure this step is performed on all nodes.

  4. After replacing the cacert.pem file, you can now successfully run the li-reset-admin-passwd.sh script to reset or unlock the admin password.
Powered by Wolken Software