"dse spark" fails after enabling DSE Unified Authentication - datastax-enterprise

I updated DSE to 5.1.2 and enabled DSE Unified Authentication.
When I run "dse -u xxx -p xxx spark", I get a shell, but if i submit a query using "spark.sql" I get an error:
scala> val result = spark.sql("SELECT id FROM xxx.yyy")
java.lang.RuntimeException: com.datastax.bdp.fs.client.InternalServerException: Server returned HTTP error response 500 (Internal Server Error)
Caused by: com.datastax.bdp.fs.client.InternalServerException: Server returned HTTP error response 500 (Internal Server Error)
at com.datastax.bdp.fs.client.DseFsClient$stateMachine$macro$1$1.apply(DseFsClient.scala:132)
In /var/log/cassandra/system.log I see:
WARN [Native-Transport-Requests-2] 2017-08-31 12:05:29,057 DseAuthenticator.java:659 - Plain text authentication without client / server encryption is strongly discouraged
ERROR [dsefs-netty-worker-4] 2017-08-31 12:05:29,842 DSEFS RestServerHandler.scala:287 - [id: 0x1810ea2d, L:/10.225.155.31:5598 - R:/10.225.155.31:58006] RestHandler invocation failed
java.util.concurrent.ExecutionException: com.datastax.driver.core.exceptions.NoHostAvailableException: All host(s) tried for query failed (no host was tried)
at com.google.common.util.concurrent.AbstractFuture$Sync.getValue(AbstractFuture.java:299) ~[guava-18.0.jar:na]
Caused by: com.datastax.driver.core.exceptions.NoHostAvailableException: All host(s) tried for query failed (no host was tried)
Any idea how to fix this. By the way, dse spark-submit works...

The problem was solved by enabling dsefs in dse.yaml.

Related

HyperLedger Fabric and Docker Swarm: Handshake failed with fatal error SSL_ERROR_SSL

We are trying to establish a grpcs (TLS) connection between a docker container running API server (based on Node.js) and another docker container running peer0 from Fabric network.
All containers are orchestated by docker swarm, and both containers happen to be running on the same Linux host.
The error log thrown by API container is the following:
2021-01-07T18:27:38.110Z - error: [Remote.js]: Error: Failed to
connect before the deadline URL:grpcs://10.0.1.2:9051 Query has
completed, checking results error from query = { Error: Failed to
connect before the deadline URL:grpcs://10.0.1.2:9051
at checkState (/usr/src/app/node_modules/grpc/src/client.js:833:16) connectFailed:
true } sampleEvent ERROR : Error: 14 UNAVAILABLE: Connect Failed E0107
18:27:53.602719124 16 ssl_transport_security.cc:1229] Handshake
failed with fatal error SSL_ERROR_SSL: error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed.
And the error log thrown from peer0 is:
2021-01-07 18:50:22.224 UTC [core.comm] ServerHandshake -> ERRO 043 TLS handshake failed with error EOF server=PeerServer remoteaddress=10.0.1.4:46212
IP addresses layout
IP address for API container is 10.0.1.94
IP address for peer0 container is 10.0.1.3
virtual IP address for docker service peer0 is 10.0.1.2
IP address for docker swarm load balancer endpoint is 10.0.1.4
Any suggestion of where to further troubleshoot? At this point is not clear if the problem is with the docker swarm internal networking, or an issue with ssl certificates in either side of the network.
UPDATE Feb 2 2021
The original TLS handshake error was fixed by upgrading the javascript used in NodeSDK. Among other things we started using the addToWallet.js script contained in the commercial-paper example
After being able to stablish TLS succesfully between Node.js API and peer0, we get a new access denied error when making a simple query to chaincode_example02
Facts:
We are running the query with 2 Admin users
One Admin is first-network original Admin#org1.example.com, with credentials generated by cryptogen tool
The other Admin is Admin#buyer.dlt.com whose credentials were created with openssl and a self signed in-company CA
From CLI, both Admin are good and are allowed to run peer commands interchangeably
From Node.js app, only Admin#org1.example.com is allowed to run queries. The message printed to console.log is:
Transaction has been evaluated, result is: 100
When running queries with Admin#buyer.dlt.com we get the following error logs:
Error logs from peer0#buyer.dlt.com
2021-02-02T04:08:45.291086617Z ^[[36m2021-02-02 04:08:45.290 UTC [protoutils] checkSignatureFromCreator -> DEBU 6e637^[[0m creator is &{BuyerMSP 8b7cc2ee996be4f7e5dbb1a4f64db67afd2ff8a2f41276c9bd7f33a2447dd9df}
2021-02-02T04:08:45.291094817Z ^[[36m2021-02-02 04:08:45.290 UTC [protoutils] checkSignatureFromCreator -> DEBU 6e638^[[0m creator is valid
2021-02-02T04:08:45.291100418Z ^[[36m2021-02-02 04:08:45.290 UTC [msp.identity] 2021-02-02T04:08:45.303821799Z ^[[33m2021-02-02 04:08:45.303 UTC [protoutils] ValidateProposalMessage -> WARN 6e63b^[[0m channel [mychannel]: creator's signature over the proposal is not valid: The signature is invalid
2021-02-02T04:08:45.303891604Z ^[[36m2021-02-02 04:08:45.303 UTC [endorser] func1 -> DEBU 6e63c^[[0m Exit: request from 10.0.1.84:52696
2021-02-02T04:08:45.303902005Z ^[[34m2021-02-02 04:08:45.303 UTC [comm.grpc.server] 1 -> INFO 6e63d^[[0m unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=10.0.1.84:52696 error="access denied: channel [mychannel] creator org [BuyerMSP]" grpc.code=Unknown grpc.call_duration=13.783655ms
Error log on console.log from script query.js:
2021-02-02T04:08:45.305Z - error: [Channel.js]: Error: 2 UNKNOWN: access denied: channel [mychannel] creator org [BuyerMSP]
2021-02-02T04:08:45.307Z - error: [Network]: _initializeInternalChannel: Unable to initialize channel. Attempted to contact 1 Peers. Last error was Error: 2 UNKNOWN: access denied: channel [mychannel] creator org [BuyerMSP]
Failed to evaluate transaction: Error: Unable to initialize channel. Attempted to contact 1 Peers. Last error was Error: 2 UNKNOWN: access denied: channel [mychannel] creator org [BuyerMSP]
In the end, this issue turned out to be two issues, in a 'russian doll like' style.
1. First issue: TLS Handshake error
This was fixed by upgrading the SDK library to the latest release
2. Second issue: Node SDK query triggers error "The signature is invalid".
The reason turned out to be that the CLI (written on Go) is using the Go crypto support which allows it to generate a signature from a hash without any knowledge of the curve used for the key. Instead, the SDK libraries used by the Node implementation require a specific curve to be specified by the code generating the signature, separately from the private key itself.
Bottom line, private keys used within Node SDK should be P-256.
As an alternative, as suggested by hyperledger dev team:
If you really must use a curve other than P-256 then you might be able
to use one of the following approaches:
-Use the off-line signing approach included in the documentation but specify an alternative curve instead of 'p256'. The supported curves
for the elliptic package documented here:
https://github.com/indutny/elliptic
-Set your own CryptoSuite implementation on the Client that underpins the Gateway object, with your own CryptoSuite.sign() implementation:
https://hyperledger.github.io/fabric-sdk-node/release-2.2/CryptoSuite.html#sign

Nebula Graph fails on CentOS 6.5

Nebula Graph fails on CentOS 6.5, the error message is as follows:
# storage log
Heartbeat failed, status:RPC failure in MetaClient: N6apache6thrift9transport19TTransportExceptionE: AsyncSocketException: connect failed, type = Socket not open, errno = 111 (Connection refused): Connection refused
# meta log
Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg
E0415 22:32:38.944437 15532 AsyncServerSocket.cpp:762] failed to set SO_REUSEPORT on async server socket Protocol not available
E0415 22:32:38.945001 15510 ThriftServer.cpp:440] Got an exception while setting up the server: 92failed to bind to async server socket: [::]:0: Protocol not available
E0415 22:32:38.945057 15510 RaftexService.cpp:90] Setup the Raftex Service failed, error: 92failed to bind to async server socket: [::]:0: Protocol not available
E0415 22:32:38.949586 15463 NebulaStore.cpp:47] Start the raft service failed
E0415 22:32:38.949597 15463 MetaDaemon.cpp:88] Nebula store init failed
E0415 22:32:38.949796 15463 MetaDaemon.cpp:215] Init kv failed!
Nebula service status is as follows:
[root#redhat6 scripts]# ./nebula.service status all
[WARN] The maximum files allowed to open might be too few: 1024
[INFO] nebula-metad: Exited
[INFO] nebula-graphd: Exited
[INFO] nebula-storaged: Running as 15547, Listening on 44500
Reason for error: CentOS 6.5 system kernel version is 2.6.32, which is less than 3.9. However, SO_REUSEPORT only supports Linux 3.9 and above.
Upgrading the system to CentOS 7.5 can solve the problem by itself.

deisctl list command raises a timeout error what am I doing wrong

help in "deisctl list" I have just started with deis and am following the tutorial of using deis in vagrant
am stuck at the part am doing deisctl list am getting this as the output
INFO client.go:291: Failed getting response from http://127.0.0.1:4001/: ssh: rejected: connect failed (Connection refused)
Error: timeout reached
Your DEISCTL_TUNNEL value is either incorrect or unreachable due to networking/routing/firewall, etc...

Failed to establish connection SQLSTATE: HY000[DataStax][Hardy] (22) Error from ThriftHiveClient: connect() failed: errno = 10061

I am using Datastax enterprise edition and in cluster one is Hadoop/Hive .I am trying to connect to hive with datastax hive odbc connector.I am getting error like :
Connector Version: V1.0.0.1007
Running connectivity tests...
Attempting connection
Failed to establish connection
SQLSTATE: HY000[DataStax][Hardy] (22) Error from ThriftHiveClient: connect() failed: errno = 10061
TESTS COMPLETED WITH ERROR
The error 10061 means connection refused
Seems like you have not started the hive service on your Analytics node therefore nothing is listening on TCP 10000
Please login into one of your DSE Analytics node and execute:
dse hive --service hiveserver
Then try again your test from your Windows system
Source: http://www.datastax.com/documentation/datastax_enterprise/4.0/datastax_enterprise/ana/anaHivStrtSvr.html

Unable to install grails plugin mongodb

I am using grails-2.0.4 version with GGTS ide. When i tried to install mongodb some errors occuring. I have tried in two ways.
**1)compile ":mongodb:1.0.0.GA"**
Then it is getting this error:
| Loading Grails 2.0.4
| Configuring classpath
:: problems summary ::
:::: ERRORS
Server access Error: Connection timed out: connect url=http://plugins.grails.org/grails-mongodb/tags/RELEASE_1_0_0_GA/mongodb-1.0.0.GA.pom
Server access Error: Connection timed out: connect url=http://plugins.grails.org/grails-mongodb/tags/RELEASE_1_0_0_GA/grails-mongodb-1.0.0.GA.jar
Server access Error: Connection timed out: connect url=http://repo.grails.org/grails/plugins//mongodb/1.0.0.GA/mongodb-1.0.0.GA.pom
Server access Error: Connection timed out: connect url=http://repo.grails.org/grails/plugins//mongodb/1.0.0.GA/mongodb-1.0.0.GA.jar
Server access Error: Connection timed out: connect url=http://repo.grails.org/grails/core//mongodb/1.0.0.GA/mongodb-1.0.0.GA.pom
Server access Error: Connection timed out: connect url=http://repo.grails.org/grails/core//mongodb/1.0.0.GA/mongodb-1.0.0.GA.jar
Server access Error: Connection timed out: connect url=http://svn.codehaus.org/grails/trunk/grails-plugins/grails-mongodb/tags/RELEASE_1_0_0_GA/mongodb-1.0.0.GA.pom
Server access Error: Connection timed out: connect url=http://svn.codehaus.org/grails/trunk/grails-plugins/grails-mongodb/tags/RELEASE_1_0_0_GA/grails-mongodb-1.0.0.GA.jar
Server access Error: Connection timed out: connect url=http://repo1.maven.org/maven2//mongodb/1.0.0.GA/mongodb-1.0.0.GA.pom
Server access Error: Connection timed out: connect url=http://repo1.maven.org/maven2//mongodb/1.0.0.GA/mongodb-1.0.0.GA.jar
| Error Failed to resolve dependencies (Set log level to 'warn' in BuildConfig.groovy for more information):
:mongodb:1.0.0.GA
**2) grails install-plugin C:\Documents and Settings\marao18\Desktop\gorm-mongodb-0.5.4**
Then it is getting this error: Please help me anyone.
| Loading Grails 2.0.4
| Configuring classpath.
| Environment set to development.....
| Resolving plugin C:\Documents. Please wait...
:: problems summary ::
:::: ERRORS
Server access Error: Connection timed out: connect url=http://plugins.grails.org/grails-%5CDocuments/tags/RELEASE_and/%5CDocuments-and.pom
Server access Error: Connection timed out: connect url=http://plugins.grails.org/grails-%5CDocuments/tags/RELEASE_and/grails-%5CDocuments-and.zip
Server access Error: Connection timed out: connect url=http://repo.grails.org/grails/plugins/C/%5CDocuments/and/%5CDocuments-and.pom
Server access Error: Connection timed out: connect url=http://repo.grails.org/grails/plugins/C/%5CDocuments/and/%5CDocuments-and.zip
Server access Error: Connection timed out: connect url=http://repo.grails.org/grails/core/C/%5CDocuments/and/%5CDocuments-and.pom
Server access Error: Connection timed out: connect url=http://repo.grails.org/grails/core/C/%5CDocuments/and/%5CDocuments-and.zip
Server access Error: Connection timed out: connect url=http://svn.codehaus.org/grails/trunk/grails-plugins/grails-%5CDocuments/tags/RELEASE_and/%5CDocuments-and.pom
Server access Error: Connection timed out: connect url=http://svn.codehaus.org/grails/trunk/grails-plugins/grails-%5CDocuments/tags/RELEASE_and/grails-%5CDocuments-and.zip
Server access Error: Connection timed out: connect url=http://repo1.maven.org/maven2/C/%5CDocuments/and/%5CDocuments-and.pom
Server access Error: Connection timed out: connect url=http://repo1.maven.org/maven2/C/%5CDocuments/and/%5CDocuments-and.zip
| Error resolving plugin [name:\Documents, group:C, version:and]. Plugin not found.
| Error Plugin not found for name [C:\Documents] and version [and]

Resources