I am not able to perform operations using ./bin/admin after enabling encryption at transit

AddictionAwesome · August 12, 2021, 7:50am

Setup: Three nodes, replication factor 3, yugabyte 2.6.0.0
Issue:
I have configured the encryption at transit for yugabyte cluster using below documentation.
(Encryption in transit on YugabyteDB Clusters | YugabyteDB Docs)
After enabling the encryption, I am not able to perform below operations
./bin/yb-admin -master_addresses $MASTER list_all_masters
./bin/yb-admin -master_addresses $MASTER list_all_tablet_servers
./bin/yb-admin -master_addresses $MASTER change_master_config REMOVE_SERVER $failedMaster 7100
./bin/yb-admin -master_addresses $MASTER change_master_config ADD_SERVER $newMaster 7100
getting the below error

“Unable to establish connection to leader master at [MASTERIP1:7100,MASTERIP2:7100,MASTERIP3:7100].
Please verify the addresses.\n\n: Could not locate the leader master: GetLeaderMasterRpc(addrs: [MASTERIP1:7100, MASTERIP2:7100, MASTERIP3:7100], num_attempts: 338)
passed its deadline 79595.999s (passed: 60.038s): Network error (yb/util/net/socket.cc:535):
recvmsg got EOF from remote (system error 108)\nTimed out (yb/rpc/rpc.cc:211):
Unable to establish connection to leader master at [MASTERIP1:7100,MASTERIP2:7100,MASTERIP3:7100].
Please verify the addresses.\n\n: Could not locate the leader master: GetLeaderMasterRpc(addrs: [MASTERIP1:7100, MASTERIP2:7100, MASTERIP3:7100]”

(Note: Actual IP’s are replaced with MASTERIP )

Note: with same setup, without enabling encryption at transit I was able to perform the above operations without any issues

dorian_yugabyte · August 12, 2021, 8:26am

Hi @AddictionAwesome

Is the cluster functioning normally ? Can you paste a screenshot of http://<yb-master-ip>:7000/tablet-servers ?

AddictionAwesome · August 12, 2021, 9:28am

@dorian_yugabyte, No issues with the cluster.

Please find the attached screenshot.

tserver.conf
-tserver_master_addrs=MASTERIP
–rpc_bind_addresses=IP:9100
–start_pgsql_proxy
–pgsql_proxy_bind_address=IP:5433
–cql_proxy_bind_address=IP:9042
–fs_data_dirs=/yb/data/disk1
–placement_region=us-central
–placement_zone=us-central1-b
–certs_dir=/yb/data/certs/IP
–use_node_to_node_encryption=true
–allow_insecure_connections=false
–certs_for_client_dir=/yb/data/certs/IP
–use_client_to_server_encryption=true

master.conf
–master_addresses=MASTERIP
–rpc_bind_addresses=IP:7100
–fs_data_dirs=/yb/data/disk1
–placement_region=us-central
–placement_zone=us-central1-b
–default_memory_limit_to_ram_ratio=0.35
–durable_wal_write=true
–certs_dir=/yb/data/certs/IP
–allow_insecure_connections=false
–use_node_to_node_encryption=true

Alan_Caldera · August 12, 2021, 12:22pm

You need to pass the location of your certificates directory via --certs_dir_name on the yb-admin command. Then it will function as expected.

AddictionAwesome · August 12, 2021, 3:56pm

Thanks @Alan_Caldera.

Topic		Replies	Views
Could not locate the leader master: GetLeaderMasterRpc General	2	369	January 29, 2024
Master Admin UI Cannot get Leader information to help you redirect General	7	2202	May 7, 2019
Enabling Encryption in Transit and Password Authentication...Could not update Postgress user password. Exception: Traceback (most recent call last) General	26	168	July 23, 2024
Failed to determine new Master General	2	129	May 8, 2024
How can we setup 3 node master master cluster in one data center? General	4	889	August 12, 2021

I am not able to perform operations using ./bin/admin after enabling encryption at transit

Related topics