Skip to content


Subversion checkout URL

You can clone with
Download ZIP


SSL options in vm.args make nodetool stop working [JIRA: RIAK-1579] #509

613038475 opened this Issue · 6 comments

7 participants


I found use ssl options in vm.args will let nodetool (riak start, riak-admin status, etc...) stop working.
The reason is only pick up name and cookie from vm.args then pass to nodetool.
Here is a patch to fix this problem.

Also I found this option is not valid.
-proto_dist inet_ssl
it should be
-proto_dist inet_tls


I just confirmed this locally against develop. The fix is valid but we really should have a riak_test to validate this.


That patch is not useable, it will make erl boot from "riak start" or "riak console" duplicate the ssl argument.


Note that previously, this was slurped in from a separate file. Unfortunately you cannot pass init arguments from the command line into an escript; they have to be specified in the comment line after the shebang. This means that any disterl-related arguments have to be in a file that is referred to in the comment line, which is what was done in nodetool in the past. Fixing this issue would require changes to OTP.

@jaredmorrow jaredmorrow added this to the 2.1 milestone
@jaredmorrow jaredmorrow added the Bug label

This has recently been an issue for me, the attached patch doesn't appear to work with 2.0.5 but a slight variation on it works and there are no duplicate SSL variables when using "riak console" or "riak start"

SSL_ARGS=`grep -e '^\-ssl_dist_opt' -e '^\-proto_dist' $RUNNER_ETC_DIR/vm.args | tr '\n' ' '`
# Setup command to control the node

there's also a separate issue with some extra output from nodetool when using SSL making get_pid fail, fixable with

PID=`$NODETOOL getpid < /dev/null|head -1`
@Basho-JIRA Basho-JIRA changed the title from SSL options in vm.args make nodetool stop working to SSL options in vm.args make nodetool stop working [JIRA: RIAK-1579]

have modded this additionally to include a check for the file

if [ -f $RUNNER_ETC_DIR/vm.args ]; then
SSL_ARGS=grep -e '^\-ssl_dist_opt' -e '^\-proto_dist' $RUNNER_ETC_DIR/vm.args | tr '\n' ' '

so it can run with and without the vm.args file without errors

not a full fix as we are using 2.0.5 which uses the generated vm.args and we are having to override them to get the tls settings in

so we are reading the settings from the override location


The mod to isn't a complete fix as some commands still fail, such as riak-admin bucket-type create

What actually works is to use an alias for nodetool rather than store the command in a variable. So, changing to

if [ -f $RUNNER_ETC_DIR/vm.args ]; then
    SSL_ARGS=$(grep -e '^\-ssl_dist_opt' -e '^\-proto_dist' $RUNNER_ETC_DIR/vm.args | tr '\n' ' ')

and then updating and riak-admin so all $NODETOOL calls become just NODETOOL.

@tombriden tombriden referenced this issue from a commit in tombriden/node_package
@tombriden tombriden Set NODETOOL up as an alias and include ERL_FLAGS env vars
nodetool won't work with TLS distribution as the erlang vm args
don't get passed in to escript. This commit reads the TLS args from
the vm.args file if it exists and prefixes the call to escript with
The only way to have this work properly is to alias the command rather
than store it as a variable

@tombriden tombriden referenced this issue from a commit in tombriden/riak
@tombriden tombriden Reference NODETOOL by command alias (basho/riak#509)
depends on change to basho/node_package
@seancribbs seancribbs removed their assignment
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.