12-27-2018 09:58 AM
I opened an internal Cloudera Jira to make the licensing more obvious.
Note that the limitation was introduced in Cloudera 6.0 (not 6.1 as I mentioned earlier)
The only place I found the mention of the certificate automation was in the data sheet:
We are sorry that you had to go through all this troubleshooting.
It is much appreciated that you brought this to our attention, though.
12-27-2018 07:09 PM
Unlike CDH 5, i notice the CDH6 is auto pre-built to run auto-tls during installation & everytime the server is restarted. If this is the case, i cant use manual TLS (Manual creation of certs) as it will still be looking for those auto-TLS certs. Any other way to overcome this?
12-28-2018 02:29 PM
I am really not sure how to disable "auto-tls" so you can configure your own cert paths, but the following may work:
Go to Administration --> Settings
Select "Security" on the left.
Search for Automatic configuration of TLS for services
If you do see a configuration, choose No automatic configuration of TLS for services and SAVE
Restart Cloudera Manager with "service cloudera-scm-server restart"
I took a look at the code and I think this is the main on/off switch for auto_tls.
NOTE: you will need to manually configure the config.ini for all nodes' agents to point to your key files, certificates, truststore, and key password files.
It is possible this won't work entirely as expected, though, as I don't know of anyone who has disabled auto_tls.
01-01-2019 06:49 PM
tried this and it still looks for auto-tls setting. I note that this auto-tls feature cant be turn off as after saving new setting in CM security section, and restarting cm server. It will still revert to original setting which has auto-tls enabled.
As such, ive decided to use CDH5 & CM5 instead.
Thanks for assistance.