Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Auto TLS. Cloudera agent unable to send heartbeat

avatar

Hi,

 

Im having issue with the auto-tls option and a bit confuse on the setup.

After installing agent, i was unable to get heartbeat from all my agents. Do i need to run the option in all the agents?

2224.JPG2225.JPG2226.JPG

14 REPLIES 14

avatar
Master Guru

@dennistanpunya,

 

I opened an internal Cloudera Jira to make the licensing more obvious.

Note that the limitation was introduced in Cloudera 6.0 (not 6.1 as I mentioned earlier)

 

The only place I found the mention of the certificate automation was in the data sheet:

 

https://www.cloudera.com/content/dam/www/marketing/resources/datasheets/cloudera-enterprise-datashee...

 

We are sorry that you had to go through all this troubleshooting.

It is much appreciated that you brought this to our attention, though.

Thanks again,

 

Ben

avatar

Hi bgooley,

 

Noted.

Unlike CDH 5, i notice the CDH6 is auto pre-built to run auto-tls during installation & everytime the server is restarted. If this is the case, i cant use manual TLS (Manual creation of certs) as it will still be looking for those auto-TLS certs. Any other way to overcome this?

avatar

what i meant was, any other workaround for this using the cloudera Express license?

avatar
Master Guru

@dennistanpunya,

 

I am really not sure how to disable "auto-tls" so you can configure your own cert paths, but the following may work:

 

(1)

 

Go to Administration --> Settings

 

Select "Security" on the left.

 

Search for Automatic configuration of TLS for services

 

(2)

 

If you do see a configuration, choose No automatic configuration of TLS for services and SAVE

 

(3)

 

Restart Cloudera Manager with "service cloudera-scm-server restart"

 

I took a look at the code and I think this is the main on/off switch for auto_tls.

NOTE:  you will need to manually configure the config.ini for all nodes' agents to point to your key files, certificates, truststore, and key password files.

 

It is possible this won't work entirely as expected, though, as I don't know of anyone who has disabled auto_tls.

 

avatar

Hi,

 

tried this and it still looks for auto-tls setting. I note that this auto-tls feature cant be turn off as after saving new setting in CM security section, and restarting cm server. It will still revert to original setting which has auto-tls enabled.

 

As such, ive decided to use CDH5 & CM5 instead.

 

Thanks for assistance.