Reply
Posts: 1,001
Topics: 1
Kudos: 249
Solutions: 126
Registered: ‎04-22-2014

Re: Auto TLS. Cloudera agent unable to send heartbeat

@dennistanpunya,

 

I opened an internal Cloudera Jira to make the licensing more obvious.

Note that the limitation was introduced in Cloudera 6.0 (not 6.1 as I mentioned earlier)

 

The only place I found the mention of the certificate automation was in the data sheet:

 

https://www.cloudera.com/content/dam/www/marketing/resources/datasheets/cloudera-enterprise-datashee...

 

We are sorry that you had to go through all this troubleshooting.

It is much appreciated that you brought this to our attention, though.

Thanks again,

 

Ben

Explorer
Posts: 16
Registered: ‎03-12-2018

Re: Auto TLS. Cloudera agent unable to send heartbeat

Hi bgooley,

 

Noted.

Unlike CDH 5, i notice the CDH6 is auto pre-built to run auto-tls during installation & everytime the server is restarted. If this is the case, i cant use manual TLS (Manual creation of certs) as it will still be looking for those auto-TLS certs. Any other way to overcome this?

Explorer
Posts: 16
Registered: ‎03-12-2018

Re: Auto TLS. Cloudera agent unable to send heartbeat

what i meant was, any other workaround for this using the cloudera Express license?

Posts: 1,001
Topics: 1
Kudos: 249
Solutions: 126
Registered: ‎04-22-2014

Re: Auto TLS. Cloudera agent unable to send heartbeat

@dennistanpunya,

 

I am really not sure how to disable "auto-tls" so you can configure your own cert paths, but the following may work:

 

(1)

 

Go to Administration --> Settings

 

Select "Security" on the left.

 

Search for Automatic configuration of TLS for services

 

(2)

 

If you do see a configuration, choose No automatic configuration of TLS for services and SAVE

 

(3)

 

Restart Cloudera Manager with "service cloudera-scm-server restart"

 

I took a look at the code and I think this is the main on/off switch for auto_tls.

NOTE:  you will need to manually configure the config.ini for all nodes' agents to point to your key files, certificates, truststore, and key password files.

 

It is possible this won't work entirely as expected, though, as I don't know of anyone who has disabled auto_tls.

 

Highlighted
Explorer
Posts: 16
Registered: ‎03-12-2018

Re: Auto TLS. Cloudera agent unable to send heartbeat

Hi,

 

tried this and it still looks for auto-tls setting. I note that this auto-tls feature cant be turn off as after saving new setting in CM security section, and restarting cm server. It will still revert to original setting which has auto-tls enabled.

 

As such, ive decided to use CDH5 & CM5 instead.

 

Thanks for assistance.

Announcements