Reply
New Contributor
Posts: 2
Registered: ‎03-04-2016

Host Inspector TLS issue

[ Edited ]

We just upgraded our Cloudera Manager from 5.15 to 6.1.0

 

TLS security was enabled, and it works on server/agent communication and for all the CDH web interfaces. No specific issue there.

 

We just have problems with the CM "Host Inspector" and "Security Inspector", that cannot run on any host, failing with the message

"IOException thrown while collecting data from host: Unrecognized SSL message, plaintext connection?"

 

Our CA certificates are included in jssecacerts, we restarted the server/agents, and every other communication seems to work.

 

Any idea?

 

Thanks

 

Cloudera Employee
Posts: 12
Registered: ‎11-28-2018

Re: Host Inspector TLS issue

There is a known issue. "Restarting agent does not restart status_server (agent listener)" where the status_server does not know to use TLS until restarted manually as the agent isn't restarting it properly in CM 6.0.x and CM 6.1.0.

 

Restart status_server by doing the following:
/opt/cloudera/cm-agent/bin/supervisorctl -c /var/run/cloudera-scm-agent/supervisor/supervisord.conf restart status_server

Highlighted
New Contributor
Posts: 2
Registered: ‎03-04-2016

Re: Host Inspector TLS issue

[ Edited ]

It did not work.

 

There were supervisord processes older that the latest restart.

Running your suggested command on all the clients did not work.

 

We also completely killed all server/agents, and killed the lingering supervisord processes, before restarting the agents, and nothing changed.

 

Consider that TLS used to work in 5.15, and still work correctly for everything in the Manager and in the CDH communications, but the Host/Security Inspectors

 

Is there a way to execute the failing mgmt/mgmt.sh from the console to get some additional insight on the issue?

 

Thanks anyway.

 

Announcements