02-18-2019 03:20 AM - last edited on 02-18-2019 06:01 AM by cjervis
We just upgraded our Cloudera Manager from 5.15 to 6.1.0
TLS security was enabled, and it works on server/agent communication and for all the CDH web interfaces. No specific issue there.
We just have problems with the CM "Host Inspector" and "Security Inspector", that cannot run on any host, failing with the message
"IOException thrown while collecting data from host: Unrecognized SSL message, plaintext connection?"
Our CA certificates are included in jssecacerts, we restarted the server/agents, and every other communication seems to work.
02-19-2019 09:13 PM
There is a known issue. "Restarting agent does not restart status_server (agent listener)" where the status_server does not know to use TLS until restarted manually as the agent isn't restarting it properly in CM 6.0.x and CM 6.1.0.
Restart status_server by doing the following:
/opt/cloudera/cm-agent/bin/supervisorctl -c /var/run/cloudera-scm-agent/supervisor/supervisord.conf restart status_server
02-20-2019 02:51 AM - edited 02-20-2019 02:55 AM
It did not work.
There were supervisord processes older that the latest restart.
Running your suggested command on all the clients did not work.
We also completely killed all server/agents, and killed the lingering supervisord processes, before restarting the agents, and nothing changed.
Consider that TLS used to work in 5.15, and still work correctly for everything in the Manager and in the CDH communications, but the Host/Security Inspectors
Is there a way to execute the failing mgmt/mgmt.sh from the console to get some additional insight on the issue?