Reply
New Contributor
Posts: 2
Registered: ‎10-19-2016
Accepted Solution

how to rollback cloudera manager tls configuration without UI

Need help urgently.

 

Hi, Today I configured Cloudera Manager 5.4.1 to use HTTPS by following

http://www.cloudera.com/documentation/enterprise/5-4-x/topics/cm_sg_tls_browser.html#concept_hrs_f5d

I used self-signed certificate described in http://www.cloudera.com/documentation/enterprise/5-4-x/topics/sg_self_signed_tls.html#xd_583c10bfdbd

However, after restarting cloudera-scm-server, I could not open the cloudera manager in browser.

“Openssl  s_client –connect “’ indicated the ssl connection was fine, but the browser always timed out. I’ve tried different browsers and cleaned the cache etc. Still the same. At this point, I would rather to roll it back.

Is there a way to rollback the changes to use Http again?  Since I cannot access the cloudera manger UI, I can only do it thru command line. Does anyone know where the configuration is stored and how to change it?

 

Please Help!  Thanks!

 

Posts: 1,116
Topics: 1
Kudos: 287
Solutions: 135
Registered: ‎04-22-2014

Re: how to rollback cloudera manager tls configuration without UI

I would recommend reviewing the Cloudera Manager log for clues, but, for now, access your Cloudera Manager database and run the following:

 

delete from CONFIGS where ATTR='web_tls';

 

This will disable TLS for the CM UI

 

Afterward, try starting again.

 

If that doesn't help, let us know.

New Contributor
Posts: 2
Registered: ‎10-19-2016

Re: how to rollback cloudera manager tls configuration without UI

Thanks, that worked perfectly! Appreciated your quick help.
New Contributor
Posts: 1
Registered: ‎06-13-2016

Re: how to rollback cloudera manager tls configuration without UI

How to find the cloudera manager DB credentials? I do have the same issue. Not able to login to web UI after TLS configuration 

Highlighted
Explorer
Posts: 22
Registered: ‎02-17-2015

Re: how to rollback cloudera manager tls configuration without UI

I had a similar problem. I had enabled the agent_tls, but the keystore field was not filled or the file was on a different location.  Now the server did not start anymore. I needed to rollback the setting, thx for your post.

 

I used mysql tool on the command-line to connect as root to MySQL db, and executed an update:

 

use scm;
update CONFIGS set VALUE='false' where ATTR='agent_tls';
Query OK, 1 row affected (0.05 sec)

After a restart of cloudera-scm-server, the server was working again and I could enter the UI.

Expert Contributor
Posts: 82
Registered: ‎02-24-2016

Re: how to rollback cloudera manager tls configuration without UI

[ Edited ]

Urgent

 

@bgooleyThis not helped me. Its giving below

scm=# delete from CONFIGS where ATTR='web_tls';
DELETE 0

 

Can you give any other fix

Posts: 1,116
Topics: 1
Kudos: 287
Solutions: 135
Registered: ‎04-22-2014

Re: how to rollback cloudera manager tls configuration without UI

@kchaitanya,

 

If that did not help, then it is likely there is another problem.

Please start a new thread and outline what you are trying to do and what is happening.

Also, make sure to review your /var/log/cloudera-scm-server/cloudera-scm-server.log for clues about what problem is occurring.

 

-Ben

Expert Contributor
Posts: 82
Registered: ‎02-24-2016

Re: how to rollback cloudera manager tls configuration without UI

Thank you for the reply @bgooley, i fixed it by running below command

delete from CONFIGS where ATTR='agent_tls';

Thank you
Posts: 1,116
Topics: 1
Kudos: 287
Solutions: 135
Registered: ‎04-22-2014

Re: how to rollback cloudera manager tls configuration without UI

@kchaitanya,

Indeed, if agent_tls is enabled even without web_tls and there is a problem with the certificate or trust store, then you would need to turn off agent_tls.

 

A big thanks for sharing that solution!