After configuring TLS with self-signed certificates up to "Step 2: Enable HTTPS for the Cloudera Manager Admin Console and Specify Server Keystore Properties", various CM monitoring services stopped working: Activity Monitor, Even Server, Host Monitor, Reports Manager, Service Monitor. Is it normal?
The log /var/log/cloudera-scm-eventserver/mgmt-cmf-mgmt-EVENTSERVER-md01.rcc.local.log.out says:
======
Failed to publish event: SimpleEvent{attributes={ROLE_TYPE=[EVENTSERVER], EXCEPTION_TYPES=[javax.net.ssl.SSLHandshakeException, sun.security.validator.ValidatorException, sun.security.provider.certpath.SunCertPathBuilderException], HOST_IDS=[21488217-80d2-404d-8ae9-061472dc8314], STACKTRACE=[javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
======
I guess, it means that each host needs to know where to find its keystore (during the first 2 steps the path was only given for CM host)? Would this be solved in the next Level 1 steps when agents are configured or do I need to fix it somehow now before proceeding to the next steps? For example, provide a path to a truststore (which would be the same for all the hosts? during the configuration I only provided a path to the keystore on CM machine and its password).
The web login to CM indeed became https. I have not tested the rest of the services but CM shows green status for all of them.
