Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

After enabling HTTPS to CM, monitors stopped working

Solved Go to solution

After enabling HTTPS to CM, monitors stopped working

After configuring TLS with self-signed certificates up to "Step 2: Enable HTTPS for the Cloudera Manager Admin Console and Specify Server Keystore Properties", various CM monitoring services stopped working: Activity Monitor, Even Server, Host Monitor, Reports Manager, Service Monitor. Is it normal?

 

The log /var/log/cloudera-scm-eventserver/mgmt-cmf-mgmt-EVENTSERVER-md01.rcc.local.log.out says:

======

Failed to publish event: SimpleEvent{attributes={ROLE_TYPE=[EVENTSERVER], EXCEPTION_TYPES=[javax.net.ssl.SSLHandshakeException, sun.security.validator.ValidatorException, sun.security.provider.certpath.SunCertPathBuilderException], HOST_IDS=[21488217-80d2-404d-8ae9-061472dc8314], STACKTRACE=[javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
======

I guess, it means that each host needs to know where to find its keystore (during the first 2 steps the path was only given for CM host)? Would this be solved in the next Level 1 steps when agents are configured or do I need to fix it somehow now before proceeding to the next steps? For example, provide a path to a truststore (which would be the same for all the hosts? during the configuration I only provided a path to the keystore on CM machine and its password).

 

The web login to CM indeed became https. I have not tested the rest of the services but CM shows green status for all of them.

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: After enabling HTTPS to CM, monitors stopped working

Super Guru

Hello @IgorYakushin,

 

After enabling TLS for the Cloudera Manager UI, the management services will need to know where to find trust for the signer of Cloudera Manager's Certificate.  The management service roles contact Cloudera Manager to download information regarding the cluster, so if that information cannot be downloaded, the management service roles will fail.

 

To configure the truststore used by the Management Service roles, see this documentaiton:

 

https://www.cloudera.com/documentation/enterprise/latest/topics/how_to_configure_cm_tls.html#xd_583c...

 

(you need to perform steps 2 and 3 in the Enable HTTPS for the Cloudera Manager Admin Console section)

 

Regards,

 

Ben

 

 

 

 

 

2 REPLIES 2

Re: After enabling HTTPS to CM, monitors stopped working

Super Guru

Hello @IgorYakushin,

 

After enabling TLS for the Cloudera Manager UI, the management services will need to know where to find trust for the signer of Cloudera Manager's Certificate.  The management service roles contact Cloudera Manager to download information regarding the cluster, so if that information cannot be downloaded, the management service roles will fail.

 

To configure the truststore used by the Management Service roles, see this documentaiton:

 

https://www.cloudera.com/documentation/enterprise/latest/topics/how_to_configure_cm_tls.html#xd_583c...

 

(you need to perform steps 2 and 3 in the Enable HTTPS for the Cloudera Manager Admin Console section)

 

Regards,

 

Ben

 

 

 

 

 

Re: After enabling HTTPS to CM, monitors stopped working

Thank you Ben. That worked.

 

Apparently I was reading older version of the documention where Step 3 (letting CM know where truststore is) is not mentioned. I tried to put it on the same web page where keystore was and that did not work. I did not realize there is yet another page to specify truststore.

 

Igor