Support Questions

Find answers, ask questions, and share your expertise

After enabling TLS cloudera agent heartbeat failing

avatar
Explorer

Version: Cloudera Express 5.15.0 

Java VM Name: Java HotSpot(TM) 64-Bit Server VM

Java VM Vendor: Oracle Corporation

Java Version: 1.7.0_67

 

System details:

Linux optim-rhel72-uppu.development.unicomglobal.software 3.10.0-327.28.3.el7.x86_64 #1 SMP Fri Aug 12 13:21:05 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux

 

It is a single host and I am using self signed certificate. I am just validating a POC with one of my product and hence not yet licensed.

 

Followed the steps mentioned at this link: 

https://www.cloudera.com/documentation/enterprise/5-11-x/topics/how_to_configure_cm_tls.html

https://www.cloudera.com/documentation/enterprise/5-15-x/topics/sg_self_signed_tls.html

 

After enabling TLS, cloudera agant heartbeat is failing with the below lines in the cloudera-scm-agent.log

 

[27/Dec/2018 20:58:28 +0000] 6869 MainThread agent        ERROR    Heartbeating to optim-rhel72-uppu.development.unicomglobal.software:7182 failed.
Traceback (most recent call last):
  File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.15.0-py2.7.egg/cmf/agent.py", line 1424, in _send_heartbeat
    self.max_cert_depth)
  File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.15.0-py2.7.egg/cmf/https.py", line 138, in __init__
    self.conn.connect()
  File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/httpslib.py", line 59, in connect
    sock.connect((self.host, self.port))
  File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 195, in connect
    ret = self.connect_ssl()
  File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 188, in connect_ssl
    return m2.ssl_connect(self.ssl, self._timeout)
SSLError: unexpected eof

 

Below lines in the cloudera-scm-server.log

2018-12-27 20:58:13,025 WARN 1320793343@agentServer-16:org.mortbay.log: javax.net.ssl.SSLHandshakeException: null cert chain
2018-12-27 20:58:28,034 WARN 1320793343@agentServer-16:org.mortbay.log: javax.net.ssl.SSLHandshakeException: null cert chain
2018-12-27 20:58:43,447 WARN 1320793343@agentServer-16:org.mortbay.log: javax.net.ssl.SSLHandshakeException: null cert chain
2018-12-27 20:58:58,082 WARN 1320793343@agentServer-16:org.mortbay.log: javax.net.ssl.SSLHandshakeException: null cert chain
2018-12-27 20:59:13,140 WARN 1320793343@agentServer-16:org.mortbay.log: javax.net.ssl.SSLHandshakeException: null cert chain

 

I have tried multiple times but none of them working. 

 

I didn't find any error while running this command:

openssl s_client -showcerts -connect optim-rhel72-uppu.development.unicomglobal.software:7182

 

Any help would be highly appreciated.

 

Thanks,

Tulasi

 

1 ACCEPTED SOLUTION

avatar
Master Guru

@Tulasi,

 

Thank you for providing your config.  It appears you have space characters at the beginning of your cert/key configs.  Remove the space characters form the beginning of the following lines and then restart the agent:


 verify_cert_file=/opt/cloudera/security/pki/optim-rhel72-uppu.pem
 verify_cert_dir=/opt/cloudera/security/pki
 client_key_file=/opt/cloudera/security/pki/agent.key
 client_keypw_file=/etc/cloudera-scm-agent/agentkey.pw
 client_cert_file=/opt/cloudera/security/pki/agent.pem

View solution in original post

20 REPLIES 20

avatar
Master Guru

I opened a Jira internally at Cloudera to ask that config.ini leading non-word characters be trimmed.

 

Regards,

 

Ben