Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Auto TLS. Cloudera agent unable to send heartbeat

Labels:
avatar
author-rank dennistanpunya
Explorer

Created on ‎12-16-2018 10:44 PM - last edited on ‎12-17-2018 05:59 AM by Community Manager Community Manager

Hi,

 

Im having issue with the auto-tls option and a bit confuse on the setup.

After installing agent, i was unable to get heartbeat from all my agents. Do i need to run the option in all the agents?

2224.JPG2225.JPG2226.JPG

8,185 Views
0 Kudos
14 REPLIES 14

avatar
author-rank bgooley author-rank
Master Guru

Created ‎12-27-2018 09:58 AM

@dennistanpunya,

 

I opened an internal Cloudera Jira to make the licensing more obvious.

Note that the limitation was introduced in Cloudera 6.0 (not 6.1 as I mentioned earlier)

 

The only place I found the mention of the certificate automation was in the data sheet:

 

https://www.cloudera.com/content/dam/www/marketing/resources/datasheets/cloudera-enterprise-datashee...

 

We are sorry that you had to go through all this troubleshooting.

It is much appreciated that you brought this to our attention, though.

Thanks again,

 

Ben

4,316 Views
0 Kudos

avatar
author-rank dennistanpunya
Explorer

Created ‎12-27-2018 07:09 PM

Hi bgooley,

 

Noted.

Unlike CDH 5, i notice the CDH6 is auto pre-built to run auto-tls during installation & everytime the server is restarted. If this is the case, i cant use manual TLS (Manual creation of certs) as it will still be looking for those auto-TLS certs. Any other way to overcome this?

4,307 Views
0 Kudos

avatar
author-rank dennistanpunya
Explorer

Created ‎12-27-2018 07:38 PM

what i meant was, any other workaround for this using the cloudera Express license?

4,302 Views
0 Kudos

avatar
author-rank bgooley author-rank
Master Guru

Created ‎12-28-2018 02:29 PM

@dennistanpunya,

 

I am really not sure how to disable "auto-tls" so you can configure your own cert paths, but the following may work:

 

(1)

 

Go to Administration --> Settings

 

Select "Security" on the left.

 

Search for Automatic configuration of TLS for services

 

(2)

 

If you do see a configuration, choose No automatic configuration of TLS for services and SAVE

 

(3)

 

Restart Cloudera Manager with "service cloudera-scm-server restart"

 

I took a look at the code and I think this is the main on/off switch for auto_tls.

NOTE:  you will need to manually configure the config.ini for all nodes' agents to point to your key files, certificates, truststore, and key password files.

 

It is possible this won't work entirely as expected, though, as I don't know of anyone who has disabled auto_tls.

 

4,287 Views
0 Kudos

avatar
author-rank dennistanpunya
Explorer

Created ‎01-01-2019 06:49 PM

Hi,

 

tried this and it still looks for auto-tls setting. I note that this auto-tls feature cant be turn off as after saving new setting in CM security section, and restarting cm server. It will still revert to original setting which has auto-tls enabled.

 

As such, ive decided to use CDH5 & CM5 instead.

 

Thanks for assistance.

4,267 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements