Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Auto TLS. Cloudera agent unable to send heartbeat

Labels:
avatar
author-rank dennistanpunya
Explorer

Created on ‎12-16-2018 10:44 PM - last edited on ‎12-17-2018 05:59 AM by Community Manager Community Manager

Hi,

 

Im having issue with the auto-tls option and a bit confuse on the setup.

After installing agent, i was unable to get heartbeat from all my agents. Do i need to run the option in all the agents?

2224.JPG2225.JPG2226.JPG

9,006 Views
0 Kudos
0
14 REPLIES 14

avatar
author-rank bgooley author-rank
Master Guru

Created ‎12-27-2018 09:58 AM

@dennistanpunya,

 

I opened an internal Cloudera Jira to make the licensing more obvious.

Note that the limitation was introduced in Cloudera 6.0 (not 6.1 as I mentioned earlier)

 

The only place I found the mention of the certificate automation was in the data sheet:

 

https://www.cloudera.com/content/dam/www/marketing/resources/datasheets/cloudera-enterprise-datashee...

 

We are sorry that you had to go through all this troubleshooting.

It is much appreciated that you brought this to our attention, though.

Thanks again,

 

Ben

4,543 Views
0 Kudos

avatar
author-rank dennistanpunya
Explorer

Created ‎12-27-2018 07:09 PM

Hi bgooley,

 

Noted.

Unlike CDH 5, i notice the CDH6 is auto pre-built to run auto-tls during installation & everytime the server is restarted. If this is the case, i cant use manual TLS (Manual creation of certs) as it will still be looking for those auto-TLS certs. Any other way to overcome this?

4,534 Views
0 Kudos

avatar
author-rank dennistanpunya
Explorer

Created ‎12-27-2018 07:38 PM

what i meant was, any other workaround for this using the cloudera Express license?

4,529 Views
0 Kudos

avatar
author-rank bgooley author-rank
Master Guru

Created ‎12-28-2018 02:29 PM

@dennistanpunya,

 

I am really not sure how to disable "auto-tls" so you can configure your own cert paths, but the following may work:

 

(1)

 

Go to Administration --> Settings

 

Select "Security" on the left.

 

Search for Automatic configuration of TLS for services

 

(2)

 

If you do see a configuration, choose No automatic configuration of TLS for services and SAVE

 

(3)

 

Restart Cloudera Manager with "service cloudera-scm-server restart"

 

I took a look at the code and I think this is the main on/off switch for auto_tls.

NOTE:  you will need to manually configure the config.ini for all nodes' agents to point to your key files, certificates, truststore, and key password files.

 

It is possible this won't work entirely as expected, though, as I don't know of anyone who has disabled auto_tls.

 

4,514 Views
0 Kudos

avatar
author-rank dennistanpunya
Explorer

Created ‎01-01-2019 06:49 PM

Hi,

 

tried this and it still looks for auto-tls setting. I note that this auto-tls feature cant be turn off as after saving new setting in CM security section, and restarting cm server. It will still revert to original setting which has auto-tls enabled.

 

As such, ive decided to use CDH5 & CM5 instead.

 

Thanks for assistance.

4,494 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements