Support Questions

Find answers, ask questions, and share your expertise

Cannot access AmbariUI after Cloudbreak installation.

Explorer

ambariui1.jpgambaruui.jpgI have setup Cloudbreak in Azure. I deployed both HDP and HDF cluster. Cloudbreak UI is accessable but when trying to open Ambari UI for both HDP and HDF its not working. Getting the error message: "

Your connection is not private

Attackers might be trying to steal your information from <ip-address/ambari/> (for example, passwords, messages, or credit cards). Learn more

68533-ambariui1.jpg

ambaruui.jpg

NET::ERR_CERT_INVALID"

1 ACCEPTED SOLUTION

Expert Contributor

Hi @Marshal Tito,

Could you execute the following command as root, to regenerate and replace the certificate. In 2.5.0 the certificate generation has changed and I am wondering whether that is causing some problem for you. Please replace the PUBLIC_IP value with your ip:

rm -rf /etc/certs_new
export PUBLIC_IP=172.21.250.249
export CBD_CERT_ROOT_PATH=/etc/certs_new
mkdir -p ${CBD_CERT_ROOT_PATH}
# Generate new certificates
certm -d $CBD_CERT_ROOT_PATH ca generate -o=testgw --overwrite
certm -d $CBD_CERT_ROOT_PATH server generate -o=testgw --host hostname --host ${PUBLIC_IP}
mv $CBD_CERT_ROOT_PATH/server.pem $CBD_CERT_ROOT_PATH/cluster.pem
mv $CBD_CERT_ROOT_PATH/server-key.pem $CBD_CERT_ROOT_PATH/cluster-key.pem
# Replaces cert in line 4 and 5
sed -i '4s/certs\//certs_new\//' /etc/nginx/sites-enabled/ssl.conf
sed -i '5s/certs\//certs_new\//' /etc/nginx/sites-enabled/ssl.conf
#Reload nginx
pkill -HUP nginx
keytool -printcert -v -file /etc/certs_new/cluster.pem

View solution in original post

17 REPLIES 17

Explorer

@ Dominika Bialek I followed all the steps you mentioned in your article: create-a-nifi-cluster-on-aws-azure-google-or-opens.html

Cloubreak installaition and cluster deployment both HDP and HDF are successful. But I am not able to access the AmbariUI through the URL mentioned in the cluster. Would you please help me out? Thank you.

Hi @Marshal Tito,

The first time you access Cloudbreak UI, Cloudbreak will automatically generate a self-signed certificate, due to which your browser will warn you about an untrusted connection and will ask you to confirm a security exception. You need to click on ADVANCED and confirm the security exception. After that, you will be able to access the Cloudbreak web UI.

Hmm, I just saw your screenshot and see that you do not have an option to confirm a security exception...

Can you try a different browser?

Any ideas @rdoktorics @rkovacs @khorvath? I remember others reported this issue before, but I do not remember the cause or solution.

Expert Contributor

Hi @Marshal Tito,

The warning is shown because of self-sign certificate is used. You can click on the "Advanced" link and after that click on "Proceed".

screen-shot-2018-04-19-at-202902.png

screen-shot-2018-04-19-at-202432.png

Explorer

Hi @Attila Kanto,

Thanks for reply. Please check my screen shots those I attached with question. In my browser I dont get the 2nd option to proceed after click on "Advanced".

Explorer

Hi @Dominika Bialek,

Thanks for your reply. I have tried with other browser too and got the same issue. CloudBreak UI is accessible from my browser. And i got the warning as you mentioned in the article and click on proceed and it worked. But in case of AmbariUI , its not working. I have modified property “run_as_user=root” as “run_as_user=ambari” in /etc/ambari-agent/conf/ ambari-agent.ini file , still no hope! Thank you.

Expert Contributor

Sorry, I didn't see the 2nd screenshot. I think it might be related to your notebook's security settings.

Is it Cloudbreak 2.5 what you are using? Would you mind to export the certificate and attaching it, please?

With a quick Googling I run into such comments like this:

The workaround (typing "proceed" on the page) is working for me...are you sure your browser has focus when you're typing the letters?

I have doubt of the success of typing 'proceed', but might worth to try it out.

Explorer

Hi @Attila Kanto,

I am using cloudbreak 2.5.0. Which certificate should i share? please let me know. I can do. I saw 4 certificate in ~/certs/ folder. Which one should i share? Or how can i make my ambari server with ssl certified with my browser? thank you.

Expert Contributor

Hi @Marshal Tito,

Could you attach all which does not contain "key"?

Please check if you are behind any proxy server.

Expert Contributor

Hi @Marshal Tito,

Could you execute the following command as root, to regenerate and replace the certificate. In 2.5.0 the certificate generation has changed and I am wondering whether that is causing some problem for you. Please replace the PUBLIC_IP value with your ip:

rm -rf /etc/certs_new
export PUBLIC_IP=172.21.250.249
export CBD_CERT_ROOT_PATH=/etc/certs_new
mkdir -p ${CBD_CERT_ROOT_PATH}
# Generate new certificates
certm -d $CBD_CERT_ROOT_PATH ca generate -o=testgw --overwrite
certm -d $CBD_CERT_ROOT_PATH server generate -o=testgw --host hostname --host ${PUBLIC_IP}
mv $CBD_CERT_ROOT_PATH/server.pem $CBD_CERT_ROOT_PATH/cluster.pem
mv $CBD_CERT_ROOT_PATH/server-key.pem $CBD_CERT_ROOT_PATH/cluster-key.pem
# Replaces cert in line 4 and 5
sed -i '4s/certs\//certs_new\//' /etc/nginx/sites-enabled/ssl.conf
sed -i '5s/certs\//certs_new\//' /etc/nginx/sites-enabled/ssl.conf
#Reload nginx
pkill -HUP nginx
keytool -printcert -v -file /etc/certs_new/cluster.pem

Explorer

Hi @Attila Kanto,

Sorry for the late response. I was about to execute the commands you mentioned, But I dont have any thing /etc/certs_new. Its only /etc/certs. And below files are there:

ca.pem ,

cb-client.pem,

cluster-key.pem

cluster.pem

This are in my hdf cluster. Please let me know what should i execute? Thank you.

Expert Contributor

@Marshal Tito there is no /etc/certs_new but the script what I sent is responsible to create it. It is basically just regenerating the certs with a different public ip, teherefore please don't forget to set export PUBLIC_IP=172.21.250.249 to the right value.

Explorer

@Attila Kanto Thank you so much for your continuous support. Yeap, finally its working. Salute! Thanks a lot. 🙂

Expert Contributor
@Marshal Tito

thanks for the feedback. based on your feedback will fix the certificate generation

New Contributor

I am having the same issue. Where do I need to run the script you gave @Attila Kanto.

Do I need to run them by ssh to Cloudbreak deployer VM?

Also is the public ip that I need to export of Ambari or Cloudbreak

Rising Star

Hi @Bimal Mehta

As the thread about not able to open the Ambari UI, you need to run the script on the node where the Ambari server is running. You should ssh to that instance run the script that will generate a new certificate for the machine's nginx with the right IP address to avoid this kind of certificate issues.

New Contributor

I am also facing the same issue for accessing ambari ui. Getting error as The website’s security certificate is not secure. Error Code: 0. I have used cloudbreak 2.9 for creating this cluster. Thanks in advance!