Created on 04-18-2018 09:19 PM - edited 08-17-2019 07:18 PM
ambariui1.jpgambaruui.jpgI have setup Cloudbreak in Azure. I deployed both HDP and HDF cluster. Cloudbreak UI is accessable but when trying to open Ambari UI for both HDP and HDF its not working. Getting the error message: "
Attackers might be trying to steal your information from <ip-address/ambari/> (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_INVALID"
Created 04-20-2018 10:07 AM
Hi @Marshal Tito,
Could you execute the following command as root, to regenerate and replace the certificate. In 2.5.0 the certificate generation has changed and I am wondering whether that is causing some problem for you. Please replace the PUBLIC_IP value with your ip:
rm -rf /etc/certs_new export PUBLIC_IP=172.21.250.249 export CBD_CERT_ROOT_PATH=/etc/certs_new mkdir -p ${CBD_CERT_ROOT_PATH} # Generate new certificates certm -d $CBD_CERT_ROOT_PATH ca generate -o=testgw --overwrite certm -d $CBD_CERT_ROOT_PATH server generate -o=testgw --host hostname --host ${PUBLIC_IP} mv $CBD_CERT_ROOT_PATH/server.pem $CBD_CERT_ROOT_PATH/cluster.pem mv $CBD_CERT_ROOT_PATH/server-key.pem $CBD_CERT_ROOT_PATH/cluster-key.pem # Replaces cert in line 4 and 5 sed -i '4s/certs\//certs_new\//' /etc/nginx/sites-enabled/ssl.conf sed -i '5s/certs\//certs_new\//' /etc/nginx/sites-enabled/ssl.conf #Reload nginx pkill -HUP nginx keytool -printcert -v -file /etc/certs_new/cluster.pem
Created 04-18-2018 09:50 PM
@ Dominika Bialek I followed all the steps you mentioned in your article: create-a-nifi-cluster-on-aws-azure-google-or-opens.html
Cloubreak installaition and cluster deployment both HDP and HDF are successful. But I am not able to access the AmbariUI through the URL mentioned in the cluster. Would you please help me out? Thank you.
Created 04-19-2018 06:15 PM
Hi @Marshal Tito,
The first time you access Cloudbreak UI, Cloudbreak will automatically generate a self-signed certificate, due to which your browser will warn you about an untrusted connection and will ask you to confirm a security exception. You need to click on ADVANCED and confirm the security exception. After that, you will be able to access the Cloudbreak web UI.
Created 04-19-2018 06:17 PM
Hmm, I just saw your screenshot and see that you do not have an option to confirm a security exception...
Can you try a different browser?
Any ideas @rdoktorics @rkovacs @khorvath? I remember others reported this issue before, but I do not remember the cause or solution.
Created 04-19-2018 06:36 PM
Hi @Marshal Tito,
The warning is shown because of self-sign certificate is used. You can click on the "Advanced" link and after that click on "Proceed".
Created 04-19-2018 07:16 PM
Hi @Attila Kanto,
Thanks for reply. Please check my screen shots those I attached with question. In my browser I dont get the 2nd option to proceed after click on "Advanced".
Created 04-19-2018 07:22 PM
Hi @Dominika Bialek,
Thanks for your reply. I have tried with other browser too and got the same issue. CloudBreak UI is accessible from my browser. And i got the warning as you mentioned in the article and click on proceed and it worked. But in case of AmbariUI , its not working. I have modified property “run_as_user=root” as “run_as_user=ambari” in /etc/ambari-agent/conf/ ambari-agent.ini file , still no hope! Thank you.
Created 04-19-2018 07:31 PM
Sorry, I didn't see the 2nd screenshot. I think it might be related to your notebook's security settings.
Is it Cloudbreak 2.5 what you are using? Would you mind to export the certificate and attaching it, please?
With a quick Googling I run into such comments like this:
The workaround (typing "proceed" on the page) is working for me...are you sure your browser has focus when you're typing the letters?
I have doubt of the success of typing 'proceed', but might worth to try it out.
Created 04-19-2018 08:25 PM
Hi @Attila Kanto,
I am using cloudbreak 2.5.0. Which certificate should i share? please let me know. I can do. I saw 4 certificate in ~/certs/ folder. Which one should i share? Or how can i make my ambari server with ssl certified with my browser? thank you.
Created 04-23-2018 09:03 AM
Hi @Marshal Tito,
Could you attach all which does not contain "key"?
Please check if you are behind any proxy server.
Created 04-20-2018 10:07 AM
Hi @Marshal Tito,
Could you execute the following command as root, to regenerate and replace the certificate. In 2.5.0 the certificate generation has changed and I am wondering whether that is causing some problem for you. Please replace the PUBLIC_IP value with your ip:
rm -rf /etc/certs_new export PUBLIC_IP=172.21.250.249 export CBD_CERT_ROOT_PATH=/etc/certs_new mkdir -p ${CBD_CERT_ROOT_PATH} # Generate new certificates certm -d $CBD_CERT_ROOT_PATH ca generate -o=testgw --overwrite certm -d $CBD_CERT_ROOT_PATH server generate -o=testgw --host hostname --host ${PUBLIC_IP} mv $CBD_CERT_ROOT_PATH/server.pem $CBD_CERT_ROOT_PATH/cluster.pem mv $CBD_CERT_ROOT_PATH/server-key.pem $CBD_CERT_ROOT_PATH/cluster-key.pem # Replaces cert in line 4 and 5 sed -i '4s/certs\//certs_new\//' /etc/nginx/sites-enabled/ssl.conf sed -i '5s/certs\//certs_new\//' /etc/nginx/sites-enabled/ssl.conf #Reload nginx pkill -HUP nginx keytool -printcert -v -file /etc/certs_new/cluster.pem
Created 04-20-2018 06:26 PM
Hi @Attila Kanto,
Sorry for the late response. I was about to execute the commands you mentioned, But I dont have any thing /etc/certs_new. Its only /etc/certs. And below files are there:
ca.pem ,
cb-client.pem,
cluster-key.pem
cluster.pem
This are in my hdf cluster. Please let me know what should i execute? Thank you.
Created 04-24-2018 10:50 AM
@Marshal Tito there is no /etc/certs_new but the script what I sent is responsible to create it. It is basically just regenerating the certs with a different public ip, teherefore please don't forget to set export PUBLIC_IP=172.21.250.249 to the right value.
Created 04-24-2018 03:44 PM
@Attila Kanto Thank you so much for your continuous support. Yeap, finally its working. Salute! Thanks a lot. 🙂
Created 04-24-2018 03:52 PM
thanks for the feedback. based on your feedback will fix the certificate generation
Created 06-05-2018 03:15 AM
I am having the same issue. Where do I need to run the script you gave @Attila Kanto.
Do I need to run them by ssh to Cloudbreak deployer VM?
Also is the public ip that I need to export of Ambari or Cloudbreak
Created 06-05-2018 07:12 AM
Hi @Bimal Mehta
As the thread about not able to open the Ambari UI, you need to run the script on the node where the Ambari server is running. You should ssh to that instance run the script that will generate a new certificate for the machine's nginx with the right IP address to avoid this kind of certificate issues.
Created 03-30-2019 07:33 PM
I am also facing the same issue for accessing ambari ui. Getting error as The website’s security certificate is not secure. Error Code: 0. I have used cloudbreak 2.9 for creating this cluster. Thanks in advance!