Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Cannot access AmbariUI after Cloudbreak installation.

avatar
Contributor

ambariui1.jpgambaruui.jpgI have setup Cloudbreak in Azure. I deployed both HDP and HDF cluster. Cloudbreak UI is accessable but when trying to open Ambari UI for both HDP and HDF its not working. Getting the error message: "

Your connection is not private

Attackers might be trying to steal your information from <ip-address/ambari/> (for example, passwords, messages, or credit cards). Learn more

68533-ambariui1.jpg

ambaruui.jpg

NET::ERR_CERT_INVALID"

1 ACCEPTED SOLUTION

avatar
Expert Contributor

Hi @Marshal Tito,

Could you execute the following command as root, to regenerate and replace the certificate. In 2.5.0 the certificate generation has changed and I am wondering whether that is causing some problem for you. Please replace the PUBLIC_IP value with your ip:

rm -rf /etc/certs_new
export PUBLIC_IP=172.21.250.249
export CBD_CERT_ROOT_PATH=/etc/certs_new
mkdir -p ${CBD_CERT_ROOT_PATH}
# Generate new certificates
certm -d $CBD_CERT_ROOT_PATH ca generate -o=testgw --overwrite
certm -d $CBD_CERT_ROOT_PATH server generate -o=testgw --host hostname --host ${PUBLIC_IP}
mv $CBD_CERT_ROOT_PATH/server.pem $CBD_CERT_ROOT_PATH/cluster.pem
mv $CBD_CERT_ROOT_PATH/server-key.pem $CBD_CERT_ROOT_PATH/cluster-key.pem
# Replaces cert in line 4 and 5
sed -i '4s/certs\//certs_new\//' /etc/nginx/sites-enabled/ssl.conf
sed -i '5s/certs\//certs_new\//' /etc/nginx/sites-enabled/ssl.conf
#Reload nginx
pkill -HUP nginx
keytool -printcert -v -file /etc/certs_new/cluster.pem

View solution in original post

17 REPLIES 17

avatar
Contributor

@ Dominika Bialek I followed all the steps you mentioned in your article: create-a-nifi-cluster-on-aws-azure-google-or-opens.html

Cloubreak installaition and cluster deployment both HDP and HDF are successful. But I am not able to access the AmbariUI through the URL mentioned in the cluster. Would you please help me out? Thank you.

avatar

Hi @Marshal Tito,

The first time you access Cloudbreak UI, Cloudbreak will automatically generate a self-signed certificate, due to which your browser will warn you about an untrusted connection and will ask you to confirm a security exception. You need to click on ADVANCED and confirm the security exception. After that, you will be able to access the Cloudbreak web UI.

avatar

Hmm, I just saw your screenshot and see that you do not have an option to confirm a security exception...

Can you try a different browser?

Any ideas @rdoktorics @rkovacs @khorvath? I remember others reported this issue before, but I do not remember the cause or solution.

avatar
Expert Contributor

Hi @Marshal Tito,

The warning is shown because of self-sign certificate is used. You can click on the "Advanced" link and after that click on "Proceed".

screen-shot-2018-04-19-at-202902.png

screen-shot-2018-04-19-at-202432.png

avatar
Contributor

Hi @Attila Kanto,

Thanks for reply. Please check my screen shots those I attached with question. In my browser I dont get the 2nd option to proceed after click on "Advanced".

avatar
Contributor

Hi @Dominika Bialek,

Thanks for your reply. I have tried with other browser too and got the same issue. CloudBreak UI is accessible from my browser. And i got the warning as you mentioned in the article and click on proceed and it worked. But in case of AmbariUI , its not working. I have modified property “run_as_user=root” as “run_as_user=ambari” in /etc/ambari-agent/conf/ ambari-agent.ini file , still no hope! Thank you.

avatar
Expert Contributor

Sorry, I didn't see the 2nd screenshot. I think it might be related to your notebook's security settings.

Is it Cloudbreak 2.5 what you are using? Would you mind to export the certificate and attaching it, please?

With a quick Googling I run into such comments like this:

The workaround (typing "proceed" on the page) is working for me...are you sure your browser has focus when you're typing the letters?

I have doubt of the success of typing 'proceed', but might worth to try it out.

avatar
Contributor

Hi @Attila Kanto,

I am using cloudbreak 2.5.0. Which certificate should i share? please let me know. I can do. I saw 4 certificate in ~/certs/ folder. Which one should i share? Or how can i make my ambari server with ssl certified with my browser? thank you.

avatar
Expert Contributor

Hi @Marshal Tito,

Could you attach all which does not contain "key"?

Please check if you are behind any proxy server.