Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

Configure Cloudera Director to Access Cloudera Manager via TLS/SSL

Labels:
nicholas.evans-2071200225
New Contributor

Created on ‎05-02-2018 10:33 PM - edited ‎09-16-2022 06:10 AM

I manually enabled TLS/SSL on Cloudera Manager and Agents, and I am trying to configure cloudera director to use this https to access cloudera manager api. I am trying to update the template via curl post to the API with the 

 

{
"name": "impala-cloudera-manager",
"tlsEnabled": true,
"port": 7183,
"trustedCertificate": "-----BEGIN CERTIFICATE-----\nMM...+OkuE6N36B9K\n
-----END CERTIFICATE-----\n" 

}, 

"managerVirtualInstance": {
"id": "d901df10-07a8-4a26-85bf-413b6b72fa5e",
"template": {
"name": "cloudera-manager",
"type": "m3.xlarge",

}

 

 and it doesn't seem to work. I am using the correct cert and root CA. 

 

Here is the error in cloudera director logs 

-----------------------------

Caused by: javax.ws.rs.ProcessingException: java.io.IOException: IOException invoking https://10.xxx.xxx.xxx:7183/api/version: HTTPS hostname wrong: should be <10.xxx.xxx.xxx>
at org.apache.cxf.jaxrs.client.AbstractClient.checkClientException(AbstractClient.java:596)
at org.apache.cxf.jaxrs.client.AbstractClient.preProcessResult(AbstractClient.java:578)
at org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:748)
at org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:231)
at com.cloudera.api.$Proxy228.getCurrentVersion(Unknown Source)
... 125 common frames omitted

--------------------------------

 

Why is it trying to validate against the IP Address? If I put the IP in the browser of course I would be presented with a SSL certificate error.

1,007 Views
0 Kudos
1 REPLY 1

Jim Halfpenny
Rising Star

Created ‎05-03-2018 05:45 AM

Hi,

Cloudera Director uses the IP address of the Cloudera Manager server to communicate with it. This means you need the IP address of the server in the TLS certificate for this to work. You can find more information on this in the Cloudera documentation:

 

https://www.cloudera.com/documentation/director/latest/topics/director_tls_enable.html#concept_dcl_2...

 

If you can add the private IP address for the Cloudera Manager as a Subject Alternative Name (SAN) in the certificate then this should work around the issue.

 

Regards,

Jim

983 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
What's New @ Cloudera
Cloudera Operational Database (COD) UI supports creating a smaller cluster using a predefined Data Lake template
What's New @ Cloudera
Cloudera Operational Database (COD) supports scaling up the clusters vertically
Product Announcements
CDP Public Cloud: April 2023 Release Summary
What's New @ Cloudera
Cloudera Machine Learning launches "Add Data" feature to simplify data ingestion
What's New @ Cloudera
Simplify Data Access with Custom Connection Support in CML
View More Announcements