Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Disable Cloudera Management Debug WebUIs (Host Monitor, Service Monitor, Activity Monitor)

avatar
Expert Contributor

Hi community,

looking at security, I am in process of disabling any interfaces without proper authentication / authorization (or even encryption). I came across the debug web UIs of Cloudera Management services.

 

According to https://www.cloudera.com/documentation/enterprise/latest/topics/cm_ig_ports_cm.html, the debug WebUIs can be disabled by setting the port property to -1. This works for Reports Manager (8083), Event Server (8084), Navigator Audit Server (8089), Telemetry Publisher (10111).

 

This does not work, however, for  Service Monitor (8086 / 9086 TLS), Activity Monitor (8087 / 9087 TLS), Host Monitor (8091 / 9091 TLS). Setting port to -1 leads to non-starting services without a proper ERROR in the log file.

 

Cloudera Manager agent even tries to check, if the server successfully bound to port -1 and runs into errors:

[15/Aug/2019 12:06:03 +0000] 65646 Thread-14 process ERROR [918-cloudera-mgmt-HOSTMONITOR] Failed port check: Command '['ss', '-np', 'state', 'listening', '(', 'sport', '=', '-1', 'or', 'sport', '=', '9995', 'or', 'sport', '=', '9994', ')']' returned non-zero exit status 255

 

 

How do you disable the debug web UIs for those management services. Or is there a way to properly secure them by authentication and authorization?

 

Thanks and best regards

Benjamin

1 ACCEPTED SOLUTION

avatar
Master Collaborator

This was reported as a bug, and has already been fixed in CM 6.3.0, 6.2.1 as part of OPSAPS-49111

View solution in original post

3 REPLIES 3

avatar
Super Guru

It works for me on a CM 6.3. 

Which version are you using?

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar
Expert Contributor
I am using CDH/CM 6.2. Will update the cluster and test again. However, according to the docs, it should already work since 5.14.

avatar
Master Collaborator

This was reported as a bug, and has already been fixed in CM 6.3.0, 6.2.1 as part of OPSAPS-49111