Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Disable Cloudera Management Debug WebUIs (Host Monitor, Service Monitor, Activity Monitor)

Solved Go to solution

Disable Cloudera Management Debug WebUIs (Host Monitor, Service Monitor, Activity Monitor)

Expert Contributor

Hi community,

looking at security, I am in process of disabling any interfaces without proper authentication / authorization (or even encryption). I came across the debug web UIs of Cloudera Management services.

 

According to https://www.cloudera.com/documentation/enterprise/latest/topics/cm_ig_ports_cm.html, the debug WebUIs can be disabled by setting the port property to -1. This works for Reports Manager (8083), Event Server (8084), Navigator Audit Server (8089), Telemetry Publisher (10111).

 

This does not work, however, for  Service Monitor (8086 / 9086 TLS), Activity Monitor (8087 / 9087 TLS), Host Monitor (8091 / 9091 TLS). Setting port to -1 leads to non-starting services without a proper ERROR in the log file.

 

Cloudera Manager agent even tries to check, if the server successfully bound to port -1 and runs into errors:

[15/Aug/2019 12:06:03 +0000] 65646 Thread-14 process ERROR [918-cloudera-mgmt-HOSTMONITOR] Failed port check: Command '['ss', '-np', 'state', 'listening', '(', 'sport', '=', '-1', 'or', 'sport', '=', '9995', 'or', 'sport', '=', '9994', ')']' returned non-zero exit status 255

 

 

How do you disable the debug web UIs for those management services. Or is there a way to properly secure them by authentication and authorization?

 

Thanks and best regards

Benjamin

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Disable Cloudera Management Debug WebUIs (Host Monitor, Service Monitor, Activity Monitor)

Super Collaborator

This was reported as a bug, and has already been fixed in CM 6.3.0, 6.2.1 as part of OPSAPS-49111

3 REPLIES 3

Re: Disable Cloudera Management Debug WebUIs (Host Monitor, Service Monitor, Activity Monitor)

Contributor

It works for me on a CM 6.3. 

Which version are you using?

Highlighted

Re: Disable Cloudera Management Debug WebUIs (Host Monitor, Service Monitor, Activity Monitor)

Expert Contributor
I am using CDH/CM 6.2. Will update the cluster and test again. However, according to the docs, it should already work since 5.14.

Re: Disable Cloudera Management Debug WebUIs (Host Monitor, Service Monitor, Activity Monitor)

Super Collaborator

This was reported as a bug, and has already been fixed in CM 6.3.0, 6.2.1 as part of OPSAPS-49111