Support Questions

Seaport · ‎12-17-2024

This issue occurred right after I enabled TLS on my CDP Private Cloud Base 7.1.7. The client call to HBASE Thrift API failed at TLS hanshake.

Below is the connection test output with the handshake failure.
++
$ openssl s_client -connect mycompany.com:9191
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 287 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
++

My Thrift API port is 9191 (not the default 9090). This port worked well before TLS was enabled.

There should be no certificate/ca issue because the Thrift (on the same node) UI over TLS works just fine. Below is the connection test output showing a successful handshake.

++
$ openssl s_client -connect mycompany.com:9095
CONNECTED(00000003)
depth=2 CN = MYROOTCA
...
---
Certificate chain
...
---
Server certificate
-----BEGIN CERTIFICATE-----
...
++

All my HBASE instances have green lights inside Cloudera Manager. I do not know where to look. It looks like something internal in SDX went wrong.

Any suggestions? Thank you.

Best regards,

Seaport · ‎12-18-2024

It appeared that the Thrift Server did not start completely, although it has a green light in Cloudera Manager. Inside the log hbase-cmf-hbase-HBASETHRIFTSERVER-mynode.log.out, there is no entry to acknowledge the start like

++
org.eclipse.jetty.server.AbstractConnector: Started ServerConnector@180e6ac4{SSL, (ssl, http/1.1)}{0.0.0.0:9191}
++

But I have no idea why the starting ended up incomplete. Therer was no warning or error from either the log or the Cloudera Manager UI.

Thank you.