Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

how to rollback cloudera manager tls configuration without UI

Solved Go to solution
Highlighted

how to rollback cloudera manager tls configuration without UI

New Contributor

Need help urgently.

 

Hi, Today I configured Cloudera Manager 5.4.1 to use HTTPS by following

http://www.cloudera.com/documentation/enterprise/5-4-x/topics/cm_sg_tls_browser.html#concept_hrs_f5d

I used self-signed certificate described in http://www.cloudera.com/documentation/enterprise/5-4-x/topics/sg_self_signed_tls.html#xd_583c10bfdbd

However, after restarting cloudera-scm-server, I could not open the cloudera manager in browser.

“Openssl  s_client –connect “’ indicated the ssl connection was fine, but the browser always timed out. I’ve tried different browsers and cleaned the cache etc. Still the same. At this point, I would rather to roll it back.

Is there a way to rollback the changes to use Http again?  Since I cannot access the cloudera manger UI, I can only do it thru command line. Does anyone know where the configuration is stored and how to change it?

 

Please Help!  Thanks!

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: how to rollback cloudera manager tls configuration without UI

Super Guru

I would recommend reviewing the Cloudera Manager log for clues, but, for now, access your Cloudera Manager database and run the following:

 

delete from CONFIGS where ATTR='web_tls';

 

This will disable TLS for the CM UI

 

Afterward, try starting again.

 

If that doesn't help, let us know.

8 REPLIES 8

Re: how to rollback cloudera manager tls configuration without UI

Super Guru

I would recommend reviewing the Cloudera Manager log for clues, but, for now, access your Cloudera Manager database and run the following:

 

delete from CONFIGS where ATTR='web_tls';

 

This will disable TLS for the CM UI

 

Afterward, try starting again.

 

If that doesn't help, let us know.

Re: how to rollback cloudera manager tls configuration without UI

New Contributor
Thanks, that worked perfectly! Appreciated your quick help.

Re: how to rollback cloudera manager tls configuration without UI

New Contributor

How to find the cloudera manager DB credentials? I do have the same issue. Not able to login to web UI after TLS configuration 

Re: how to rollback cloudera manager tls configuration without UI

Contributor

I had a similar problem. I had enabled the agent_tls, but the keystore field was not filled or the file was on a different location.  Now the server did not start anymore. I needed to rollback the setting, thx for your post.

 

I used mysql tool on the command-line to connect as root to MySQL db, and executed an update:

 

use scm;
update CONFIGS set VALUE='false' where ATTR='agent_tls';
Query OK, 1 row affected (0.05 sec)

After a restart of cloudera-scm-server, the server was working again and I could enter the UI.

Re: how to rollback cloudera manager tls configuration without UI

Expert Contributor

Urgent

 

@bgooleyThis not helped me. Its giving below

scm=# delete from CONFIGS where ATTR='web_tls';
DELETE 0

 

Can you give any other fix

Re: how to rollback cloudera manager tls configuration without UI

Super Guru

@kchaitanya,

 

If that did not help, then it is likely there is another problem.

Please start a new thread and outline what you are trying to do and what is happening.

Also, make sure to review your /var/log/cloudera-scm-server/cloudera-scm-server.log for clues about what problem is occurring.

 

-Ben

Re: how to rollback cloudera manager tls configuration without UI

Expert Contributor
Thank you for the reply @bgooley, i fixed it by running below command

delete from CONFIGS where ATTR='agent_tls';

Thank you

Re: how to rollback cloudera manager tls configuration without UI

Super Guru

@kchaitanya,

Indeed, if agent_tls is enabled even without web_tls and there is a problem with the certificate or trust store, then you would need to turn off agent_tls.

 

A big thanks for sharing that solution!