Support Questions

Find answers, ask questions, and share your expertise

how to rollback cloudera manager tls configuration without UI

avatar
New Contributor

Need help urgently.

 

Hi, Today I configured Cloudera Manager 5.4.1 to use HTTPS by following

http://www.cloudera.com/documentation/enterprise/5-4-x/topics/cm_sg_tls_browser.html#concept_hrs_f5d

I used self-signed certificate described in http://www.cloudera.com/documentation/enterprise/5-4-x/topics/sg_self_signed_tls.html#xd_583c10bfdbd

However, after restarting cloudera-scm-server, I could not open the cloudera manager in browser.

“Openssl  s_client –connect “’ indicated the ssl connection was fine, but the browser always timed out. I’ve tried different browsers and cleaned the cache etc. Still the same. At this point, I would rather to roll it back.

Is there a way to rollback the changes to use Http again?  Since I cannot access the cloudera manger UI, I can only do it thru command line. Does anyone know where the configuration is stored and how to change it?

 

Please Help!  Thanks!

 

1 ACCEPTED SOLUTION

avatar
Master Guru

I would recommend reviewing the Cloudera Manager log for clues, but, for now, access your Cloudera Manager database and run the following:

 

delete from CONFIGS where ATTR='web_tls';

 

This will disable TLS for the CM UI

 

Afterward, try starting again.

 

If that doesn't help, let us know.

View solution in original post

11 REPLIES 11

avatar
Master Guru

I would recommend reviewing the Cloudera Manager log for clues, but, for now, access your Cloudera Manager database and run the following:

 

delete from CONFIGS where ATTR='web_tls';

 

This will disable TLS for the CM UI

 

Afterward, try starting again.

 

If that doesn't help, let us know.

avatar
New Contributor
Thanks, that worked perfectly! Appreciated your quick help.

avatar
New Contributor

How to find the cloudera manager DB credentials? I do have the same issue. Not able to login to web UI after TLS configuration 

avatar
Contributor

DB credential can be found here /etc/cloudera-scm-server/db.properties.

avatar
Expert Contributor

I had a similar problem. I had enabled the agent_tls, but the keystore field was not filled or the file was on a different location.  Now the server did not start anymore. I needed to rollback the setting, thx for your post.

 

I used mysql tool on the command-line to connect as root to MySQL db, and executed an update:

 

use scm;
update CONFIGS set VALUE='false' where ATTR='agent_tls';
Query OK, 1 row affected (0.05 sec)

After a restart of cloudera-scm-server, the server was working again and I could enter the UI.

avatar
Expert Contributor

Urgent

 

@bgooleyThis not helped me. Its giving below

scm=# delete from CONFIGS where ATTR='web_tls';
DELETE 0

 

Can you give any other fix

avatar
Master Guru

@kchaitanya,

 

If that did not help, then it is likely there is another problem.

Please start a new thread and outline what you are trying to do and what is happening.

Also, make sure to review your /var/log/cloudera-scm-server/cloudera-scm-server.log for clues about what problem is occurring.

 

-Ben

avatar
Expert Contributor
Thank you for the reply @bgooley, i fixed it by running below command

delete from CONFIGS where ATTR='agent_tls';

Thank you

avatar
Master Guru

@kchaitanya,

Indeed, if agent_tls is enabled even without web_tls and there is a problem with the certificate or trust store, then you would need to turn off agent_tls.

 

A big thanks for sharing that solution!