Support Questions
Find answers, ask questions, and share your expertise

how to rollback cloudera manager tls configuration without UI

New Contributor

Need help urgently.

 

Hi, Today I configured Cloudera Manager 5.4.1 to use HTTPS by following

http://www.cloudera.com/documentation/enterprise/5-4-x/topics/cm_sg_tls_browser.html#concept_hrs_f5d

I used self-signed certificate described in http://www.cloudera.com/documentation/enterprise/5-4-x/topics/sg_self_signed_tls.html#xd_583c10bfdbd

However, after restarting cloudera-scm-server, I could not open the cloudera manager in browser.

“Openssl  s_client –connect “’ indicated the ssl connection was fine, but the browser always timed out. I’ve tried different browsers and cleaned the cache etc. Still the same. At this point, I would rather to roll it back.

Is there a way to rollback the changes to use Http again?  Since I cannot access the cloudera manger UI, I can only do it thru command line. Does anyone know where the configuration is stored and how to change it?

 

Please Help!  Thanks!

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: how to rollback cloudera manager tls configuration without UI

Super Guru

I would recommend reviewing the Cloudera Manager log for clues, but, for now, access your Cloudera Manager database and run the following:

 

delete from CONFIGS where ATTR='web_tls';

 

This will disable TLS for the CM UI

 

Afterward, try starting again.

 

If that doesn't help, let us know.

View solution in original post

11 REPLIES 11

Re: how to rollback cloudera manager tls configuration without UI

Super Guru

I would recommend reviewing the Cloudera Manager log for clues, but, for now, access your Cloudera Manager database and run the following:

 

delete from CONFIGS where ATTR='web_tls';

 

This will disable TLS for the CM UI

 

Afterward, try starting again.

 

If that doesn't help, let us know.

View solution in original post

Re: how to rollback cloudera manager tls configuration without UI

New Contributor
Thanks, that worked perfectly! Appreciated your quick help.

Re: how to rollback cloudera manager tls configuration without UI

New Contributor

How to find the cloudera manager DB credentials? I do have the same issue. Not able to login to web UI after TLS configuration 

Re: how to rollback cloudera manager tls configuration without UI

Explorer

DB credential can be found here /etc/cloudera-scm-server/db.properties.

Re: how to rollback cloudera manager tls configuration without UI

Contributor

I had a similar problem. I had enabled the agent_tls, but the keystore field was not filled or the file was on a different location.  Now the server did not start anymore. I needed to rollback the setting, thx for your post.

 

I used mysql tool on the command-line to connect as root to MySQL db, and executed an update:

 

use scm;
update CONFIGS set VALUE='false' where ATTR='agent_tls';
Query OK, 1 row affected (0.05 sec)

After a restart of cloudera-scm-server, the server was working again and I could enter the UI.

Re: how to rollback cloudera manager tls configuration without UI

Expert Contributor

Urgent

 

@bgooleyThis not helped me. Its giving below

scm=# delete from CONFIGS where ATTR='web_tls';
DELETE 0

 

Can you give any other fix

Re: how to rollback cloudera manager tls configuration without UI

Super Guru

@kchaitanya,

 

If that did not help, then it is likely there is another problem.

Please start a new thread and outline what you are trying to do and what is happening.

Also, make sure to review your /var/log/cloudera-scm-server/cloudera-scm-server.log for clues about what problem is occurring.

 

-Ben

Re: how to rollback cloudera manager tls configuration without UI

Expert Contributor
Thank you for the reply @bgooley, i fixed it by running below command

delete from CONFIGS where ATTR='agent_tls';

Thank you

Re: how to rollback cloudera manager tls configuration without UI

Super Guru

@kchaitanya,

Indeed, if agent_tls is enabled even without web_tls and there is a problem with the certificate or trust store, then you would need to turn off agent_tls.

 

A big thanks for sharing that solution!