Quote: "Do you know when the new 5.12.x maintenance release will be available?" It's available now; [ANNOUNCE] Cloudera Enterprise 5.12.1 Released [0]     [0] http://community.cloudera.com/t5/Community-News-Release/ANNOUNCE-Cloudera-Enterprise-5-12-1-Released/m-p/59612#M195 ... View more

"Are SSL-enabled custom parcel repositories supported?" yes, as we can use this https://archive.cloudera.com/cdh5/parcels/   Ths error is likely due to the AWS Cloudfront SNI [0], and the current version of async-http-client-1.7.5.jar that CM uses does not support SNI, see related [1a,b,c]   Testing the URL with openssl excluding the -servername flag # openssl s_client -connect repository.cask.co:443 CONNECTED(00000003) 140455651178400:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:744: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 247 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---  with -servername [repository|downloads].cask.co # openssl s_client -connect repository.cask.co:443 -servername repository.cask.co </dev/null | grep "Verify" depth=4 C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority verify return:1 depth=3 C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2 verify return:1 depth=2 C = US, O = Amazon, CN = Amazon Root CA 1 verify return:1 depth=1 C = US, O = Amazon, OU = Server CA 1B, CN = Amazon verify return:1 depth=0 CN = repository.cask.co verify return:1 DONE Verify return code: 0 (ok)     setting-Djavax.net.debug=all in /etc/default/cloudera-scm-server [...] export CMF_JAVA_OPTS="... -Djavax.net.debug=all" [...]     Notice handshake_failure *** ClientHello, TLSv1 [...] [Raw read]: length = 2 0000: 02 28 .( New I/O worker #6, READ: TLSv1 Alert, length = 2 New I/O worker #6, RECV TLSv1 ALERT: fatal, handshake_failure New I/O worker #6, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure New I/O worker #6, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure New I/O worker #6, called closeOutbound() New I/O worker #6, closeOutboundInternal() New I/O worker #6, SEND TLSv1 ALERT: warning, description = close_notify New I/O worker #6, WRITE: TLSv1 Alert, length = 2 New I/O worker #6, called closeInbound() New I/O worker #6, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? [Raw write]: length = 7 0000: 15 03 01 00 02 01 00 ....... New I/O worker #6, called closeOutbound() New I/O worker #6, closeOutboundInternal()   We currently track this internally in /OPSAPS-30976/   Regards,   Michalis     [0] https://aws.amazon.com/about-aws/whats-new/2014/03/05/amazon-cloudront-announces-sni-custom-ssl/ [1a] https://groups.google.com/forum/#!topic/play-framework/T7ZhclgAAMU [1b] https://github.com/loopj/android-async-http/issues/224 [1c] https://bz.apache.org/bugzilla/show_bug.cgi?id=57935 ... View more

If your objective: "..get the state of the last execution (failed/succeded)", and if I remember correctly each replication job generates an AUDIT event [0], a workaround would be to filter the Events [1].   On you CM> Diagnostics> Events filter; Category: AUDIT_EVENT Event Code: EV_HDFS_DISTCP parsing the COMMAND_ARGS you can get the scheduleId Then you can group the results (by COMMAND_ID) to get the execution flow   COMMAND_STATUS will contain when it STARTED, FAILED, SUCCEEDED, ABORTED   [0] https://cloudera.github.io/cm_api/apidocs/v17/path__events.html [1] http://cm.cloudera.com:7180/api/v12/events?query=category==AUDIT_EVENT;attributes.eventcode==EV_HDFS_DISTCP   ... View more