Hi All,   I enabled TLS for NIFI web UI ( CDF ) , while services are running fine on cluster I'm unable to access NIFI web UI from my browser. Below are the steps I followed please suggest what might be causing issue ?   I repeated below steps for all the machines in my nifi cluster   1. Received signed host certificate from IT team ( <hostname>.pem ) , also rootca (root.pem) 2. Copy the JDK cacerts file to jssecacerts as follows:     sudo cp $JAVA_HOME/jre/lib/security/cacerts $JAVA_HOME/jre/lib/security/jssecacerts     3. import rootca cert into JKS store     sudo $JAVA_HOME/bin/keytool -importcert -alias rootca -keystore $JAVA_HOME/jre/lib/security/jssecacerts -file /opt/cloudera/security/pki/root.pem     4. Created JKS and imported host certificate in keystore.     $JAVA_HOME/bin/keytool -genkeypair -alias $(hostname -f) -keyalg RSA -keystore /opt/cloudera/security/pki/$(hostname -f).jks -keysize 2048 -dname "CN=$(hostname -f),OU=Engineering,O=Cloudera,L=Singapore,ST=Singapore,C=Singapore" -ext san=dns:$(hostname -f) sudo $JAVA_HOME/bin/keytool -importcert -alias $(hostname -f) -file /opt/cloudera/security/pki/$(hostname -f).pem -keystore /opt/cloudera/security/pki/$(hostname -f).jks     5. creating symlinks     sudo ln -s /opt/cloudera/security/pki/$(hostname -f).pem /opt/cloudera/security/pki/agent.pem sudo ln -s /opt/cloudera/security/pki/$(hostname -f).jks /opt/cloudera/security/pki/server.jks     6. Enabled TLS from Cloudera Manager for NIFI 7. Restarted services from Cloudera manager    8. Unable to access from Browser        ... View more

Hi All,   I'm trying to enable TLS for Cloudera Manager admin console , below are the commands I followed.   1. Received signed host certificate from IT team ( <hostname>.pem ) , also rootca (root.pem) 2. Copy the JDK cacerts file to jssecacerts as follows:     sudo cp $JAVA_HOME/jre/lib/security/cacerts $JAVA_HOME/jre/lib/security/jssecacerts     3. import rootca cert into JKS store     sudo $JAVA_HOME/bin/keytool -importcert -alias rootca -keystore $JAVA_HOME/jre/lib/security/jssecacerts -file /opt/cloudera/security/pki/root.pem     4. Created JKS and imported host certificate in keystore.     $JAVA_HOME/bin/keytool -genkeypair -alias $(hostname -f) -keyalg RSA -keystore /opt/cloudera/security/pki/$(hostname -f).jks -keysize 2048 -dname "CN=$(hostname -f),OU=Engineering,O=Cloudera,L=Singapore,ST=Singapore,C=Singapore" -ext san=dns:$(hostname -f) sudo $JAVA_HOME/bin/keytool -importcert -alias $(hostname -f) -file /opt/cloudera/security/pki/$(hostname -f).pem -keystore /opt/cloudera/security/pki/$(hostname -f).jks     5. creating symlinks     sudo ln -s /opt/cloudera/security/pki/$(hostname -f).pem /opt/cloudera/security/pki/agent.pem sudo ln -s /opt/cloudera/security/pki/$(hostname -f).jks /opt/cloudera/security/pki/server.jks       6. Enabled TLS from Cloudera Manager admin console    Property Description Cloudera Manager TLS/SSL Server JKS Keystore File Location The complete path to the keystore file. For example: /opt/cloudera/security/pki/server.jks Cloudera Manager TLS/SSL Server JKS Keystore File Password The password for the /opt/cloudera/security/jks/server.jks keystore. Use TLS Encryption for Admin Console Check this box to enable TLS encryption for Cloudera Manager.   7. Restart Cloudera Manager server  Cloudera manager starting successfully however I'm not able to open admin console from browser     sudo netstat -tulpn | grep 7183 tcp 0 0 0.0.0.0:7183 0.0.0.0:* LISTEN 4664/java       I'm getting below error on browser page     This site can’t provide a secure connection 1.1.1.1 uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH Unsupported protocol The client and server don't support a common SSL protocol version or cipher suite.     Can someone please suggest what am I missing here ? ... View more

I'm trying to upgrade HDP 3.0 to 3.1 but after Ambari upgrade HDP services are not listed in dashboard, instead cluster installation wizard come up. [root@host ~]# curl -u admin:admin -H 'X-Requested-By: ambari' -X GET "http://host/api/v1/clusters/" {   "href" : "http://host/api/v1/clusters/",   "items" : [ ] }[root@host~]# while I can see services running in background [root@host ~]# jps 27457 HMaster 28711 TimelineReaderServer 25675 jar 30637 ZeppelinServer 29427 Main 6195 HRegionServer 2324 AmbariServer 31860 Main 26869 ResourceManager 29013 Main 20150 Jps 23895 SupportToolServer 26391 Main 10041 RemoteInterpreterServer 4219 NameNode 25212 QuorumPeerMain 3679 DFSZKFailoverController ... View more

Hi All, I'm trying to upgrade Ambari server and agents from 2.7.1 to 2.7.3 using below link. https://docs.hortonworks.com/HDPDocuments/Ambari-2.7.3.0/bk_ambari-upgrade/content/upgrade_ambari.html But it is failing in "yum upgrade ambari-server". I have tried cleaning up repository & cache but still facing same issue.     [root@host ~]# yum upgrade ambari-server     Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager     No packages marked for update [root@host conf]# yum repolist | grep ambari ambari-2.7.3.0                                      ambari Version - amba     13 [root@host conf]# Below is content of ambari.repo [root@host yum.repos.d]# cat ambari.repo #VERSION_NUMBER=2.7.3.0-139 [ambari-2.7.3.0] #json.url = http://public-repo-1.hortonworks.com/HDP/hdp_urlinfo.json name=ambari Version - ambari-2.7.3.0 baseurl=http://public-repo-1.hortonworks.com/ambari/centos7/2.x/updates/2.7.3.0 gpgcheck=1 gpgkey=http://public-repo-1.hortonworks.com/ambari/centos7/2.x/updates/2.7.3.0/RPM-GPG-KEY/RPM-GPG-KEY-Jenkins enabled=1 priority=1 Can someone please help to understand what might be wrong? ... View more