@sayebogbon As this is an older post, you would have a better chance of receiving a resolution by starting a new thread. This will also be an opportunity to provide details specific to your environment that could aid others in assisting you with a more accurate answer to your question. You can link this thread as a reference in your new post. Thanks. ... View more

Cert details.     [root@azure-r01wn01 ~]# openssl s_client -connect $(grep "server_host" /etc/cloudera-scm-agent/config.ini | sed s/server_host=//):7182 </dev/null | openssl x509 -text -noout depth=0 C = US, ST = California, L = Los Angeles, O = MDS, OU = MDS, CN = srv-c01.mws.mds.xyz verify error:num=18:self signed certificate verify return:1 depth=0 C = US, ST = California, L = Los Angeles, O = MDS, OU = MDS, CN = srv-c01.mws.mds.xyz verify return:1 140441195849616:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:s3_pkt.c:1493:SSL alert number 42 140441195849616:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177: Certificate: Data: Version: 3 (0x2) Serial Number: 1594172762 (0x5f05255a) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=California, L=Los Angeles, O=MDS, OU=MDS, CN=srv-c01.mws.mds.xyz Validity Not Before: Jul 19 02:46:18 2019 GMT Not After : Jul 16 02:46:18 2029 GMT Subject: C=US, ST=California, L=Los Angeles, O=MDS, OU=MDS, CN=srv-c01.mws.mds.xyz Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c5:a9:00:83:12:9e:02:86:32:4e:2b:a7:c6:1a: 6b:9d:e3:56:00:53:22:01:d8:db:83:cd:14:79:6a: 85:27:20:f6:5d:86:0e:0b:af:df:46:dd:c3:23:72: f0:bf:38:3e:cd:9f:92:e6:65:81:7b:26:32:50:fc: 81:0e:7b:dd:b4:61:6f:a7:56:ec:c8:fe:89:72:ec: e5:e0:63:61:92:77:0b:36:41:98:93:14:6d:53:a0: 24:fb:fb:77:40:98:5b:2f:d2:3c:65:4f:8b:65:33: e5:db:14:ce:01:d2:4f:9f:e4:c6:c8:35:50:09:a2: f3:48:0a:ac:06:fd:66:42:30:10:a4:e7:fa:a8:2b: 0b:2b:ef:ce:83:82:4e:0d:86:34:ce:0c:8d:0c:a2: f5:88:4d:38:9f:3b:dd:2e:6e:e3:8c:60:69:da:8d: a4:d4:db:d5:cd:26:91:95:ca:a2:47:de:3c:f3:8f: 52:b8:e5:b0:09:26:af:77:fb:a3:5b:40:f6:e8:1b: 66:d7:b7:1b:da:2c:6c:34:99:76:de:c4:9b:80:69: 25:d5:12:2f:cb:9b:c5:d2:7e:15:a7:50:5f:54:5c: 9d:6b:8c:c0:9c:03:3f:96:f3:8a:2c:a6:05:ec:a4: d3:83:84:61:13:da:57:6d:e8:8c:93:d9:40:38:24: 96:c9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, Time Stamping, OCSP Signing X509v3 Subject Alternative Name: DNS:srv-c01.mws.mds.xyz, DNS:cm-r01nn01.mws.mds.xyz, DNS:cm-r01nn02.mws.mds.xyz X509v3 Subject Key Identifier: F6:EA:97:6F:82:20:84:75:E9:63:71:2F:16:D6:41:8B:64:05:07:0D Signature Algorithm: sha256WithRSAEncryption 4f:35:6d:18:dc:5c:4a:65:db:8c:62:75:0b:f8:da:2b:14:72: 22:f7:3a:ba:15:17:58:41:46:3b:6b:6e:40:db:6b:be:e5:07: 82:d1:37:0a:d6:4e:96:14:f6:87:ca:ff:d3:5f:a9:94:de:81: e7:a1:28:94:0a:19:0b:f4:dc:ed:0a:a5:77:78:20:53:3f:3f: 03:54:67:a0:c4:a1:de:49:7d:e8:fc:2d:76:bd:7b:a5:98:cd: 45:7e:ba:21:79:e2:91:7d:f3:e9:d6:5d:b7:91:34:30:3a:e4: 3a:38:e9:33:9b:26:2e:3e:6c:c9:3d:5d:48:81:cb:35:2f:ff: 7a:ff:22:c2:f8:b5:a2:01:d0:54:7f:f2:08:33:89:78:80:af: 72:2d:d7:df:61:f0:4a:7f:d2:19:0d:c6:0c:51:ee:4e:c1:ed: 8d:8b:4f:82:17:47:6b:03:1a:f2:8b:00:cc:17:8a:75:ca:72: c0:a4:a7:12:87:32:16:89:15:2c:80:d1:07:fd:37:e8:bf:f5: 87:6b:a2:dd:9d:a4:c4:2c:68:f8:d9:15:dd:3c:40:6d:8b:e0: 6d:c4:87:6d:39:a9:6b:91:f6:0a:bc:7c:63:e7:f0:37:cb:7a: 5f:35:6c:5c:f9:bb:cb:58:1a:b9:9c:49:ab:24:ac:2a:c9:2d: 3f:b2:2f:68 [root@azure-r01wn01 ~]# [root@azure-r01wn01 ~]# [root@azure-r01wn01 ~]# [root@azure-r01wn01 ~]# [root@azure-r01wn01 ~]# openssl s_client -connect $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "server_host=" | sed s/server_host=//):7182 -CAfile $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "verify_cert_file=" |sed s/verify_cert_file=//) -verify_hostname $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "server_host=" | sed s/server_host=//)</dev/null CONNECTED(00000003) depth=0 C = US, ST = California, L = Los Angeles, O = MDS, OU = MDS, CN = srv-c01.mws.mds.xyz verify return:1 140276232329104:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:s3_pkt.c:1493:SSL alert number 42 140276232329104:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177: --- Certificate chain 0 s:/C=US/ST=California/L=Los Angeles/O=MDS/OU=MDS/CN=srv-c01.mws.mds.xyz i:/C=US/ST=California/L=Los Angeles/O=MDS/OU=MDS/CN=srv-c01.mws.mds.xyz --- Server certificate -----BEGIN CERTIFICATE----- MIIEHDCCAwSgAwIBAgIEXwUlWjANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJV UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxDDAK BgNVBAoTA01EUzEMMAoGA1UECxMDTURTMRwwGgYDVQQDExNzcnYtYzAxLm13cy5t ZHMueHl6MB4XDTE5MDcxOTAyNDYxOFoXDTI5MDcxNjAyNDYxOFowcjELMAkGA1UE BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVz MQwwCgYDVQQKEwNNRFMxDDAKBgNVBAsTA01EUzEcMBoGA1UEAxMTc3J2LWMwMS5t d3MubWRzLnh5ejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMWpAIMS ngKGMk4rp8Yaa53jVgBTIgHY24PNFHlqhScg9l2GDguv30bdwyNy8L84Ps2fkuZl gXsmMlD8gQ573bRhb6dW7Mj+iXLs5eBjYZJ3CzZBmJMUbVOgJPv7d0CYWy/SPGVP i2Uz5dsUzgHST5/kxsg1UAmi80gKrAb9ZkIwEKTn+qgrCyvvzoOCTg2GNM4MjQyi 9YhNOJ873S5u44xgadqNpNTb1c0mkZXKokfePPOPUrjlsAkmr3f7o1tA9ugbZte3 G9osbDSZdt7Em4BpJdUSL8ubxdJ+FadQX1RcnWuMwJwDP5bziiymBeyk04OEYRPa V23ojJPZQDgklskCAwEAAaOBuTCBtjBFBgNVHSUEPjA8BggrBgEFBQcDAQYIKwYB BQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJME4G A1UdEQRHMEWCE3Nydi1jMDEubXdzLm1kcy54eXqCFmNtLXIwMW5uMDEubXdzLm1k cy54eXqCFmNtLXIwMW5uMDIubXdzLm1kcy54eXowHQYDVR0OBBYEFPbql2+CIIR1 6WNxLxbWQYtkBQcNMA0GCSqGSIb3DQEBCwUAA4IBAQBPNW0Y3FxKZduMYnUL+Nor FHIi9zq6FRdYQUY7a25A22u+5QeC0TcK1k6WFPaHyv/TX6mU3oHnoSiUChkL9Nzt CqV3eCBTPz8DVGegxKHeSX3o/C12vXulmM1FfroheeKRffPp1l23kTQwOuQ6OOkz myYuPmzJPV1Igcs1L/96/yLC+LWiAdBUf/IIM4l4gK9yLdffYfBKf9IZDcYMUe5O we2Ni0+CF0drAxryiwDMF4p1ynLApKcShzIWiRUsgNEH/Tfov/WHa6LdnaTELGj4 2RXdPEBti+BtxIdtOalrkfYKvHxj5/A3y3pfNWxc+bvLWBq5nEmrJKwqyS0/si9o -----END CERTIFICATE----- . . . . . . . --- SSL handshake has read 18243 bytes and written 138 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 5FEFEAC965EF94EEEA66EA13E233E18323258810C92903D96B3A57571739DEB4 Session-ID-ctx: Master-Key: 6F693441CEDC0AF262F25FC41236CBE03B59BF78CF3FBD13A574C5BCD3095680985C7F5D2BFBDFA67AC932359C519E37 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1609558729 Timeout : 300 (sec) Verify return code: 0 (ok) --- [root@azure-r01wn01 ~]#     # grep -Ei srv /etc/cloudera-scm-agent/config.ini server_host=srv-c01.mws.mds.xyz ... View more

Hi. unfortunately it doesn´t work for me.   [root@comp476 cloudera-scm-agent]# ls -larth total 180K -rw-r--r--. 1 root root 36 Feb 19 2020 uuid -rw-r--r--. 1 root root 36 Feb 19 2020 cm_guid drwxr-xr-x. 55 root root 4.0K Jul 22 15:34 .. -rw-------. 1 root root 85 Nov 4 17:35 active_parcels.json.old20201105 -rw-------. 1 root root 80K Nov 4 20:09 response.avro.old20201105 -rw------- 1 root root 80K Nov 5 10:48 response.avro drwxr-xr-x. 2 cloudera-scm cloudera-scm 4.0K Nov 5 10:50 . You have new mail in /var/spool/mail/root   I stopped de agent , modified the files´s names and restarted the agent.     ... View more

Hey All,   Also, where is the /blockScannerReport?   Cloudera lists ports 9865 for dfs.datanode.https.address but no process is running on that port.  Nor is there any service on the standard port of 50075.  The only thing listed is port 1006 for dfs.datanode.http.address.   However, that asks for a password and the default Cloudera password isn't working.   Need to get some stats on block scans however not able too at the moment.    Thx, TK ... View more

Realizing I didn't close this off.     The suggestions in this post worked perfectly to move me along and eventually setup full TLS encryption.   Thanks very much guy's for the help.  Very much appreciated! ... View more

Given these hostnames exist for this one server:   1) host01.dom1.com 2) althost01.dom2.com 3) althost01.dom3.com   I added the entries into /etc/hosts like this: 127.0.0.1localhost localhost.localdomain localhost4 localhost.localdomain4 1.2.3.4 host01.dom1.com althost01.dom2.com  althost01 . (rest of servers) . . .   Reverse lookup on 1.2.3.4 still returns:   althost01.dom3.com   wich is not one of the entries in /etc/hosts .  So thinking there must be something else that directly sends it over to the DNS, if not /etc/resolv.conf entries as per my earlier suggestion.     Thx ... View more

Not the best approach to getting rid of these messages but it gave me what I wanted.  I set highest logging level to ERROR instead so everything else is not printed: tom@mds.xyz@cm-r01en01:~] 🙂 $ cat /etc/spark/conf/log4j.properties log4j.rootLogger=${root.logger} root.logger=ERROR,console log4j.appender.console=org.apache.log4j.ConsoleAppender log4j.appender.console.target=System.err log4j.appender.console.layout=org.apache.log4j.PatternLayout log4j.appender.console.layout.ConversionPattern=%d{yy/MM/dd HH:mm:ss} %p %c{2}: %m%n shell.log.level=ERROR log4j.logger.org.spark-project.jetty=WARN log4j.logger.org.spark-project.jetty.util.component.AbstractLifeCycle=ERROR log4j.logger.org.apache.spark.repl.SparkIMain$exprTyper=ERROR log4j.logger.org.apache.spark.repl.SparkILoop$SparkILoopInterpreter=ERROR log4j.logger.org.apache.parquet=ERROR log4j.logger.org.apache.hadoop.hive.metastore.RetryingHMSHandler=FATAL log4j.logger.org.apache.hadoop.hive.ql.exec.FunctionRegistry=ERROR log4j.logger.org.apache.spark.repl.Main=${shell.log.level} log4j.logger.org.apache.spark.api.python.PythonGatewayServer=${shell.log.level} tom@mds.xyz@cm-r01en01:~] 🙂 $ tom@mds.xyz@cm-r01en01:~] 🙂 $ tom@mds.xyz@cm-r01en01:~] 🙂 $ digg /etc/spark/conf/log4j.properties /etc/spark/conf/log4j.properties-original -sh: digg: command not found tom@mds.xyz@cm-r01en01:~] 😞 $ diff /etc/spark/conf/log4j.properties /etc/spark/conf/log4j.properties-original 2c2 < root.logger=ERROR,console --- > root.logger=DEBUG,console 10,11c10,11 < log4j.logger.org.apache.spark.repl.SparkIMain$exprTyper=ERROR < log4j.logger.org.apache.spark.repl.SparkILoop$SparkILoopInterpreter=ERROR --- > log4j.logger.org.apache.spark.repl.SparkIMain$exprTyper=INFO > log4j.logger.org.apache.spark.repl.SparkILoop$SparkILoopInterpreter=INFO tom@mds.xyz@cm-r01en01:~] 😞 $   Now I get my spark-shell without the INFO, DEBUG or WARNING messages all over it.  Still interested in a final solution if possible.  I only see it fixed in Spark 3.0 .    Cheers, TK ... View more