Closed marbaa closed 1 year ago
HariSekhon
commented
1 year ago Cloudera is super legacy tech today so I don't support this any more as I've not worked at any company using this tech for a few years now.
I've had a quick look and it should be ignoring the certificate on this line of code:
Could you try adding --debug to see if you can enable any more information from the LWP useragent?
marbaa
commented
1 year ago Yeah, customers somehow still want to use Cloudera.
I'm sorry, where to put --debug?
check_cloudera_manager_status.pl doesn't have this option
HariSekhon
commented
1 year ago See if --debug switch on the command line gives you any additional information as it should enable the LWP useragent debug mode.
marbaa
commented
1 year ago check_cloudera_manager_status.pl -vv -H xxx -u xxx -p xxx --tls-noverify --CM-mgmt --debug
2022-10-17 13:19:38 +0200 verbose mode on
2022-10-17 13:19:38 +0200 check_cloudera_manager_status.pl version 0.3 => Hari Sekhon Utils version 1.19.6
2022-10-17 13:19:38 +0200 host: xxx
2022-10-17 13:19:38 +0200 port: 7180
2022-10-17 13:19:38 +0200 user: xxx
2022-10-17 13:19:38 +0200 password: <omitted>
2022-10-17 13:19:38 +0200
2022-10-17 13:19:38 +0200 setting timeout to 10 secs
2022-10-17 13:19:38 +0200 TLS enabled: true
2022-10-17 13:19:38 +0200 TLS noverify: true
2022-10-17 13:19:38 +0200 overriding default http port 7180 to default tls port 7183
2022-10-17 13:19:38 +0200 querying https://xxx:7183/api/v6/cm/service
** GET https://xxx:7183/api/v6/cm/service ==> 500 Can't connect to xxx:7183 (certificate verify failed)
2022-10-17 13:19:38 +0200 returned HTML:
Can't connect to 5.202.18.17:7183 (certificate verify failed)
SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /usr/local/share/perl5/LWP/Protocol/http.pm line 50.
2022-10-17 13:19:38 +0200 http code: 500
2022-10-17 13:19:38 +0200 message: Can't connect to xxx:7183 (certificate verify failed)
CRITICAL: failed to query Cloudera Manager at 'https://xxx:7183': 500 Can't connect to xxx:7183 (certificate verify failed)Might be an upstream library bug - you could try the workaround there:
marbaa
commented
1 year ago That helped. I've changed line 158 in ClouderaManager.pm you highligted from
$ua->ssl_opts( verify_hostname => 0 );to
$ua->ssl_opts( SSL_verify_mode => 0, verify_hostname => 0 );Output:
# .../Nagios-Plugins/check_cloudera_manager_status.pl -H xxx -u xxx -p xxx --tls-noverify --CM-mgmt
OK: Cloudera Manager Mgmt service state=STARTEDEverything looks good now. Thank you very much for fast support.
HariSekhon
commented
1 year ago I've backported that change now, thanks!
Hi,
not sure if cloudera plugins are maintained anymore, or there is some support given :)
RHEL 8.4 Cloudera Manager 7.1.7 SP1
In this case Cloudera during installation created own self signed certificates, but
--tls-noverifyis for some reason ignored (I think). If I specify the path for Cloudera's CA with--ssl-CA-pathI get same output. Installed perl version 5.26First time our RHEL8.x installation, it was pretty pain for me to install all dependecies, but I believe I have all installed.