Hue Load Balancer fails to start after enabling SSL

0 votes
30 views
asked Aug 30, 2017 in Hadoop by admin (4,410 points)
SummaryWith SSL enabled, the Hue Load Balancer can only start with a non-password-protected private key.

Symptoms

After enabling SSL, Default built-in Hue Load Balancer is not able to start and below error message can be seen from stdout.log (can be found from /var/run/cloudera-scm-agent/process/xxx-hue-HUE_LOAD_BALANCER/logs folder on the host where Hue Load Balancer instance was installed):

Mon Oct 31 17:31:03 EDT 2016
HUE_HOME=/opt/cloudera/parcels/CDH-5.8.2-1.cdh5.8.2.p0.3/lib/hue
CLOUDERA_HTTPD_EXECUTABLE_PATH=/usr/sbin/httpd
CLOUDERA_HTTPD_MODULE_DIR=/usr/lib64/httpd/modules
CLOUDERA_HTTPD_CONF_DIR=/run/cloudera-scm-agent/process/809-hue-HUE_LOAD_BALANCER
CLOUDERA_HTTPD_LOG_DIR=/apps/cloudera/var/log/hue-httpd
CLOUDERA_HTTPD_USE_SSL=true
Apache/2.4.6 mod_ssl (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server example.test.com:443 (RSA)
Enter pass phrase:
Applies To
  • Hue Load Balancer (in the built in Hue)
  • SSL
Cause
Instructions

Cloudera Manager does not yet contain a configuration option to provide the private key password for the HUE load balancer.  This is a known issue and will be addressed in a future release.

To work around this issue:

Method 1 - passwordless key file

Use a passwordless key file for the Hue Load Balancer TLS/SSL Server Private Key File (PEM Format) configuration value.

Method 2 - echo the password from a file

  1. Navigate to CM > Hue > Configuration and search for "Load Balancer Advanced Configuration Snippet (Safety Valve) for httpd.conf" property
  2. Add below snippet to above property
    SSLPassPhraseDialog "|/usr/bin/echo mykeyfilepassword"

    NOTE:  Your system may use /usr/echo instead of /usr/bin/echo.  Adjust the property accordingly.
  3. Start Hue Load Balancer

Please log in or register to answer this question.

...