Hue Load Balancer fails to start after enabling SSL

0 votes
asked Aug 30, 2017 in Hadoop by admin (4,410 points)
SummaryWith SSL enabled, the Hue Load Balancer can only start with a non-password-protected private key.


After enabling SSL, Default built-in Hue Load Balancer is not able to start and below error message can be seen from stdout.log (can be found from /var/run/cloudera-scm-agent/process/xxx-hue-HUE_LOAD_BALANCER/logs folder on the host where Hue Load Balancer instance was installed):

Mon Oct 31 17:31:03 EDT 2016
Apache/2.4.6 mod_ssl (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server (RSA)
Enter pass phrase:
Applies To
  • Hue Load Balancer (in the built in Hue)
  • SSL

Cloudera Manager does not yet contain a configuration option to provide the private key password for the HUE load balancer.  This is a known issue and will be addressed in a future release.

To work around this issue:

Method 1 - passwordless key file

Use a passwordless key file for the Hue Load Balancer TLS/SSL Server Private Key File (PEM Format) configuration value.

Method 2 - echo the password from a file

  1. Navigate to CM > Hue > Configuration and search for "Load Balancer Advanced Configuration Snippet (Safety Valve) for httpd.conf" property
  2. Add below snippet to above property
    SSLPassPhraseDialog "|/usr/bin/echo mykeyfilepassword"

    NOTE:  Your system may use /usr/echo instead of /usr/bin/echo.  Adjust the property accordingly.
  3. Start Hue Load Balancer

Please log in or register to answer this question.