The size of cloudera-scm-server.out is growing too fast and fill the disk space

0 votes
2 views
asked Aug 30, 2017 in Hadoop by admin (4,410 points)
Summarycloudera-scm-server.out file size is growing too fast

Symptoms

The size of cloudera-scm-server.out log is growing too fast and causing the Cloudera Manager database to go down and need to be restarted. The disk is also filled up quickly because of this.

Applies To
  • Cloudera Manager
  • SSL debugging
Cause

In the cloudera-scm-server.out file, it contains lots of SSL debug logging lines as below and this is what caused the huge flooding into the file:

1055932040@scm-web-111493, READ: TLSv1 Handshake, length = 247
*** ClientHello, TLSv1.2
RandomCookie: GMT: -767243224 bytes = { 229, 233, 99, 118, 172, 0, 183, 204, 69, 206, 190, 184, 207, 33, 242, 236, 81Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Using SSLEngineImpl.
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
, 163, 85, 129, 233, 29, 236, 19, 61, 140, 74, 228 }
......
Unsupported extension type_18, data:
Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31
Unsupported extension type_30032, data:
Extension ec_point_formats, formats: [uncompressed]
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Extension elliptic_curves, curve names: {unknown curve 19018, unknown curve 29, secp256r1, secp384r1}
Unsupported extension type_10794, data: 00
***
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
%% Resuming [Session-8425, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
*** ServerHello, TLSv1.2
.......

Instructions

Follow below steps to remove the SSL debug settings.

  1. On the Cloudera Manager server, find below file /etc/default/cloudera-scm-server and see if it contains any non-default SSL debug configuration like below:

-Djavax.net.debug=ssl:handshake -Dsun.security.ssl.allowUnsafeRenegotiation=true

  1. Remove the SSL debug configuration from /etc/default/cloudera-scm-server file
  2. Restart CM server

service cloudera-scm-server restart

Please log in or register to answer this question.

...