I'm trying to get a cluster working with TLS enabled on EC2.
This is what I see in /var/log/cloudera-scm-agent/cloudera-scm-agent.log:
Traceback (most recent call last):
File "/usr/lib/cmf/agent/src/cmf/agent.py", line 729, in send_heartbeat
File "/usr/lib/cmf/agent/src/cmf/https.py", line 85, in __init__
line 50, in connect
line 188, in connect
if not check(self.get_peer_cert(), self.addr):
line 123, in __call__
WrongHost: Peer certificate commonName does not match host, expected
ip-<internal-ip>.ec2.internal, got <external-ip>.
Generating a certificate with an internal (= transient) IP does not make
any sense. The only solution I see is disabling the domain check.
It can be done by setting the M2Crypto's
SSL.Connection.clientPostConnectionCheck variable to None.
1. how to set that variable without modifying the scm agent code?
2. if you managed to get your cluster working, how did you get around this