Header Shadow Image


Cloudera: WrongHost: Peer certificate subjectAltName does not match host

Getting the following when configuring remote workers on Azure:

[17/May/2020 13:09:38 +0000] 3529 MainThread agent        ERROR    Heartbeating to 123.123.123.123:7182 failed.
Traceback (most recent call last):
  File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/agent.py", line 1387, in _send_heartbeat
    self.cfg.max_cert_depth)
  File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/https.py", line 139, in _init_
    self.conn.connect()
  File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/M2Crypto/httpslib.py", line 69, in connect
    sock.connect((self.host, self.port))
  File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 313, in connect
    if not check(self.get_peer_cert(), self.addr[0]):
  File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/M2Crypto/SSL/Checker.py", line 125, in _call_
    fieldName='subjectAltName')
WrongHost: Peer certificate subjectAltName does not match host, expected 123.123.123.123, got DNS:srv-c01.mws.mds.xyz, DNS:cm-r01nn01.mws.mds.xyz, DNS:cm-r01nn02.mws.mds.xyz

Because locally visible hostnames aren't externally, /etc/hosts modifications are necessary in this case to make the self signed certificates happy:

[root@cm-awn01 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

100.100.100.10   cm-awn01.nix.mds.xyz cm-awn01
10.0.0.6        cm-awn01.nix.mds.xyz cm-awn01

123.123.123.123 srv-c01.mws.mds.xyz
123.123.123.123 cm-r01nn01.mws.mds.xyz
123.123.123.123 cm-r01nn02.mws.mds.xyz
[root@cm-awn01 ~]#

Ensure your Cloudera Agent Config matches:

[root@cm-awn01 ~]# cat /etc/cloudera-scm-agent/config.ini|grep server
server_host=srv-c01.mws.mds.xyz

Hackish but works.

GL,
TK

Leave a Reply

You must be logged in to post a comment.


     
  Copyright © 2003 - 2013 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License