Cloudera: WrongHost: Peer certificate subjectAltName does not match host
Getting the following when configuring remote workers on Azure:
[17/May/2020 13:09:38 +0000] 3529 MainThread agent ERROR Heartbeating to 123.123.123.123:7182 failed.
Traceback (most recent call last):
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/agent.py", line 1387, in _send_heartbeat
self.cfg.max_cert_depth)
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/https.py", line 139, in _init_
self.conn.connect()
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/M2Crypto/httpslib.py", line 69, in connect
sock.connect((self.host, self.port))
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 313, in connect
if not check(self.get_peer_cert(), self.addr[0]):
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/M2Crypto/SSL/Checker.py", line 125, in _call_
fieldName='subjectAltName')
WrongHost: Peer certificate subjectAltName does not match host, expected 123.123.123.123, got DNS:srv-c01.mws.mds.xyz, DNS:cm-r01nn01.mws.mds.xyz, DNS:cm-r01nn02.mws.mds.xyz
Because locally visible hostnames aren't externally, /etc/hosts modifications are necessary in this case to make the self signed certificates happy:
[root@cm-awn01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
100.100.100.10 cm-awn01.nix.mds.xyz cm-awn01
10.0.0.6 cm-awn01.nix.mds.xyz cm-awn01
123.123.123.123 srv-c01.mws.mds.xyz
123.123.123.123 cm-r01nn01.mws.mds.xyz
123.123.123.123 cm-r01nn02.mws.mds.xyz
[root@cm-awn01 ~]#
Ensure your Cloudera Agent Config matches:
[root@cm-awn01 ~]# cat /etc/cloudera-scm-agent/config.ini|grep server
server_host=srv-c01.mws.mds.xyz
Hackish but works.
GL,
TK