Support needed : UI not starting with TLS/SSL

[Subhash Veeravalli]

Dear CDAP UI experts,

 

We are setting up CDAP in a higher environment and unable to bring the UI up when TLS/SSL is enabled. Basically the UI works with Plain HTTP , but not when we enable TLS/SSL.  UI Logs display errors such as below :

 

default - [39mStarting CDAP UI ...

[32m[2021-04-15T16:40:07.723] [INFO] default - [39mTrying to connect to CDAP Router using URL https://xxxxxxxxxxxxx:11015/ping

[32m[2021-04-15T16:40:07.769] [INFO] default - [39mSuccessfully connected to CDAP Router.

[32m[2021-04-15T16:40:07.769] [INFO] default - [39mCDAP security is enabled.

[32m[2021-04-15T16:40:07.771] [INFO] default - [39mUI using theme file: /opt/cdap/ui/server_dist/server/config/themes/light.json

(node:17543) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'listen' of undefined

    at eval (webpack:///./server.js?:201:10)

    at process._tickCallback (internal/process/next_tick.js:68:7)

(node:17543) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)

(node:17543) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

 

Thu Apr 15 16:38:02 CEST 2021 Starting CDAP UI service on xxxxxxxxxxxxxx

[32m[2021-04-15T16:38:03.259] [INFO] default - [39mStarting CDAP UI ...

[32m[2021-04-15T16:38:04.972] [INFO] default - [39mTrying to connect to CDAP Router using URL https://xxxxxxxxxxxxxxx:11015/ping

[33m[2021-04-15T16:38:04.990] [WARN] default - [39mUnable to connect to CDAP Router. Will keep trying to connect in background.

[32m[2021-04-15T16:38:04.993] [INFO] default - [39mUI using theme file: /opt/cdap/ui/server_dist/server/config/themes/light.json

(node:10560) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'listen' of undefined

    at eval (webpack:///./server.js?:201:10)

    at process._tickCallback (internal/process/next_tick.js:68:7)

(node:10560) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)

(node:10560) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

[32m[2021-04-15T16:39:14.307] [INFO] default - [39mSuccessfully connected to CDAP Router.

[32m[2021-04-15T16:39:14.308] [INFO] default - [39mCDAP security is enabled.

Thu Apr 15 16:40:05 CEST 2021 Starting CDAP UI service on xxxxxxxxxxxxxxxxxxxxx

 

We don’t see any significant issues on router logs . Can you check and suggest any solution ?  Appreciate a quick feedback.

 

Thanks & regards,

Subhash Veeravalli

TATA Consultancy Services

M: +36 702273567

A: 1117 Budapest, Aliz Utca 4, OG3

 

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you

[Subhash Veeravalli]

Please also find log files as attached in case you would like to check. On UI log, please consider latest errors .

 

Thanks & regards,

Subhash Veeravalli

Relationship Manager

Communications, Media & IS

TATA Consultancy Services

M: +36 702273567

A: 1117 Budapest, Aliz Utca 4, OG3

[Ajai Narayanan]

Hi Subhash,

  The issue that you are seeing here is, the UI is unable to get the certificate and the key files to be used while starting the http server. I was able to reproduce this locally and the fix for this is to enable security. The UI currently assumes that if SSL is enabled the security is enabled by default.

Once you enable perimeter security and restart CDAP the UI should be up and running in port 9443. Documentation for enabling perimeter security is available here.

- Ajai

--
You received this message because you are subscribed to the Google Groups "CDAP User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cdap-user+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cdap-user/BMXPR01MB4647E8B20B84BC7963F448F6FF4D9%40BMXPR01MB4647.INDPRD01.PROD.OUTLOOK.COM.

[Csaba Hegedus]

Dear Ajai,

 

We have perimeter security enabled. I am attaching the config files and the log files from today, pwd for the zip is “cdapissue”.

 

The same setup works on another environment, while we are unable to bring this up on a new environment, where everything is clean install.

 

The certs used are alright, and file permissions are also good.

 

Please help us find out the root cause of the issue.

 

Best Regards,

Csaba Hegedus

Solution Architect

Tata Consultancy Services

Office Garden I. 5th floor

Alíz utca 1., 1117 - Budapest, Hungary

Office:   +3618868037

Mobile: +36304449852

____________________________________________

Experience certainty. IT Services

                                    Business Solutions

                                    Consulting

____________________________________________

 

From: Ajai Narayanan <ajaina...@google.com>
Sent: Thursday, April 15, 2021 8:44 PM
To: CDAP User <cdap...@googlegroups.com>
Cc: Csaba Hegedus <c.he...@tcs.com>

Subject: Re: Support needed : UI not starting with TLS/SSL

 

"External email. Open with Caution"