I'm working on adding load balancer in front of my Impala deamons.
I will be using AWS ELB
As this is my first time I have few queries that are bothering me:
When I create ELB which SSL certificate should I provide, the root CA certificate or the ones that cloudera manager creates while configuring AUTO_TLS, for example cm-auto-global_cacerts.pem? (My Cluster is already kerberized and TLS/SSL is enabled)
Once the ELB is created, I will have to add the information to Impala service setting in CM and regenerate the Kerberos Credential. Will I be able to revert if something goes wrong in the process? I mean, if I remove the added configuration from Impala service setting in CM and restart, will it safely go back to working as before?
For internal CA signed certificates, I would think you only need Root CA certificate to be installed on the client side, after you have your intermediate certificates imported into server side key store file.