Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Advanced Search
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Configuring AWS load balancer for Kerberized & SSL enabled Impala

Highlighted

Configuring AWS load balancer for Kerberized & SSL enabled Impala

SnehasishRSC
Explorer

Created on ‎09-11-2019 11:07 AM - last edited on ‎09-12-2019 04:58 AM by Community Manager VidyaSargur Community Manager

Hi Community,

I'm working on adding load balancer in front of my Impala deamons. 

I will be using AWS ELB

As this is my first time I have few queries that are bothering me:

  1. When I create ELB which SSL certificate should I provide, the root CA certificate or the ones that cloudera manager creates while configuring AUTO_TLS, for example cm-auto-global_cacerts.pem? (My Cluster is already kerberized and TLS/SSL is enabled)
  2. Once the ELB is created, I will have to add the information to Impala service setting in CM and regenerate the Kerberos Credential. Will I be able to revert if something goes wrong in the process? I mean, if I remove the added configuration from Impala service setting in CM and restart, will it safely go back to working as before?

 

Thank you in advance.

Reply
337 Views
0 Kudos
3 REPLIES 3

Re: Configuring AWS load balancer for Kerberized & SSL enabled Impala

EricL
Guru

Created ‎09-12-2019 04:31 AM

@SnehasishRSC ,

For 1. , what encryption method do you use to set LB for Impala?
https://www.cloudera.com/documentation/enterprise/5-14-x/topics/impala_proxy.html#concept_u3z_dwp_sg...

And are you using self-signed or CA signed certificate for your current TLS/SSL setup?

For 2. , yes you just need to remove the LB configuration for Impala in CM and then restart services, it should be back to previous configured state.

Cheers
Eric
Reply
323 Views
0 Kudos
Highlighted

Re: Configuring AWS load balancer for Kerberized & SSL enabled Impala

SnehasishRSC
Explorer

Created ‎09-13-2019 03:54 AM

Hi @EricL,

 

Thank you for your reply.

We use Client/Server SSL encryption method with a CA signed certificate.

 

Best,

Snehasish

Reply
309 Views
0 Kudos
Highlighted

Re: Configuring AWS load balancer for Kerberized & SSL enabled Impala

EricL
Guru

Created ‎09-15-2019 03:48 PM

Hi Snehasish,

For internal CA signed certificates, I would think you only need Root CA certificate to be installed on the client side, after you have your intermediate certificates imported into server side key store file.

Cheers
Eric
Reply
293 Views
0 Kudos
Don't have an account?
Register
Coming from Hortonworks? Activate your account here