Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Configuring AWS load balancer for Kerberized & SSL enabled Impala

SnehasishRSC
Explorer

Created on ‎09-11-2019 11:07 AM - last edited on ‎09-12-2019 04:58 AM by Community Manager Community Manager

Hi Community,

I'm working on adding load balancer in front of my Impala deamons. 

I will be using AWS ELB

As this is my first time I have few queries that are bothering me:

  1. When I create ELB which SSL certificate should I provide, the root CA certificate or the ones that cloudera manager creates while configuring AUTO_TLS, for example cm-auto-global_cacerts.pem? (My Cluster is already kerberized and TLS/SSL is enabled)
  2. Once the ELB is created, I will have to add the information to Impala service setting in CM and regenerate the Kerberos Credential. Will I be able to revert if something goes wrong in the process? I mean, if I remove the added configuration from Impala service setting in CM and restart, will it safely go back to working as before?

 

Thank you in advance.

739 Views
0 Kudos
3 REPLIES 3

EricL
Guru

Created ‎09-12-2019 04:31 AM

@SnehasishRSC ,

For 1. , what encryption method do you use to set LB for Impala?
https://www.cloudera.com/documentation/enterprise/5-14-x/topics/impala_proxy.html#concept_u3z_dwp_sg...

And are you using self-signed or CA signed certificate for your current TLS/SSL setup?

For 2. , yes you just need to remove the LB configuration for Impala in CM and then restart services, it should be back to previous configured state.

Cheers
Eric
725 Views
0 Kudos

SnehasishRSC
Explorer

Created ‎09-13-2019 03:54 AM

Hi @EricL,

 

Thank you for your reply.

We use Client/Server SSL encryption method with a CA signed certificate.

 

Best,

Snehasish

711 Views
0 Kudos

EricL
Guru

Created ‎09-15-2019 03:48 PM

Hi Snehasish,

For internal CA signed certificates, I would think you only need Root CA certificate to be installed on the client side, after you have your intermediate certificates imported into server side key store file.

Cheers
Eric
695 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Community Announcements
January 2023 Community Highlights
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector 2.6.30 for Impala is Released
What's New @ Cloudera
Cloudera Operational Database (COD) provides a CLI option to enable HBase region canaries
What's New @ Cloudera
Cloudera Operational Database (COD) supports creating an operational database using a predefined Data Lake template
What's New @ Cloudera
Cloudera Operational Database (COD) supports configuring JWT authentication for your HBase clients
View More Announcements