Support Questions

Find answers, ask questions, and share your expertise

Configuring AWS load balancer for Kerberized & SSL enabled Impala

Hi Community,

I'm working on adding load balancer in front of my Impala deamons. 

I will be using AWS ELB

As this is my first time I have few queries that are bothering me:

  1. When I create ELB which SSL certificate should I provide, the root CA certificate or the ones that cloudera manager creates while configuring AUTO_TLS, for example cm-auto-global_cacerts.pem? (My Cluster is already kerberized and TLS/SSL is enabled)
  2. Once the ELB is created, I will have to add the information to Impala service setting in CM and regenerate the Kerberos Credential. Will I be able to revert if something goes wrong in the process? I mean, if I remove the added configuration from Impala service setting in CM and restart, will it safely go back to working as before?

 

Thank you in advance.

3 REPLIES 3

Guru
@SnehasishRSC ,

For 1. , what encryption method do you use to set LB for Impala?
https://www.cloudera.com/documentation/enterprise/5-14-x/topics/impala_proxy.html#concept_u3z_dwp_sg...

And are you using self-signed or CA signed certificate for your current TLS/SSL setup?

For 2. , yes you just need to remove the LB configuration for Impala in CM and then restart services, it should be back to previous configured state.

Cheers
Eric

Hi @EricL,

 

Thank you for your reply.

We use Client/Server SSL encryption method with a CA signed certificate.

 

Best,

Snehasish

Guru
Hi Snehasish,

For internal CA signed certificates, I would think you only need Root CA certificate to be installed on the client side, after you have your intermediate certificates imported into server side key store file.

Cheers
Eric
Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.