Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to add New Host in SSL Enabled Cluster without restarting services?

Solved Go to solution
Highlighted

How to add New Host in SSL Enabled Cluster without restarting services?

Contributor

We have enabled SSL on Hadoop cluster using SSL certificate per host method. Now we want to add nodes in cluster. How to add new nodes in SSL enabled cluster without restarting services of cluster?

How new truststores are reflected after adding new node? Do we need to manually copy truststore file on all nodes of cluster?

Is there any provision in Ambari by which it will automatically take modified truststore?

Please suggest.

Thanks,

Bhushan

1 ACCEPTED SOLUTION

Accepted Solutions

Re: How to add New Host in SSL Enabled Cluster without restarting services?

Contributor

Hi @Bhushan Kandalkar,

How to add new nodes in SSL enabled cluster without restarting services of cluster?

Via hosts menu in Ambari you can add your new hosts.

How new truststores are reflected after adding new node?

If you are using host based ssl's then you should add all public certs of each host to the truststore. If you are using wildcard based certs then you just need to create the new truststore with the wildcards in your new hosts.

Do we need to manually copy truststore file on all nodes of cluster?

You should have the truststore in all hosts so that the hosts can trust each others in the comms.

Is there any provision in Ambari by which it will automatically take modified truststore?

In each service you usually will find a SSL location path, this path will be your JKS path. If you don't change the JKS name and path then it will be always picked up automatically.

Hope it helps!

Gonçalo

View solution in original post

2 REPLIES 2

Re: How to add New Host in SSL Enabled Cluster without restarting services?

Contributor

Hi @Bhushan Kandalkar,

How to add new nodes in SSL enabled cluster without restarting services of cluster?

Via hosts menu in Ambari you can add your new hosts.

How new truststores are reflected after adding new node?

If you are using host based ssl's then you should add all public certs of each host to the truststore. If you are using wildcard based certs then you just need to create the new truststore with the wildcards in your new hosts.

Do we need to manually copy truststore file on all nodes of cluster?

You should have the truststore in all hosts so that the hosts can trust each others in the comms.

Is there any provision in Ambari by which it will automatically take modified truststore?

In each service you usually will find a SSL location path, this path will be your JKS path. If you don't change the JKS name and path then it will be always picked up automatically.

Hope it helps!

Gonçalo

View solution in original post

Highlighted

Re: How to add New Host in SSL Enabled Cluster without restarting services?

Contributor
Don't have an account?
Coming from Hortonworks? Activate your account here