Created on 03-06-2018 12:27 PM - edited 09-16-2022 05:56 AM
We have enabled SSL on Hadoop cluster using SSL certificate per host method. Now we want to add nodes in cluster. How to add new nodes in SSL enabled cluster without restarting services of cluster?
How new truststores are reflected after adding new node? Do we need to manually copy truststore file on all nodes of cluster?
Is there any provision in Ambari by which it will automatically take modified truststore?
Please suggest.
Thanks,
Bhushan
Created 03-06-2018 01:20 PM
How to add new nodes in SSL enabled cluster without restarting services of cluster?
Via hosts menu in Ambari you can add your new hosts.
How new truststores are reflected after adding new node?
If you are using host based ssl's then you should add all public certs of each host to the truststore. If you are using wildcard based certs then you just need to create the new truststore with the wildcards in your new hosts.
Do we need to manually copy truststore file on all nodes of cluster?
You should have the truststore in all hosts so that the hosts can trust each others in the comms.
Is there any provision in Ambari by which it will automatically take modified truststore?
In each service you usually will find a SSL location path, this path will be your JKS path. If you don't change the JKS name and path then it will be always picked up automatically.
Hope it helps!
Gonçalo
Created 03-06-2018 01:20 PM
How to add new nodes in SSL enabled cluster without restarting services of cluster?
Via hosts menu in Ambari you can add your new hosts.
How new truststores are reflected after adding new node?
If you are using host based ssl's then you should add all public certs of each host to the truststore. If you are using wildcard based certs then you just need to create the new truststore with the wildcards in your new hosts.
Do we need to manually copy truststore file on all nodes of cluster?
You should have the truststore in all hosts so that the hosts can trust each others in the comms.
Is there any provision in Ambari by which it will automatically take modified truststore?
In each service you usually will find a SSL location path, this path will be your JKS path. If you don't change the JKS name and path then it will be always picked up automatically.
Hope it helps!
Gonçalo
Created 03-07-2018 04:54 AM
Thanks @Gonçalo Cunha