Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

name nodes not working after Ssl encryption

Labels:
avatar
author-rank VaibhavG
New Contributor

Created on ‎08-06-2020 01:16 PM - last edited on ‎08-06-2020 02:24 PM by Community Manager Community Manager

I did a setup of Cloudera ( CDH 6.3) cluster with two Namenodes(High availability enabled) and two Datanodes . Then i enabled kerberos . 

Now i want to generate keystore and truststore files and enable ssl encryption on the cluster. How to do it ? I tried generating keystore and truststore with java keytool on each node and enabled hadoop ssl also , with paths and passwords to keystore and truststore.But now when i run hdfs service ,my namenodes are down . Could someone list exact steps i should follow from generating keystores to enabling ssl encryption?

1,100 Views
0 Kudos
3 REPLIES 3

avatar
author-rank SagarKanani
Contributor

Created ‎08-07-2020 05:24 AM

How are you trying to enable SSL? Are you using self signed certificates or signed certificates from Certificate Authority? Are you doing 1 way SSL or 2 way SSL?

A general rule is that you should import server certificates in clients truststore and in case of HDFS daemons they act as both servers and clients so it requires additional setup to import certificates on both the hosts.

Hope this helps.

1,071 Views
0 Kudos

avatar
author-rank VaibhavG
New Contributor

Created ‎08-07-2020 04:07 PM

.

I enabled Hadoop TLS\SSL configuration on cloudera manager and created self signed certificates on my cluster which will be the server.  I am not sure whether the configuration creates one way ssl or two way ssl . But i want just the server to authenticate the client , so i guess my requirement is one way ssl . But the problem is after enabling that configuration , hdfs service doesnot start  and the namenodes are neither in active mode nor in standby, they just appear as namenodes . So, i have not been able to connect to my server through my client as hdfs service is not even running on my server.

1,063 Views
0 Kudos

avatar
author-rank SagarKanani
Contributor

Created ‎08-10-2020 01:02 AM

Can you provide errors from hdfs log file ? It seems to me that it is likely to be a handshake problem but logs can give more insight. You should double check the keystore and truststore (i am not sure of Cloudera Manager) to understand they are setup correctly.

1,038 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements