Simple Tool to Enable SSL/TLS for CM/CDH Cluster
Cloudera

Simple Tool to Enable SSL/TLS for CM/CDH Cluster

Cloudera

Since earlier this year, Cloudera has started a new program that allows each Support Engineer to do a full week offline self-learning. Topics can be chosen by each individual engineer so long as the outcome has a value to the business, It can be either the engineer skilled up with a certification that helps with day to day work, or a presentation to share with the rest of the team what he/she had learnt from the week doing self-learning. Last week, from 27th of August to 31st of August was my turn.

After a careful consideration, I thought that my knowledge on SSL/TLS area needed to be skilled up, so I had decided to find some SSL/TLS related courses on either SafariOnline or Lynda, and then see if I could try to enable Cloudera Manager as well as most of the CDH services with SSL/TLS, ideally to put everything into a script so that this process can be automated. I discussed this with my manager and we agreed on my plan.

On the first two days, I found a couple of very useful video courses from Lynda.com, see below link:

SSL Certificates For Web Developers
Learning Secure Sockets Layer

They were very useful in helping me getting a better understanding of the fundamental of SSL/TLS and how to generate keys and sign the cerficate all by yourself.

After that I reviewed Cloudera’s official online documentation on how to enable SSL/TLS for Cloudera Manager as well as the rest of CDH services and built a little tool that is written in shell script to allow anyone to generate certificates on the fly and enable SSL/TLS for his/her cluster with a simple couple of commands.

The documentation links can be found below:

Configuring TLS Encryption for Cloudera Manager
Configuring TLS/SSL Encryption for CDH Services

I have published this little tool on github and is available here. Currently it supports enabling SSL/TLS for the following services:

Cloudera Manager (from Level 1 to Level 3 security)
HDFS
YARN
Hive
Impala
Oozie
HBase
Hue

With this tool, user can enable SSL/TLS for any of the above services with ease in a few minutes.

If you have any suggestions or comments, please leave them in the comment section below, thanks.

Other posts that you might also be interested:

  1. ericlin.me Secured with SSL signed by “Let’s Encrypt”
  2. How to determine the cause of a simple COUNT(*) query to run slow
  3. Leap Second Caused Hadoop Cluster’s Slowness
  4. Enable Snappy Compression For Flume
  5. How to enable HiveServer2 audit log through Cloudera Manager
  6. Enable Debug Logging for YARN Application in Hive

Powered by YARPP.

2 Comments

  1. staticor
    Reply

    Wow !

    I just find some issues about mapreduce output stuff and wonder into your blog.

    It’s so meaningful and helpful, do a lot for me!

    Thanks for your writing and sharing-picks!

Leave a Reply

Your email address will not be published.

My new Snowflake Blog is now live. I will not be updating this blog anymore but will continue with new contents in the Snowflake world!