This repo has the code and instructions needed to generate keys and certificates and update properties in Ambari to enable SSL across HDP and HDF services. The project splits into two pieces:
- certificate-generator.sh: Generates the keys and certificates needed. It will also push them out to the machines. You will need passwordless SSH
- wizard.py: it updates the properties in Ambari based on the keys and certificates. If you need to edit more properties or enroll new services, edit the definitions files
- LocalAuthority: Generate local CA, generate truststore and keystores, and push to servers.
- RemoteAuthorityGenerateCSR: Generate keystore and CSR's to be signed be a remote authority.
- RemoteAuthorityImportCertsAndPush: Import certs generated by remote authority. Naming should shorthostame.cer. RemoteAuthorityGenerateCSR must be run first and CSR's from that signed
You will need passwordless SSH to allow the script to push out the keys and certificates. It will also update java's CA store
It has to be executed on the Ambari Server as it requires Ambari wrappers to push out the configs
- -h, --help show this help message and exit
- -S PROTOCOL, --protocol=PROTOCOL default is http, set to https if required
- -P PORT, --port=PORT Set Ambari Protocol (HTTP or HTTPS)
- -u USERNAME, --username=USERNAME Ambari Username
- -p PASSWORD, --password=PASSWORD Ambari Password
- -H HOST, --host=HOST Ambari Host
- -C CONFIGS, --configfile=CONFIGS Config file containing key and truststore information
Use the instructions in the cloudbreak folder