Patching a Non-Secure Cluster
About this task
Procedure
-
Determine which nodes in the cluster run the webserver role. For example:
$ maprcli node list -columns configuredservice -filter '[configuredservice==webserver]' hostname configuredservice ip centos21 webserver,nodemanager,cldb,fileserver,resourcemanager,hoststats 10.10.82.21
-
Perform the following steps on each webserver node:
Once you run the script, the following is displayed:
Webserver restarted. Issue should be resolved"
Results
The fixssl script performs the following steps on a node in a secure cluster:
- Updates manageSSLKeys.sh to use the new certificate cipher algorithm.
- Backs up the existing certificates so that new versions can be generated
with the new cipher algorithm:
/opt/mapr/conf/ssl_keystore
is renamed to/opt/mapr/conf/ssl_keystore_old
/opt/mapr/comf/ssl_truststore
is renamed to/opt/mapr/comf/ssl_truststore_old
- Runs
/opt/mapr/server/configure.sh -R
to generate new versions of the keystore and truststore files. - Restarts the webserver.