Updating the Certifcate Parcels with a Restart
If you have updated the certificates in ESA, with which the Big Data Protector is configured, then the Certificates parcel must be updated with the new certificates. The updated Certificates parcel must be utilized by all the nodes in the cluster.
To utilize the updated certificates:
Log in to the node, which contains the Big Data Protector configurator script.
Run the
BDPConfigurator_CDP-PVC-Base-7.1_<BDP_version>.shscript.The prompt to continue the configuration of the Big Data Protector appears.
***************************************************************************** Welcome to the Big Data Protector Configurator Wizard ***************************************************************************** This will setup the Big Data Protector Installation Files for CDP PVC Base Do you want to continue? [yes or no]:To start configuration of the Big Data Protector, type yes.
Press ENTER.
The prompt to select the type of installation file appears.
Big Data Protector Configurator started... Unpacking... Extracting files... Select the type of Installation files you want to generate. [ 1: Create All ] : Creates entire Big Data Protector CSDs and Parcels. [ 2: Update PTY_CERT ] : Creates new PTY_CERT parcel with an incremented patch version. Use this if you have updated the ESA certificates. [ 3: Update PTY_LOGFORWARDER_CONF ] : Creates new PTY_LOGFORWARDER_CONF parcel with an incremented patch version. Use this if you want to set Custom LogForwarder configuration files to forward logs to an External Audit Store. [ 1, 2 or 3 ]:To update ESA certificates in the
PTY_CERTparcel, type2.Press ENTER.
The prompt to select the operating system for the parcel appears.
Select the OS version for Cloudera Manager Parcel. This will be used as the OS Distro suffix in the Parcel name. [ 1: el7 ] : RHEL 7 and clones (CentOS, Scientific Linux, etc) [ 2: el8 ] : RHEL 8 and clones (CentOS, Scientific Linux, etc) [ 3: el9 ] : RHEL 9 and clones (CentOS, Scientific Linux, etc) [ 4: sles12 ] : SuSE Linux Enterprise Server 12.x Enter the no.:Depending on the requirements, type
1,2,3, or4to select the operating system version for the Big Data Protector parcels.Press ENTER.
The prompt to enter ESA hostname or IP address appears.
Enter ESA Hostname or IP Address:Enter ESA hostname or IP address.
Press ENTER.
The prompt to enter ESA host listening port appears.
Enter ESA host listening port [8443]:If you want to use the default value of ESA host listening port, which is
8443, then press ENTER.If you have configured an external proxy having connectivity with ESA to download the certificates and password binaries from ESA, then enter the external Proxy listening port.
Press ENTER.
The prompt to enter ESA JSON Web Token (JWT) appears.
If you have an existing ESA JSON Web Token (JWT) with Export Certificates role, enter it otherwise enter 'no':Note: The script silently reads the user input. Therefore, the user will be unable to see the entered JWT or
no.Enter the JWT token.
a. If you do not have an existing ESA JSON Web Token (JWT), type
no.b. Press ENTER.
The prompt to enter ESA user name appears.JWT was not provided. Script will now prompt for ESA username and password. Enter ESA Username with Export Certificates role:c. Enter ESA user name.
d. Press ENTER.
The prompt to enter the password for ESA appears.Enter Password for username '<user_name>':e. Enter ESA administrator password.
f. Press ENTER.
The script retrieves the JWT token from ESA, downloads the certificates, and generates the installation files. The prompt to enter the activated version of thePTY_CERTparcel appears.Fetching JWT from ESA.... Fetching Certificates from ESA.... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 11264 100 11264 0 0 147k 0 --:--:-- --:--:-- --:--:-- 148k ------------------------------------------------------------------------------- Generating Installation files... NOTE: You can verify the version of the activated PTY_CERT parcel from the parcel name, such as PTY_CERT-x.x.x.x_CDPx.x.p<version>-<os>.parcel, where the <version> parameter denotes the patch version of the PTY_CERT parcel. For Example: If the current activated PTY_CERT parcel is PTY_CERT-x.x.x.x_CDPx.x.p0-<os>.parcel, the patch version of the PTY_CERT parcel will be 0. Do NOT include 'p' while specifying the version. Enter the <version> of the current PTY_CERT Parcel as specified in the parcel name [0]:Press ENTER.
The script validates the JWT token from ESA, downloads the certificates, and generates the installation files. The prompt to enter the activated version of the
PTY_CERTparcel appears.Fetching Certificates from ESA.... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 11264 100 11264 0 0 147k 0 --:--:-- --:--:-- --:--:-- 148k ------------------------------------------------------------------------------- Generating Installation files... NOTE: You can verify the version of the activated PTY_CERT parcel from the parcel name, such as PTY_CERT-x.x.x.x_CDPx.x.p<version>-<os>.parcel, where the <version> parameter denotes the patch version of the PTY_CERT parcel. For Example: If the current activated PTY_CERT parcel is PTY_CERT-x.x.x.x_CDPx.x.p0-<os>.parcel, the patch version of the PTY_CERT parcel will be 0. Do NOT include 'p' while specifying the version. Enter the <version> of the current PTY_CERT Parcel as specified in the parcel name [0]:Enter the current activated patch version of the
PTY_CERTparcel.Press ENTER.
The script generates the updated certificates parcel in the
/Installation_Files/directory.The updated PTY_CERT parcel 'PTY_CERT-<BDP_version>_CDP7.1.p1-<operating_system_version>.parcel' is generated in ./Installation_Files/ directory. NOTE: Copy PTY_CERT-<BDP_version>_CDP7.1.p1-<operating_system_version>.parcel and .sha files to Cloudera Manager local parcel repository.Copy the new Certificate parcel to the local parcel repository of Cloudera Manager.
The default local parcel repository for Cloudera Manager is located in the
/opt/cloudera/parcel-repo/directory.Navigate to the local parcel repository directory.
In this case, the local parcel repository is stored in the
/opt/cloudera/parcel-repo/directory.To assign the ownership permissions for Cloudera SCM to the new Certificate parcel and checksum file, run the following command:
chown cloudera-scm:cloudera-scm PTY_*Press ENTER.
To set 640 permissions to the parcel files, run the following command.
chmod 640 PTY_*Press ENTER.
The command assigns read and write permissions to the owner, read permissions to the group, and restricts access to all other users.
Log in to the Cloudera Manager web interface.
Navigate to the Parcels page.
The Parcels page appears.
To fetch the updated parcels, click Check for New Parcels.
Cloudera Manager fetches the updated PTY_CERT parcel.
Distribute the new Certificate parcel to the nodes.
Note: For more information about distributing the new Certificate parcel, refer to the section Distributing the Big Data Protector Parcels to the Nodes.
Activate the new Certificate parcel on the nodes.
Note: For more information about activating the new Certificate parcel, refer to the section Activating the Big Data Protector Parcels on the Nodes.
Restart the BDP PEP service.
Feedback
Was this page helpful?