The following steps show how to patch a secure cluster when you are unable to
establish a secure connection. Once the fix is complete, no further action is required
except to access the Control System and other web interfaces, such as the JobTracker UI
and the ResourceManager UI.
-
Determine which nodes in the cluster run the webserver role. For example:
$ maprcli node list -columns configuredservice -filter '[configuredservice==webserver]'
hostname configuredservice ip
centos21 webserver,nodemanager,cldb,fileserver,resourcemanager,hoststats 10.10.82.21
-
Perform the following steps on each webserver node:
-
Download the script from the following location: https://package.mapr.com/scripts/mcs/
wget https://package.mapr.com/scripts/mcs/fixssl
-
Run the following command to update the permissions on the file:
-
Run the following command to run the script:
Once you run the script, the following is displayed:
Webserver restarted. Issue should be resolved"
The fixssl script performs the following steps on a node in a secure cluster:
- Updates manageSSLKeys.sh to use the new certificate cipher algorithm.
- Backs up the existing certificates so that new versions can be generated
with the new cipher algorithm:
- /opt/mapr/conf/ssl_keystore is renamed to
/opt/mapr/conf/ssl_keystore_old
- /opt/mapr/comf/ssl_truststore is renamed to
/opt/mapr/comf/ssl_truststore_old
- Runs
/opt/mapr/server/configure.sh -R to generate new
versions of the keystore and truststore files.
- Restarts the webserver.