Generating Certificates After Initial Installation
When you run the configure.sh
script at initial installation, but do not
specify the -genkeys
option, the script generates a
ssl_keystore
file for use by the web server for the MapR Control System.
When the configure.sh
script is run with the -genkeys
option
after initial installation, the system detects the existing ssl_keystore
file
and exits with an error to prevent inadvertent deletion or reuse of the
ssl_keystore
file.
The error message will look similar to the following example:
/opt/mapr/server/configure.sh -secure -genkeys -C $CLDB_GRP -Z $ZK_GRP -RM $RM -HS $HISTORYSERVER
<hostname1>: Configuring Hadoop-2.x at /opt/mapr/hadoop/hadoop-2.x
<hostname1>: Done configuring Hadoop
<hostname1>: CLDB node list: <hostname1>:7222,<hostname2>:7222,<hostname3>:7222 <hostname1>:
Zookeeper node list: <hostname1>:5181,<hostname2>:5181,<hostname3>:5181
<hostname1>: Node setup configuration: cldb fileserver historyserver nfs nodemanager resourcemanager webserver zookeeper
<hostname1>: Log can be found at: /opt/mapr/logs/configure.log
<hostname1>: /opt/mapr/conf/ssl_keystore already exists
<hostname1>: ERROR: could not generate ssl keys. See log file for more details
clush: <hostname1>: exited with exit code 1
On clusters without security features enabled, the contents of the
ssl_keystore
file are unique to each node. In this case, manually delete
the ssl_keystore
file on each node, then run the command configure.sh
-genkeys
.
On clusters where you have customized the contents of the ssl_keystore
file, run the command configure.sh -genkeys -nocerts
to preserve your
customizations.
For general information on security tickets and certificates, see Tickets and Certificates.