...
Make sure you have the following files in
.pemformat - use exactly the file names listed below:CA certificate -
custom-es-ca-cert.pemServer certificate -
dpod-es-server-cert.pemServer certificate key -
dpod-es-server-key.pem
In a Cell Environment, perform all the steps on the cell manager as well as all the cell members.
Log in to DPOD's server using SSH.
Create new custom keys directory
Code Block mkdir -p /app/keys/store/custom
Copy the
pemfiles to this directory. i.e.:Code Block ls /app/keys/store/custom custom-es-ca-cert.pem dpod-es-server-cert.pem dpod-es-server-key.pem
Create CA certificate bundle:
Code Block cat /app/keys/store/dpod-es-ca-cert.pem /app/keys/store/custom/custom-es-ca-cert.pem > /app/keys/store/custom/dpod-es-ca-cert.pem
Deploy the files to the Store server nodes:
Code Block # version 1.0.15.0 and above ls -d1 /app/opensearch_nodes/config/MonTier-es-raw-trans-*/certs | xargs -I ddd cp -f /app/keys/store/dpod-es-*.pem ddd # version 1.0.14.0 ls -d1 /app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/certs | xargs -I ddd cp -f /app/keys/store/custom/dpod-es-*.pem ddd
Configure the Store server nodes with the new DN:
Code Block # version 1.0.15.0 and above ls -1 /app/opensearch_nodes/config/MonTier-es-raw-trans-*/opensearch.yml | xargs -I fff sed -i "s#plugins.security.nodes_dn:.*#plugins.security.nodes_dn: ['$(openssl x509 -subject -nameopt RFC2253 -noout -in /app/keys/store/custom/dpod-es-server-cert.pem | sed 's/subject= //')']#" fff # version 1.0.14.0 ls -1 /app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/elasticsearch.yml | xargs -I fff sed -i "s#opendistro_security.nodes_dn:.*#opendistro_security.nodes_dn: ['$(openssl x509 -subject -nameopt RFC2253 -noout -in /app/keys/store/custom/dpod-es-server-cert.pem | sed 's/subject= //')']#" fff
Stop and start all the application services using
app-util.shStop and start Syslog and WS-M agents:
app-utils.sh → Stop Service → syslog → stop up to this service
app-utils.sh → Start Service → wsm → start up to this service