Versions Compared

Version Old Version 3 New Version 4
Changes made by

Avi Falah

Avi Falah

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Make sure you have the new certificate and key files provided in .pem format.

  2. In a Cell Environment, perform all the steps on the cell manager as well as all the cell members.

  3. Log in to DPOD's server using SSH.

  4. Create new custom keys directory

    Code Block
    mkdir -p /app/keys/store/custom

  5. Copy the key and certificate files to this directory. i.e.:

    Code Block
    ls /app/keys/store/custom
custom-es-ca-cert.pem dpod-es-server-cert.pem dpod-es-server-key.pem

  6. Create certificate chain:

    Code Block
    cat /app/keys/store/dpod-es-ca-cert.pem /app/keys/store/custom/custom-es-ca-cert.pem > /app/keys/store/custom/dpod-es-ca-cert.pem

  7. Deploy the files to Store server nodes:

    Code Block
    # version 1.0.15.0 and above
ls -d1 /app/opensearch_nodes/config/MonTier-es-raw-trans-*/certs | xargs -I ddd cp -f /app/keys/store/dpod-es-*.pem ddd

# version 1.0.14.0
ls -d1 /app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/certs | xargs -I ddd cp -f /app/keys/store/custom/dpod-es-*.pem ddd

  8. Configure Store server to accept the domain certified:

    Code Block
    # version 1.0.15.0 and above
ls -1 /app/opensearch_nodes/config/MonTier-es-raw-trans-*/opensearch.yml | xargs -I fff sed -i "/plugins.security.nodes_dn:.*/d" fff
ls -1 /app/opensearch_nodes/config/MonTier-es-raw-trans-*/opensearch.yml | xargs -I fff sed -i "/ - 'CN=.*/d" fff
ls -1 /app/opensearch_nodes/config/MonTier-es-raw-trans-*/opensearch.yml | xargs -I fff sh -c "echo \"plugins.security.nodes_dn:\" >> fff"
ls -1 /app/opensearch_nodes/config/MonTier-es-raw-trans-*/opensearch.yml | xargs -I fff sh -c "echo \"  - '$(openssl x509 -subject -nameopt RFC2253 -noout -in /app/keys/store/custom/dpod-es-server-cert.pem | sed 's/subject= //')'\" >> fff"

# version 1.0.14.0
ls -1 /app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/elasticsearch.yml | xargs -I fff sed -i "/opendistro_security.nodes_dn:.*/d" fff
ls -1 /app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/elasticsearch.yml | xargs -I fff sed -i "/ - 'CN=.*/d" fff
ls -1 /app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/elasticsearch.yml | xargs -I fff sh -c "echo \"opendistro_security.nodes_dn:\" >> fff"
ls -1 /app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/elasticsearch.yml | xargs -I fff sh -c "echo \"  - '$(openssl x509 -subject -nameopt RFC2253 -noout -in /app/keys/store/custom/dpod-es-server-cert.pem | sed 's/subject= //')'\" >> fff"

  9. Stop and start all the application services using app-util.sh

  10. Cell Environment users should stop and start Syslog and WS-M agents in all cell members from app-util.sh:

    1. app-utils.sh → Stop Service → syslog → stop only this serviceapp-utils.sh → Stop Service → wsm → stop only up to this service

    2. app-utils.sh → Start Service → syslog start only this serviceapp-utils.sh → Start Service → wsm → start only up to this service