Versions Compared

Version Old Version 1 New Version 2
Changes made by

Avi Falah

Amit Munwes

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Prerequisites

  1. DPOD installed in version 1.0.14.0 or above.

  2. Certificate and Key files provided in “.pem“ format.

Update Certificate

...

The system encrypts the communication between the Store nodes with self-signed certificates generated during the installation.

Use the following procedure to replace these certificates.

  1. Make sure you have the new certificate and key files provided in .pem format.

  2. In a Cell Environment, perform all the steps on the cell manager and as well as all the cell members.

  3. Set the config path prefix parameter:

    Code Block
    STORE_CONFIG_PREFIX="/app/opensearch_nodes/config/MonTier-es-raw-trans-"

    1. For 1.0.14.0 use:

      Code Block
      STORE_CONFIG_PREFIX="/app/elasticsearch_nodes/config/MonTier-es-raw-trans-"

  4. Log in to DPOD's server using SSH.

  5. Create new custom keys directory

    Code Block
    mkdir -p /app/keys/store/custom

  6. Copy the key and certificate pem files to this directory. i.e.:

    Code Block
    ls /app/keys/store/custom
my-cert.pem  my-key.pem

  7. Deploy key and certificate pem files to all Store nodes:

    Code Block
    ls -d1 ${STORE_CONFIG_PREFIX}/app/opensearch_nodes/config/MonTier-es-raw-trans-*/certs | xargs -I ffddd cp -f /app/keys/store/custom/<certificate* ddd
fileIn name> ffversion 1.0.14.0:
ls -d1 ${STORE_CONFIG_PREFIX}/app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/certs | xargs -I ffddd cp -f /app/keys/store/custom/<key file name> ff* ddd

  8. Update file names in Store nodes configuration files .(replace <certificate file name> and <key file name> in the command below):

    Code Block
    ls -1 ${STORE_CONFIG_PREFIX}/app/opensearch_nodes/config/MonTier-es-raw-trans-*/opensearch.yml | xargs -I fffff sed -i "s|plugins.security.ssl.http.pemcert_filepath:.*|plugins.security.ssl.http.pemcert_filepath: certs/<certificate file name>|" fffff
ls -1 ${STORE_CONFIG_PREFIX}/app/opensearch_nodes/config/MonTier-es-raw-trans-*/opensearch.yml | xargs -I fffff sed -i "s|plugins.security.ssl.http.pemkey_filepath:.*|plugins.security.ssl.http.pemkey_filepath: certs/<key file name>|" ff
    For 
     fff
In version 1.0.14.0
    use
    :
    Code Block
    
ls -1
    ${STORE_CONFIG_PREFIX}
    /app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/elasticsearch.yml | xargs -I
    ff
    fff sed -i "s|opendistro_security.ssl.http.pemcert_filepath.*|opendistro_security.ssl.http.pemcert_filepath: certs/<certificate file name>|"
    ff
    fff
ls -1
    ${STORE_CONFIG_PREFIX}
    /app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/elasticsearch.yml | xargs -I
    ff
    fff sed -i "s|opendistro_security.ssl.http.pemkey_filepath.*|opendistro_security.ssl.http.pemkey_filepath: certs/<key file name>|"
    ff
    fff

  9. Stop and start all the application services using app-util.sh

  10. Cell Environment users should stop and start Syslog and WS-M agents in all cell members from app-util.sh:

    1. app-utils.sh → Stop Service → syslog → stop only this service

    2. app-utils.sh → Stop Service → wsm → stop only this service

    3. app-utils.sh → Start Service → syslog → start only this service

    4. app-utils.sh → Start Service → wsm → start only this service

...