Level 1: Configuring TLS Encryption for Cloudera Manager Agents
Minimum Required Role: Cluster Administrator (also provided by Full Administrator)
Prerequisite:
This section assumes you have already completed the steps described at Configuring TLS Encryption Only for Cloudera Manager.
Step 1: Enable Agent Connections to Cloudera Manager to use TLS
In this step you will enable TLS properties relative to the Cloudera Manager Agents and their connections to the Cloudera Manager Server. To configure agents to connect to CM over TLS, Log into the Cloudera Manager Admin Console.
- Log into the Cloudera Manager Admin Console.
- Select .
- Click the Security category.
- Configure the following TLS settings in the Cloudera Manager Server:
Property Description Use TLS Encryption for Agents Enable TLS encryption for Agents connecting to the Server. The Agents will still connect to the defined agent listener port for Cloudera Manager (default: 7182). This property will negotiate TLS connections to the service at this point. - Click Save Changes.
Step 2: Enable and Configure TLS on the Agent Hosts
- On the Agent host, open the /etc/cloudera-scm-agent/config.ini configuration file:
- Edit the following property in the /etc/cloudera-scm-agent/config.ini configuration file.
Property Description use_tls Specify 1 to enable TLS on the Agent, or 0 (zero) to disable TLS. - Repeat these steps on every Agent host. You may copy the Agent’s config.ini file across all hosts as the file by default does not have host specific information within it. If you modify properties such as listening_hostname or listening_ip address in config.ini, then per-host configuration of the file will be necessary.
Step 3: Restart the Cloudera Manager Server
Restart the Cloudera Manager Server with the following command to activate the TLS configuration settings.
$ sudo service cloudera-scm-server restart
Step 4: Restart the Cloudera Manager Agents
On every Agent host, restart the Agent:
$ sudo service cloudera-scm-agent restart
Step 5: Verify that the Server and Agents are Communicating
In the Cloudera Manager Admin Console, open the Hosts page. If the Agents heartbeat successfully, TLS encryption is working properly.