Level 0: Basic TLS/SSL Configuration
- Privileges as user root (able to sudo) on the hosts that comprise the cluster;
- Cloudera Manager Admin Console role of Cluster Administrator or Full Administrator.
Cloudera Management Service and TLS/SSL
Configuring TLS/SSL on any server affects how clients interact with that server. For browsers, which communicate over HTTP, TLS/SSL configured on a server host redirects traffic from the HTTP port (7180) to the secure HTTP port, HTTPS (7183). When TLS Level 0 configuration is complete, the Cloudera Management Service roles are enabled for TLS encryption. Similarly, RPC clients are redirected to their secure port.
Cloudera Management Service Roles and HTTPS Communications
|HTTPS Client||Web servers (HTTPS Service)|
|Role||Cloudera Manager Server||Name Node||Job Tracker||Oozie||Impala||YARN|
When the cluster starts, these Cloudera Management Service roles connect to the Cloudera Manager Server and access the truststore to validate the Cloudera Manager Server's certificate and complete the TLS/SSL connection.
Level 0 is comprises the preliminary tasks that will be used in subsequent levels. The tasks include: