Behavioral changes in Cloudera Management Console

Behavioral changes denote a marked change in behavior from the previously released version to Cloudera Management Console service.

Summary:

Cloudera environments require more secure SSH keys

Previous behavior:

Cloudera Data Hub clusters could be created without any failure using older SSH keys.

New behavior:

Due to security improvements, Cloudera environments require BC FIPS SSH keys. When the Cloudera environment does not have an SSH key with sufficient strength, the Cloudera Data Hub cluster provisioning fails. In this case, you need to generate an SSH key that complies with BC FIPS, and replace the existing SSH key with the newly generated one in the Cloudera environment. After updating the SSH key, Cloudera recommends rotating the Cloudbreak user root SSH public key for FreeIPA, Data Lake and the Cloudera Data Hub clusters.

You can update and rotate the SSH key using the following steps:

• UI steps
• CLI steps

1. Navigate to Cloudera Management Console, and your environment.
2. Select Summary tab, and scroll down to the Advanced section.

   

3. Click Edit, and provide the New SSH public key.

   

4. Click Save.
   After saving the changes, you can rotate the Cloudbreak user root SSH public key for FreeIPA, Data Lake and the Cloudera Data Hub clusters. For more information, see the following documentations:

   • Rotating FreeIPA secrets
   • Rotating Data Lake secrets
   • Rotating Cloudera Data Hub secrets

Use the following CLI command to update the SSH key for the Cloudera environment.

cdp environments update-ssh-key --environment [***ENVIRONMENT NAME***] --new-public-key [***NEW SSH KEY***]

After updating the SSH key in CDP CLI, you can rotate the Cloudbreak user root SSH public key for FreeIPA, Data Lake and the Cloudera Data Hub clusters. For more information, see the following documentations:

• Rotating FreeIPA secrets
• Rotating Data Lake secrets
• Rotating Cloudera Data Hub secrets