xdu-chenrj commented on code in PR #16673: URL: https://github.com/apache/dolphinscheduler/pull/16673#discussion_r1805930913
########## docs/docs/en/guide/installation/cluster.md: ########## @@ -8,6 +8,70 @@ If you are a new hand and want to experience DolphinScheduler functions, we reco Cluster deployment uses the same scripts and configuration files as [pseudo-cluster deployment](pseudo-cluster.md), so the preparation and deployment steps are the same as pseudo-cluster deployment. The difference is that pseudo-cluster deployment is for one machine, while cluster deployment (Cluster) is for multiple machines. And steps of "Modify Configuration" are quite different between pseudo-cluster deployment and cluster deployment. +## Enable SSL (optional) + +In cluster deployment, you can enable SSL authentication. Secure Sockets Layer, SSL, abbreviated as SSL, is a secure protocol that encrypts transmitted data to ensure that information is not eavesdropped or tampered with during transmission. In addition, it can authenticate servers and ensure data integrity. + +To enable SLL authentication, you have two things to do. Firstly, you need to generate `cert.crt` and `private.pem` files. + +Step 1: Install OpenSSL + +Firstly, ensure that you have installed OpenSSL. In most Linux distributions, OpenSSL is usually pre installed. If not, you can install it using the following command: + +On Ubuntu/Debian: + +```bash +sudo apt-get install openssl +``` + +On CentOS/RHEL: + +```bash +sudo yum install openssl +``` + +Step 2: Generate private key (private.pem) + +Open the terminal and run the following command to generate a private key: + +```bash +openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:2048 +``` + +This command will generate a 2048 bit RSA private key and save it as a private.pem file. + +Step 3: Generate Certificate Signing Request (CSR) + +Before generating a certificate, you need to generate a Certificate Signing Request (CSR). Run the following command: + +```bash +openssl req -new -key private.pem -out request.csr +``` + +This command will prompt you to enter some information, such as country, state/province, organization name, etc. The information you input will be embedded into the generated certificate. + +Step 4: Generate a self signed certificate (cert.crt) + +Use CSR to generate self signed certificates. Run the following command: + +```bash +openssl x509 -req -days 365 -in request.csr -signkey private.pem -out cert.crt +``` + +This command will generate a self signed certificate with a validity period of 365 days and save it as a cert.crt file. + +Then modify the `application.yaml` file in the `dolphinscheduler-master`, `dolphinscheduler-worker`, and `dolphinscheduler-api` modules. Review Comment: ok -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
