KBEC-00342 - Using the verifyClusterCertificate.pl script for Trusted Agents

Article ID:360032826932
1 minute readKnowledge base

When adding trusted agents to a cluster without shutting down most of the nodes, you need to invoke the verifyClusterCertificate.pl script to confirm that the certificate files from the node you selected and from ZooKeeper match.

This procedure applies for Electric CloudBees CD (CloudBees Flow) versions 6.2 and after.

  1. Contact https://support.cloudbees.com to request the verifyClusterCertificate.pl script.

  2. Put verifyClusterCertificates.pl in the root of server data directory.

Example: On Windows, use C:\ProgramData\Electric Cloud\ElectricCommander.

  1. Open the command line terminal, and change the directory to the root of server data directory.

Example: on Windows, enter cd C:\ProgramData\Electric Cloud\ElectricCommander

  1. Run the script.

Example: On Windows, enter:
C:\ProgramData\Electric Cloud\ElectricCommander>ecperl verifyClusterCertificates.pl

  1. If the current node has a matched (correct) certificate authority (CA), the output is:
    This cluster’s node contains matched conf/security folder with published in ZooKeeper.
    Current conf/security directory may be copied to other cluster’s nodes.

    Then go to the next step in the procedure to add trusted agents to a cluster in the CloudBees CD (CloudBees Flow) 6.2 Installation Guide.

  2. If the current node an unmatched (incorrect) CA, the output is:
    This cluster’s node does not contain matched conf/security folder with published in ZooKeeper.
    Current conf/security folder should be replaced with data from correct cluster’s node.

To resolve the issue, put the data from the correct cluster’s node in the current conf/security directory, and run the verifyClusterCertificate.pl script again.