Getting graceful shut -down to work on a TLS secured presto cluster can take a few tries. This script should do it for you easily as an example.
It mines the private key and cert out of your p12 file and it calls CURL with them and with https set up.
- You need to use your nodes’ proper DNS names that match the cert (e.g. *.app.company.com).
- You need to specify https protocol.
- I use port 8321 on presto which is not standard. So, you may want to update that.
# Import JKS file to p12. keytool -importkeystore -srckeystore mycert.jks -srcstorepass SomePassword -srcalias myapp.mycompany.com -destalias myapp.mycompany.com -destkeystore mycert.p12 -deststoretype PKCS12 -deststorepass SomePassword # Get key and cert out of p12. openssl pkcs12 -in mycert.p12 -out mycert.key.pem -nocerts -nodes openssl pkcs12 -in mycert.p12 -out mycert.crt.pem -clcerts -nokeys # Add key and cert to curl call for graceful shutdown endpoint. curl -E ./mycert.crt.pem --key ./mycert.key.pem -v -XPUT --data '"SHUTTING_DOWN"' -H "Content-type: application/json" https://ip-10-254-98-5.myapp.mycompany.com:8321/v1/info/state --insecure