Installing the Data Fabric Client (FIPS)
This section describes how to prepare the client machine for the installation process in a FIPS environment.
In a FIPS or mixed FIPS/non-FIPs environment, special procedures are required to configure clients. If your environment is non-FIPS, see Installing the Data Fabric Client (Non-FIPS).
Release 7.0.0 of the HPE Ezmeral Data Fabric introduced the use of the FIPS-approved BCFKS store type. Non-FIPS secure installations continue to use the JKS and PKCS#12 store types, so this results in some changes in the client-installation procedure to connect a secure non-FIPS-enabled cluster to a FIPS-enabled cluster. The protection of key and trust store passwords using the Hadoop Credential Provider API also necessitates changes in the client-installation procedure.
Preparing and Installing the Data Fabric Client on RHEL 8.x
The steps for preparing to install the client in a FIPS environment are the same as the steps documented for a non-FIPS environment. See Installing the Data Fabric Client (Non-FIPS).
-
Remove any previous data-fabric software. You can use
rpm -qa | grep mapr
to get a list of installed data-fabric packages, then type the packages separated by spaces after therpm -e
command. For example:rpm -qa | grep mapr rpm -e mapr-fileserver mapr-core
-
Install the data-fabric package key. The package key must be installed before you can install data-fabric packages. For more information, see Step 2: Import the Package Key:IMPORTANTTo access the Data Fabric internet repository, you must specify the email and token of an HPE Passport account. For more information, see Using the HPE Ezmeral Token-Authenticated Internet Repository.
wget --user=<email> --password=<token> -O /tmp/maprgpg.key -q https://package.ezmeral.hpe.com/releases/pub/maprgpg.key && rpm --import /tmp/maprgpg.key
-
Install the client. For example:
yum install mapr-client
Configuring the Secure Data Fabric Client
- Both server and client are FIPS-enabled.
- Client is secure but not FIPS-enabled, but server is FIPS-enabled.
- Client is FIPS-enabled, and server is secure but not FIPS-enabled.
- Both server and client are secure but not FIPS-enabled.
In all four scenarios, the procedure is different depending on whether the client is
connecting to the first cluster or to subsequent clusters. Sub-topics in this section
outline the steps for each of the combinations. In all cases, after copying the files from
the server and performing any needed post-copy steps, you must run the
${MAPR_HOME/server/configure.sh
command with the -c
(client configuration) option.
# /opt/mapr/server/configure.sh -secure -N <cluster-name> -c \
-C <CLDB1>:<CLDB1-port>[,[CLDB2>:<CLDB1-port>,...] \
-HS <history server node>
fips0
, fips1
, and
fips2
, and your CLDB nodes are node1
,
node2,
and node3
, and your History Server node is
node2
, then the command would
be:# /opt/mapr/server/configure.sh -secure -N fips0.cluster.com -c \
-C node1:7222,node2:7222,node3:7222 -HS node2
The following sub-topics
summarize the steps to connect to different combinations of FIPS-enabled and
non-FIPS-enabled server and client nodes.