Determining if a Cluster is Secure and Enabled for Encryption
Explains how to use the Control System, the CLI, and REST API to determine whether a cluster is secure and whether on-wire encryption and data-at-rest encryption are enabled at the cluster and volume levels.
Determining if a Cluster is Secure Using the Control System
Procedure
Determining if a Secure Cluster is Enabled for Encryption Using the Control System
Procedure
- Cluster-level Settings—whether on-wire
encryption and authentication, and data-at-rest encryption is
enabled at the cluster-level. The pane shows:
- —if enabled
- —if disabled
- Volume Settings—the number of volumes that
are not enabled for:
- Data On-Wire Encryption
- Data-at-Rest Encryption
Determining if a Cluster is Secure Using the CLI and REST API
About this task
Run the following command to determine if a cluster is secure or unsecure:
/opt/mapr/bin/maprcli dashboard info -cluster <clusterName> -json | grep secure
The value for secure
is true
if
secure and false
if unsecure in the command
output.
curl -X GET 'https://10.10.82.24:8443/rest/dashboard/info' --user <username>:<password>
{"timestamp":1525198793701,"timeofday":"2018-05-01 11:19:53.701 GMT-0700 AM","status":"OK","total":1,"data":[{"version":"6.1.0.20180501072815.GA","cluster":{"name":"ksTest","secure":true,"dare":true,"ip":"10.10.82.24","id":"6000214179272613712","nodesUsed":1,"totalNodesAllowed":-1},"volumes":{"mounted":{"total":17,"size":0},"unmounted":{"total":1,"size":1}},"utilization":{"cpu":{"util":1,"total":8,"active":0},"memory":{"total":15886,"active":10268},"disk_space":{"total":273,"active":0},"compression":{"compressed":0,"uncompressed":0},"tiering":{"logicalUsed":0,"replicatedLogicalUsed":0,"replicatedTotalUsed":0,"ecTotalUsed":0,"cvTotalUsed":0,"offloaded":0,"recalled":0}},"clusterReplication":{"bytesReceived":0,"bytesSend":0},"streamThroughput":{"bytesProduced":0,"bytesConsumed":0},"services":{"fileserver":{"active":1,"stopped":0,"failed":0,"total":1},"resourcemanager":{"active":1,"standby":0,"stopped":0,"failed":0,"total":1},"cldb":{"active":1,"stopped":0,"failed":0,"total":1},"nfs4":{"active":0,"stopped":0,"failed":0,"total":1},"mastgateway":{"active":1,"stopped":0,"failed":0,"total":1},"nodemanager":{"active":1,"stopped":0,"failed":0,"total":1},"gateway":{"active":1,"stopped":0,"failed":0,"total":1},"hoststats":{"active":1,"stopped":0,"failed":0,"total":1},"apiserver":{"active":1,"stopped":0,"failed":0,"total":1}},"yarn":{"running_applications":0,"queued_applications":0,"num_node_managers":1,"total_memory_mb":5120,"total_vcores":4,"total_disks":3,"used_memory_mb":0,"used_vcores":0,"used_disks":0}}]}
The
value for secure
is true
if secure
and false
if unsecure.
secure
is true
, your cluster
is enabled for on-wire encryption. See dashboard info
for more
information. Determining if a Secure Cluster is Enabled for Encryption of Data at Rest Using the CLI and REST API
About this task
Run the following command to determine if a cluster is enabled or disabled for data-at-rest encryption:
/opt/mapr/bin/maprcli dashboard info -name <clusterName> -json | grep dare
The value for dare
is true
if enabled
and false
if disabled in the command output.
curl -X GET 'https://10.10.82.24:8443/rest/dashboard/info' --user <username>:<password>
{"timestamp":1525198793701,"timeofday":"2018-05-01 11:19:53.701 GMT-0700 AM","status":"OK","total":1,"data":[{"version":"6.1.0.20180501072815.GA","cluster":{"name":"ksTest","secure":true,"dare":true,"ip":"10.10.82.24","id":"6000214179272613712","nodesUsed":1,"totalNodesAllowed":-1},"volumes":{"mounted":{"total":17,"size":0},"unmounted":{"total":1,"size":1}},"utilization":{"cpu":{"util":1,"total":8,"active":0},"memory":{"total":15886,"active":10268},"disk_space":{"total":273,"active":0},"compression":{"compressed":0,"uncompressed":0},"tiering":{"logicalUsed":0,"replicatedLogicalUsed":0,"replicatedTotalUsed":0,"ecTotalUsed":0,"cvTotalUsed":0,"offloaded":0,"recalled":0}},"clusterReplication":{"bytesReceived":0,"bytesSend":0},"streamThroughput":{"bytesProduced":0,"bytesConsumed":0},"services":{"fileserver":{"active":1,"stopped":0,"failed":0,"total":1},"resourcemanager":{"active":1,"standby":0,"stopped":0,"failed":0,"total":1},"cldb":{"active":1,"stopped":0,"failed":0,"total":1},"nfs4":{"active":0,"stopped":0,"failed":0,"total":1},"mastgateway":{"active":1,"stopped":0,"failed":0,"total":1},"nodemanager":{"active":1,"stopped":0,"failed":0,"total":1},"gateway":{"active":1,"stopped":0,"failed":0,"total":1},"hoststats":{"active":1,"stopped":0,"failed":0,"total":1},"apiserver":{"active":1,"stopped":0,"failed":0,"total":1}},"yarn":{"running_applications":0,"queued_applications":0,"num_node_managers":1,"total_memory_mb":5120,"total_vcores":4,"total_disks":3,"used_memory_mb":0,"used_vcores":0,"used_disks":0}}]}
The
value for dare
is true
if enabled
and false
if disabled.
dashboard info
for more information.