Security Files and Subdirectories
This section describes new security files and subdirectories added for release 7.0.0 to support FIPS compliance.
To support FIPS compliance and other security enhancements, release 7.0.0 added some new security files and subdirectories that must be copied during installation.
Files to Copy When All Nodes Are FIPS Compliant or All Nodes Are Non-FIPS Compliant
A manual installation of the HPE Ezmeral Data Fabric involves running
configure.sh
with the -genkeys
option on the primary
CLDB node and then copying various files to the $[MAPR_HOME]/conf
directory
on all other nodes. After copying the files from the first CLDB node, you must run the
configure.sh
command with the same parameters as the first CLDB node but
without the -genkeys
option.
The following table shows the files and subdirectories that must be copied:
Destination Node Type | These Files and Subdirectories Must Be Copied |
---|---|
CLDB and/or ZooKeeper Nodes |
|
All other cluster nodes, including MFS-only nodes |
|
Client nodes |
|
ssl_
symlink files contained in the
conf/
directory. The symlinks are:ssl_keystore
(symlink)ssl_truststore
(symlink)ssl_userkeystore
(symlink)ssl_usertruststore
(symlink)
For the steps to enable security, see Enabling Security on a Configured Cluster. For more information about key store and trust store files, see Understanding the Key Store and Trust Store Files.