You can enable SSL
security for HttpFS using an ssl_keystore and
ssl_truststore. These are generated automatically for a secure
cluster in /opt/mapr/conf/. When using SSL on nonsecure clusters, you
must manually generate a keystore and truststore.
etc/hadoop/httpfs-site.xml configuration
file:
<property>
<name>httpfs.ssl.enabled</name>
<value>true</value>
<description>
Whether SSL is enabled. Default is false, i.e. disabled.
</description>
</property>
hadoop credential create ssl.server.keystore.password -value 123 \
-provider localjceks://file/home/mapr/httpfs.jceks
hadoop credential create ssl.server.keystore.keypassword -value 123 \
-provider localjceks://file/home/mapr/httpfs_keypassword.jceks
keytool command to create an SSL certificate for
the HttpFS server:
keytool -genkey -alias jetty -keyalg RSA.keystore.ssl.server.keystore.password
set while creating secure SSL passwords.The .keystore file will be stored in the HttpFS user home
directory.
etc/hadoop/ssl-server.xml file to set the SSL
keystore location:
<property>
<name>ssl.server.keystore.location</name>
<value>/home/mapr/.keystore</value>
<description>Keystore to be used. Must be specified.
</description>
</property>
/opt/mapr/hadoop/hadoop-3.3.4/etc/hadoop/httpfs-site.xml
file with the following property to set credential provider path and enable the
credential provider:
<property>
<name>hadoop.security.credential.provider.path</name>
<value>localjceks://file/home/lmccay/aws.jceks</value>
<description>Path to interrogate for protected credentials.</description>
</property>
maprcli node services -action restart -name httpfs -nodes
<node>