Configure SSL for Sqoop2
As of Sqoop 1.99.7, you can configure SSL to enable encrypted communications between the Sqoop2 server and its clients. Starting with the EEP 4.0 release, for secure clusters, SSL is automatically configured for Sqoop2 and you can skip the steps outlined in this section.
About this task
IMPORTANT This component is deprecated. Hewlett Packard
Enterprise recommends using an alternate product. For more information, see Discontinued Ecosystem Components.
Procedure
-
Stop the Sqoop2 server:
maprcli node services -name sqoop2 -action stop -nodes <space delimited list of nodes>
-
In the sqoop.properties file
(/opt/mapr/sqoop/sqoop-<version>/conf/sqoop.properties), uncomment the SSL
related properties. For example:
#Enable Sqoop SSL org.apache.sqoop.security.tls.enabled=true #Change SSL protocol org.apache.sqoop.security.tls.protocol=TLSv1.2 #Path to MapR ssk keystore org.apache.sqoop.security.tls.keystore=/opt/mapr/conf/ssl_keystore #Keystore password org.apache.sqoop.security.tls.keystore_password=<passwd>
NOTE You can use the default ssl_keystore and password. The password for the default ssl_keystore is<ssl-keystore-password>
. -
Remove the Sqoop2 repository.
rm -rf /opt/mapr/sqoop/repository
-
Start the Sqoop2 server.
maprcli node services -name sqoop2 -action start -nodes <space delimited list of nodes>
-
Start the Sqoop2 client:
sudo -u mapr /opt/mapr/sqoop/sqoop-<version>/bin/sqoop.sh client
NOTE If you are using MapR-SASL, run the following command instead:sudo -u mapr /opt/mapr/sqoop/sqoop-<version>/bin/sqoop.sh client --custom
. -
Configure the Sqoop2 client to communicate the Sqoop2 server using
SSL.
set server --host <sqoop_server_hosname> --port <sqoop_port> --webapp <sqoop_webapp> --tls
For example:sqoop:000> set server --host localhost --port 12000 --webapp sqoop --tls
-
Configure the Sqoop2 client truststore and truststore password.
set truststore --truststore /opt/mapr/conf/ssl_truststore --truststore-password <passwd>