Enabling SSL Security for HttpFS
Enable SSL security for HttpFS using a ssl_keystore
and
ssl_truststore
. These are generated automatically for a secure cluster in
/opt/mapr/conf/
. When using SSL on
insecure clusters, you must manually generate a keystore
and
truststore
.
About this task
- For EEP 7.1.x and higher, complete the
following steps:
- Change the value inside property
httpfs.ssl.enabled
in file/opt/mapr/httpfs/httpfs-1.1.0/etc/hadoop/httpfs-site.xml
totrue
. - Restart the HttpFS server using the following
command:
maprcli node services -action restart -name httpfs -nodes <node>
- Change the value inside property
- For EEP 7.0.x, complete the following steps:
- To preserve the original version, rename the existing
server.xml
file (/opt/mapr/httpfs/httpfs-1.0/share/hadoop/httpfs/tomcat/conf/server.xml
) toserver.xml.orig
.sudo cp /opt/mapr/httpfs/httpfs-1.0/share/hadoop/httpfs/tomcat/conf/server.xml /opt/mapr/httpfs/httpfs-1.0/share/hadoop/httpfs/tomcat/conf/server.xml.orig
- Replace the contents of
server.xml
with the contents ofserver.xml.https
.sudo cp /opt/mapr/httpfs/httpfs-1.0/share/hadoop/httpfs/tomcat/conf/server.xml.https /opt/mapr/httpfs/httpfs-1.0/share/hadoop/httpfs/tomcat/conf/server.xml
- To enable SSL without certificate-based authentication, set the
clientAuth
attribute to "false" and set properties related tokeystore
andtruststore
(on a secure cluster, the defaults are already set) in server.xml located in /opt/mapr/httpfs/httpfs-1.0/share/hadoop/httpfs/tomcat/conf/. For example:<Connector port="${httpfs.http.port}" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/opt/mapr/conf/ssl_keystore" keystorePass="<ssl-keystore-password>" truststoreFile="/opt/mapr/conf/ssl_truststore" truststorePass="<ssl-keystore-password>"/>
- To preserve the original version, rename the existing