- If the cluster is running, .
configure.shscript with the
-secure -genkeysoptions on the first CLDB node in your cluster.
/opt/mapr/server/configure.sh -N <cluster_name> -secure -genkeys -Z <Zookeeper_node_list> -C <CLDB_node_list>
<CLDB_node_list>have the form
You must run
configure.sh -genkeysonce on one CLDB node, since the resulting files must be copied to other nodes.
This command generates four files in the
- Copy the
cldb.keyfile to any node that has the CLDB or Zookeeper service installed.
- Copy the
ssl_truststorefiles to the
/opt/mapr/confdirectory of every node in the cluster.
Verify that the files from the previous step are owned by the user that runs cluster services. This user is
maprby default. Also, the
ssl_keystorefiles must have their UNIX permission-mode bits set to
600, and the
ssl_truststorefile must be readable to all users.
configure.sh -secureon each existing node in the cluster. The
-secureoption indicates that the node is secure.
You must also do this on any nodes that you add to the cluster in the future.
ssl_truststorefile to any client nodes outside the cluster.
If you run
configure.sh -secureon a node before you copy the necessary files to that node, the command fails.
- Log in as the mapr superuser using the maprlogin command:
maprlogin password(in this command,
passwordis literal text)
hadoop mfs -setnetworkencryption on <object>command for every table, file, and directory object in MapR-FS whose traffic you wish to encrypt.
The network encryption setting is inherited by new objects. Once encryption is turned on for a directory, all new directories, files, and tables created under that directory are automatically encrypted.
- If clients will connect to multiple secure clusters, merge the
ssl_truststorefiles with the
/opt/mapr/server/manageSSLKeys.shtool. See Setting Up the Client for more information on MapR clients.
mapr-clusters.conf, the cluster is changed from