Prerequisites
Required prerequisites for FIPS for CDP.
About CDP with FIPS
Known Issues
See the Cloudera Manager release
notes.
Unsupported Features
-
Upgrades are not currently supported to or from CDP with FIPS.
-
Replication is not currently supported.
System Requirements
- Operating system: RHEL/Centos 7.8
- Java: OpenJDK 8 / Oracle JDK 8
- Install and configure a database. See Step 4. Install and Configure Databases
Supported CDP Versions
-
Cloudera Manager version 7.2.4, 7.3.1, 7.4.4
-
CDP Private Cloud Base version 7.1.5, 7.1.6, 7.1.7
Supported CDP Components
The following components are supported in FIPS mode:
- Atlas
- Avro
- Cloudera Manager
- Cruise Control
- Hadoop
- Hadoop Credential Provider
- HDFS
- HBase
- Hive
- Hive-on-Tez
- Hive Meta Store
- Hive Warehouse Connector
- Hue
- Impala
- Kafka
- Kerberos
- Key Trustee Server
- Knox
- Kudu
- Livy
- Oozie
- Parquet
- Queue Manager
- Ranger
- Schema Registry
- Streams Messaging Manager
- Streams Replication Manager (Technical Preview)
- Solr
- Spark
- Sqoop
- Tez
- TLS
- YARN
- ZooKeeper
Step 1: Prepare hosts
Step 2: Install and configure the SafeLogic modules and packages
- Obtain the CryptoComply for Libgcrypt (CC for Libgcrypt) and CryptoComply for Server (CC for Server) SafeLogic modules and packages.
-
Copy the CryptoComply for Server (CCS) - OpenSSL RPMs to all hosts.
-
Copy the CryptoComply for Libgcrypt RPMs to all hosts.
Step 3: Install Cloudera Manager server
Step 4: Validate the CCJ and CCS installation
Run the following commands on each host to validate the CCJ and CCS installation.
Step 5: Install and configure databases
- Configure the database in a FIPS-compliant manner. Consult the vendor documentation for your database for details.
- Enable the database for TLS/SSL clients, to ensure that all JDBC connections into these databases are FIPS compliant. Consult the vendor documentation for your database for details.
- Configure JDBC Driver in a FIPS compliant manner with TLS/SSL and BCFKS provided by CCJ JCE provider. Consult the following Cloudera Knowledge Base article for more information: Configuring SSL/TLS from the various CDH Services to their respective PostgreSQL Databases.
- Complete the setup of your databases for use with Cloudera Manager and Cloudera Runtime components. See Install and Configure PostgreSQL for CDP.