Prerequisites
Required prerequisites for FIPS for CDP.
About CDP with FIPS
Known Issues
See the Cloudera Manager release
notes.
Unsupported Features
-
Upgrades are not currently supported to or from CDP with FIPS.
-
Replication is not currently supported.
System Requirements
- Operating system: RHEL/Centos 7.9. For more information, see Operating system requirements
- Java: OpenJDK 8 / Oracle JDK 8. For more information, see Java requirements
- Install and configure a database. See Step 4. Install and Configure Databases
Supported CDP Versions
-
Cloudera Manager versions 7.2.4, 7.3.1, 7.4.4, 7.6.1, 7.7.1
-
CDP Private Cloud Base versions 7.1.5, 7.1.6, 7.1.7, 7.1.7 SP1, 7.1.8, and 7.1.7 SP2
Supported CDP Components
The following components are supported in FIPS mode:
-
Atlas
- Avro
-
Cloudera Manager
- Cruise Control
- Hadoop
- Hadoop Credential Provider
-
HDFS
-
HBase
-
Hive
- Hive-on-Tez
- Hive Meta Store
- Hive Warehouse Connector
- Hue
- Impala
-
Kafka
- Kerberos
- Key Trustee Server
- Knox
- Kudu
- Livy
- MapReduce
- Oozie
- Parquet
- Queue Manager
-
Ranger
- Schema Registry
- Streams Messaging Manager
- Streams Replication Manager
-
Solr
-
Spark
- Sqoop
-
Tez
- TLS
-
YARN
-
ZooKeeper
Step 1: Prepare hosts
Step 2: Install and configure the SafeLogic modules and packages
- Obtain the CryptoComply for Libgcrypt (CC for Libgcrypt) and CryptoComply for Server (CC for Server) SafeLogic modules and packages.
-
Copy the CryptoComply for Server (CCS) - OpenSSL RPMs to all hosts.
-
Copy the CryptoComply for Libgcrypt RPMs to all hosts.
Step 3: Install Cloudera Manager server
Step 4: Validate the CCJ and CCS installation
Run the following commands on each host to validate the CCJ and CCS installation.
Step 5: Install and configure databases
- Configure the database in a FIPS-compliant manner. Consult the vendor documentation for your database for details.
- Enable the database for TLS/SSL clients, to ensure that all JDBC connections into these databases are FIPS compliant. Consult the vendor documentation for your database for details.
- Configure JDBC Driver in a FIPS compliant manner with TLS/SSL and BCFKS provided by CCJ JCE provider. Consult the following Cloudera Knowledge Base article for more information: Configuring SSL/TLS from the various CDH Services to their respective PostgreSQL Databases.
- Complete the setup of your databases for use with Cloudera Manager and Cloudera Runtime components. See Install and Configure PostgreSQL for CDP.