Configuring the SRM client’s secure storage
The SRM client’s secure storage is an intermediary keystore used to store sensitive security properties that are required to access the Kafka clusters that SRM connects to. If any of these clusters are secured, you need to set up and configure the secure storage, otherwise the srm-control tool will not function.
Based on the SRM service’s configuration, Cloudera Manager automatically generates a
default configuration file that is used by the srm-control
tool. The
default configuration however does not contain any sensitive data (keystores, truststores,
passwords) required to access the clusters. Instead, sensitive details are added to SRM’s
secure storage, which is an intermediary keystore used to store sensitive data.
Specifically, this secure storage will contain all the sensitive information required to
access the Kafka clusters that SRM connects to and replicates.
The SRM client’s secure storage is not automatically created or populated with all the necessary information. As a result, before you can start using the tool, you must set up and configure the secure storage. This is done by configuring various configuration properties of the SRM service in Cloudera Manager.
-
Ensure that you have reviewed the information available in Configuring srm-control and understand that the following step list is only one part of the full configuration workflow. Depending on your scenario, completing other configuration tasks might be required.
-
Ensure that setup and configuration of the SRM service is complete:
-
The Kafka clusters that SRM connects to are defined and are added to the SRM service’s configuration. This includes both external and co-located clusters.
-
Replications are configured.
-
- Configuring TLS/SSL properties
- Configuring Kerberos properties
- Configuring properties for non-Kerberos authentication mechanisms.
If the co-located cluster is not secured, continue with:
- Setting the secure storage password as an environment variable