Enabling TLS/SSL on HDFS is required before it can be enabled on YARN.
Enabling TLS/SSL on HDFS is required before it can be enabled on YARN.
Cloudera recommends you enable web UI authentication for the HDFS service. Web UI
authentication uses SPNEGO. After enabling this, you cannot access the Hadoop web
consoles without a valid Kerberos ticket and proper client-side configuration.
-
In Cloudera Manager, select the HDFS service.
-
Click the Configuration tab.
-
Search for TLS/SSL.
-
Find and edit the following properties according to you cluster
configuration:
| Property |
Description |
| Hadoop TLS/SSL Server Keystore File
Location |
Path to the keystore file containing the server
certificate and private key. |
| Hadoop TLS/SSL Server Keystore File
Password |
Password for the server keystore file. |
| Hadoop TLS/SSL Server Keystore Key
Password |
Password that protects the private key contained in the
server keystore. |
If you are not using the default trustore, do the following:
-
Configure TLS/SSL client trustore properties.
| Property |
Description |
| Cluster-Wide Default TLS/SSL Client Truststore
Location |
Path to the client truststore file. This truststore
contains certificates of trusted servers, or of Certificate
Authorities trusted to identify servers. |
| Cluster-Wide Default TLS/SSL Client Truststore
Password |
Password for the client truststore file. |
If you want to enable web UI authentication for the HDFS service, do the
following:
-
Search for web consoles.
-
Find the Enable Authentication for HTTP Web-Consoles
property.
-
Check the property to enable web UI authentication.
-
Click Save Changes.
-
Configure TLS/SSL for YARN.
