If CDP clusters are wire-encrypted (TLS-enabled), you need to know how to configure the clusters
for running the Apache Hadoop DistCp (Distributed Copy) command.
To run DistCp on a wire-encrypted (TLS-enabled) multi-clusterenvironment, perform
the following steps to export the Ranger KMS certificate from the RangerKMS host of the
HDP cluster to the Hadoop clienttruststore of CDP Private Cloud Base cluster.
-
Run the following CLI command to export the certificatefrom Ranger KMS keystore file on KMShosts of both the clusters.
cd [***kms_key_store_location***];keytool -export-alias kms_cert_[***host_name***]-keystore [***kms_keystore_file_path***] -rfc -filekms_cert_[***host_name***] -storepass[***kms_keystore_password***]
Theranger.https.attrib.keystore.fileparameterin the KMS configuration file containsthe location of the KMS keystore.
-
Copy all the certificates generated for KMS in theHDP cluster to the client key location on allthe hosts of the CDP Private Cloud Base cluster. Similarly,copy all the certificates generated forKMS in the CDP Private Cloud Base cluster to the clientkey location on all the hosts of the HDPcluster.
-
Run the following CLI command to import all the KMScertificates in the HDP cluster to theHadoop client truststore on all the hosts of CDP PrivateCloud Base cluster.
cd [***client_hadoop_key_location***];keytool import-noprompt -aliaskms_cert_[***host_name***] -file kms_cert_[***host_name***]-keystore[***truststore_file_path***] -storepass [***truststore_password***]
-
Similarly, import all the KMS certificates in theCDP Private Cloud Base cluster to the Hadoopclient truststore on all the hosts of the HDP cluster.
-
Restart the HDFS service, YARN, MapReduce, and RangerKMS on both the clusters.