Configuring Native TLS Acceleration
For ADLS Gen2, TLS is enabled by default using the Java implementation of TLS. For better performance, you can use the native OpenSSL implementation of TLS.
Perform the following steps to use the native OpenSSL implementation of TLS:
- Verify the location of the OpenSSL libraries on the hosts with the
following
command:
whereis libssl
- In the Cloudera Manager Admin Console, search for the following property: Gateway Client Environment Advanced Configuration Snippet (Safety Valve) for hadoop-env.sh.
- Add the following parameter to the
property:
HADOOP_OPTS="-Dorg.wildfly.openssl.path=<path to OpenSSL libraries> ${HADOOP_OPTS}"
For example, if the OpenSSL libraries are in/usr/lib64
, add the following parameter:HADOOP_OPTS="-Dorg.wildfly.openssl.path=/usr/lib64 ${HADOOP_OPTS}"
- Save the change.
- Search for the following property: HDFS Client Environment Advanced Configuration Snippet (Safety Valve) for hadoop-env.sh
- Add the following parameter to the
property:
HADOOP_OPTS="-Dorg.wildfly.openssl.path=<path to OpenSSL libraries> ${HADOOP_OPTS}"
For example, if the OpenSSL libraries are in/usr/lib64
, add the following parameter:HADOOP_OPTS="-Dorg.wildfly.openssl.path=/usr/lib64 ${HADOOP_OPTS}"
- Save the change.
- Restart the stale services.
- Deploy the client configurations.
- Verify that you configured native TLS acceleration successfully by
running the following command from any host in the
cluster:
hadoop fs -ls abfss://<container>@<account>.dfs.core.windows.net/
A message similar to the following should appear:org.wildfly.openssl.SSL init INFO: WFOPENSSL0002 OpenSSL Version OpenSSL 1.0.1e-fips 11 Feb 2013
The message may differ slightly depending on your operating system and OpenSSL version.