Configuring Built-in TLS Acceleration

For ADLS Gen2, TLS is enabled by default using the Java implementation of TLS. For better performance, you can use the built-in OpenSSL implementation of TLS.

Perform the following steps to use the built-in OpenSSL implementation of TLS:

  1. Verify the location of the OpenSSL libraries on the hosts with the following command:
    whereis libssl
  2. In the Cloudera Manager Admin Console, search for the following property: Gateway Client Environment Advanced Configuration Snippet (Safety Valve) for hadoop-env.sh.
  3. Add the following parameter to the property:
    HADOOP_OPTS="-Dorg.wildfly.openssl.path=<path to OpenSSL libraries> ${HADOOP_OPTS}"
    For example, if the OpenSSL libraries are in /usr/lib64, add the following parameter:
    HADOOP_OPTS="-Dorg.wildfly.openssl.path=/usr/lib64 ${HADOOP_OPTS}"
    
  4. Save the change.
  5. Search for the following property: HDFS Client Environment Advanced Configuration Snippet (Safety Valve) for hadoop-env.sh
  6. Add the following parameter to the property:
    HADOOP_OPTS="-Dorg.wildfly.openssl.path=<path to OpenSSL libraries> ${HADOOP_OPTS}"
    For example, if the OpenSSL libraries are in /usr/lib64, add the following parameter:
    HADOOP_OPTS="-Dorg.wildfly.openssl.path=/usr/lib64 ${HADOOP_OPTS}"
  7. Save the change.
  8. Restart the stale services.
  9. Deploy the client configurations.
  10. Verify that you configured built-in TLS acceleration successfully by running the following command from any host in the cluster:
    hadoop fs -ls abfss://<container>@<account>.dfs.core.windows.net/
    
    A message similar to the following should appear:
    org.wildfly.openssl.SSL init
    INFO: WFOPENSSL0002 OpenSSL Version OpenSSL 1.0.1e-fips 11 Feb 2013
    
    The message may differ slightly depending on your operating system and OpenSSL version.