Configuring Built-in TLS Acceleration
For ADLS Gen2, TLS is enabled by default using the Java implementation of TLS. For better performance, you can use the built-in OpenSSL implementation of TLS.
Perform the following steps to use the built-in OpenSSL implementation of TLS:
- Verify the location of the OpenSSL libraries on the hosts with the
following
command:
whereis libssl
- In the Cloudera Manager Admin Console, search for the following property: Gateway Client Environment Advanced Configuration Snippet (Safety Valve) for hadoop-env.sh.
- Add the following parameter to the
property:
HADOOP_OPTS="-Dorg.wildfly.openssl.path=<path to OpenSSL libraries> ${HADOOP_OPTS}"
For example, if the OpenSSL libraries are in/usr/lib64
, add the following parameter:HADOOP_OPTS="-Dorg.wildfly.openssl.path=/usr/lib64 ${HADOOP_OPTS}"
- Save the change.
- Search for the following property: HDFS Client Environment Advanced Configuration Snippet (Safety Valve) for hadoop-env.sh
- Add the following parameter to the
property:
HADOOP_OPTS="-Dorg.wildfly.openssl.path=<path to OpenSSL libraries> ${HADOOP_OPTS}"
For example, if the OpenSSL libraries are in/usr/lib64
, add the following parameter:HADOOP_OPTS="-Dorg.wildfly.openssl.path=/usr/lib64 ${HADOOP_OPTS}"
- Save the change.
- Restart the stale services.
- Deploy the client configurations.
- Verify that you configured built-in TLS acceleration successfully by
running the following command from any host in the
cluster:
hadoop fs -ls abfss://<container>@<account>.dfs.core.windows.net/
A message similar to the following should appear:org.wildfly.openssl.SSL init INFO: WFOPENSSL0002 OpenSSL Version OpenSSL 1.0.1e-fips 11 Feb 2013
The message may differ slightly depending on your operating system and OpenSSL version.