Configuring SSL for Flume Thrift Source and Sink
This topic describes how to enable SSL communication between Flume's Thrift source and sink.
The following tables list the properties that must be configured to enable SSL communication between Flume's Thrift source and sink instances.
Property | Description |
---|---|
ssl | Set to true to enable SSL encryption. |
keystore | Path to a Java keystore file. Required for SSL. |
keystore-password | Password for the Java keystore. Required for SSL. |
keystore-type | The type of the Java keystore. This can be JKS or PKCS12. |
Property | Description |
---|---|
ssl | Set to true to enable SSL for this ThriftSink.
When configuring SSL, you can optionally set the following truststore, truststore-password and truststore-type properties. If a custom truststore is not specified, Flume will use the default Java JSSE truststore (typically jssecacerts or cacerts in the Oracle JRE) to verify the remote Thrift Source's SSL credentials. |
truststore | (Optional) The path to a custom Java truststore file. |
truststore-password | (Optional) The password for the specified truststore. |
truststore-type | (Optional) The type of the Java truststore. This can be JKS or any other supported Java truststore type. |
Make sure you are configuring SSL for each Thrift source and sink instance. For example, to the existing flume.conf file, for agent a1, source r1, and sink k1, you would add the following
properties:
# SSL properties for Thrift source s1 a1.sources.r1.ssl=true a1.sources.r1.keystore=<path/to/keystore> a1.sources.r1.keystore-password=<keystore password> a1.sources.r1.keystore-type=<keystore type> # SSL properties for Thrift sink k1 a1.sinks.k1.ssl=true a1.sinks.k1.truststore=<path/to/truststore> a1.sinks.k1.truststore-password=<truststore password> a1.sinks.k1.truststore-type=<truststore type>Configure these sets of properties for more instances of the Thrift source and sink as required. You can use either Cloudera Manager or the command line to edit the flume.conf file.
Using Cloudera Manager
- Open the Cloudera Manager Admin Console and go to the Flume service.
- Click the Configuration tab.
- Select .
- Select .
- Edit the Configuration File property and add the Thrift source and sink properties for each Thrift source and sink instance as described above to the configuration file.
- Click Save Changes to commit the changes.
- Restart the Flume service.
Using the Command Line
Go to the /etc/flume-ng/conf/flume.conf file and add the Thrift source and sink properties for each Thrift source and sink instance as described above.