Configuring SSL for Flume Thrift Source and Sink

This topic describes how to enable SSL communication between Flume's Thrift source and sink.

The following tables list the properties that must be configured to enable SSL communication between Flume's Thrift source and sink instances.

Thrift Source SSL Properties
Property Description
ssl Set to true to enable SSL encryption.
keystore Path to a Java keystore file. Required for SSL.
keystore-password Password for the Java keystore. Required for SSL.
keystore-type The type of the Java keystore. This can be JKS or PKCS12.
Thrift Sink SSL Properties
Property Description
ssl Set to true to enable SSL for this ThriftSink.

When configuring SSL, you can optionally set the following truststore, truststore-password and truststore-type properties. If a custom truststore is not specified, Flume will use the default Java JSSE truststore (typically jssecacerts or cacerts in the Oracle JRE) to verify the remote Thrift Source's SSL credentials.

truststore (Optional) The path to a custom Java truststore file.
truststore-password (Optional) The password for the specified truststore.
truststore-type (Optional) The type of the Java truststore. This can be JKS or any other supported Java truststore type.
Make sure you are configuring SSL for each Thrift source and sink instance. For example, to the existing flume.conf file, for agent a1, source r1, and sink k1, you would add the following properties:
# SSL properties for Thrift source s1 
a1.sources.r1.ssl=true
a1.sources.r1.keystore=<path/to/keystore>
a1.sources.r1.keystore-password=<keystore password>
a1.sources.r1.keystore-type=<keystore type>

# SSL properties for Thrift sink k1 
a1.sinks.k1.ssl=true
a1.sinks.k1.truststore=<path/to/truststore>
a1.sinks.k1.truststore-password=<truststore password>
a1.sinks.k1.truststore-type=<truststore type>
Configure these sets of properties for more instances of the Thrift source and sink as required. You can use either Cloudera Manager or the command line to edit the flume.conf file.

Using Cloudera Manager

  1. Open the Cloudera Manager Admin Console and go to the Flume service.
  2. Click the Configuration tab.
  3. Select Scope > Agent.
  4. Select Category > Main.
  5. Edit the Configuration File property and add the Thrift source and sink properties for each Thrift source and sink instance as described above to the configuration file.
  6. Click Save Changes to commit the changes.
  7. Restart the Flume service.

Using the Command Line

Go to the /etc/flume-ng/conf/flume.conf file and add the Thrift source and sink properties for each Thrift source and sink instance as described above.