Configure SSL Encryption for Spark on YARN

Complete the following step to manually configure encryption for the Spark HTTP file and broadcast servers:
In the spark-defaults.conf file on each spark node, configure the following properties:
  • For Spark 2.0.1 and later:
    
    spark.ssl.fs.enabled true
    spark.ssl.keyPassword mapr123
    spark.ssl.keyStore /opt/mapr/conf/ssl_keystore
    spark.ssl.keyStorePassword mapr123
    spark.ssl.trustStore /opt/mapr/conf/ssl_truststore
    spark.ssl.trustStorePassword mapr123
    spark.ssl.protocol TLSv1.2
    spark.ssl.enabledAlgorithms TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
  • For Spark 1.6.1:
    spark.ssl.akka.enabled true
    spark.ssl.fs.enabled true
    spark.ssl.keyPassword mapr123
    spark.ssl.keyStore /opt/mapr/conf/ssl_keystore
    spark.ssl.keyStorePassword mapr123
    spark.ssl.trustStore /opt/mapr/conf/ssl_truststore
    spark.ssl.trustStorePassword mapr123
    spark.ssl.protocol TLSv1.2
    spark.ssl.enabledAlgorithms TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA

The spark-defaults.conf file is in the following location: /opt/mapr/spark/spark-<version>/conf/

Note: When you manually configure encryption for Spark, set the same protocol and algorithms for each node. Otherwise, the connection between those components might fail.