Configure SSL for Sqoop2

As of Sqoop 1.99.7, you can configure SSL to enable encrypted communications between the Sqoop2 server and its clients.

  1. Stop the Sqoop2 server:
    maprcli node services -name sqoop2 -action stop -nodes <space delimited list of nodes>
  2. In the file (/opt/mapr/sqoop/sqoop-<version>/conf/, uncomment the SSL related properties. For example:
    #Enable Sqoop SSL
    #Change SSL protocol
    #Path to MapR ssk keystore
    #Keystore password<passwd>
    Note: You can use the default ssl_keystore and password. The password for the default ssl_keystore is mapr123.
  3. Remove the Sqoop2 repository.
    rm -rf /opt/mapr/sqoop/repository
  4. Start the Sqoop2 server.
    maprcli node services -name sqoop2 -action start -nodes <space delimited list of nodes>
  5. Start the Sqoop2 client:
    sudo -u mapr /opt/mapr/sqoop/sqoop-<version>/bin/ client 
    Note: If you are using MapR-SASL, run the following command instead: sudo -u mapr /opt/mapr/sqoop/sqoop-<version>/bin/ client --custom.
  6. Configure the Sqoop2 client to communicate the Sqoop2 server using SSL.
    set server --host <sqoop_server_hosname> --port <sqoop_port> --webapp <sqoop_webapp> --tls
    For example:
    sqoop:000> set server --host localhost --port 12000 --webapp sqoop --tls
  7. Configure the Sqoop2 client truststore and truststore password.
    set truststore --truststore /opt/mapr/conf/ssl_truststore --truststore-password <passwd>
Each time you start the Sqoop2 client, you must reset the server and truststore configuration.