Using the Enable MapR Secure Cluster Option

You use the Enable MapR Secure Cluster option to control whether or not the cluster is configured as a secure cluster.

This option appears on the Version & Services page of the web-based MapR Installer.

About the Enable MapR Secure Cluster Option

Using this option controls secure by default installation in a MapR cluster. When you select the option, the MapR Installer runs the configure.sh script on the container location database (CLDB) master to generate security keys and then distributes the keys to all the other CLDBs. The installer also distributes certificates to all the other nodes and activates security for the ecosystem components that support security.

Certain ecosystem components either do not support security or cannot be secured by the MapR Installer. If you enable security, you will not be allowed to select services such as Impala or Sentry.

Beginning with MapR 6.1, data-on-wire encryption is enabled by default for newly created volumes when the Enable MapR Secure Cluster option is selected. Data-on-wire encryption encrypts data in a volume during transmission over the wire. In a secure cluster, you can enable or disable data-on-wire encryption for individual volumes using MCS, the maprcli, or REST API commands.

Using the Option With New and Already Installed Clusters

You can select or deselect the Enable MapR Secure Cluster option during a new installation or during an Incremental Install.
  • For new installations:
    • The option is selected by default, meaning that new installations are configured with security unless you deselect the option.
    • Deselecting the option causes the cluster to be installed as a nonsecure cluster.
  • For clusters that are already installed with MEP 4.0.0 or later:
    • You can select or deselect the option during an Incremental Install:
      • If security is not currently configured and you select the option, the cluster will be configured with security.
      • If security is already configured, you can remove security by deselecting the option.
        Note: If Drill is installed, be sure to review the limitations described in Securing Drill before removing security. Additional steps must be taken so that Drill in a nonsecured cluster can access all Drill znodes.

Using the Option During an Incremental Install

Normally, Incremental Install operations are conducted online. However, selecting or deselecting the Enable MapR Secure Cluster option during an Incremental Install requires the MapR Installer to stop the Warden and Zookeeper services, bringing the cluster offline temporarily.

In some instances, the Enable MapR Secure Cluster option is unavailable. For example, you cannot select this option during an upgrade of a nonsecured MapR 5.x cluster to MapR 6.0 or later. You must complete the upgrade to MapR 6.0 or later first and then use the Incremental Install function to enable security.