Determining if a Cluster is Secure and Enabled for Encryption

You can determine whether or not a cluster is secure and whether or not on-wire encryption and data at rest encryption are enabled at the cluster and volume levels using the MapR Control System, CLI, and REST API.

Determining if a Cluster is Secure Using the MapR Control System

Log in to MCS and click to display the Security page.
The Security page contains information for determining whether or not the cluster is secure and enabled for on-wire encryption and/or data-at-rest encryption.

Determining if a Secure Cluster is Enabled for Encryption Using the MapR Control System

Log in to MCS on a secure cluster and click to display the Security page.
The page displays the following:
  • Cluster-level Settings — whether or not on-wire encryption and authentication, and data-at-rest encryption is enabled at the cluster-level. The pane shows:
    • — if enabled
    • — if disabled
  • Volume Settings — the number of volumes that are not enabled for:
    • Data on Wire Encryption
    • Data at Rest Encryption
    You can click the number associated with Data on Wire Encryption or Data at Rest Encryption to display the list of volumes filtered by Data on Wire Encryption or Data at Rest Encryption respectively.

Determining if a Cluster is Secure Using the CLI and REST API

Run the following command to determine if a cluster is secure or unsecure:

/opt/mapr/bin/maprcli dashboard info -cluster <clusterName> -json | grep secure

The value for secure is true if secure and false if unsecure in the command output.

Send a request of type GET. For example:
curl -k -X GET 'https://10.10.82.24:8443/rest/dashboard/info' --user mapr:mapr
{"timestamp":1525198793701,"timeofday":"2018-05-01 11:19:53.701 GMT-0700 AM","status":"OK","total":1,"data":[{"version":"6.1.0.20180501072815.GA","cluster":{"name":"ksTest","secure":true,"dare":true,"ip":"10.10.82.24","id":"6000214179272613712","nodesUsed":1,"totalNodesAllowed":-1},"volumes":{"mounted":{"total":17,"size":0},"unmounted":{"total":1,"size":1}},"utilization":{"cpu":{"util":1,"total":8,"active":0},"memory":{"total":15886,"active":10268},"disk_space":{"total":273,"active":0},"compression":{"compressed":0,"uncompressed":0},"tiering":{"logicalUsed":0,"replicatedLogicalUsed":0,"replicatedTotalUsed":0,"ecTotalUsed":0,"cvTotalUsed":0,"offloaded":0,"recalled":0}},"clusterReplication":{"bytesReceived":0,"bytesSend":0},"streamThroughput":{"bytesProduced":0,"bytesConsumed":0},"services":{"fileserver":{"active":1,"stopped":0,"failed":0,"total":1},"resourcemanager":{"active":1,"standby":0,"stopped":0,"failed":0,"total":1},"cldb":{"active":1,"stopped":0,"failed":0,"total":1},"nfs4":{"active":0,"stopped":0,"failed":0,"total":1},"mastgateway":{"active":1,"stopped":0,"failed":0,"total":1},"nodemanager":{"active":1,"stopped":0,"failed":0,"total":1},"gateway":{"active":1,"stopped":0,"failed":0,"total":1},"hoststats":{"active":1,"stopped":0,"failed":0,"total":1},"apiserver":{"active":1,"stopped":0,"failed":0,"total":1}},"yarn":{"running_applications":0,"queued_applications":0,"num_node_managers":1,"total_memory_mb":5120,"total_vcores":4,"total_disks":3,"used_memory_mb":0,"used_vcores":0,"used_disks":0}}]}

The value for secure is true if secure and false if unsecure.

If the value for secure is true, your cluster is enabled for on-wire encryption. See dashboard info for more information.

Determining if a Secure Cluster is Enabled for Encryption of Data at Rest Using the CLI and REST API

Run the following command to determine if a cluster is enabled or disabled for data at rest encryption:

/opt/mapr/bin/maprcli dashboard info -name <clusterName> -json | grep dare

The value for dare is true if enabled and false if disabled in the command output.

Send a request of type GET. For example:
curl -k -X GET 'https://10.10.82.24:8443/rest/dashboard/info' --user mapr:mapr
{"timestamp":1525198793701,"timeofday":"2018-05-01 11:19:53.701 GMT-0700 AM","status":"OK","total":1,"data":[{"version":"6.1.0.20180501072815.GA","cluster":{"name":"ksTest","secure":true,"dare":true,"ip":"10.10.82.24","id":"6000214179272613712","nodesUsed":1,"totalNodesAllowed":-1},"volumes":{"mounted":{"total":17,"size":0},"unmounted":{"total":1,"size":1}},"utilization":{"cpu":{"util":1,"total":8,"active":0},"memory":{"total":15886,"active":10268},"disk_space":{"total":273,"active":0},"compression":{"compressed":0,"uncompressed":0},"tiering":{"logicalUsed":0,"replicatedLogicalUsed":0,"replicatedTotalUsed":0,"ecTotalUsed":0,"cvTotalUsed":0,"offloaded":0,"recalled":0}},"clusterReplication":{"bytesReceived":0,"bytesSend":0},"streamThroughput":{"bytesProduced":0,"bytesConsumed":0},"services":{"fileserver":{"active":1,"stopped":0,"failed":0,"total":1},"resourcemanager":{"active":1,"standby":0,"stopped":0,"failed":0,"total":1},"cldb":{"active":1,"stopped":0,"failed":0,"total":1},"nfs4":{"active":0,"stopped":0,"failed":0,"total":1},"mastgateway":{"active":1,"stopped":0,"failed":0,"total":1},"nodemanager":{"active":1,"stopped":0,"failed":0,"total":1},"gateway":{"active":1,"stopped":0,"failed":0,"total":1},"hoststats":{"active":1,"stopped":0,"failed":0,"total":1},"apiserver":{"active":1,"stopped":0,"failed":0,"total":1}},"yarn":{"running_applications":0,"queued_applications":0,"num_node_managers":1,"total_memory_mb":5120,"total_vcores":4,"total_disks":3,"used_memory_mb":0,"used_vcores":0,"used_disks":0}}]}

The value for dare is true if enabled and false if disabled.

See dashboard info for more information.