Flume Thrift Security Parameters

On a secure cluster, SSL for Flume Thrift Source and Sink is automatically configured.

In your MapR secure cluster, if the flume-agent configuration file does not specify SSL parameters, they are automatically supplied as follows:
  • In MEP 6.0.0, SSL for Flume Thrift Source and Sink is automatically configured.
  • In MEP 6.0.1, SSL for Flume Thrift and Avro Source and Sink is automatically configured.

Flume Thrift clients have the following configuration parameters for wire-level security:

Parameter for SSL

ssl
Enables SSL. If set to true, the keystore and keystore-password parameters must also be specified. Default: false. If the ssl parameter is not specified, it is defaulted to true for Thrift clients if cluster security is enabled.

Parameters for Thrift Source

keystore
Specifies the path to the Java keystore. The ssl_keystore uses the same ssl_keystore specified in the ssl.server.keystore.location section of /opt/mapr/conf/ssl-client.xml, /opt/mapr/conf/ssl_keystore.
keystone-password
Specifies the password for the Java keystore. The keystore-password uses the same password specified in the ssl.client.keystore.password of /opt/mapr/conf/ssl-client.xml, <ssl-keystore-password>.
keystore-type
Specifies the type of the Java keystore: JKS or PKCS12. The keystore-type uses the same ssl_keystore specified in the ssl.client.keystore.type section of /opt/mapr/conf/ssl-client.xml.

Parameters for Thrift Sink

truststore
Specifies the path to the Java truststore. The truststore uses the same ssl_keystore specified in the ssl.client.truststore.location section of /opt/mapr/conf/ssl-client.xml.
truststore-password
Specifies the password for the Java truststore. The truststore-password uses the same ssl_keystore specified in the ssl.client.truststore.password section of /opt/mapr/conf/ssl-client.xml.
truststore-type
Specifies the type of the Java keystore. This can be JKS or PKCS12. The truststore-type uses the same ssl_keystore specified in the ssl.client.truststore.type section of /opt/mapr/conf/ssl-client.xml.