Configure SSL for Flume Thrift Source and Sink

On a secure-cluster, SSL for Flume Thrift Source and Sink is automatically configured, if configuration parameters are not specified in flume-agents configuration files.

Flume Thrift clients have the following configuration parameters for wire-level security:

Parameter Description
ssl Enables SSL. If set to true, the keystore and keystore-password parameters must also be specified. Default: false.
Parameters for Thrift Source Description
keystore Specifies the path to the Java keystore.
keystone-password Specifies the password for the Java keystore.
keystore-type Specifies the type of the Java keystore. This can be JKS or PKCS12.
Parameters for Thrift Sink Description
truststore Specifies the path to the Java truststore.
truststore-password Specifies the password for the Java truststore.
truststore-type Specifies the type of the Java keystore. This can be JKS or PKCS12.
Default SSL properties for a secure cluster are as follows:
  • If the ssl parameter is not specified, it is defaulted to true for Thrift clients if cluster security is enabled.
  • The ssl_keystore uses the same ssl_keystore specified in the ssl.server.keystore.location section of /opt/mapr/conf/ssl-client.xml, that is, /opt/mapr/conf/ssl_keystore.
  • The keystore-password uses the same password specified in the ssl.client.keystore.password of /opt/mapr/conf/ssl-client.xml, that is, <ssl-keystore-password>.
  • The keystore-type uses the same ssl_keystore specified in the ssl.client.keystore.type section of /opt/mapr/conf/ssl-client.xml.
  • The truststore uses the same ssl_keystore specified in the ssl.client.truststore.location section of /opt/mapr/conf/ssl-client.xml.
  • The truststore-password uses the same ssl_keystore specified in the ssl.client.truststore.password section of /opt/mapr/conf/ssl-client.xml.
  • The truststore-type uses the same ssl_keystore specified in the ssl.client.truststore.type section of /opt/mapr/conf/ssl-client.xml.