Configuring TLS/SSL for Flume Thrift Source and Sink
This topic describes how to enable TLS/SSL communication between Flume's Thrift source and sink.
The following tables list the properties that must be configured to enable TLS/SSL communication between Flume's Thrift source and sink instances.
Property | Description |
---|---|
ssl | Set to true to enable TLS/SSL encryption. |
keystore | Path to a Java keystore file. Required for TLS/SSL. |
keystore-password | Password for the Java keystore. Required for TLS/SSL. |
keystore-type | The type of the Java keystore. This can be JKS or PKCS12. |
Property | Description |
---|---|
ssl | Set to true to enable TLS/SSL for this ThriftSink.
When configuring TLS/SSL, you can optionally set the following truststore, truststore-password and truststore-type properties. If a custom truststore is not specified, Flume will use the default Java JSSE truststore (typically jssecacerts or cacerts in the Oracle JRE) to verify the remote Thrift Source's TLS/SSL credentials. |
truststore | (Optional) The path to a custom Java truststore file. |
truststore-password | (Optional) The password for the specified truststore. |
truststore-type | (Optional) The type of the Java truststore. This can be JKS or any other supported Java truststore type. |
# TLS/SSL properties for Thrift source s1 a1.sources.r1.ssl=true a1.sources.r1.keystore=<path/to/keystore> a1.sources.r1.keystore-password=<keystore password> a1.sources.r1.keystore-type=<keystore type> # TLS/SSL properties for Thrift sink k1 a1.sinks.k1.ssl=true a1.sinks.k1.truststore=<path/to/truststore> a1.sinks.k1.truststore-password=<truststore password> a1.sinks.k1.truststore-type=<truststore type>
Configure these sets of properties for more instances of the Thrift source and sink as required. You can use either Cloudera Manager or the command line to edit the flume.conf file.
Using Cloudera Manager
Minimum Required Role: Configurator (also provided by Cluster Administrator, Full Administrator)
- Open the Cloudera Manager Admin Console and go to the Flume service.
- Click the Configuration tab.
- Select .
- Select .
- Edit the Configuration File property and add the Thrift source and sink properties for each Thrift source and sink instance as described above to the configuration file.
- Click Save Changes to commit the changes.
- Restart the Flume service.
Using the Command Line
Go to the /etc/flume-ng/conf/flume.conf file and add the Thrift source and sink properties for each Thrift source and sink instance as described above.