Spark for SSL - stanislawbartkowski/hdpwiredencryption GitHub Wiki
The procedure is simple and straightforward.
Keystores and trustores
Create a new keystore and truststore, self-signed or CA-signed, or reuse existing assuming that HDFS/Yarn/Tez/MapReduce wired encryption is enabled. Together with Spark wired encryption enabled, Spark History UI is also listening on secure HTTP.
Configuration
Ambari->Spark2->Configs->Advanced
All properties related to SSL should be added as new.
Custom spark2-defaults
| Property | Sample value |
|---|---|
| spark.ssl.enabled | true |
| spark.ssl.keyPassword | secret |
| spark.ssl.keyStore | /etc/security/serverKeys/keystore.jks |
| spark.ssl.keyStorePassword | secret |
| spark.ssl.protocol | TLS |
| spark.ssl.trustStore | /etc/security/clientKeys/allkeys.jks |
| spark.ssl.trustStorePassword | secret |
| spark.ui.https.enabled | true |
Restart Spark2
Verify
Spark History UI is launched on secure HTTP. Make sure that in the URL the secure port is included, a default value is 18481