mikacur/MRS-operation-guide-lts
1
0
Fork 0
forked from docs/mapreduce-service
Code Pull Requests Activity
MRS-operation-guide-lts/doc/component-operation-guide/source/using_flink/flink_configuration_management/ssl.rst
proposalbot 3ccfbdc0f0 Changes to mrs_operation-guide from docs/doc-exports#475 (MRS component operatio 
Reviewed-by: Kacur, Michal <michal.kacur@t-systems.com>
Co-authored-by: proposalbot <proposalbot@otc-service.com>
Co-committed-by: proposalbot <proposalbot@otc-service.com>
2022-12-09 14:50:38 +00:00

18 KiB
Raw Blame History

original_name

mrs_01_1569.html

SSL

Scenarios

When the secure Flink cluster is required, SSL-related configuration items must be set.

Configuration Description

Configuration items include the SSL switch, certificate, password, and encryption algorithm.

For versions earlier than MRS 3.x, see Table 1 <mrs_01_1569__table956544414184>.

Table 1 Parameters
Parameter Mandatory Default Value Description
security.ssl.internal.enabled Yes

The value is automatically configured according to the cluster installation mode.

  • Security mode: The default value is true.
  • Normal mode: The default value is false.
 Main switch of internal communication SSL.
security.ssl.internal.keystore Yes - Java keystore file.
security.ssl.internal.keystore-password Yes - Password used to decrypt the keystore file.
security.ssl.internal.key-password Yes - Password used to decrypt the server key in the keystore file.
security.ssl.internal.truststore Yes - truststore file containing the public CA certificates.
security.ssl.internal.truststore-password Yes - Password used to decrypt the truststore file.
security.ssl.protocol Yes TLSv1.2 SSL transmission protocol version
security.ssl.algorithms Yes The default value is TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256. Supported SSL standard algorithm. For details, see the Java official website.
security.ssl.rest.enabled Yes

The value is automatically configured according to the cluster installation mode.

  • Security mode: The default value is true.
  • Normal mode: The default value is false.
 Main switch of external communication SSL.
security.ssl.rest.keystore Yes - Java keystore file.
security.ssl.rest.keystore-password Yes - Password used to decrypt the keystore file.
security.ssl.rest.key-password Yes - Password used to decrypt the server key in the keystore file.
security.ssl.rest.truststore Yes - truststore file containing the public CA certificates.
security.ssl.rest.truststore-password Yes - Password used to decrypt the truststore file.

For configuration items for MRS 3.x or later, see Table 2 <mrs_01_1569__t0257778dfe3544959abfc85715cc5672>.

Table 2 Parameters
Parameter Description Default Value Mandatory
security.ssl.enabled Main switch of internal communication SSL.

The value is automatically configured according to the cluster installation mode.

  • Security mode: The default value is true.
  • Non-security mode: The default value is false.
 Yes
security.ssl.keystore Java keystore file. - Yes
security.ssl.keystore-password Password used to decrypt the keystore file. - Yes
security.ssl.key-password Password used to decrypt the server key in the keystore file. - Yes
security.ssl.truststore truststore file containing the public CA certificates. - Yes
security.ssl.truststore-password Password used to decrypt the truststore file. - Yes
security.ssl.protocol SSL transmission protocol version. TLSv1.2 Yes
security.ssl.algorithms Supported SSL standard algorithm. For details, see the Java official website.

The default value:

"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"

 Yes