vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide/mrs_01_1069.html
Yang, Tong 6182f91ba8 MRS component operation guide_normal 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2022-12-09 14:55:21 +00:00

303 lines
56 KiB
HTML
Raw Blame History

<a name="mrs_01_1069"></a><a name="mrs_01_1069"></a>
<h1 class="topictitle1">Configuring the Encrypted Transmission</h1>
<div id="body1590374668180"><div class="section" id="mrs_01_1069__sbe5c54ef009240e398302ae6b2f2720e"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_1069__a1383a9bbef5c46fb933de88be50cfa90">This section describes how to configure the server and client parameters of the Flume service (including the Flume and MonitorServer roles) after the cluster is installed to ensure proper running of the service.</p>
<p id="mrs_01_1069__p1190153615238">This section applies to MRS 3.<em id="mrs_01_1069__i093142919563">x</em> or later clusters.</p>
</div>
<div class="section" id="mrs_01_1069__s048aa13b5aef4d9da5242db03f3d26a0"><h4 class="sectiontitle">Prerequisites</h4><p id="mrs_01_1069__af72a7119f7944ed1acc651f4955fde53">The cluster and Flume service have been installed.</p>
</div>
<div class="section" id="mrs_01_1069__s181d3ff144264fda8c6c1bcdccff19d4"><h4 class="sectiontitle">Procedure</h4><ol id="mrs_01_1069__oa93ba287d1e04e0fad158483271bf460"><li id="mrs_01_1069__l5bf2fdcb9de641b4b0907d1e4732dc0e"><span>Generate the certificate trust lists of the server and client of the Flume role respectively.</span><p><ol type="a" id="mrs_01_1069__o092cad884f144a8a9d61b8caafc13e75"><li id="mrs_01_1069__en-us_topic_0060224978_li24199868185">Remotely log in to the node using ECM where the Flume server is to be installed as user <strong id="mrs_01_1069__b1773096759103556">omm</strong>. Go to the <strong id="mrs_01_1069__b171049111722">${BIGDATA_HOME}/FusionInsight_Porter_<span id="mrs_01_1069__text12997111921">8.1.0.1</span>/install/FusionInsight-Flume-1.9.0/flume/bin</strong> directory.<p id="mrs_01_1069__en-us_topic_0060224978_p457333408189"><strong id="mrs_01_1069__b54502827144330">cd ${BIGDATA_HOME}/FusionInsight_Porter_</strong><strong id="mrs_01_1069__b20763398144330"><span id="mrs_01_1069__text476418115245">8.1.0.1</span>/install/FusionInsight-Flume-1.9.0/flume/bin</strong></p>
<div class="note" id="mrs_01_1069__note16235819151914"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_1069__p2023571991915"><span id="mrs_01_1069__text14201225181914">The version 8.1.0.1 is used as an example. Replace it with the actual version number.</span></p>
</div></div>
</li><li id="mrs_01_1069__en-us_topic_0060224978_li66651088185">Run the following command to generate and export the server and client certificates of the Flume role:<p id="mrs_01_1069__a4554719168704b95b4fb7832410a8622"><a name="mrs_01_1069__en-us_topic_0060224978_li66651088185"></a><a name="en-us_topic_0060224978_li66651088185"></a><strong id="mrs_01_1069__b79351216122216">sh geneJKS.sh -f </strong><em id="mrs_01_1069__i186817175229">xxx</em><strong id="mrs_01_1069__b79361416152210"> -g </strong><em id="mrs_01_1069__i1247221318226">xxx</em></p>
<div class="p" id="mrs_01_1069__en-us_topic_0060224978_p8955081851">The generated certificate is saved in the <strong id="mrs_01_1069__b1811991611211">${BIGDATA_HOME}/FusionInsight_Porter_<span id="mrs_01_1069__text1311419168211">8.1.0.1</span>/install/FusionInsight-Flume-1.9.0/flume/conf</strong> path .<ul id="mrs_01_1069__en-us_topic_0060224978_ul35713308185"><li id="mrs_01_1069__lc57db6b6f98b4d90951dc411226229f8"><strong id="mrs_01_1069__b1849217243219">flume_sChat.jks</strong> is the certificate library of the Flume role server. <strong id="mrs_01_1069__b114981824720">flume_sChat.crt</strong> is the exported file of the <strong id="mrs_01_1069__b94997241521">flume_sChat.jks</strong> certificate. <strong id="mrs_01_1069__b2050011249213">-f</strong> indicates the password of the certificate and certificate library.</li><li id="mrs_01_1069__lc39b981cb87b4365a4de2e2679cc8ccd"><strong id="mrs_01_1069__b022813269215">flume_cChat.jks</strong> is the certificate library of the Flume role client. <strong id="mrs_01_1069__b12229122617217">flume_cChat.crt</strong> is the exported file of the <strong id="mrs_01_1069__b62301126522">flume_cChat.jks</strong> certificate. <strong id="mrs_01_1069__b62300261027">-g</strong> indicates the password of the certificate and certificate library.</li><li id="mrs_01_1069__la4c890e165c74559a828630d3b348540"><strong id="mrs_01_1069__b857311281320">flume_sChatt.jks</strong> and <strong id="mrs_01_1069__b185749288213">flume_cChatt.jks</strong> are the SSL certificate trust lists of the Flume server and client, respectively.</li></ul>
<div class="note" id="mrs_01_1069__n418e768e33de477cb40e72ca5579bbdb"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_1069__p8539059123710">All user-defined passwords involved in this section must meet the following requirements:</p>
<ul id="mrs_01_1069__ueca48f5f48044e51bfae0a382600ce6b"><li id="mrs_01_1069__ldcd1d6206de04c77926aa524e5b7dd2e">The password must contain at least four types of uppercase letters, lowercase letters, digits, and special characters.</li><li id="mrs_01_1069__l52ae25b1b2884878a6ddbab53c72b803">The password must contain 8 to 64 characters.</li><li id="mrs_01_1069__le5f6aa38237c49f39a0370096d47230e">It is recommended that the user-defined passwords be changed periodically (for example, every three months), and certificates and trust lists be generated again to ensure security.</li></ul>
</div></div>
</div>
</li></ol>
</p></li><li id="mrs_01_1069__led00d5ff6f0a4cb7a007206d410be239"><span>Configure the server parameters of the Flume role and upload the configuration file to the cluster.</span><p><ol type="a" id="mrs_01_1069__ode8a59efe3a449f582450327c51b5f8f"><li id="mrs_01_1069__ld5c15499fb6946cb9bfc9b381b2b7e0c">Remotely log in to any node where the Flume role is located as user <strong id="mrs_01_1069__b2141630191103556">omm</strong> using ECM. Run the following command to go to the ${BIGDATA_HOME}/FusionInsight_Porter_<span id="mrs_01_1069__text17306532534">8.1.0.1</span>/install/FusionInsight-Flume-1.9.0/flume/bin directory:<p class="litext" id="mrs_01_1069__aafe1a91e07d44dbaa622ada264b15486"><strong id="mrs_01_1069__b754444144422">cd ${BIGDATA_HOME}/FusionInsight_Porter_</strong><strong id="mrs_01_1069__b6789997144422"><span id="mrs_01_1069__text1398751752619">8.1.0.1</span>/install/FusionInsight-Flume-1.9.0/flume/bin</strong></p>
</li><li id="mrs_01_1069__l9f81f0e892824e79a1414cd62cce07ba"><a name="mrs_01_1069__l9f81f0e892824e79a1414cd62cce07ba"></a><a name="l9f81f0e892824e79a1414cd62cce07ba"></a>Run the following command to generate and obtain Flume server keystore password, trust list password, and keystore-password encrypted private key information. Enter the password twice and confirm the password. It is the password of the <strong id="mrs_01_1069__b122633619312">flume_sChat.jks</strong> certificate library.<p class="litext" id="mrs_01_1069__a6678de18ac23434d8e868d161400537a"><strong id="mrs_01_1069__a73e51850629c48b1988c7f51294eed84">./genPwFile.sh</strong></p>
<p class="litext" id="mrs_01_1069__a334621ad4eac48d1a312ae006fa5810d"><strong id="mrs_01_1069__ad359ed2fd1d54717bbb5fe0b3c589ce4">cat password.property</strong></p>
</li><li id="mrs_01_1069__labfff5b8f09a4c8ebfd0073968005a68">Use the Flume configuration tool on the FusionInsight Manager portal to configure the server parameters and generate the configuration file.<ol class="substepthirdol" id="mrs_01_1069__oad087c1a1a72488ea71df9537340d485"><li id="mrs_01_1069__l1a6787ba87da4ee38b5d53127892ac94">Log in to FusionInsight Manager. Choose <strong id="mrs_01_1069__b20501153111412">Services</strong> &gt; <strong id="mrs_01_1069__b125021231101411">Flume</strong> &gt; <strong id="mrs_01_1069__b1450211318141">Configuration Tool</strong>.</li><li id="mrs_01_1069__l818b241cf0424a27871a82317d3c2508">Set <strong id="mrs_01_1069__b157071431320">Agent Name</strong> to <strong id="mrs_01_1069__b57132431837">server</strong>. Select the source, channel, and sink to be used, drag them to the GUI on the right, and connect them.<p id="mrs_01_1069__adfb5b1dd04e04c0ea92ab0a247281737">For example, use Avro Source, File Channel, and HDFS Sink.</p>
</li><li id="mrs_01_1069__l0775d24db9e741c2aaf71b2a3c833942">Double-click the source, channel, and sink. Set corresponding configuration parameters by seeing <a href="#mrs_01_1069__te7d3219190a74a0aba371689e6bdb84d">Table 1</a> based on the actual environment.<div class="note" id="mrs_01_1069__n86dab18147cf479a8a826928944f709a"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="mrs_01_1069__uebae1a9f0e9b42fe8824c0311fd86717"><li id="mrs_01_1069__l6ee44f1332784fa5952dece0e58d41f5">If the server parameters of the Flume role have been configured, you can choose <strong id="mrs_01_1069__b1665059724103556">Services</strong> &gt; <strong id="mrs_01_1069__b2035398176103556">Flume</strong> &gt; <strong id="mrs_01_1069__b362201025103556">Instance</strong> on FusionInsight Manager. Then select the corresponding Flume role instance and click the <strong id="mrs_01_1069__b1735957651103556">Download</strong> button behind the <span class="parmname" id="mrs_01_1069__parmname1913608539103556"><b>flume.config.file</b></span> parameter on the <strong id="mrs_01_1069__b110821772103556">Instance Configurations</strong> page to obtain the existing server parameter configuration file. Choose <strong id="mrs_01_1069__b1374241114018">Services</strong> &gt; <strong id="mrs_01_1069__b191441743164019">Flume</strong> &gt; <strong id="mrs_01_1069__b0888124620401">Import</strong> to change the relevant configuration items of encrypted transmission after the file is imported.</li><li id="mrs_01_1069__l8ed79e3017b44da196e210659de51e54">It is recommended that the numbers of Sources, Channels, and Sinks do not exceed 40 during configuration file import. Otherwise, the response time may be very long.</li></ul>
</div></div>
</li><li id="mrs_01_1069__la310363819904f52b26042db556e1178">Click <strong id="mrs_01_1069__b1281501815103556">Export</strong> to save the <strong id="mrs_01_1069__b1765011827103556">properties.properties</strong> configuration file to the local.
<div class="tablenoborder"><a name="mrs_01_1069__te7d3219190a74a0aba371689e6bdb84d"></a><a name="te7d3219190a74a0aba371689e6bdb84d"></a><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1069__te7d3219190a74a0aba371689e6bdb84d" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters to be modified of the Flume role server</caption><thead align="left"><tr id="mrs_01_1069__r524c9b81575941a49e9fd1a608ee2164"><th align="left" class="cellrowborder" valign="top" width="23.232323232323232%" id="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.1"><p id="mrs_01_1069__acb06093b72514b03a8c583ee09bc01f3">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="45.45454545454545%" id="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.2"><p id="mrs_01_1069__a1771cd69ac2d413e9ca3a10941bd1ed1">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="31.313131313131308%" id="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.3"><p id="mrs_01_1069__a3832538841d94ce3b86f280159e7018c">Example Value</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1069__r03c27534741a4e7dbb76f81d0fe541d9"><td class="cellrowborder" valign="top" width="23.232323232323232%" headers="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.1 "><p id="mrs_01_1069__a3c5aa558db8e433ea541ad7fa9757b18">ssl</p>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454545%" headers="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.2 "><p id="mrs_01_1069__af2248c9416a3483d8d8ff008c76e9bcb">Specifies whether to enable the SSL authentication. (You are advised to enable this function to ensure security.)</p>
<ul id="mrs_01_1069__u8f9cae6b76b04fe485bf5ae6cee73593"><li id="mrs_01_1069__l3a731b4cf9ac49e9b99421a7e97deb3d"><strong id="mrs_01_1069__b1739375423103556">true</strong> indicates that the function is enabled.</li><li id="mrs_01_1069__ld28e92c4c904491d9c7ed2167f7bbd55"><strong id="mrs_01_1069__b2100220203103556">false</strong> indicates that the client authentication function is not enabled.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="31.313131313131308%" headers="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.3 "><p id="mrs_01_1069__aa6a9a177c5274c5b820bebec3112259e">true</p>
</td>
</tr>
<tr id="mrs_01_1069__r59ad83fc9469428f88444b219ebcaa57"><td class="cellrowborder" valign="top" width="23.232323232323232%" headers="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.1 "><p id="mrs_01_1069__a55291684bbf243ab85d70b554515ce6d">keystore</p>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454545%" headers="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.2 "><p id="mrs_01_1069__a868192a0013e4afe9e10c27d60e5d6b8">Indicates the server certificate.</p>
</td>
<td class="cellrowborder" valign="top" width="31.313131313131308%" headers="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.3 "><p id="mrs_01_1069__a9fc0bc26bcad4a38b9df8dcae5171d7e">${BIGDATA_HOME<strong id="mrs_01_1069__b590011411302">}</strong>/FusionInsight_Porter_<span id="mrs_01_1069__text128261139152518">8.1.0.1</span>/install/FusionInsight-Flume-1.9.0/flume/conf/flume_sChat.jks</p>
</td>
</tr>
<tr id="mrs_01_1069__rcebf254f210a4a4b8192b0b310f8470a"><td class="cellrowborder" valign="top" width="23.232323232323232%" headers="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.1 "><p id="mrs_01_1069__a283b4d1569434422b6b03a5f2db9c6ed">keystore-password</p>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454545%" headers="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.2 "><p id="mrs_01_1069__ad2871f3017574941836bcc802edbc876">Specifies the password of the key library, which is the password required to obtain the keystore information.</p>
<p id="mrs_01_1069__a6740a426d8d44e5fa82255482861dd35">Enter the value of password obtained in <a href="#mrs_01_1069__l9f81f0e892824e79a1414cd62cce07ba">2.b</a>.</p>
</td>
<td class="cellrowborder" valign="top" width="31.313131313131308%" headers="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.3 "><p id="mrs_01_1069__a19c9511159404e06a5f5d08419bb47b6">-</p>
</td>
</tr>
<tr id="mrs_01_1069__r8b0c93234f6c4306bbeee9faff8129b9"><td class="cellrowborder" valign="top" width="23.232323232323232%" headers="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.1 "><p id="mrs_01_1069__a8da6cae13b0e44dfab2f232253dbb81e">truststore</p>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454545%" headers="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.2 "><p id="mrs_01_1069__a5874cf222b5847c9ba650a2365978681">Indicates the SSL certificate trust list of the server.</p>
</td>
<td class="cellrowborder" valign="top" width="31.313131313131308%" headers="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.3 "><p id="mrs_01_1069__ae3e21b07b8984f5d92d45161b888b28e">${BIGDATA_HOME<strong id="mrs_01_1069__b927935793010">}</strong>/FusionInsight_Porter_<span id="mrs_01_1069__text0906859102515">8.1.0.1</span>/install/FusionInsight-Flume-1.9.0/flume/conf/flume_sChatt.jks</p>
</td>
</tr>
<tr id="mrs_01_1069__re5e075185cd84147a033d5ccc4721ffb"><td class="cellrowborder" valign="top" width="23.232323232323232%" headers="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.1 "><p id="mrs_01_1069__a43771f24503743988b3b30f39733b9a8">truststore-password</p>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454545%" headers="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.2 "><p id="mrs_01_1069__a25a95555e1f545ea8cd32394ae80caf2">Specifies the trust list password, which is the password required to obtain the truststore information.</p>
<p id="mrs_01_1069__aac37e932d2544d3bbc0430aae448b8b8">Enter the value of password obtained in <a href="#mrs_01_1069__l9f81f0e892824e79a1414cd62cce07ba">2.b</a>.</p>
</td>
<td class="cellrowborder" valign="top" width="31.313131313131308%" headers="mcps1.3.3.2.2.2.1.3.1.4.3.2.4.1.3 "><p id="mrs_01_1069__af737462507234a61bbb37f5553089f23">-</p>
</td>
</tr>
</tbody>
</table>
</div>
</li></ol>
</li><li id="mrs_01_1069__lcdff6a7486154b09ba145934bb2a699d">Log in to FusionInsight Manager and choose <strong id="mrs_01_1069__b1792984747103556">Cluster</strong> &gt; <em id="mrs_01_1069__i1695538362103556">Name of the desired cluster</em> &gt; <strong id="mrs_01_1069__b1025461252103556">Services</strong> &gt; <strong id="mrs_01_1069__b114727030103556">Flume</strong>. On the displayed page, click the <strong id="mrs_01_1069__b438431129103556">Flume</strong> role under <strong id="mrs_01_1069__b22022251103556">Role</strong>.</li><li id="mrs_01_1069__l7cbd8c672618474091fdf2287f907057">Select the Flume role of the node where the configuration file is to be uploaded, choose <strong id="mrs_01_1069__b1983410547103556">Instance Configurations</strong> &gt; <strong id="mrs_01_1069__b1428978062103556">Import</strong> beside the <span class="parmname" id="mrs_01_1069__parmname289128791103556"><b>flume.config.file</b></span>, and select the <strong id="mrs_01_1069__b358439997103556">properties.properties</strong> file.<div class="note" id="mrs_01_1069__n5a9b326e7a01406bbce5a04829f36a0a"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="mrs_01_1069__ue2316acc02f147d0aa39b30664469132"><li class="text" id="mrs_01_1069__l848704a851dd4db2a6c58f6878754e9e">An independent server configuration file can be uploaded to each Flume instance.</li><li class="text" id="mrs_01_1069__l2c5f35cf6541481ea553a0b626e1d130">This step is required for updating the configuration file. Modifying the configuration file on the background is an improper operation because the modification will be overwritten after configuration synchronization.</li></ul>
</div></div>
</li><li id="mrs_01_1069__la7f90ecab98d474bb42dd27e52c011f8">Click <strong id="mrs_01_1069__b1598151725103556">Save</strong>, and then click <strong id="mrs_01_1069__b632544060103556">OK</strong>. Click <strong id="mrs_01_1069__b1478444589103556">Finish</strong>.</li></ol>
</p></li><li id="mrs_01_1069__l0e1ab5b1ca254e0c9379c6a06b27d3c4"><span>Set the client parameters of the Flume role.</span><p><ol type="a" id="mrs_01_1069__oe37456526a5f436883b42c100c1b75aa"><li id="mrs_01_1069__lc602b6cb04d448aa98af2bf025861be5">Run the following commands to copy the generated client certificate (<strong id="mrs_01_1069__b245756305103556">flume_cChat.jks</strong>) and client trust list (<strong id="mrs_01_1069__b1866930768103556">flume_cChatt.jks</strong>) to the client directory, for example, <strong id="mrs_01_1069__b2089253942103556">/opt/flume-client/fusionInsight-flume-1.9.0/conf/</strong>. (The Flume client must have been installed.) <strong id="mrs_01_1069__b1610081560103556">10.196.26.1</strong> is the service plane IP address of the node where the client resides.<p class="litext" id="mrs_01_1069__a8fd63b10290945e390f0a77170fc3ff3"><strong id="mrs_01_1069__b46326001144455">scp ${BIGDATA_HOME}/FusionInsight_Porter_</strong><strong id="mrs_01_1069__b13131627443"><span id="mrs_01_1069__text2083513972612">8.1.0.1</span></strong><strong id="mrs_01_1069__b14280833144455">/install/FusionInsight-Flume-1.9.0/flume/conf/flume_cChat.jks user@10.196.26.1:/opt/flume-client/fusionInsight-flume-1.9.0/conf/</strong></p>
<p class="litext" id="mrs_01_1069__a9a398ae331244c33a47cd5654a3f63be"><strong id="mrs_01_1069__b2902543714455">scp ${BIGDATA_HOME}/FusionInsight_Porter_</strong><strong id="mrs_01_1069__b155284291048"><span id="mrs_01_1069__text14414738182614">8.1.0.1</span></strong><strong id="mrs_01_1069__b5990234314455">/install/FusionInsight-Flume-1.9.0/flume/conf/flume_cChatt.jks user@10.196.26.1:/opt/flume-client/fusionInsight-flume-1.9.0/conf/</strong></p>
<div class="note" id="mrs_01_1069__n9531eb8acf0144a0a05a333d313248db"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p class="text" id="mrs_01_1069__acf3f146edbc64c90915c75ecdaeb02a5">When copying the client certificate, you need to enter the password of user <strong id="mrs_01_1069__b382381643103556">user</strong> of the host (for example, <strong id="mrs_01_1069__b574824328103556">10.196.26.1</strong>) where the client resides.</p>
</div></div>
</li><li id="mrs_01_1069__l313c23b332f748b69e7166d8120d0ece">Log in to the node where the Flume client is decompressed as user <strong id="mrs_01_1069__af14ff932396049e482cf7328649cf482">user</strong>. Run the following command to go to the client directory <strong id="mrs_01_1069__b63131250115014">opt/flume-client/fusionInsight-flume-1.9.0/bin</strong>.<p class="litext" id="mrs_01_1069__a6be3acd9f62444ac93488e43ca61e73d"><strong id="mrs_01_1069__a372666d463d94e9f98105ab0a8093185">cd </strong><strong id="mrs_01_1069__b1414042073316">opt/flume-client/fusionInsight-flume-1.9.0/bi</strong><strong id="mrs_01_1069__b1789715923719">n</strong></p>
</li><li id="mrs_01_1069__l5265677717ab4dd5971a3b6a0d0be5f6"><a name="mrs_01_1069__l5265677717ab4dd5971a3b6a0d0be5f6"></a><a name="l5265677717ab4dd5971a3b6a0d0be5f6"></a>Run the following command to generate and obtain Flume client keystore password, trust list password, and keystore-password encrypted private key information. Enter the password twice and confirm the password. The password is the same as the password of the certificate whose alias is <em id="mrs_01_1069__i1720730167103556">flumechatclient</em> and the password of the <em id="mrs_01_1069__i1001972602103556">flume_cChat.jks</em> certificate library.<p class="litext" id="mrs_01_1069__aa536463167e3473282a4f35b102e13e8"><strong id="mrs_01_1069__a3ef92597b3f54926ae6a3034fd456316">./genPwFile.sh</strong></p>
<p class="litext" id="mrs_01_1069__a06c44a26a7174de089b443d5dc2ee027"><strong id="mrs_01_1069__ae889dda7cbff434c9d2f667e7c456e8d">cat password.property</strong></p>
<div class="note" id="mrs_01_1069__n9c39b3fb63bb42adb348593f17d20a16"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p class="text" id="mrs_01_1069__aaa13c2dfbd8d42bab1d660be4a46d213">If the following error message is displayed, run the export <strong id="mrs_01_1069__b57954478103556">JAVA_HOME=<em id="mrs_01_1069__i683143690103556">JDK</em><em id="mrs_01_1069__i1686563102103556"> path</em></strong> command.</p>
<pre class="screen" id="mrs_01_1069__sced4e3cc9a6b4d268014fc79fc358298">JAVA_HOME is null in current user,please install the JDK and set the JAVA_HOME</pre>
</div></div>
</li><li id="mrs_01_1069__li1686593619549">Run the <strong id="mrs_01_1069__b592359143017">echo $SCC_PROFILE_DIR</strong> command to check whether the <strong id="mrs_01_1069__b2011416203300">SCC_PROFILE_DIR</strong> environment variable is empty.<ul id="mrs_01_1069__ul6543127125720"><li id="mrs_01_1069__li125431627125712">If yes, run the <strong id="mrs_01_1069__b9473534103019">source .sccfile</strong> command.</li><li id="mrs_01_1069__li1483204513576">If no, go to <a href="#mrs_01_1069__l1267a09eec45401986e9df78695f5d4c">3.e</a>.</li></ul>
</li><li id="mrs_01_1069__l1267a09eec45401986e9df78695f5d4c"><a name="mrs_01_1069__l1267a09eec45401986e9df78695f5d4c"></a><a name="l1267a09eec45401986e9df78695f5d4c"></a>Use the Flume configuration tool on FusionInsight Manager to configure the Flume role client parameters and generate a configuration file.<ol class="substepthirdol" id="mrs_01_1069__o22812bc7c2224b96bf5bd8dc84863626"><li id="mrs_01_1069__l3895268cdb484dcc9112cef361cb601f">Log in to FusionInsight Manager and choose <strong id="mrs_01_1069__b101385471103556">Cluster</strong> &gt; <em id="mrs_01_1069__i899139178103556">Name of the desired cluster</em> &gt; <strong id="mrs_01_1069__b955704738103556">Services</strong> &gt; <strong id="mrs_01_1069__b511925024103556">Flume</strong> &gt; <strong id="mrs_01_1069__b1089571059103556">Configuration Tool</strong>.</li><li id="mrs_01_1069__l01c8a7d62b7f482ea1fd6da6a692eda1">Set <strong id="mrs_01_1069__b1505425561103556">Agent Name</strong> to <strong id="mrs_01_1069__b736269518103556">client</strong>. Select the source, channel, and sink to be used, drag them to the GUI on the right, and connect them.<p id="mrs_01_1069__abd19bc917bf84754b92fa025d0823dc4">For example, use SpoolDir Source, File Channel, and Avro Sink.</p>
</li><li id="mrs_01_1069__lde72ff46c82d4310a6569d9d12eb378c">Double-click the source, channel, and sink. Set corresponding configuration parameters by seeing <a href="#mrs_01_1069__t231a870090124a8e8556717e6a7db11c">Table 2</a> based on the actual environment.<div class="note" id="mrs_01_1069__naee33bdf559949be893c028cbcd37f20"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="mrs_01_1069__ued52685e2cae4ef38f43db68be688f3e"><li id="mrs_01_1069__l89946580c2e04e85879dfec339318397">If the client parameters of the Flume role have been configured, you can obtain the existing client parameter configuration file from <em id="mrs_01_1069__i119511030103556">client installation directory</em><strong id="mrs_01_1069__b1683761126103556">/fusioninsight-flume-1.9.0/conf/properties.properties</strong> to ensure that the configuration is in concordance with the previous. Log in to FusionInsight Manager, choose <strong id="mrs_01_1069__b1238247599103556">Cluster</strong> &gt; <em id="mrs_01_1069__i1882665331103556">Name of the desired cluster</em> &gt; <strong id="mrs_01_1069__b154142613103556">Services</strong> &gt; <strong id="mrs_01_1069__b177339562103556">Flume</strong> &gt; <strong id="mrs_01_1069__b849487367103556">Configuration Tool</strong> &gt; <strong id="mrs_01_1069__b2077697417103556">Import</strong>, import the file, and modify the configuration items related to encrypted transmission.</li><li id="mrs_01_1069__laf71b98911344b51a67e753087f29759">It is recommended that the numbers of Sources, Channels, and Sinks do not exceed 40 during configuration file import. Otherwise, the response time may be very long.</li><li id="mrs_01_1069__l955e95d5455e49deb273a1207aac9965">A unique checkpoint directory needs to be configured for each File Channel.</li></ul>
</div></div>
</li><li id="mrs_01_1069__lc6fb0bf0aa7141a79e498b8e6d6b0c41">Click <strong id="mrs_01_1069__b1271792839103556">Export</strong> to save the <strong id="mrs_01_1069__b560955016103556">properties.properties</strong> configuration file to the local.
<div class="tablenoborder"><a name="mrs_01_1069__t231a870090124a8e8556717e6a7db11c"></a><a name="t231a870090124a8e8556717e6a7db11c"></a><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1069__t231a870090124a8e8556717e6a7db11c" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters to be modified of the Flume role client</caption><thead align="left"><tr id="mrs_01_1069__r327415b1e7b94993ab59cd052de50ac0"><th align="left" class="cellrowborder" valign="top" width="33%" id="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.1"><p id="mrs_01_1069__a7a56f2f01c524ed29929bf1b0c793572">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33%" id="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.2"><p id="mrs_01_1069__af87e2d59935149589d1d7f88d5ce001e">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="34%" id="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.3"><p id="mrs_01_1069__a64fd13bfec804ad38b73468d22bbdb43">Example Value</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1069__rc80e2adc06f441d6882a97a2dcc12835"><td class="cellrowborder" valign="top" width="33%" headers="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.1 "><p id="mrs_01_1069__a5f23fbe951764e8e8260ea5f285e620d">ssl</p>
</td>
<td class="cellrowborder" valign="top" width="33%" headers="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.2 "><p id="mrs_01_1069__acbac37da20db4a82b0b5722aa603d7a5">Indicates whether to enable the SSL authentication. (You are advised to enable this function to ensure security.)</p>
<ul id="mrs_01_1069__u1d4dbe29089e45e097c99f8ab22d9931"><li id="mrs_01_1069__l53350bb2a9e64e20b0deaf3bb5ba7a99"><strong id="mrs_01_1069__b1027598422103556">true</strong> indicates that the function is enabled.</li><li id="mrs_01_1069__lfed67f48e66d41e6a1a71582cd610435"><strong id="mrs_01_1069__b924202165103556">false</strong> indicates that the client authentication function is not enabled.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="34%" headers="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.3 "><p id="mrs_01_1069__a1fbfdc97fff14575803eb5ced83d7c3f">true</p>
</td>
</tr>
<tr id="mrs_01_1069__r78e269f3b8924aeaa7c5f43871c3aa32"><td class="cellrowborder" valign="top" width="33%" headers="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.1 "><p id="mrs_01_1069__afab832b5a79a4f26a72b8787a2ba7032">keystore</p>
</td>
<td class="cellrowborder" valign="top" width="33%" headers="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.2 "><p id="mrs_01_1069__a645b748d0ecf49cdaeb17389ed530891">Specified the client certificate.</p>
</td>
<td class="cellrowborder" valign="top" width="34%" headers="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.3 "><p id="mrs_01_1069__ab2f074ee556045298a594192379d6760">/opt/flume-client/fusionInsight-flume-1.9.0/conf/flume_cChat.jks</p>
</td>
</tr>
<tr id="mrs_01_1069__ra60759d289c74b5a938eb4e858be772d"><td class="cellrowborder" valign="top" width="33%" headers="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.1 "><p id="mrs_01_1069__a9b189b4694fa4530980b13c7a6c7d49e">keystore-password</p>
</td>
<td class="cellrowborder" valign="top" width="33%" headers="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.2 "><p id="mrs_01_1069__aff8c152fbd85494087562f68c9241645">Specifies the password of the key library, which is the password required to obtain the keystore information.</p>
<p id="mrs_01_1069__ac4dcdccbe2e34ba4bb049a9022887ce5">Enter the value of password obtained in <a href="#mrs_01_1069__l5265677717ab4dd5971a3b6a0d0be5f6">3.c</a>.</p>
</td>
<td class="cellrowborder" valign="top" width="34%" headers="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.3 "><p id="mrs_01_1069__ab05c639ee1fe4c1eb9d981c3ff3f8224">-</p>
</td>
</tr>
<tr id="mrs_01_1069__r61a3a2674a494d40bab7e07b81c9a579"><td class="cellrowborder" valign="top" width="33%" headers="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.1 "><p id="mrs_01_1069__af90371f88a774e6a9f42880683712112">truststore</p>
</td>
<td class="cellrowborder" valign="top" width="33%" headers="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.2 "><p id="mrs_01_1069__abb11b72226a24d138c67133fb29b0b4f">Indicates the SSL certificate trust list of the client.</p>
</td>
<td class="cellrowborder" valign="top" width="34%" headers="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.3 "><p id="mrs_01_1069__a9e700dfab236485783d246793a037a5b">/opt/flume-client/fusionInsight-flume-1.9.0/conf/flume_cChatt.jks</p>
</td>
</tr>
<tr id="mrs_01_1069__r1de123283f7647039452731e8c4e4d1f"><td class="cellrowborder" valign="top" width="33%" headers="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.1 "><p id="mrs_01_1069__ab79e01dfa9fb4119b7aee98289052514">truststore-password</p>
</td>
<td class="cellrowborder" valign="top" width="33%" headers="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.2 "><p id="mrs_01_1069__a80914a59b4e445ef943a70ffdd38efe6">Specifies the trust list password, which is the password required to obtain the truststore information.</p>
<p id="mrs_01_1069__ac5e99aa774b04685b48bb0e6b12e3700">Enter the value of password obtained in <a href="#mrs_01_1069__l5265677717ab4dd5971a3b6a0d0be5f6">3.c</a>.</p>
</td>
<td class="cellrowborder" valign="top" width="34%" headers="mcps1.3.3.2.3.2.1.5.1.4.3.2.4.1.3 "><p id="mrs_01_1069__aa4ca176c70744f1a85190d131bb00cb5">-</p>
</td>
</tr>
</tbody>
</table>
</div>
</li></ol>
</li><li id="mrs_01_1069__l72f19f5f79bc4a80844819607b481d0a">Upload the <strong id="mrs_01_1069__b196061667442">properties.properties</strong> file to <strong id="mrs_01_1069__b1761214604413">flume/conf/</strong> under the installation directory of the Flume client.</li></ol>
</p></li><li id="mrs_01_1069__l040f3fe19e324e5fb0c6994a812af183"><span>Generate the certificate and trust list of the server and client of the MonitorServer role respectively.</span><p><ol type="a" id="mrs_01_1069__o194ccf7444984436991ef7fbbf03e434"><li id="mrs_01_1069__l36307a2f4a7c41a1a7c6e52328caf810">Log in to the host using ECM with the MonitorServer role assigned as user <strong id="mrs_01_1069__b1995105136103556">omm</strong>.<p id="mrs_01_1069__ae5cee460c0ad49f59c1a501b78793750">Go to the <strong id="mrs_01_1069__b696588451103556">${BIGDATA_HOME}/FusionInsight_Porter_<span id="mrs_01_1069__text149224559266">8.1.0.1</span>/install/FusionInsight-Flume-1.9.0/flume/bin</strong> directory.</p>
<p class="litext" id="mrs_01_1069__a7fcc6b23fde6401d96a4c006f2c71be7"><strong id="mrs_01_1069__b768265144523">cd ${BIGDATA_HOME}/FusionInsight_Porter_</strong><strong id="mrs_01_1069__b193826615511"><span id="mrs_01_1069__text1689083152716">8.1.0.1</span></strong><strong id="mrs_01_1069__b6914389144523">/install/FusionInsight-Flume-1.9.0/flume/bin</strong></p>
</li><li id="mrs_01_1069__l1dff82d92e2140b78890899a56c26669">Run the following command to generate and export the server and client certificates of the MonitorServer role:<p id="mrs_01_1069__af5a62b6b11024f23a890153652cdef25"><a name="mrs_01_1069__l1dff82d92e2140b78890899a56c26669"></a><a name="l1dff82d92e2140b78890899a56c26669"></a><strong id="mrs_01_1069__b194211405443">sh geneJKS.sh -m </strong><em id="mrs_01_1069__i1111344114443">xxx</em><strong id="mrs_01_1069__b1494313402449"> -n <em id="mrs_01_1069__i26141246164417">xxx</em></strong></p>
<p id="mrs_01_1069__a5596b192771541b1ba698653ef0a6c11">The generated certificate is saved in the <strong id="mrs_01_1069__b756783043103556">${BIGDATA_HOME}/FusionInsight_Porter_<span id="mrs_01_1069__text1164693572715">8.1.0.1</span>/install/FusionInsight-Flume-1.9.0/flume/conf</strong> path. Where:</p>
<ul id="mrs_01_1069__u7fb0548fb69d4657b83b4e4ed30dac3b"><li id="mrs_01_1069__lff4943de106f47a39e7beed5979c96ce"><strong id="mrs_01_1069__b1037417156103556">ms_sChat.jks</strong> is the certificate library of the MonitorServer role server. <strong id="mrs_01_1069__b111864760103556">ms_sChat.crt</strong> is the exported file of the <strong id="mrs_01_1069__b1838502681103556">ms_sChat.jks</strong> certificate. <strong id="mrs_01_1069__b2130403287103556">-m</strong> indicates the password of the certificate and certificate library.</li><li id="mrs_01_1069__l008035fc2a204cf19dae25bee37435e6"><strong id="mrs_01_1069__b77795189103556">ms_cChat.jks</strong> is the certificate library of the MonitorServer role client. <strong id="mrs_01_1069__b1381321763103556">ms_cChat.crt</strong> is the exported file of the <strong id="mrs_01_1069__b684679964103556">ms_cChat.jks</strong> certificate. <strong id="mrs_01_1069__b484965766103556">-n</strong> indicates the password of the certificate and certificate library.</li><li id="mrs_01_1069__l561e1d6af5884f05babd57ad17beb627"><strong id="mrs_01_1069__b397508696103556">ms_sChatt.jks</strong> and <strong id="mrs_01_1069__b1472474806103556">ms_cChatt.jks</strong> are the SSL certificate trust lists of the MonitorServer server and client, respectively.</li></ul>
</li></ol>
</p></li><li id="mrs_01_1069__l2ac6aa5d81ad48cdb31add9282c5e6e9"><span>Set the server parameters of the MonitorServer role.</span><p><ol type="a" id="mrs_01_1069__o6bc607c536bb47b8aba23a06f9583eae"><li id="mrs_01_1069__l7cc74e0469cb45f4aba9974f2846c1e0"><a name="mrs_01_1069__l7cc74e0469cb45f4aba9974f2846c1e0"></a><a name="l7cc74e0469cb45f4aba9974f2846c1e0"></a>Run the following command to generate and obtain MonitorServer server keystore password, trust list password, and keystore-password encrypted private key information. Enter the password twice and confirm the password. The password is the same as the password of the certificate whose alias is <em id="mrs_01_1069__i1626082082103556">mschatserver</em> and the password of the <em id="mrs_01_1069__i901978482103556">ms_sChat.jks</em> certificate library.<p class="litext" id="mrs_01_1069__a69cbf93fdfb0406f9dbe720ecbc4862b"><strong id="mrs_01_1069__aaf4ad781445d4a1b822500ab2313f222">./genPwFile.sh</strong></p>
<p class="litext" id="mrs_01_1069__ab69dc0c20d0145fab84855b149e6860c"><strong id="mrs_01_1069__a2269293225154b308f5cfe6a6b9fb5f3">cat password.property</strong></p>
</li><li id="mrs_01_1069__la99996c3507143ae9c95b637f4c3470f">Run the following command to open the ${BIGDATA_HOME}/FusionInsight_Porter_<span id="mrs_01_1069__text7370184612717">8.1.0.1</span>/install/FusionInsight-Flume-1.9.0/flume/conf/service/application.properties file: Modify related parameters based on the description in <a href="#mrs_01_1069__tc0d290285ae94086985870f879b563c2">Table 3</a>, save the modification, and exit.<p class="litext" id="mrs_01_1069__a9888ce411b444709b69cdb6cfb132459"><strong id="mrs_01_1069__b3294914314468">vi ${BIGDATA_HOME}/FusionInsight_Porter_</strong><span id="mrs_01_1069__text6288123116286">8.1.0.1</span><strong id="mrs_01_1069__b2810683614468">/install/FusionInsight-Flume-1.9.0/flume/conf/service/application.properties</strong></p>
<div class="tablenoborder"><a name="mrs_01_1069__tc0d290285ae94086985870f879b563c2"></a><a name="tc0d290285ae94086985870f879b563c2"></a><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1069__tc0d290285ae94086985870f879b563c2" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Parameters to be modified of the MonitorServer role server</caption><thead align="left"><tr id="mrs_01_1069__radb151167ad549739e239b32b8688bf7"><th align="left" class="cellrowborder" valign="top" width="22.447755224477554%" id="mcps1.3.3.2.5.2.1.2.4.2.4.1.1"><p id="mrs_01_1069__ac4b16886be8b4b05a3a05da016c436f4">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="38.77612238776123%" id="mcps1.3.3.2.5.2.1.2.4.2.4.1.2"><p id="mrs_01_1069__a1c9a3c2856e243c387dbf0851f23d61c">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="38.77612238776123%" id="mcps1.3.3.2.5.2.1.2.4.2.4.1.3"><p id="mrs_01_1069__a0aa3688aee404356960d6fa07bc708d5">Example Value</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1069__r8f17d36e7032427ebf902dfbf5ea24ea"><td class="cellrowborder" valign="top" width="22.447755224477554%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.1 "><p id="mrs_01_1069__a0bb61881b7dd429d8284dcd004f97588">ssl_need_kspasswd_decrypt_key</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.2 "><p id="mrs_01_1069__a5af916904364423cafe7e2c78e4dff2e">Specifies whether to enable the user-defined key encryption and decryption function. (You are advised to enable this function to ensure security.)</p>
<ul id="mrs_01_1069__u29bbc6fc83524f18b5dbe93d4a21f3ab"><li id="mrs_01_1069__l4fa3764cf67a4da095da39758a5dc040"><strong id="mrs_01_1069__b426283910103556">true</strong> indicates that the function is enabled.</li><li id="mrs_01_1069__lf587cbcd0c0f4bf1a6e7e4e388fe402b"><strong id="mrs_01_1069__b675093740103556">false</strong> indicates that the client authentication function is not enabled.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.3 "><p id="mrs_01_1069__a92bc64609da1485392625c0a71681f45">true</p>
</td>
</tr>
<tr id="mrs_01_1069__r101dd95dbd054b0e86a5b45f82b7c548"><td class="cellrowborder" valign="top" width="22.447755224477554%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.1 "><p id="mrs_01_1069__a699a0d5e6a284201a53c9bc5770d782b">ssl_server_enable</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.2 "><p id="mrs_01_1069__a0d8e68e92192435aa485c067bfd68fe8">Indicates whether to enable the SSL authentication. (You are advised to enable this function to ensure security.)</p>
<ul id="mrs_01_1069__u494146fff6c0489b82aa20132bfb2717"><li id="mrs_01_1069__l22866095ab2e430cb77c567a8553be3c"><strong id="mrs_01_1069__b1972633776103556">true</strong> indicates that the function is enabled.</li><li id="mrs_01_1069__l0f15b80e5cea41878d6214fb2e61d2ba"><strong id="mrs_01_1069__b1254287306103556">false</strong> indicates that the client authentication function is not enabled.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.3 "><p id="mrs_01_1069__a129c3ea2e74e4759a639a623674c2d08">true</p>
</td>
</tr>
<tr id="mrs_01_1069__r78e680337f314eeaa534f7c019d85b1c"><td class="cellrowborder" valign="top" width="22.447755224477554%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.1 "><p id="mrs_01_1069__a6f03a179f32443e994b5d4abb083ef79">ssl_server_key_store</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.2 "><p id="mrs_01_1069__a13b1b97953934e4784e4646dc710c453">Set this parameter based on the specific storage location.</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.3 "><p id="mrs_01_1069__a11e85db8d34b4deba630094b794e005e">${BIGDATA_HOME}/FusionInsight_Porter_<span id="mrs_01_1069__text177825382284">8.1.0.1</span>/install/FusionInsight-Flume-1.9.0/flume/conf/ms_sChat.jks</p>
</td>
</tr>
<tr id="mrs_01_1069__re77e564cea804a14a3b10dba315323dc"><td class="cellrowborder" valign="top" width="22.447755224477554%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.1 "><p id="mrs_01_1069__a66b755306d804c6b970eee992a2c1abf">ssl_server_trust_key_store</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.2 "><p id="mrs_01_1069__a8ac55c8e6b5a4b16a5a831ed1fa61f7a">Set this parameter based on the specific storage location.</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.3 "><p id="mrs_01_1069__ab9ccc7f1a4824d2d8ba07ee50854debf">${BIGDATA_HOME}/FusionInsight_Porter_<span id="mrs_01_1069__text206981449286">8.1.0.1</span>/install/FusionInsight-Flume-1.9.0/flume/conf/ms_sChatt.jks</p>
</td>
</tr>
<tr id="mrs_01_1069__rd2c61339102c4333a8b0e5295d546ea9"><td class="cellrowborder" valign="top" width="22.447755224477554%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.1 "><p id="mrs_01_1069__ab10e5897ebca470a9eb199bc6ecd09ad">ssl_server_key_store_password</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.2 "><p id="mrs_01_1069__aa8fff3cc5e7f42f39a851a62c689f354">Indicates the client certificate password. Set this parameter based on the actual situation of certificate creation (the plaintext key used to generate the certificate).</p>
<p id="mrs_01_1069__a27c3a245f1f74ca193fc121de390cbf5">Enter the value of password obtained in <a href="#mrs_01_1069__l7cc74e0469cb45f4aba9974f2846c1e0">5.a</a>.</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.3 "><p id="mrs_01_1069__a0dfddbf014e943fd94e0551d3c9d87be">-</p>
</td>
</tr>
<tr id="mrs_01_1069__rd33f433ce6b44da68ba8ee678293cb94"><td class="cellrowborder" valign="top" width="22.447755224477554%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.1 "><p id="mrs_01_1069__a32ed1396efbb4d29ac44d87c58c18487">ssl_server_trust_key_store_password</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.2 "><p id="mrs_01_1069__a46d82eb51eaf46a781cbb4b04b7aee96">Specifies the trustkeystore password. Set this parameter based on the actual situation of certificate creation (the plaintext key used to generate the trust list).</p>
<p id="mrs_01_1069__a46d53a4ea6a54ba6a0de935ffd14a321">Enter the value of password obtained in <a href="#mrs_01_1069__l7cc74e0469cb45f4aba9974f2846c1e0">5.a</a>.</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.3 "><p id="mrs_01_1069__aa46c4c8880b84db29b93bf05590d279b">-</p>
</td>
</tr>
<tr id="mrs_01_1069__r08ba3fbab0b24a8089ad877aad1f0662"><td class="cellrowborder" valign="top" width="22.447755224477554%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.1 "><p id="mrs_01_1069__a4aab55d7f927499f8f60b09982e34482">ssl_need_client_auth</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.2 "><p id="mrs_01_1069__a8f2a43748d5c47108a2b451bfd6142b0">Indicates whether to enable the client authentication. (You are advised to enable this function to ensure security.)</p>
<ul id="mrs_01_1069__u4aa220995a954695b287f004e70c97a1"><li id="mrs_01_1069__l6471e12dd1d4453ca2b07880ded5615f"><strong id="mrs_01_1069__b259909506103556">true</strong> indicates that the function is enabled.</li><li id="mrs_01_1069__l7103c932436b4c4d9c2f6a3410f83a26"><strong id="mrs_01_1069__b232764495103556">false</strong> indicates that the client authentication function is not enabled.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.5.2.1.2.4.2.4.1.3 "><p id="mrs_01_1069__ad5540b9c337c4da69c929d62c50ce948">true</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="mrs_01_1069__l129ef62250644584947506c4ed5e9b3b">Restart the MonitorServer instance. Choose <strong id="mrs_01_1069__b729927048103556">Services</strong> &gt; <strong id="mrs_01_1069__b1732286806103556">Flume</strong> &gt; <strong id="mrs_01_1069__b1514376189103556">Instance</strong> &gt; <strong id="mrs_01_1069__b1768124416461">MonitorServer</strong>, select the MonitorServer instance, and choose <strong id="mrs_01_1069__b201075783103556">More</strong> &gt; <strong id="mrs_01_1069__b783572285103556">Restart Instance</strong>. Enter the <span id="mrs_01_1069__ph146881194192">system </span>administrator password and click <strong id="mrs_01_1069__b1329492162103556">OK</strong>. After the restart is complete, click <strong id="mrs_01_1069__b1550454215103556">Finish</strong>.</li></ol>
</p></li><li id="mrs_01_1069__l6e98885fb36a4aa988f2545e1a5be7fd"><span>Set the client parameters of the MonitorServer role.</span><p><ol type="a" id="mrs_01_1069__o095b24c6aca246c0bd06d3ae414ab76c"><li id="mrs_01_1069__lda633589c24c4402b87b036682fe95e9">Run the following commands to copy the generated client certificate (<strong id="mrs_01_1069__b15440152420474">ms_cChat.jks</strong>) and client trust list (<strong id="mrs_01_1069__b1544614249472">ms_cChatt.jks</strong>) to the <strong id="mrs_01_1069__b644792434712">/opt/flume-client/fusionInsight-flume-1.9.0/conf/</strong> client directory. <strong id="mrs_01_1069__b194489243471">10.196.26.1</strong> is the service plane IP address of the node where the client resides.<p class="litext" id="mrs_01_1069__a1a7b00aa24c74e27938d10377203e3a9"><strong id="mrs_01_1069__b16716206144637">scp ${BIGDATA_HOME}/FusionInsight_Porter_</strong><strong id="mrs_01_1069__b13689204419511"><span id="mrs_01_1069__text8839915298">8.1.0.1</span></strong><strong id="mrs_01_1069__b16228129144637">/install/FusionInsight-Flume-1.9.0/flume/conf/ms_cChat.jks user@10.196.26.1:/opt/flume-client/fusionInsight-flume-1.9.0/conf/</strong></p>
<p class="litext" id="mrs_01_1069__a97b9c228f9844f00ae56806be085e5b9"><strong id="mrs_01_1069__b20358547144653">scp ${BIGDATA_HOME}/FusionInsight_Porter_</strong><strong id="mrs_01_1069__b20670548654"><span id="mrs_01_1069__text13931717112915">8.1.0.1</span></strong><strong id="mrs_01_1069__b49009196144653">/install/FusionInsight-Flume-1.9.0/flume/conf/ms_cChatt.jks user@10.196.26.1:/opt/flume-client/fusionInsight-flume-1.9.0/conf/</strong></p>
</li><li id="mrs_01_1069__l749fdf802e744a4198cdc8de6a478208">Log in to the node where the Flume client is located as <strong id="mrs_01_1069__abefa88ec7f704d378a584acbb6fef2c5">user</strong>. Run the following command to go to the client directory <strong id="mrs_01_1069__b3613123513515">/opt/flume-client/fusionInsight-flume-1.9.0/bin</strong>.<p class="litext" id="mrs_01_1069__a5552e944169843a599dfb82af13e9a9a"><strong id="mrs_01_1069__aa2aa752a17534e31b4909313513f3c7a">cd </strong><strong id="mrs_01_1069__b74011322133619">/opt/flume-client/fusionInsight-flume-1.9.0/bin</strong></p>
</li><li id="mrs_01_1069__l252c5a768cc34fcca9cfaa5a90dfe8c0"><a name="mrs_01_1069__l252c5a768cc34fcca9cfaa5a90dfe8c0"></a><a name="l252c5a768cc34fcca9cfaa5a90dfe8c0"></a>Run the following command to generate and obtain MonitorServer client keystore password, trust list password, and keystore-password encrypted private key information. Enter the password twice and confirm the password. The password is the same as the password of the certificate whose alias is <em id="mrs_01_1069__i2067359312103556">mschatclient</em> and the password of the <em id="mrs_01_1069__i2077197660103556">ms_cChat.jks</em> certificate library.<p class="litext" id="mrs_01_1069__a401d5a33f792483aa484d77f5f991567"><strong id="mrs_01_1069__ad2964155e2d546259601ec2003cdd5d5">./genPwFile.sh</strong></p>
<p class="litext" id="mrs_01_1069__a692176a947104c03ba1b442d74f7f318"><strong id="mrs_01_1069__aeb386a6e69534dc593f7735241a482cc">cat password.property</strong></p>
</li><li id="mrs_01_1069__l62645a8c92964e2ba44c751c78044178">Run the following command to open the <strong id="mrs_01_1069__b7846141985211">/opt/flume-client/fusionInsight-flume-1.9.0/conf/service/application.properties</strong> file. (<strong id="mrs_01_1069__b13252193416523">/opt/flume-client/fusionInsight-flume-1.9.0</strong> is the directory where the client software is installed.) Modify related parameters based on the description in <a href="#mrs_01_1069__tea1b721973a843b7891ab85f51d2f2e6">Table 4</a>, save the modification, and exit.<p id="mrs_01_1069__a4516e2d85b4342f1adc3a10f26f1bf11"><strong id="mrs_01_1069__a01cd9c7247ac4185bb997b62863e35d6">vi </strong><strong id="mrs_01_1069__a3780ebd04915410d8a5da1dedb4fc509">/opt/flume-client/fusionInsight-flume-1.9.0/flume/conf/service/application.properties</strong></p>
<div class="tablenoborder"><a name="mrs_01_1069__tea1b721973a843b7891ab85f51d2f2e6"></a><a name="tea1b721973a843b7891ab85f51d2f2e6"></a><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1069__tea1b721973a843b7891ab85f51d2f2e6" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Parameters to be modified of the MonitorServer role client</caption><thead align="left"><tr id="mrs_01_1069__rba3ca99e3bb142b7961b9d22265c698b"><th align="left" class="cellrowborder" valign="top" width="22.447755224477554%" id="mcps1.3.3.2.6.2.1.4.5.2.4.1.1"><p id="mrs_01_1069__a3790be6b642e49049718b7ba88888070">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="38.77612238776123%" id="mcps1.3.3.2.6.2.1.4.5.2.4.1.2"><p id="mrs_01_1069__a9cfd0b9b7fbf4f3b84378e3c18f38b0b">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="38.77612238776123%" id="mcps1.3.3.2.6.2.1.4.5.2.4.1.3"><p id="mrs_01_1069__ac929cfbd3bda49bab870d42a009f1b47">Example Value</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1069__rf46bd4c742f94b30963a642ae651b5cd"><td class="cellrowborder" valign="top" width="22.447755224477554%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.1 "><p id="mrs_01_1069__a10116168ee4d47c78b05762092394ed8">ssl_need_kspasswd_decrypt_key</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.2 "><p id="mrs_01_1069__a0f9639b67ac645cd97f743bb63a5e9b3">Indicates whether to enable the user-defined key encryption and decryption function. (You are advised to enable this function to ensure security.)</p>
<ul id="mrs_01_1069__ucb2f9ce442d1468da950b7bff2f671d8"><li id="mrs_01_1069__l3124f437f8ad464ab741e352635eb4a2"><strong id="mrs_01_1069__b2139562938103556">true</strong> indicates that the function is enabled.</li><li id="mrs_01_1069__lbb1424ae729b485bb1b042614efd97ad"><strong id="mrs_01_1069__b524115293103556">false</strong> indicates that the client authentication function is not enabled.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.3 "><p id="mrs_01_1069__a9248a2d4d87a4360b81415d219c88930">true</p>
</td>
</tr>
<tr id="mrs_01_1069__rd674ef3578a246e78190e9cf20d8ecb5"><td class="cellrowborder" valign="top" width="22.447755224477554%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.1 "><p id="mrs_01_1069__a7f965c738f094a9d9a3e9069e9330116">ssl_client_enable</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.2 "><p id="mrs_01_1069__afef1fdbf5c48415aa3149e72bdbeefeb">Indicates whether to enable the SSL authentication. (You are advised to enable this function to ensure security.)</p>
<ul id="mrs_01_1069__u610ebfb7490447ecba90600524fef33e"><li id="mrs_01_1069__l9ded1b23d8844e618acc9aa0a1f7c436"><strong id="mrs_01_1069__b405784272103556">true</strong> indicates that the function is enabled.</li><li id="mrs_01_1069__l96e77c1806e64497afcaf3f1a6e34b28"><strong id="mrs_01_1069__b892657043103556">false</strong> indicates that the client authentication function is not enabled.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.3 "><p id="mrs_01_1069__a71fbad1e5aa6478fa371930f4436bcf9">true</p>
</td>
</tr>
<tr id="mrs_01_1069__r2610e005ca31419e84fd0830bf39431f"><td class="cellrowborder" valign="top" width="22.447755224477554%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.1 "><p id="mrs_01_1069__a7fa269bb9e25499aa1f75ec3e8f0634a">ssl_client_key_store</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.2 "><p id="mrs_01_1069__a2c7eb3ad3ae14c0bbfd42d3a9075243e">Set this parameter based on the specific storage location.</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.3 "><p id="mrs_01_1069__a09aaf5c50a7d4c23840a3eca0a3a98ee">${BIGDATA_HOME}/FusionInsight_Porter_<span id="mrs_01_1069__text10570152942914">8.1.0.1</span>/install/FusionInsight-Flume-1.9.0/flume/conf/ms_cChat.jks</p>
</td>
</tr>
<tr id="mrs_01_1069__r6eaddefbace24059bb8fd59cf67ce448"><td class="cellrowborder" valign="top" width="22.447755224477554%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.1 "><p id="mrs_01_1069__aa631404f128d48eda40ed6a901d6da84">ssl_client_trust_key_store</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.2 "><p id="mrs_01_1069__aeb830a2208f74088b885c96406253a92">Set this parameter based on the specific storage location.</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.3 "><p id="mrs_01_1069__a49417ed0f44848fbafb6946706751407">${BIGDATA_HOME}/FusionInsight_Porter_<span id="mrs_01_1069__text849116383293">8.1.0.1</span>/install/FusionInsight-Flume-1.9.0/flume/conf/ms_cChatt.jks</p>
</td>
</tr>
<tr id="mrs_01_1069__r5609ae0df8164631b53c8e2131d7524f"><td class="cellrowborder" valign="top" width="22.447755224477554%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.1 "><p id="mrs_01_1069__a7c85e64acb1542a6b2eb440f94fc70ba">ssl_client_key_store_password</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.2 "><p id="mrs_01_1069__a33ee637b14fa4130aa69a9c02603d7d5">Specifies the keystore password. Set this parameter based on the actual situation of certificate creation (the plaintext key used to generate the certificate).</p>
<p id="mrs_01_1069__a147ffe9b4bf84e8ea90d6ab84084af55">Enter the value of <strong id="mrs_01_1069__b17873113154811">password</strong> obtained in <a href="#mrs_01_1069__l252c5a768cc34fcca9cfaa5a90dfe8c0">6.c</a>.</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.3 "><p id="mrs_01_1069__af3b302cf9e5f417e8936b655475e3596">-</p>
</td>
</tr>
<tr id="mrs_01_1069__r730dfa9a43a34631ada4e9464c62ddb2"><td class="cellrowborder" valign="top" width="22.447755224477554%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.1 "><p id="mrs_01_1069__aa06dcef02a104b2da4cc9a70f14b3460">ssl_client_trust_key_store_password</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.2 "><p id="mrs_01_1069__a82d92a3deed140f695f727c70ab6c460">Specifies the trustkeystore password. Set this parameter based on the actual situation of certificate creation (the plaintext key used to generate the trust list).</p>
<p id="mrs_01_1069__a0c6dfa72c3504bea815eecd139b766c3">Enter the value of <strong id="mrs_01_1069__b2046543534814">password</strong> obtained in <a href="#mrs_01_1069__l252c5a768cc34fcca9cfaa5a90dfe8c0">6.c</a>.</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.3 "><p id="mrs_01_1069__abce6a828ef904adebf624ec7977d60cd">-</p>
</td>
</tr>
<tr id="mrs_01_1069__r4a197963ea4b40fe9f930ec72abcd36d"><td class="cellrowborder" valign="top" width="22.447755224477554%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.1 "><p id="mrs_01_1069__a19e118461ea54adf8882ea4d3632587e">ssl_need_client_auth</p>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.2 "><p id="mrs_01_1069__ac35e83402626436c89532f444d56137d">Indicates whether to enable the client authentication. (You are advised to enable this function to ensure security.)</p>
<ul id="mrs_01_1069__u2b05eef86a564286aeff78202a75f3db"><li id="mrs_01_1069__l57426a8ee032473d9edbd696453104d5"><strong id="mrs_01_1069__b1122482535103556">true</strong> indicates that the function is enabled.</li><li id="mrs_01_1069__l573bdec7ca874ab580b5d66ab0153a07"><strong id="mrs_01_1069__b1698027304103556">false</strong> indicates that the client authentication function is not enabled.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="38.77612238776123%" headers="mcps1.3.3.2.6.2.1.4.5.2.4.1.3 "><p id="mrs_01_1069__ae08145a7b1904890b8fcc93fa891e0d2">true</p>
</td>
</tr>
</tbody>
</table>
</div>
</li></ol>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_1068.html">Encrypted Transmission</a></div>
</div>
</div>
View Git Blame Copy Permalink