检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Encrypted Transmission Flink supports three encrypted transmission modes: Encrypted transmission inside Yarn: It is used between the Flink Yarn client and Yarn ResourceManager, as well as Yarn ResourceManager and JobManager.
FAQ About Decoupled Storage and Compute How Do I Read Encrypted OBS Data When Running an MRS Job? Example Application Development for Interconnecting HDFS with OBS How Do I Connect an MRS Cluster Client to OBS Using an AK/SK Pair?
Keytab authentication: Keytab files contain users' principal and encrypted credential information.
Run the following command to query the encrypted information: cat password.property If the encryption parameter is used for the Flume server, you need to perform encryption on the corresponding Flume server node. You need to run the encryption script as user omm for encryption.
Keytab authentication: Keytab files contain users' principal and encrypted credential information.
What Should I Do If Data Failed to Be Exported from MRS to an OBS Encrypted Bucket? How Do I Interconnect MRS with LTS? How Do I Install HSS on MRS Cluster Nodes? How Do I Connect to HBase of MRS Through HappyBase? Can the Hive Driver Be Interconnected with DBCP2?
If this parameter is selected, the password is exported as an encrypted string. Click OK to start the job export. In the displayed dialog box, if the progress bar is 100%, the job export is complete. Parent topic: Managing Loader Jobs
Run the following command to query the encrypted information: cat password.property If the encryption parameter is used for the Flume server, you need to perform encryption on the corresponding Flume server node. You need to run the encryption script as user omm for encryption.
If this parameter is selected, the password is exported as an encrypted string. Click OK to start the job export. In the displayed dialog box, if the progress bar is 100%, the job import is complete. Parent topic: Managing Jobs
For details about how to set parameters in the properties.properties file, see the parameter list in the properties.properties file in the corresponding typical scenario Configuring a Non-Encrypted Flume Data Collection Task and Configuring an Encrypted Flume Data Collection Task.
Configuring Kafka Data Encryption During Transmission The channel between components is not encrypted by default. You can set the following parameters to enable security channel encryption.
The old key is not deleted, and it is used to decrypt data encrypted using the old key. After security information is modified, for example, a database user password is changed, the new password is encrypted using the new key.
For details about how to set parameters in the properties.properties file, see the parameter list in the properties.properties file in the corresponding typical scenario Configuring a Non-Encrypted Flume Data Collection Task and Configuring an Encrypted Flume Data Collection Task.
Table 1 Parameters Parameter Description Default Value spark.authenticate Whether to enable Spark internal security authentication Security mode: true Normal mode: false spark.authenticate.enableSaslEncryption Whether to enable encrypted communication based on Simple Authentication
The value must be an encrypted password.
| org.apache.flume.lifecycle.LifecycleSupervisor$MonitorRunnable.run(LifecycleSupervisor.java:253) java.lang.RuntimeException: org.jboss.netty.channel.ChannelException: Failed to bind to: /192.168.205.7:21154 If encrypted transmission is used, the certificate or password is incorrect
LDAP Hardening LDAP is hardened as follows after a cluster is installed: In the LDAP configuration file, the password of the administrator account is encrypted using SHA.
By default, the communication is not encrypted during the communication for the sake of cluster performance. Users who have demanding security requirements can use the method described in this section for encryption. This topic is available for MRS 3.x or later.
The parameter for the ConfigNode and IoTDBServer roles must be both modified. iotdb_server_kerberos_qop Encrypted data transmission of each IoTDBServer instance in the cluster.
Security features that need to be configured by users, such as authentication and SSL encrypted transmission, may affect performance. As a big data computing and analysis platform, Flink does not detect sensitive information.
