Configuring Spark for Wire Encryption
Use the following commands to configure Spark (version 1) for wire encryption:
- On each node, create keystore files, certificates, and truststore files. - Create a keystore file: - keytool -genkey \ -alias <host> \ -keyalg RSA \ -keysize 1024 \ –dname CN=<host>,OU=hw,O=hw,L=paloalto,ST=ca,C=us \ –keypass <KeyPassword> \ -keystore <keystore_file> \ -storepass <storePassword>
- Create a certificate: - keytool -export \ -alias <host> \ -keystore <keystore_file> \ -rfc –file <cert_file> \ -storepass <StorePassword>
- Create a truststore file: - keytool -import \ -noprompt \ -alias <host> \ -file <cert_file> \ -keystore <truststore_file> \ -storepass <truststorePassword>
 
- Create one truststore file that contains the public keys from all certificates. - Log on to one host and import the truststore file for that host: - keytool -import \ -noprompt \ -alias <hostname> \ -file <cert_file> \ -keystore <all_jks> \ -storepass <allTruststorePassword>
- Copy the - <all_jks>file to the other nodes in your cluster, and repeat the- keytoolcommand on each node.
 
- Enable Spark authentication. - Set - spark.authenticateto- truein the- yarn-site.xmlfile:- <property> <name>spark.authenticate</name> <value>true</value> </property> 
- Set the following properties in the - spark-defaults.conffile:- spark.authenticate true spark.authenticate.enableSaslEncryption true 
 
- Enable Spark SSL. - Set the following properties in the - spark-defaults.conffile:- spark.ssl.enabled true spark.ssl.enabledAlgorithms TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA spark.ssl.keyPassword <KeyPassword> spark.ssl.keyStore <keystore_file> spark.ssl.keyStorePassword <storePassword> spark.ssl.protocol TLS spark.ssl.trustStore <all_jks> spark.ssl.trustStorePassword <allTruststorePassword> 

