1. On-premises 5.1
  2. Guides
  3. Tours
  4. Concepts
  5. Tools
  6. References
    1. Apache Spark
    2. Connectors
    3. Built-in Functions
    4. Incorta Connector SDK
    5. Security
      1. Client credentials for a Google APIs project
      2. Enable Zookeeper SSL
      3. Enable MySQL SSL
      4. HTTPS for Apache Tomcat with OpenSSL
      5. OAuth for Box
      6. OAuth for Dropbox
      7. OAuth for Google API
      8. OAuth for Microsoft Azure Gen1
      9. OAuth for OneDrive
      10. OAuth for Sharepoint
      11. OAuth for Smartsheet
      12. Security Roles
    6. Visualizations
    7. Other
  7. Integrations
  8. Data applications
  9. Releases

Security → Enable Zookeeper SSL

About Zookeeper SSL

The Incorta Cluster Management Console, Loader Service, and Analytics Service are Java web applications that interface with Apache Zookeeper, a centralized coordination service. One way to secure communications between Zookeeper and an Incorta Cluster is to enable Secure Sockets Layer (SSL) for Zookeeper. An upgrade to Zookeeper v3.6.1 supports a secured connection with SSL.

Generate a KeyStore

A Java KeyStore (JKS) is a repository of security certificates – either authorization certificates or public key certificates – plus corresponding private keys, used in SSL encryption. Here are the steps to generate a keystore:

  • Set your path to your Incorta installation directory.

  • Generate the keystore with a private key using the following command:

    keytool -genkeypair -alias incortazk -keystore keystore.jks -storetype jks -keyalg RSA -dname "CN=localhost, OU=HA, O=Incorta, L=Unknown, ST=Unknown, C=Unknown" -ext "SAN:c=DNS:localhost,IP:${IP_ADDRESS}"

    Replace ${IP_ADDRESS} with the IP address of the Zookeeper host.

    • When prompted, enter your keystore password.

    • Re-enter your keystore password.

    • Press Enter or return to use the same password for <incortazk> and the keystore.

      Important

      Use the same password for the keystore and <incortazk>.

  • Create a certificate with the previously created private key using the following command:

    keytool -export -alias incortazk -file incortazk.cer -keystore keystore.jks
    • When prompted, enter your keystore password.

  • Create a public key using the following command:

    keytool -importcert -file incortazk.cer -alias incortazk -keystore truststore.jks -storetype jks
    • When prompted, enter your keystore password.
    • When asked if you Trust this certificate?, enter yes and press return.

  • Verify that the keystore.jks, truststore.jks and incortazk.cer are in your Incorta installation directory.

Update configuration and properties files

You will need to update configuration and properties files for Zookeeper, IncortaNode and CMC to support the Zookeeper upgrade.

Before you update the files, you will need to stop the following processes:

Stop the Analytics and Loader Services

  • As the CMC Administrator, sign in to the CMC.
  • In the Navigation bar, select Clusters.
  • In the cluster list, select a Cluster name.
  • Select the Details tab, if not already selected.
  • In the footer, select Stop.

Stop the IncortaNode

Secure shell into each Incorta node. As the Incorta user, stop the node:

INCORTA_NODE_INSTALLATION_PATH='/home/incorta/IncortaAnalytics/IncortaNode'
cd ${INCORTA_NODE_INSTALLATION_PATH}
./stopNode.sh

Stop the CMC

As the Incorta user, stop the CMC:

CMC_INSTALLATION_PATH='/home/incorta/IncortaAnalytics/cmc'
cd ${CMC_INSTALLATION_PATH}
./stop-cmc.sh

Update the Zookeeper configuration and property files

  • Edit <INCORTA_NODE_INSTALLATION_PATH>/zookeeper/conf/zoo.cfg:
    • Comment the parameter clientPort=2181
    • Uncomment the parameter secureClientPort=2181
  • Edit <INCORTA_NODE_INSTALLATION_PATH>/zookeeper/conf/server_jvm.properties:
    • Uncomment all parameters in the file.
    • Replace ${password} with the password you created while generating the trust and key stores.
    • Replace ${Incorta_Home} with your Incorta installation path.
  • Edit <INCORTA_NODE_INSTALLATION_PATH>/zookeeper/conf/cli_jvm.properties:
    • Uncomment all parameters in the file.
    • Replace ${password} with the password you created while generating the trust and key stores.
    • Replace ${Incorta_Home} with your Incorta installation path.

Update the IncortaNode properties file

  • Edit <INCORTA_NODE_INSTALLATION_PATH>/extra_jvm.properties:
    • Replace ${password} with the password you created while generating the trust and key stores.
    • Replace ${Incorta_Home} with your Incorta installation path.

Update the CMC properties file

  • Edit <CMC_INSTALLATION_PATH>/conf/extra_jvm.properties:
    • Uncomment all parameters in the file.
    • Replace ${password} with the password you created while generating the trust and key stores.
    • Replace ${Incorta_Home} with your Incorta installation path.

After you update the configuration and properties files, you will need to start the following processes:

Start the Analytics and Loader Services

  • As the CMC Administrator, sign in to the CMC.
  • In the Navigation bar, select Clusters.
  • In the cluster list, select a Cluster name.
  • Select the Details tab, if not already selected.
  • In the footer, select Start.

Start the IncortaNode

Secure shell into each Incorta node. As the Incorta user, start the node:

INCORTA_NODE_INSTALLATION_PATH='/home/incorta/IncortaAnalytics/IncortaNode'
cd ${INCORTA_NODE_INSTALLATION_PATH}
./startNode.sh

Start the CMC

As the Incorta user, start the CMC:

CMC_INSTALLATION_PATH='/home/incorta/IncortaAnalytics/cmc'
cd ${CMC_INSTALLATION_PATH}
./start-cmc.sh