Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Data Engineering Integration H2L
  • All Products

Table of Contents

Search

  1. Abstract
  2. Supported Versions
  3. Configuring Big Data Management® to Access an SSL Enabled Hadoop Cluster

Configuring Big Data Management® to Access an SSL Enabled Hadoop Cluster

Configuring Big Data Management® to Access an SSL Enabled Hadoop Cluster

Back Next

Creating and Configuring Security Certificates and Truststore Files

Creating and Configuring Security Certificates and Truststore Files

When you use custom, special, or self-signed security certificates to secure the Hadoop cluster, Informatica clients that connect to the cluster require these certificates to be present in the client machine truststore.

Import Security Certificates

To connect to the Hadoop cluster to develop a mapping, the Developer tool requires security certificate aliases on the machine that hosts the Developer tool. To run a mapping, the machine that hosts the Data Integration Service requires these same certificate alias files.
Perform the following steps from the Developer tool host machine and from the Data Integration Service host machine:
  1. Run the following command to export the certificates from the cluster: 
    keytool -export -alias <alias name> -keystore <custom.truststore file location> -file <exported certificate file location> -storepass <password>
    For example: 
    <java home>/jre/bin/keytool -export -alias <alias name> -keystore ~/custom.truststore -file ~/exported.cer
    The command produces a certificate file.
  2. Choose to import security certificates to an SSL-enabled domain or a domain that is not SSL-enabled.
    • If the domain is SSL-enabled, import the certificate file to the following location:
      <Informatica installation directory>/services/shared/security/infa_truststore.jks
    • If the domain is not SSL-enabled, import the certificate file to the following location:
      <Informatica installation directory>/java/jre/lib/security/cacerts

Configure the Data Integration Service to Use Truststore File Paths

To enable the Data Integration Service to access truststore files on the Hadoop cluster, perform the following steps to configure Data Integration Service properties with truststore file paths:
  1. Get the location of truststore files from the cluster manager administration web page.
    If you do not have access to the cluster manager, ask the cluster administrator for the path to the truststore files for the resources you want to access.
  2. To enable access to Hive sources in Native mode, copy the truststore files to the corresponding location in the Hadoop distribution directory of the Informatica domain machine.
    For example, if the truststore file is located at
    /etc/security/serverKeys/all.jks
     on the cluster, copy the file to the same location in the Hadoop distribution directory on the domain machine:
    /etc/security/serverKeys/all.jks
    . Create the directory if it does not exist.
  3. In the Administrator tool, select the Data Integration Service in the
    Domain Navigator
    . Click the
    Properties
     tab to display Data Integration Service properties.
  4. Click the
    Edit
     icon for Custom Properties.
    The
    Edit Custom Properties
     dialog box appears.
  5. Enter the following name for the custom property: JVMOption.
    If a JVMOption custom property exists, then increment the name with an integer like JVMOption1.
  6. In the
    Value
     pane for the property, type the following value: 
    -Djavax.net.ssl.trustStore=<path to the truststore file on the cluster>
    For example: 
    -Djavax.net.ssl.trustStore=/etc/security/serverKeys/all.jks
  7. Click
    OK
    .
  8. To access additional resources that use truststore files in different locations, repeat steps 4-7. Increment the custom property name with an integer.
    The following image shows custom properties that allow the Data Integration Service to access truststore files in two different locations:
    The Data Integration service converts the name of custom properties to add the "ExecutionContextOptions." prefix when you recycle the service.
  9. Recycle the Data Integration Service.
  10. If you have ever run a mapping on the Blaze engine, you must stop the Grid Manager application on the Data Integration Service host machine.
    1. Run the following command to list existing YARN applications: 
      yarn application -list
    2. In the list of YARN applications, identify the application ID for the Blaze Grid Manager.
    3. Run the following command to stop the Grid Manager application: 
      yarn application -kill <application ID>
Now you can run the mapping from the Developer tool. The Data Integration System imports the truststore certificates at run time.
0 COMMENTS
We’d like to hear from you!