4.0

TLS

If Java Key or Truststores, Jaas config or Kerberos keytabs are required two options are available:

  1. Mount them under /mnt/files with the following below, or
  2. Set them as environment variables.

If using environment variables, base64 encode the values.

File / Variable NameDescription
FILECONTENT_JVM_SSL_TRUSTSTOREThe SSL/TLS trust store to use as the global JVM trust store.
Add to LENSES_OPTS the property javax.net.ssl.trustStore
FILECONTENT_JVM_SSL_TRUSTSTORE_PASSWORDΤhe trust store password. If set, the startup script will add automatically to LENSES_OPTS the property javax.net.ssl.trustStorePassword
FILECONTENT_LENSES_SSL_KEYSTOREThe SSL/TLS keystore to use for the TLS listener for Lenses
FILECONTENT_LENSES_SSL_KEY_PEMThe SSL private key in PEM format for the TLS Listener for Lenses
FILECONTENT_LENSES_SSL_CERT_PEMThe SSL certificate in PEM format for the TLS Listener for Lenses
FILECONTENT_SSL_KEYSTOREThe SSL/TLS keystore to use for connecting to brokers
FILECONTENT_SSL_TRUSTSTOREThe SSL/TLS truststore to use for verifying SSL connections to the brokers.
FILECONTENT_SSL_KEY_PEMThe client SSL key in PEM format to use for connecting to brokers that require authentication via SSL
FILECONTENT_SSL_CERT_PEMThe client SSL certificate in PEM format to use for connecting to brokers that require authentication via SSL.
FILECONTENT_SSL_CACERT_PEMThe CA certificate in PEM format to use for verifying SSL connections to the brokers
FILECONTENT_KEYTABThe Kerberos keytab to use for authenticating with a KDC in order to connect to brokers that require SASL/GSSAPI authentication
FILECONTENT_JAASThe JAAS Login Configuration File for setting the Kerberos (SASL/GSSAPI) authentication to the brokers and optionally to Zookeeper
or the HortonWorks Schema Registry
FILECONTENT_SECURITY_KEYTABThe Kerberos keytab to use for authenticating with a KDC in order to provide SPNEGO authentication
FILECONTENT_KRB5Kerberos krb5 file
FILECONTENT_REGISTRY_KEYTABThe Kerberos keytab to use for authenticating with a KDC in order to connect to a Registry that requires SPNEGO authentication