集群工作節點之間的加密流量

# ! / bin / bash集-euo pipefailkeystore_dbfs_file=“/ dbfs / < keystore-directory > / jetty_ssl_driver_keystore.jks”# #等到密鑰存儲庫文件可以通過保險絲max_attempts=30.而(!- f$ {keystore_dbfs_file}];做如果(”max_attempts美元”= =0];然後回聲錯誤:無法找到文件:keystore_dbfs_file美元fail腳本。”退出1fi睡眠2 s((max_attempts——))完成# #獲得共享節間加密散列的秘密密鑰存儲庫文件sasl_secret=$ (sha256sumkeystore_dbfs_file美元|切- d' 'f1)如果(- z”$ {sasl_secret}”];然後回聲錯誤:無法推導出秘密。腳本失敗。”退出1fi# JKS keystore文件存儲用於啟用SSL / HTTPSlocal_keystore_file=”DB_HOME美元/鍵/ jetty_ssl_driver_keystore.jks”# JKS密鑰存儲庫文件的密碼。這jks密碼是硬編碼的,而不是為了保護機密性#的密鑰存儲庫。不承擔保護keystore文件本身。local_keystore_password=“gb1gQqZ9ZIHS”# #更新spark-branch。conf隻是所需的驅動程序如果[[DB_IS_DRIVER美元=“真正的”]];然後driver_conf=$ {DB_HOME}/ conf / spark-branch.conf /驅動程序回聲“配置驅動程序配置driver_conf美元”如果(!- edriver_conf美元];然後觸摸driver_conf美元fi貓< < EOF > > driver_conf美元(司機){/ /配置節點間身份驗證“火花。驗證”= true“spark.authenticate。秘密”=“sasl_secret美元”/ /配置AES加密“spark.network.crypto.enabled”= true“spark.network.crypto.saslFallback”= false/ /配置SSL“spark.ssl。啟用“= true“spark.ssl。keyPassword " = " $ local_keystore_password "“spark.ssl。密鑰存儲庫”=“local_keystore_file美元”“spark.ssl。keyStorePassword " = " $ local_keystore_password "“spark.ssl。協議”=“TLSv1.3”“spark.ssl.standalone。啟用“= true“spark.ssl.ui。啟用“= true}EOF回聲“成功配置驅動程序設計driver_conf美元”fi#設置在spark-defaults配置。conf火花大師和工人spark_defaults_conf=”DB_HOME美元/ / conf / spark-defaults.conf火花”回聲“配置引發違約相依spark_defaults_conf美元”如果(!- espark_defaults_conf美元];然後觸摸spark_defaults_conf美元fi貓< < EOF > > spark_defaults_conf美元火花。驗證正確spark.authenticate。秘密sasl_secret美元spark.network.crypto.enabled真實spark.network.crypto.saslFallback假spark.ssl。使真正的spark.ssl。keyPassword local_keystore_password美元spark.ssl。keyStore local_keystore_file美元spark.ssl。keyStorePassword local_keystore_password美元spark.ssl。協議TLSv1.3spark.ssl.standalone。使真正的spark.ssl.ui。使真正的EOF回聲“成功配置引發違約相依spark_defaults_conf美元”