The Security Agents for HBase repositories are installed on the HBase Master and all HBase Regional Servers in the cluster. Perform these steps on all the HBase Security Agent hosts.
![[Note]](../common/images/admon/note.png) | Note |
|---|---|
These steps require a private key for the HDP Security Agent (for client SSL verification) and a valid CA X509 Certificate in JKS format. |
Change the HDP Security Administration Server URL from HTTP to HTTPS in the Security Agent configuration file:
Open the configuration file for editing,
/etc/hbase/conf/xasecure-hbase-security.xml.Change the value in the xasecure.hdfs.policymgr.url property from http to https and update the port as required.
For example, if the current value is http://
$hostname:6080/service/assets/policyList/$repository_namechange it to https://$hostname:6080/service/assets/policyList/$repository_name.
Define the SSL policymgr.clientssl properties in the Security Agent SSL configuration file,
/etc/hbase/conf/xasecure-policymgr-ssl.xmlas follows:xasecure.policymgr.clientssl.keystore = $JKS_file xasecure.policymgr.clientssl.keystore.password = $keystore_password xasecure.policymgr.clientssl.truststore = $CA_certificate_file
After saving the configuration, restart the HBase services.
Execute this command on the HBase Master host machine:
su -l hbase -c "/usr/lib/hbase/bin/hbase-daemon.sh --config /etc/hbase/conf stop master; sleep 25"
Execute this command on all RegionServers:
su -l hbase -c "/usr/lib/hbase/bin/hbase-daemon.sh --config /etc/hbase/conf stop regionserver"
Execute this command on the HBase Master host machine:
su -l hbase -c "/usr/lib/hbase/bin/hbase-daemon.sh --config /etc/hbase/conf start master; sleep 25"
Execute this command on all RegionServers:
su -l hbase -c "/usr/lib/hbase/bin/hbase-daemon.sh --config /etc/hbase/conf start regionserver"
