Enabling Inter-Node Spread Encryption
Jim_Knicely
- Select Field - Administrator
Internode SSL allows you to use SSL to secure communication between nodes within a Vertica cluster. It is important to secure communications between Vertica nodes if you do not trust the network between the nodes.
The EncryptSpreadComm configuration parameter enables encryption on the control channel.
Example:
dbadmin=> SELECT parameter_name, current_value, default_value, description dbadmin-> FROM configuration_parameters dbadmin-> WHERE parameter_name = 'EncryptSpreadComm'; parameter_name | current_value | default_value | description -------------------+---------------+---------------+------------------------------------------------------------------------------------------ EncryptSpreadComm | | | Set this to enable inter-node spread encryption. See documentation for supported values. (1 row) dbadmin=> SELECT SET_CONFIG_PARAMETER('EncryptSpreadComm', 'vertica'); SET_CONFIG_PARAMETER ---------------------------- Parameter set successfully (1 row) dbadmin=> \q [dbadmin@s18384357 ~]$ admintools -t stop_db -d test_db -F Info: no password specified, using none Connecting to database Issuing shutdown command to database Database test_db stopped successfully [dbadmin@s18384357 ~]$ admintools -t start_db -d test_db -F Info: no password specified, using none Spread encryption is enabled. Key rotation will be performed. Starting nodes: v_test_db_node0001 (74.208.100.58) Starting Vertica on all nodes. Please wait, databases with a large catalog may take a while to initialize. Node Status: v_test_db_node0001: (DOWN) Node Status: v_test_db_node0001: (DOWN) Node Status: v_test_db_node0001: (UP) Database test_db: Startup Succeeded. All Nodes are UP [dbadmin@s18384357 ~]$ vsql Welcome to vsql, the Vertica Analytic Database interactive terminal. Type: \h or \? for help with vsql commands \g or terminate with semicolon to execute query \q to quit dbadmin=> SELECT parameter_name, current_value, default_value, description dbadmin-> FROM configuration_parameters dbadmin-> WHERE parameter_name = 'EncryptSpreadComm';; parameter_name | current_value | default_value | description -------------------+---------------+---------------+------------------------------------------------------------------------------------------ EncryptSpreadComm | vertica | | Set this to enable inter-node spread encryption. See documentation for supported values. (1 row)
Helpful links:
https://www.vertica.com/docs/9.1.x/HTML/index.htm#Authoring/Security/SSL/InternodeSSL.htm
https://www.vertica.com/docs/9.1.x/HTML/index.htm#Authoring/AdministratorsGuide/ConfiguringTheDB/SecurityParameters.htm
Have fun!
0