Cloudera Docs

Step 2: Install Cloudera Manager server

Install the Cloudera Manager server.

  1. Log in to the Cloudera Manager server host.
  2. Run the following command to install Cloudera Manager server. 
    sudo yum install cloudera-manager-daemons cloudera-manager-agent cloudera-manager-server
  3. Add the following lines: 
    find / -name cacerts
keytool -importkeystore -srckeystore /path/to/cacerts -srcstoretype JKS -srcstorepass changeit -deststoretype BCFKS -destkeystore cacerts.bcfks -deststorepass <truststorepassword> -provider com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider -providerpath /opt/cloudera/fips/ccj-3.0.2.1.jar
vi /etc/default/cloudera-scm-server
  4. Add the following line at the end of the /etc/default/cloudera-scm-server file: 
    export CMF_JAVA_OPTS="${CMF_JAVA_OPTS} -Dcom.cloudera.cmf.fipsMode=true -Djavax.net.ssl.trustStoreType=BCFKS -Djavax.net.ssl.trustStore=</path/to>/cacerts.bcfks -Djavax.net.ssl.trustStorePassword=<truststorepassword>
  5. Make the following changes to the Cloudera Manager configuration:
    1. Open the /etc/default/cloudera-scm-server file.
    2. Uncomment the following configurations related to FIPS: 
      # Enable FIPS mode
#
# To enable FIPS mode set the -Dcom.cloudera.cmf.fipsMode to true
#
export CMF_JAVA_OPTS="${CMF_JAVA_OPTS} -Dcom.cloudera.cmf.fipsMode=true"
#
# If JDK version is 11 or higher:
# Uncomment and provide values below to include CCJ with FIPS mode
export CMF_JAVA_OPTS="${CMF_JAVA_OPTS} 
-Dcom.cloudera.cloudera.cmf.fipsMode.jdk11plus.ccj.jar.path=/opt/cloudera/fips/ccj-3.0.2.1.jar 
-Dcom.cloudera.cloudera.cmf.fipsMode.jdk11plus.ccj.moduleName=ccj_module_name"
#
# If JDK version is 11 or higher:
# Uncomment and provide values below to include BCTLS with FIPS mode
export CMF_JAVA_OPTS="${CMF_JAVA_OPTS} 
-Dcom.cloudera.cloudera.cmf.fipsMode.jdk11plus.bctls.jar.path=/opt/cloudera/fips/bctls-safelogic.jar 
-Dcom.cloudera.cloudera.cmf.fipsMode.jdk11plus.bctls.moduleName=bctls_module_name"

    For example:

    If the ccj jar file name is ccj-test-3.0.2.1.jar, then the module name becomes cj.test. The version numbers are ignored.

    Find out the module name using the following command:

    $ sudo ${JAVA_HOME}/bin/jar --file=/opt/cloudera/fips/ccj-test-3.0.2.1.jar --describe-module
No module descriptor found. Derived automatic module.
[email protected] automatic <---- module Name is ccj.test
requires java.base mandated contains com.safelogic.cryptocomply
Validate the CCJ and CCS installations