[DOCS-14874] Document SSL configuration Created: 07/Apr/17  Updated: 29/Jan/24

Status: External Review
Project: Documentation
Component/s: Spark Connector
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Ross Lawley Assignee: Jordan Smith
Resolution: Unresolved Votes: 4
Labels: request, spark
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
Related
Participants:
Days since reply: 1 week, 5 days ago
Epic Link: DOCSP-18817

 Description   

SSL configuration isn't obvious so should be documented:

The Spark Connector uses the Mongo-Java-Driver and the driver will need to be configured to work with SSL. See the ssl tutorial in the java documentation.

The SSL system properties are:

  • javax.net.ssl.trustStore
  • javax.net.ssl.trustStorePassword
  • javax.net.ssl.keyStore
  • javax.net.ssl.keyStorePassword

These are JVM wide system properties and will need to be configured on the Spark driver machine as well as each of the Spark workers.
According to the Spark configuration you can set these properties in spark via:

  • spark.driver.extraJavaOptions - set properties on the spark driver
  • spark.executor.extraJavaOptions - set properties on the executor

An example submitting a spark job with extra Java Options:

./bin/spark-submit --name "My app" --master local[4]  --conf "spark.executor.extraJavaOptions=-Djavax.net.ssl.trustStore=path_to_trustStore -Djavax.net.ssl.trustStorePassword=trustPassword -Djavax.net.ssl.keyStore=path_to_keyStore -Djavax.net.ssl.keyStorePassword=keyPassword" sparkApplication.jar

A/C

As a reader, I can learn how to set my TLS/SSL configuration properties to authenticate my Spark workers from my Spark configuration file.

As a reader, I can learn how to set my TLS/SSL configuration properties to authenticate my Spark workers when launching a Spark job from the command line.



 Comments   
Comment by Jordan Smith [ 26/Jan/24 ]

https://github.com/mongodb/docs-spark-connector/pull/192

Comment by Nathan Leniz [ 08/Sep/22 ]

Additional SSL resources to reference during completion of this ticket:
https://www.mongodb.com/docs/manual/core/queryable-encryption/tutorials/kmip/kmip-automatic/#specify-your-certificates
https://www.mongodb.com/docs/drivers/java/sync/current/fundamentals/connection/tls/

Generated at Thu Feb 08 08:11:24 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.