Labels

Custom CA certificate to Encrypt Databricks worker nodes traffic

Here is the high level Databricks security architecture. Ref.https://databricks.com/blog/2020/03/27/data-exfiltration-protection-with-azure-databricks.html 


 

Though the transport layer security is implemented using TLS, Often times, customers ask the ability to use their own custom CA certificates to use for encxrypting traffic between Databricks cluster nodes instead of Databricks CA certs.


Refer: 

https://docs.microsoft.com/en-us/azure/databricks/security/encryption/encrypt-otw


Here is the step by step procedure to implement the same

 

1.  Bring your own Custom CA cert to a blobstore

2.  Just run this script which will put it in init script. Change the JVM path as necessary

dbutils.fs.put("/databricks/init/cert.sh", """#!/bin/bash

cat < /usr/local/share/ca-certificates/myca.crt

-----BEGIN CERTIFICATE-----

MIIFszL3r6kpPCCiMrCeL3CSmayKqdEKm2HSotsLIvVUK/5HOmc2

uyuyLlcdP7IVuQvpAHYe7u/mtCn8Yp4=

-----END CERTIFICATE-----

EOF

update-ca-certificates

keytool -import -trustcacerts -alias MY-CA \

  -keystore /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts \

  -file /etc/ssl/certs/myca.pem \

  -storepass changeit \

  -noprompt

echo "export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt" >> /databricks/spark/conf/spark-env.sh

""")





Labels:

Comments

  1. NikithaOctober 17, 2022 at 12:11 AM

    With the extensive use of the internet worldwide, we use different browsers to visit various web pages. Amidst this browsing, you might have come across the message that says “This Site Can’t Be Reached” or “The Connection Was Reset”. When Google Chrome or any other browser is redirected to some website, it could be due to several reasons. This “Connection Reset Error” creates trouble, causing interruption to work, thereby breaking our workflow. Sometimes by simply refreshing the page or restarting Chrome helps to overcome this err connection reset - fixingerror.com error. But in certain cases, issues are not resolved and need to be worked out in-depth. Adopting some of these methods can be your saviour and allow you to work uninterruptedly.

    ReplyDelete

Post a Comment

Popular Posts