Verifying TLS

This section describes the steps to verify TLS security for CDP Private Cloud Base clusters with IBM Storage® Scale.

Run kinit with a valid keytab to obtain a Kerberos ticket first. For more information, see Verifying installation.

Verify the secure HDFS Java™ (swebhdfs) client provided by Cloudera to perform simple I/O operations with HDFS Transparency by running the following commands:
```
    # echo “hello world” > /tmp/hello
    # /usr/bin/hdfs dfs -ls swebhdfs://<HDFS HA Namespace>/
    # /usr/bin/hdfs dfs -put /tmp/hello swebhdfs://<HDFS HA Namespace >/tmp/
    # /usr/bin/hdfs dfs -cat swebhdfs://<HDFS HA Namespace>/tmp/hello
```
where, <HDFS HA Namespace> is defined by the fs.defaultFS parameter in your /etc/hadoop/conf/core-site.xml.
Verify the https client by running the following command:
```
# curl -ku: --negotiate https://<CES_HOSTNAME>:50470/webhdfs/v1/?op=LISTSTATUS
```
where, <CES_HOSTNAME> is the FQDN hostname corresponding to the CES IP configured for your CES HDFS cluster.
Note:
- For Non-HA CES HDFS clusters, use the <CES_HOSTNAME>:<port> format instead of Namespace for the hdfs commands.
- For curl commands, always use the <CES_HOSTNAME>:<port> format. For Kerberos enabled clusters, substituting <CES_HOSTNAME> with <CES-IP> will fail with HTTP 401 (Auth) error, as the Kerberos principal is created only for the CES hostname.