Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Configure HDFS for SSL

Labels:
avatar
author-rank melvinjoy_bandi
Contributor

Created ‎02-03-2016 03:30 PM

Hi,

I am trying to configure HDFS for SSL certificate and following the instructions on the document on End to End wire encryption with Knox.

Not sure how to set these properties in Ambari UI. Any help would be appreciated. Thanks

Use Ambari to set the following properties in core-site.xml.

[code language=”XML”] hadoop.ssl.require.client.cert=false hadoop.ssl.hostname.verifier=DEFAULT_AND_LOCALHOST hadoop.ssl.keystores.factory.class=org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory hadoop.ssl.server.conf=ssl-server.xml [/code]

Use Ambari to set the following properties in hdfs-site.xml.

[code language=”XML”] dfs.http.policy=HTTPS_ONLY dfs.datanode.https.address=workshop.hortonworks.com:50475 [/code]

The valid values for dfs.http.policy are HTTPS_ONLY & HTTP_AND_HTTPS.

The valid values for hadoop.ssl.hostname.verifier are DEFAULT, STRICT,STRICT_I6, DEFAULT_AND_LOCALHOST and ALLOW_ALL. Only use ALLOW_ALL in a controlled environment & with caution. And then use ambari to restart all hdfs services.

4,118 Views
1 ACCEPTED SOLUTION

avatar
author-rank aervits
Master Mentor

Created ‎02-03-2016 03:30 PM

in Ambari, go to HDFS service, then configs, in custom core-site.xml add the properties. In custom hdfs-site.xml add the hdfs-site specific properties @Melvin Bandi

View solution in original post

3,704 Views
0 Kudos
14 REPLIES 14

avatar
author-rank aervits
Master Mentor

Created ‎02-03-2016 03:30 PM

in Ambari, go to HDFS service, then configs, in custom core-site.xml add the properties. In custom hdfs-site.xml add the hdfs-site specific properties @Melvin Bandi

3,705 Views
0 Kudos

avatar
author-rank melvinjoy_bandi
Contributor

Created ‎02-03-2016 03:55 PM

In the below property can i give sandbox.hortonworks.com with the same port mentioned below or should i give Wedhdfs port?

dfs.datanode.https.address=workshop.hortonworks.com:50475

3,212 Views
0 Kudos

avatar
author-rank melvinjoy_bandi
Contributor

Created ‎02-03-2016 03:56 PM

*Webhdfs

3,212 Views
0 Kudos

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-03-2016 03:33 PM

@Melvin Bandi

Are you following this? https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.4/bk_Security_Guide/content/ch_wire-https.htm...

FYI - knox gives SSL out of the box http://hortonworks.com/blog/end-end-wire-encryption-apache-knox/

3,212 Views
0 Kudos

avatar
author-rank melvinjoy_bandi
Contributor

Created ‎02-03-2016 03:40 PM

Yes i am following this http://hortonworks.com/blog/end-end-wire-encryption-apache-knox/ to make a call to HDFS through KNOX security using user name and password. When i make a call through REST API it is showing this error

Unable to Connect to SSL Services due to PKIX Path Building Failed

3,212 Views
0 Kudos

avatar
author-rank melvinjoy_bandi
Contributor

Created ‎02-03-2016 03:54 PM

In the below property can i give sandbox.hortonworks.com with the same port mentioned below or should i give Wedhdfs port?

dfs.datanode.https.address=workshop.hortonworks.com:50475

3,212 Views
0 Kudos

avatar
author-rank aervits
Master Mentor

Created ‎02-03-2016 03:56 PM

here are all suggested ports @Melvin Bandi link

3,212 Views
0 Kudos

avatar
author-rank melvinjoy_bandi
Contributor

Created ‎02-03-2016 04:14 PM

I am getting this error when

SSL Between Knox & WebHDFS is configured as per the document End to End Wire Encryption with Apache Knox in Ambari

500 status codereceived on GET method for API: /api/v1/clusters/Sandbox/host_components?HostRoles/component_name=NAMENODE&metrics/dfs/FSNamesystem/HAState=active&fields=metrics/jvm/gcCount[1454512016,1454515616,15],metrics/jvm/GcCountConcurrentMarkSweep[1454512016,1454515616,15],metrics/jvm/GcTimeMillisConcurrentMarkSweep[1454512016,1454515616,15],metrics/rpc/NumOpenConnections[1454512016,1454515616,15],metrics/jvm/memHeapCommittedM[1454512016,1454515616,15],metrics/jvm/memHeapUsedM[1454512016,1454515616,15],metrics/cpu/cpu_system[1454512016,1454515616,15],metrics/cpu/cpu_user[1454512016,1454515616,15],metrics/cpu/cpu_nice[1454512016,1454515616,15],metrics/cpu/cpu_idle[1454512016,1454515616,15],metrics/cpu/cpu_wio[1454512016,1454515616,15],metrics/memory/mem_total[1454512016,1454515616,15],metrics/memory/mem_free[1454512016,1454515616,15],metrics/memory/mem_cached[1454512016,1454515616,15],metrics/rpc/RpcQueueTime_avg_time[1454512016,1454515616,15],metrics/rpc/RpcProcessingTime_avg_time[1454512016,1454515616,15]&format=null_padding 

Error message: org.apache.ambari.server.controller.spi.SystemException: Error loading deferred resources
3,212 Views
0 Kudos

avatar
author-rank melvinjoy_bandi
Contributor

Created ‎02-03-2016 04:14 PM

@Artem Ervits

3,212 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements