Re: Disable WebUIs

ramabalam · ‎01-12-2017

Our customer would like to disable all the WebUIs on their HDP 2.4.3 cluster. Is there any way I can shutdown/disable the following WebUIs with out impacting any other services?

http://<namenode>:50070/dfshealth.html#tab-overview

http://<namenode>:50070/explorer.html#/

http://<namenode>:50070/logs/

http://<datanode>:19888/jobhistory

http://<datanode>:19888/logs/

http://<datanode.:19888/jmx

http://<hbasemaster>:16010/master-status

http://<sparkhistory>:18080/

I already set hadoop.http.authentication.simple.anonymous.allowed to false, but it has no impact to the above URLs.

VR46 · ‎01-12-2017

Hello @Raj Kulakarni,

There is no direct way to disable these. But we would like to understand what's the motivation / use case to do this. Maybe there is an alternative to what you are trying to achieve. Thanks.

ramabalam · ‎01-12-2017

Security is the primary concern. They don't want to expose any information with out authentication

shyamshaw · ‎01-12-2017

Hi,

Is this a Kerberized cluster? Did you check the following link : https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.0/bk_Security_Guide/content/_configuring_http...

ramabalam · ‎01-12-2017

Yes. It is a kerberized cluster but my understanding is that the link posted will only help you to secure interfaces like webhdfs, yarn resource manager OozieWeb etc. Do you think it will help UIs like "http://<namenode>:50070/logs/" and "http://<datanode>:19888/jmx" etc..

rpathak · ‎01-15-2017

@Raj Kulakarni

As of HDP 2.4.3 I am not sure if hbase and spark UI will work with SPNEGO authentication.

However all other UIs will work by following document shared by @Shyam Shaw

For hbase it should work with HDP 2.5.

For spark check http://spark.apache.org/docs/latest/security.html