Support Questions

amol_08 · ‎01-08-2018

While setting up multi node cluster it is recommended to disable iptables as well as firewall , can some body please explain why do we need to off these two services while setting up cluster .

jsensharma · ‎01-08-2018

@Anurag Mishra

Disabling Firewall is one of the major requirement while setting up the Firewall. Else you will need to manually unblock many ports.

For Ambari to communicate during setup with the hosts it deploys to and manages, certain ports must be open and available. The easiest way to do this is to temporarily disable iptables, as follows:

# systemctl disable firewalld
# service firewalld stop

You can restart iptables after setup is complete. If the security protocols in your environment prevent disabling iptables, you can proceed with iptables enabled, if all required ports are open and available.

Ambari checks whether iptables is running during the Ambari Server setup process. If iptables is running, a warning displays, reminding you to check that required ports are open and available. The Host Confirm step in the Cluster Install Wizard also issues a warning for each host that has iptables running.

.

NOTE: As HDP cluster can have multiple HDP components and every HDP component can have multiple Ports which needs to be accessed remotely hence if you will enable firewall then you will need to deal with manually Unblocking various Ports used by various services on your own which might become complicated. Please see the following link to know more about the Ports that are used by various HDP components:

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.1/bk_reference/content/hdfs-ports.html

View solution in original post

jsensharma · ‎01-08-2018

@Anurag Mishra

Disabling Firewall is one of the major requirement while setting up the Firewall. Else you will need to manually unblock many ports.

For Ambari to communicate during setup with the hosts it deploys to and manages, certain ports must be open and available. The easiest way to do this is to temporarily disable iptables, as follows:

# systemctl disable firewalld
# service firewalld stop

You can restart iptables after setup is complete. If the security protocols in your environment prevent disabling iptables, you can proceed with iptables enabled, if all required ports are open and available.

Ambari checks whether iptables is running during the Ambari Server setup process. If iptables is running, a warning displays, reminding you to check that required ports are open and available. The Host Confirm step in the Cluster Install Wizard also issues a warning for each host that has iptables running.

.

NOTE: As HDP cluster can have multiple HDP components and every HDP component can have multiple Ports which needs to be accessed remotely hence if you will enable firewall then you will need to deal with manually Unblocking various Ports used by various services on your own which might become complicated. Please see the following link to know more about the Ports that are used by various HDP components:

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.1/bk_reference/content/hdfs-ports.html

Cloudera Community

Support Questions

Disabling iptables and firewall

systemctl stop iptables or systemctl disable iptab...

Working with firewalled HDP via SSH Tunnel and SOC...

Deploying HDF Across Firewalls

Enable / disable ACID

NIFI S2S with firewall blocking incoming connectio...

Run Hadoop Happily in O.S. Firewall Controlled Env...

Spark Jobs failing - firewall issue....?

Disabling Kerberos

How to disable SPNEGO authentication for Solr

cloudera manager 7180 firewall issues