Configure SSL for HttpFS
About this task
To configure SSL security for HttpFS, complete the following steps on a secure cluster:
Procedure
-
Rename the existing
server.xml
file (/opt/mapr/hadoop/httpfs/tomcat/conf/server.xml.https
) toserver.xml.orig
, to preserve the original version.sudo cp /opt/mapr/httpfs/httpfs-1.0/share/hadoop/httpfs/tomcat/conf/server.xml /opt/mapr/httpfs/httpfs-1.0/share/hadoop/httpfs/tomcat/conf/server.xml.orig
-
Replace
server.xml
withserver.xml.https
.sudo cp /opt/mapr/httpfs/httpfs-1.0/share/hadoop/httpfs/tomcat/conf/server.xml.https /opt/mapr/httpfs/httpfs-1.0/share/hadoop/httpfs/tomcat/conf/server.xml
-
Verify that the following file exists:
/opt/mapr/httpfs/httpfs-1.0/share/hadoop/httpfs/tomcat/webapps/webhdfs/META-INF/context.xml.jpamLogin
This file may have been renamed to context.xml to configure PAM authentication for HttpFS. However, to configure SSL for HttpFS, rename the file back to
context.xml.jpamLogin
.mv /opt/mapr/httpfs/httpfs-1.0/share/hadoop/httpfs/tomcat/webapps/webhdfs/META-INF/context.xml /opt/mapr/httpfs/httpfs-1.0/share/hadoop/httpfs/tomcat/webapps/webhdfs/META-INF/context.xml.jpamLogin
-
To enable certificate-based authentication, perform the
following steps:
-
Restart the HttpFS server.
maprcli node services -name httpfs -action restart -nodes <space delimited list of nodes>
-
Run one of the following
curl
commands to check that https is enabled. These commands fetch the filesome_file.txt
from MapR-FS under/user/mapr
and attempts to open it securely over https.-
Verify that HTTPS is enabled
curl -k "https://localhost:14000/webhdfs/v1/user/mapr/some_file.txt?op=open&user.name=mapr"
- If you also configure Hue to use SSL encryption with certificate-based
authentication for communication with HttpFS , run the following command:
Verify that HTTPS is enabled with certificate-based authentication
curl --cert /opt/mapr/hue/hue-<version>/cert.pem --key /opt/mapr/hue/hue-<version>/hue_private_keystore.pem "https://localhost:14000/webhdfs/v1/user/mapr/some_file.txt?op=open&user.name=mapr"
-