Step 3: Modify the httpfs-site.xml File

MapR provides a Kerberos-ready version of the httpfs-site.xml file called httpfs-site.xml.kerberos. This file resides in /opt/mapr/httpfs/httpfs-1.0/etc/hadoop. You must edit this file and specify the kerberos principal name for the nodes where you are running HttpFS, restart the HttpFS server, and then you can test the set-up. Each step is explained here.

To set up the httpfs-site.xml file for each node running the HttpFS service, follow these steps:

  1. Assign a new name to the existing httpfs-site.xml file (to preserve the original version when the file gets overwritten in step 2).
    cp /opt/mapr/httpfs/httpfs-1.0/etc/hadoop httpfs-site.xml httpfs-site.xml.original
  2. Copy the kerberos version (httpfs-site.xml.kerberos) to the existing httpfs-site.xml file.
    cp /opt/mapr/httpfs/httpfs-1.0/etc/hadoop httpfs-site.xml.kerberos httpfs-site.xml
  3. Edit the httpfs-site.xml file and insert the principal name as shown, substituting your fully qualified domain name and realm for perfnode153.perf.lab@mapr.com.
    <property>
      <name>
        httpfs.authentication.kerberos.principal
      </name>
      <value>
        HTTP/perfnode153.perf.lab@mapr.com
      </value>
    </property>
  4. Restart the HttpFS server so the changes will take effect.
    maprcli node services -name httpfs -action restart -nodes <node_name>
  5. Test that security is in place by entering the following command to create a file in MapR file system. The command will fail if security is not set up correctly.
    curl --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt -i -X PUT
    "http://perfnode153.perf.lab:14000/webhdfs/v1/user/mapr/some_file?op=MKDIRS"