You can configure SSL (HTTPS) for HttpFS. As of HTTPFS 1.0-1504, you can also configure certificate-based authentication for HttpFS.
To configure SSL security for HttpFS, complete the following steps on a secure cluster:
ssl_truststoreby running the
configure.sh -secure -genkeyscommand on the first CLDB node in your cluster. Use the
-Coptions to specify ZooKeeper and CLDB nodes.
Rename the existing
server.xml.orig, to preserve the original version.
Replace the contents of
server.xmlwith the contents of
Verify that the following file exists: /
This file may have been renamed to context.xml to configure PAM authentication for HttpFS. However, to configure SSL for HttpFS, rename the file back to
To enable SSL without certificate-based authentication, set the clientAuth attribute to "false" in server.xml (
To enable certificate-based authentication, perform the following steps:
Verify that the clientAuth attribute is set to "true" in
/opt/mapr/httpfs/httpfs-1.0/share/hadoop/httpfs/tomcat/webapps/webhdfs/WEB-INF/web.xml), un-comment the following section:
/opt/mapr/httpfs/httpfs-1.0/share/hadoop/httpfs/tomcat/conf/tomcat-users.xml) contains the roles and users in the certificates.
namevalue should include information from your certificate.
<tomcat-users> <role rolename="sample"/> <user name="CN=www.mapr.com, OU=mapr, O=mapr, L=San Jose, ST=San Jose, C=CA" password="null" roles="sample" /> </tomcat-users>
You can run the following command to view the contents of the certificate file:
openssl x509 -text -in /opt/mapr/hue/hue-<version>/cert.pem
Restart the HttpFS server.
Run one of the following
curlcommands to check that https is enabled. These commands fetch the file
some_file.txtfrom MapR-FS under
/user/maprand attempts to open it securely over https.
If you also configured Hue to use SSL encryption with certificate-based authentication for communication with HttpFS, run the following command: