RE: Question regarding WebHDFS security

2016-07-05 Thread Benjamin Ross
Thanks Larry. I'll need to look into the details quite a bit further, but I take it that I can define some mapping such that requests for particular file paths will trigger particular credentials to be used (until everything's upgraded)? Currently all requests come in using permissive auth

Re: Question regarding WebHDFS security

2016-07-05 Thread David Morel
On 5 Jul 2016, at 22:31, David Morel wrote: On 5 Jul 2016, at 20:43, Benjamin Ross wrote: Hey David, Thanks.  Yep - that's the easy part.  Let me clarify. Consider that we have: 1. A Hadoop cluster running without Kerberos 2. A number of services contacting that hadoop cluster and

Re: Question regarding WebHDFS security

2016-07-05 Thread David Morel
On 5 Jul 2016, at 20:43, Benjamin Ross wrote: Hey David, Thanks.  Yep - that's the easy part.  Let me clarify. Consider that we have: 1. A Hadoop cluster running without Kerberos 2. A number of services contacting that hadoop cluster and retrieving data from it using WebHDFS. Clearly the

Re: Question regarding WebHDFS security

2016-07-05 Thread Larry McCay
For consuming REST APIs like webhdfs, where kerberos is inconvenient or impossible, you may want to consider using a trusted proxy like Apache Knox. It will authenticate as knox to the backend services and act on behalf of your custom services. It will also allow you to authenticate to Knox from

RE: Question regarding WebHDFS security

2016-07-05 Thread Benjamin Ross
Hey David, Thanks. Yep - that's the easy part. Let me clarify. Consider that we have: 1. A Hadoop cluster running without Kerberos 2. A number of services contacting that hadoop cluster and retrieving data from it using WebHDFS. Clearly the services don't need to login to WebHDFS using

Re: unsubscribe

2016-07-05 Thread Ravi Prakash
Please send an email to user-unsubscr...@hadoop.apache.org On Wed, Jun 29, 2016 at 8:02 AM, Bob Krier wrote: > >

Re: unsubscribe

2016-07-05 Thread Ravi Prakash
Please send an email to user-unsubscr...@hadoop.apache.org On Wed, Jun 29, 2016 at 8:04 AM, Mike Rapuano wrote: > > > -- > > > Michael Rapuano > > Dev/Ops Engineer > > 617-498-7800 | 617-468-1774 > > 25 Drydock Ave > > Boston, MA 02210 > >

Question regarding WebHDFS security

2016-07-05 Thread Benjamin Ross
All, We're planning the rollout of kerberizing our hadoop cluster. The issue is that we have several single tenant services that rely on contacting the HDFS cluster over WebHDFS without credentials. So, the concern is that once we kerberize the cluster, we will no longer be able to access it

Verify cluster setup works

2016-07-05 Thread Mike Wenzel
I just set up my first Hadoop cluster. My cluster looks like: Node1 - NameNode + ResourceManager Node2 - SecondaryNameNode Node3 - DataNode (+NodeManager) Node4 - DataNode (+NodeManager) Node5 - DataNode (+NodeManager) Doing java's jps command on all machines looks good. My