Modify the httpfs-site.xml File
About this task
httpfs-site.xml file called
httpfs-site.xml.kerberos is provided in /opt/mapr/hadoop/hadoop-3.3.x/etc/hadoop/httpfs-site.xml. Edit
this file and specify the Kerberos principal name for the nodes running HttpFS, restart the
HttpFS server, and then test the set-up. Each step is explained here.To set up the httpfs-site.xml file for each node running
the HttpFS service, follow these steps:
Procedure
-
Assign a new name to the existing
httpfs-site.xmlfile (to preserve the original version when the file gets overwritten in step 2):cd /opt/mapr/hadoop/hadoop-3.3.x/etc/hadoop cp httpfs-site.xml httpfs-site.xml.original -
Edit the
httpfs-site.xmlfile, and insert the principal name as shown, substituting your fully qualified domain name and realm for<node_name>@<REALM>:<property> <name>httpfs.authentication.type</name> <value>kerberos</value> </property> <property> <name>httpfs.hadoop.authentication.type</name> <value>kerberos</value> </property> <property> <name>httpfs.authentication.kerberos.principal</name> <value>HTTP/<node_name>@<REALM></value> </property> <property> <name>httpfs.authentication.kerberos.keytab</name> <value>/opt/mapr/conf/mapr.keytab</value> </property> <property> <name>httpfs.hadoop.authentication.kerberos.principal</name> <value>mapr/<node_name>@<REALM></value> </property> <property> <name>httpfs.hadoop.authentication.kerberos.keytab</name> <value>/opt/mapr/conf/mapr.keytab</value> </property> <property> <name>httpfs.authentication.kerberos.name.rules</name> <value>DEFAULT</value> </property> -
Restart the HttpFS server so the changes will take effect:
maprcli node services -name httpfs -action restart -nodes <node_name> -
Test that security is in place by entering the following command to create a file
in the file system. The command will fail if security
is not set up correctly:
curl --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt -i -X PUT "http://<node_name>:14000/webhdfs/v1/user/mapr/some_file?op=MKDIRS"