Home Forums Security HDP and HTTPS WebUI

Tagged: 

This topic contains 4 replies, has 3 voices, and was last updated by  Timothee Gautheron 8 months, 2 weeks ago.

  • Creator
    Topic
  • #50496

    Timothee Gautheron
    Participant

    Hello HDP community,

    i am currently working on building a secure Hadoop platform. My goal is to set up all security measures we know about in the hadoop world.
    So after a fresh install of HDP-2.0.6 with ambari, i stopped all services, spawned a Kerberos KDC, followed all steps to secure the HDFS service (for the first step in security). Everything is fine, my HDFS service (1 NN, 1 SecondNN, and 10 DN) is running with KDC auth, and i’m happy with it. To complete the security around HDFS, i wanted to configure HTTPS for the webUI , then 1way SSL and then 2ways SSL.
    But unfortunately, i’m stuck with the UI and cannot start the hdfs service with ssl enabled.
    I will describe the changes in configuration i made :

    core-site.xml :
    hadoop.ssl.enabled = true

    hdfs-site.xml :
    dfs.client.https.need-auth = false
    dfs.https.enable = true

    That’s all. everything else is default conf or working conf with kerberos enabled.

    Of course, on all my nodes working the hdfs service, i put the ssl-server.xml file with the appropriate configuration (jks store, location and password). The store file is also on my nodes.

    However, on service start, i get this error on every nodes :
    2014-03-24 10:50:50,516 WARN mortbay.log (Slf4jLog.java:warn(76)) – java.lang.NullPointerException
    2014-03-24 10:50:50,516 WARN mortbay.log (Slf4jLog.java:warn(76)) – failed SslSocketConnector@namenode.cluster.hdp:50470: java.io.IOException: !JsseListener: java.lang.NullPointerException
    2014-03-24 10:50:50,516 WARN mortbay.log (Slf4jLog.java:warn(76)) – failed Server@3e5b38d7: java.io.IOException: !JsseListener: java.lang.NullPointerException
    2014-03-24 10:50:50,517 INFO http.HttpServer (HttpServer.java:start(690)) – HttpServer.start() threw a non Bind IOException
    java.io.IOException: !JsseListener: java.lang.NullPointerException

    I have crawled the web to find an answer but i’m stuck here. Do you guys have any ideas ? Thanks a lot !

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

  • Author
    Replies
  • #51258

    Timothee Gautheron
    Participant

    I may be wrong about that, but as i’m setting first a 1-way ssl, I just need the ssl-server.xml configured to have it running. Then in a second time, the ssl-client.xml will help me achieve a 2-way.

    Here is my ssl-server.xml : http://pastebin.com/zVzQQDUB

    To generate the keystore and truststore i followed this page : http://docs.continuent.com/continuent-tungsten-2.0/deployment-ssl-stores.html

    Collapse
    #51176

    Haohui Mai
    Participant

    It looks like that you have not configured the keystore / truststore in ssl-server.xml / ssl-client.xml. Can you post the two configuration files as well?

    Collapse
    #50648

    Timothee Gautheron
    Participant

    You will find the complete startup sequence logs from one of my datanodes here : http://pastebin.com/a9F6gYpQ

    Here , http://pastebin.com/UxY62f6M , you will find the entire logs of the namenode startup sequence.

    Collapse
    #50645

    Vinay Shukla
    Participant

    Timothee,

    Can you post the entire exception stacktrace?

    -Vinay

    Collapse
Viewing 4 replies - 1 through 4 (of 4 total)