The Hortonworks Community Connection is now live. A completely rebuilt Q&A forum, Knowledge Base, Code Hub and more, backed by the experts in the industry.

You will be redirected here in 10 seconds. If your are not redirected, click here to visit the new site.

The legacy Hortonworks Forum is now closed. You can view a read-only version of the former site by clicking here. The site will be taken offline on January 31,2016

Security Forum

HDP and HTTPS WebUI

  • #50496
    Timothee Gautheron
    Participant

    Hello HDP community,

    i am currently working on building a secure Hadoop platform. My goal is to set up all security measures we know about in the hadoop world.
    So after a fresh install of HDP-2.0.6 with ambari, i stopped all services, spawned a Kerberos KDC, followed all steps to secure the HDFS service (for the first step in security). Everything is fine, my HDFS service (1 NN, 1 SecondNN, and 10 DN) is running with KDC auth, and i’m happy with it. To complete the security around HDFS, i wanted to configure HTTPS for the webUI , then 1way SSL and then 2ways SSL.
    But unfortunately, i’m stuck with the UI and cannot start the hdfs service with ssl enabled.
    I will describe the changes in configuration i made :

    core-site.xml :
    hadoop.ssl.enabled = true

    hdfs-site.xml :
    dfs.client.https.need-auth = false
    dfs.https.enable = true

    That’s all. everything else is default conf or working conf with kerberos enabled.

    Of course, on all my nodes working the hdfs service, i put the ssl-server.xml file with the appropriate configuration (jks store, location and password). The store file is also on my nodes.

    However, on service start, i get this error on every nodes :
    2014-03-24 10:50:50,516 WARN mortbay.log (Slf4jLog.java:warn(76)) – java.lang.NullPointerException
    2014-03-24 10:50:50,516 WARN mortbay.log (Slf4jLog.java:warn(76)) – failed SslSocketConnector@namenode.cluster.hdp:50470: java.io.IOException: !JsseListener: java.lang.NullPointerException
    2014-03-24 10:50:50,516 WARN mortbay.log (Slf4jLog.java:warn(76)) – failed Server@3e5b38d7: java.io.IOException: !JsseListener: java.lang.NullPointerException
    2014-03-24 10:50:50,517 INFO http.HttpServer (HttpServer.java:start(690)) – HttpServer.start() threw a non Bind IOException
    java.io.IOException: !JsseListener: java.lang.NullPointerException

    I have crawled the web to find an answer but i’m stuck here. Do you guys have any ideas ? Thanks a lot !

  • Author
    Replies
  • #50645
    Vinay Shukla
    Moderator

    Timothee,

    Can you post the entire exception stacktrace?

    -Vinay

    #50648
    Timothee Gautheron
    Participant

    You will find the complete startup sequence logs from one of my datanodes here : http://pastebin.com/a9F6gYpQ

    Here , http://pastebin.com/UxY62f6M , you will find the entire logs of the namenode startup sequence.

    #51176
    Haohui Mai
    Moderator

    It looks like that you have not configured the keystore / truststore in ssl-server.xml / ssl-client.xml. Can you post the two configuration files as well?

    #51258
    Timothee Gautheron
    Participant

    I may be wrong about that, but as i’m setting first a 1-way ssl, I just need the ssl-server.xml configured to have it running. Then in a second time, the ssl-client.xml will help me achieve a 2-way.

    Here is my ssl-server.xml : http://pastebin.com/zVzQQDUB

    To generate the keystore and truststore i followed this page : http://docs.continuent.com/continuent-tungsten-2.0/deployment-ssl-stores.html

The forum ‘Security’ is closed to new topics and replies.

Support from the Experts

A HDP Support Subscription connects you experts with deep experience running Apache Hadoop in production, at-scale on the most demanding workloads.

Enterprise Support »

Become HDP Certified

Real world training designed by the core architects of Hadoop. Scenario-based training courses are available in-classroom or online from anywhere in the world

Training »

Hortonworks Data Platform
The Hortonworks Data Platform is a 100% open source distribution of Apache Hadoop that is truly enterprise grade having been built, tested and hardened with enterprise rigor.
Get started with Sandbox
Hortonworks Sandbox is a self-contained virtual machine with Apache Hadoop pre-configured alongside a set of hands-on, step-by-step Hadoop tutorials.
Modern Data Architecture
Tackle the challenges of big data. Hadoop integrates with existing EDW, RDBMS and MPP systems to deliver lower cost, higher capacity infrastructure.