Security Forum


  • #50496
    Timothee Gautheron

    Hello HDP community,

    i am currently working on building a secure Hadoop platform. My goal is to set up all security measures we know about in the hadoop world.
    So after a fresh install of HDP-2.0.6 with ambari, i stopped all services, spawned a Kerberos KDC, followed all steps to secure the HDFS service (for the first step in security). Everything is fine, my HDFS service (1 NN, 1 SecondNN, and 10 DN) is running with KDC auth, and i’m happy with it. To complete the security around HDFS, i wanted to configure HTTPS for the webUI , then 1way SSL and then 2ways SSL.
    But unfortunately, i’m stuck with the UI and cannot start the hdfs service with ssl enabled.
    I will describe the changes in configuration i made :

    core-site.xml :
    hadoop.ssl.enabled = true

    hdfs-site.xml :
    dfs.client.https.need-auth = false
    dfs.https.enable = true

    That’s all. everything else is default conf or working conf with kerberos enabled.

    Of course, on all my nodes working the hdfs service, i put the ssl-server.xml file with the appropriate configuration (jks store, location and password). The store file is also on my nodes.

    However, on service start, i get this error on every nodes :
    2014-03-24 10:50:50,516 WARN mortbay.log ( – java.lang.NullPointerException
    2014-03-24 10:50:50,516 WARN mortbay.log ( – failed SslSocketConnector@namenode.cluster.hdp:50470: !JsseListener: java.lang.NullPointerException
    2014-03-24 10:50:50,516 WARN mortbay.log ( – failed Server@3e5b38d7: !JsseListener: java.lang.NullPointerException
    2014-03-24 10:50:50,517 INFO http.HttpServer ( – HttpServer.start() threw a non Bind IOException !JsseListener: java.lang.NullPointerException

    I have crawled the web to find an answer but i’m stuck here. Do you guys have any ideas ? Thanks a lot !

to create new topics or reply. | New User Registration

  • Author
  • #50645
    Vinay Shukla


    Can you post the entire exception stacktrace?


    Timothee Gautheron

    You will find the complete startup sequence logs from one of my datanodes here :

    Here , , you will find the entire logs of the namenode startup sequence.

    Haohui Mai

    It looks like that you have not configured the keystore / truststore in ssl-server.xml / ssl-client.xml. Can you post the two configuration files as well?

    Timothee Gautheron

    I may be wrong about that, but as i’m setting first a 1-way ssl, I just need the ssl-server.xml configured to have it running. Then in a second time, the ssl-client.xml will help me achieve a 2-way.

    Here is my ssl-server.xml :

    To generate the keystore and truststore i followed this page :

You must be to reply to this topic. | Create Account

Support from the Experts

A HDP Support Subscription connects you experts with deep experience running Apache Hadoop in production, at-scale on the most demanding workloads.

Enterprise Support »

Become HDP Certified

Real world training designed by the core architects of Hadoop. Scenario-based training courses are available in-classroom or online from anywhere in the world

Training »

Hortonworks Data Platform
The Hortonworks Data Platform is a 100% open source distribution of Apache Hadoop that is truly enterprise grade having been built, tested and hardened with enterprise rigor.
Get started with Sandbox
Hortonworks Sandbox is a self-contained virtual machine with Apache Hadoop pre-configured alongside a set of hands-on, step-by-step Hadoop tutorials.
Modern Data Architecture
Tackle the challenges of big data. Hadoop integrates with existing EDW, RDBMS and MPP systems to deliver lower cost, higher capacity infrastructure.