You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-user@hadoop.apache.org by Shin Chan <ha...@gmx.com> on 2012/09/28 11:23:38 UTC

Securing cluster from access

Hello,

 We have 15 node cluster and right now we dont have Kerberos implemented.

 But on urgent basis we want to secure the cluster.

 Right now anyone who know IP of Namenode can just download the Hadoop jar , configure xml files and say

 hadoop fs -ls /

 And he can see the data.

 How to stop this ?

 We have Hadoop 2.0 verison

 Do we have any configuration settings which we can change so that only set of users or set of IPs should be able to see the HDFS.

 We dont have firewall implemented yet outside cluster so that is not an option.

 Thanks in advance for your help

Re: Securing cluster from access

Posted by Bertrand Dechoux <de...@gmail.com>.
What you are looking for is not related to Hadoop in the end. It is how to
restrict requests in a network.
'Firewall' is a broad term. iptables can allow you to do so quickly. You
drop everything and then accept only from a set of IPs.
You may receive answers using this mailing list but its purpose is not
really to discuss about firewall solutions and configurations.

Regards

Bertrand


On Fri, Sep 28, 2012 at 11:23 AM, Shin Chan <ha...@gmx.com> wrote:

> Hello,
>
> We have 15 node cluster and right now we dont have Kerberos implemented.
>
> But on urgent basis we want to secure the cluster.
>
> Right now anyone who know IP of Namenode can just download the Hadoop jar
> , configure xml files and say
>
> hadoop fs -ls /
>
> And he can see the data.
>
> How to stop this ?
>
> We have Hadoop 2.0 verison
>
> Do we have any configuration settings which we can change so that only set
> of users or set of IPs should be able to see the HDFS.
>
> We dont have firewall implemented yet outside cluster so that is not an
> option.
>
> Thanks in advance for your help




-- 
Bertrand Dechoux

Re: Securing cluster from access

Posted by Bertrand Dechoux <de...@gmail.com>.
What you are looking for is not related to Hadoop in the end. It is how to
restrict requests in a network.
'Firewall' is a broad term. iptables can allow you to do so quickly. You
drop everything and then accept only from a set of IPs.
You may receive answers using this mailing list but its purpose is not
really to discuss about firewall solutions and configurations.

Regards

Bertrand


On Fri, Sep 28, 2012 at 11:23 AM, Shin Chan <ha...@gmx.com> wrote:

> Hello,
>
> We have 15 node cluster and right now we dont have Kerberos implemented.
>
> But on urgent basis we want to secure the cluster.
>
> Right now anyone who know IP of Namenode can just download the Hadoop jar
> , configure xml files and say
>
> hadoop fs -ls /
>
> And he can see the data.
>
> How to stop this ?
>
> We have Hadoop 2.0 verison
>
> Do we have any configuration settings which we can change so that only set
> of users or set of IPs should be able to see the HDFS.
>
> We dont have firewall implemented yet outside cluster so that is not an
> option.
>
> Thanks in advance for your help




-- 
Bertrand Dechoux

Re: Securing cluster from access

Posted by Bertrand Dechoux <de...@gmail.com>.
What you are looking for is not related to Hadoop in the end. It is how to
restrict requests in a network.
'Firewall' is a broad term. iptables can allow you to do so quickly. You
drop everything and then accept only from a set of IPs.
You may receive answers using this mailing list but its purpose is not
really to discuss about firewall solutions and configurations.

Regards

Bertrand


On Fri, Sep 28, 2012 at 11:23 AM, Shin Chan <ha...@gmx.com> wrote:

> Hello,
>
> We have 15 node cluster and right now we dont have Kerberos implemented.
>
> But on urgent basis we want to secure the cluster.
>
> Right now anyone who know IP of Namenode can just download the Hadoop jar
> , configure xml files and say
>
> hadoop fs -ls /
>
> And he can see the data.
>
> How to stop this ?
>
> We have Hadoop 2.0 verison
>
> Do we have any configuration settings which we can change so that only set
> of users or set of IPs should be able to see the HDFS.
>
> We dont have firewall implemented yet outside cluster so that is not an
> option.
>
> Thanks in advance for your help




-- 
Bertrand Dechoux

Re: Securing cluster from access

Posted by Bertrand Dechoux <de...@gmail.com>.
What you are looking for is not related to Hadoop in the end. It is how to
restrict requests in a network.
'Firewall' is a broad term. iptables can allow you to do so quickly. You
drop everything and then accept only from a set of IPs.
You may receive answers using this mailing list but its purpose is not
really to discuss about firewall solutions and configurations.

Regards

Bertrand


On Fri, Sep 28, 2012 at 11:23 AM, Shin Chan <ha...@gmx.com> wrote:

> Hello,
>
> We have 15 node cluster and right now we dont have Kerberos implemented.
>
> But on urgent basis we want to secure the cluster.
>
> Right now anyone who know IP of Namenode can just download the Hadoop jar
> , configure xml files and say
>
> hadoop fs -ls /
>
> And he can see the data.
>
> How to stop this ?
>
> We have Hadoop 2.0 verison
>
> Do we have any configuration settings which we can change so that only set
> of users or set of IPs should be able to see the HDFS.
>
> We dont have firewall implemented yet outside cluster so that is not an
> option.
>
> Thanks in advance for your help




-- 
Bertrand Dechoux