You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-user@hadoop.apache.org by Brian MacKay <Br...@MEDecision.com> on 2009/01/30 15:24:31 UTC
How To Encrypt Hadoop Socket Connections
Hello,
Found some archive posts regarding "encrypt Hadoop socket connections"
https://issues.apache.org/jira/browse/HADOOP-2239
http://markmail.org/message/pmn23y4b3gdxcpif
Couldn't find any documentation or Junit tests. Does anyone know the
proper configuration changes to make?
It seems like the following are needed in hadoop-site.xml?
https.keystore.info.rsrc = should refernce an external config file, in
this example called sslinfo.xml ?
https.keystore.password = ?
https.keystore.keypassword = ?
-------------------------------------------------------------------
Snippet from org.apache.hadoop.dfs.DataNode
void startDataNode(Configuration conf,
AbstractList<File> dataDirs
) throws IOException {
...
sslConf.addResource(conf.get("https.keystore.info.rsrc",
"sslinfo.xml"));
String keyloc = sslConf.get("https.keystore.location");
if (null != keyloc) {
this.infoServer.addSslListener(secInfoSocAddr, keyloc,
sslConf.get("https.keystore.password", ""),
sslConf.get("https.keystore.keypassword", ""));
--------------------------------------------------------------
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this message in error, please contact the sender and delete the material
from any computer.
Re: How To Encrypt Hadoop Socket Connections
Posted by Darren Govoni <da...@ontrenet.com>.
One alternative might be to use openvpn and bind the hadoop services to
the private VPN interface address openvpn assigns the machine. All
traffic over that IP address is thus encrypted and secured.
On Fri, 2009-01-30 at 09:24 -0500, Brian MacKay wrote:
> Hello,
>
> Found some archive posts regarding "encrypt Hadoop socket connections"
>
> https://issues.apache.org/jira/browse/HADOOP-2239
>
> http://markmail.org/message/pmn23y4b3gdxcpif
>
> Couldn't find any documentation or Junit tests. Does anyone know the
> proper configuration changes to make?
>
> It seems like the following are needed in hadoop-site.xml?
>
> https.keystore.info.rsrc = should refernce an external config file, in
> this example called sslinfo.xml ?
>
> https.keystore.password = ?
> https.keystore.keypassword = ?
>
> -------------------------------------------------------------------
> Snippet from org.apache.hadoop.dfs.DataNode
>
> void startDataNode(Configuration conf,
> AbstractList<File> dataDirs
> ) throws IOException {
>
> ...
> sslConf.addResource(conf.get("https.keystore.info.rsrc",
> "sslinfo.xml"));
> String keyloc = sslConf.get("https.keystore.location");
> if (null != keyloc) {
> this.infoServer.addSslListener(secInfoSocAddr, keyloc,
> sslConf.get("https.keystore.password", ""),
> sslConf.get("https.keystore.keypassword", ""));
> --------------------------------------------------------------
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
>
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material. Any review, retransmission, dissemination or other use of, or
> taking of any action in reliance upon, this information by persons or
> entities other than the intended recipient is prohibited. If you received
> this message in error, please contact the sender and delete the material
> from any computer.
>
>
Re: How To Encrypt Hadoop Socket Connections
Posted by Allen Wittenauer <aw...@yahoo-inc.com>.
On 1/30/09 6:24 AM, "Brian MacKay" <Br...@MEDecision.com> wrote:
> https://issues.apache.org/jira/browse/HADOOP-2239
This ended up getting turned into "encrypting distcp" and not actually
encrypting intra-grid socket connections. (Can we "rename" a JIRA?) If you
need that capability today, your best bet is likely IPsec or something
similar.
Hadoop has lots and lots of security holes and this is but one.