You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hbase.apache.org by Amandeep Khurana <am...@gmail.com> on 2009/06/23 01:58:58 UTC
Accessing a 0.20 cluster from outside a firewall
My HBase 0.20 cluster is behind a firewall. When I try to connect to it from
outside, I get the following error:
09/06/22 14:43:24 INFO ipc.HBaseClient: Retrying connect to server: /
10.10.10.106:60020. Already tried 10 time(s).
The ip address there (10.10.10.106) is an internal ip behind the firewall.
Shoudlnt hbase/zk (not sure where this trouble is) be giving back the DNS
name rather than the ip address?
Any pointers on this?
Amandeep
Amandeep Khurana
Computer Science Graduate Student
University of California, Santa Cruz
Re: Accessing a 0.20 cluster from outside a firewall
Posted by Tim Sell <tr...@gmail.com>.
the simplest way, is use thrift or rest and setup a tunnel.
2009/6/23 Amandeep Khurana <am...@gmail.com>:
> My HBase 0.20 cluster is behind a firewall. When I try to connect to it from
> outside, I get the following error:
>
> 09/06/22 14:43:24 INFO ipc.HBaseClient: Retrying connect to server: /
> 10.10.10.106:60020. Already tried 10 time(s).
>
> The ip address there (10.10.10.106) is an internal ip behind the firewall.
> Shoudlnt hbase/zk (not sure where this trouble is) be giving back the DNS
> name rather than the ip address?
>
> Any pointers on this?
>
> Amandeep
>
>
> Amandeep Khurana
> Computer Science Graduate Student
> University of California, Santa Cruz
>
Re: Accessing a 0.20 cluster from outside a firewall
Posted by Ryan Rawson <ry...@gmail.com>.
you might want to consider using the rest or thrift gateway. it can sit on
a server with inside and outside access, and translate.
be warned though, the thrift one at least doesnt have any auth.
On Mon, Jun 22, 2009 at 4:58 PM, Amandeep Khurana <am...@gmail.com> wrote:
> My HBase 0.20 cluster is behind a firewall. When I try to connect to it
> from
> outside, I get the following error:
>
> 09/06/22 14:43:24 INFO ipc.HBaseClient: Retrying connect to server: /
> 10.10.10.106:60020. Already tried 10 time(s).
>
> The ip address there (10.10.10.106) is an internal ip behind the firewall.
> Shoudlnt hbase/zk (not sure where this trouble is) be giving back the DNS
> name rather than the ip address?
>
> Any pointers on this?
>
> Amandeep
>
>
> Amandeep Khurana
> Computer Science Graduate Student
> University of California, Santa Cruz
>
Re: Accessing a 0.20 cluster from outside a firewall
Posted by Ryan Rawson <ry...@gmail.com>.
I'm not sure the last one will work - the 'info:server' entry in .META. and
-ROOT- are IP addresses....
HBase needs a flat view of the network, where all clients who want to
participate as a regular client needs to be able to access the same IPs as
what the regionservers report themselves as. I am not sure this will ever
change, nor perhaps should change. Since HBase is running an unsecured
protocol, it would be unwise to run it on the open internet or any open
network. Use authenticated gateways (none exist AFAIK) or wrap the
functionality in a web app with auth (or not as necessary).
In the future we'll probably add ACLs, and maybe even the ability to run on
a non-flat network, but a malicious client is always a risk and I wouldn't
consider HBase a 'public cloud computing API'.
On Mon, Jun 22, 2009 at 5:24 PM, Andrew Purtell <ap...@apache.org> wrote:
> Clients talk directly to the regionservers. You'll need to link your
> clients with the cluster by way of VPN or similar.
>
> You could also consider static NAT translation for all of the region
> servers to corresponding public IP addresses. In that case, additionally you
> will need to set up DNS on your cluster to resolve host names to the desired
> public addresses.
>
> - Andy
>
>
>
>
>
> ________________________________
> From: Amandeep Khurana <am...@gmail.com>
> To: hbase-user@hadoop.apache.org
> Sent: Monday, June 22, 2009 4:58:58 PM
> Subject: Accessing a 0.20 cluster from outside a firewall
>
> My HBase 0.20 cluster is behind a firewall. When I try to connect to it
> from
> outside, I get the following error:
>
> 09/06/22 14:43:24 INFO ipc.HBaseClient: Retrying connect to server: /
> 10.10.10.106:60020. Already tried 10 time(s).
>
> The ip address there (10.10.10.106) is an internal ip behind the firewall.
> Shoudlnt hbase/zk (not sure where this trouble is) be giving back the DNS
> name rather than the ip address?
>
> Any pointers on this?
>
> Amandeep
>
>
> Amandeep Khurana
> Computer Science Graduate Student
> University of California, Santa Cruz
>
>
>
>
>
Re: Accessing a 0.20 cluster from outside a firewall
Posted by Andrew Purtell <ap...@apache.org>.
Clients talk directly to the regionservers. You'll need to link your clients with the cluster by way of VPN or similar.
You could also consider static NAT translation for all of the region servers to corresponding public IP addresses. In that case, additionally you will need to set up DNS on your cluster to resolve host names to the desired public addresses.
- Andy
________________________________
From: Amandeep Khurana <am...@gmail.com>
To: hbase-user@hadoop.apache.org
Sent: Monday, June 22, 2009 4:58:58 PM
Subject: Accessing a 0.20 cluster from outside a firewall
My HBase 0.20 cluster is behind a firewall. When I try to connect to it from
outside, I get the following error:
09/06/22 14:43:24 INFO ipc.HBaseClient: Retrying connect to server: /
10.10.10.106:60020. Already tried 10 time(s).
The ip address there (10.10.10.106) is an internal ip behind the firewall.
Shoudlnt hbase/zk (not sure where this trouble is) be giving back the DNS
name rather than the ip address?
Any pointers on this?
Amandeep
Amandeep Khurana
Computer Science Graduate Student
University of California, Santa Cruz