hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jerry He <jerry...@gmail.com>
Subject Re: hbase security issue
Date Thu, 12 Mar 2015 21:24:10 GMT
Hi, Vladimir

Hope I understand your question correctly.
If both local cluster and remote cluster are Kerberos enabled,
ExportSnapshot from local to remote will work as long as both
clusters' Kerberos
have been set up in a way that they understand each other.
If the remote cluster's httpfs/webhdfs port is protected by https security,
after you set up the certificate on the client side, you will be able to
talk to the remote port with SSL protection.

Jerry


On Thu, Mar 12, 2015 at 1:48 PM, Vladimir Rodionov <vladrodionov@gmail.com>
wrote:

> >>You can also specify the remote target with a httpfs or webfdfs url,
> which
> >>then you can leverage SSL on the transport.
>
> What if remote cluster has security enabled? Will it work?
>
> -Vlad
>
> On Thu, Mar 12, 2015 at 1:39 PM, Jerry He <jerryjch@gmail.com> wrote:
>
> > ExportSnapshot does not use DistCp but directly use FileSystem API to
> copy,
> > as Vladimir mentioned.
> > But ExportSnapshot supports exporting to a remote target cluster. Give
> the
> > full hdfs url.
> > You can also specify the remote target with a httpfs or webfdfs url,
> which
> > then you can leverage SSL on the transport.
> >
> > You also can copy to local cluster and use DistCp to copy to remote
> > cluster.
> >
> > Jerry
> >
> > On Thu, Mar 12, 2015 at 12:28 PM, Vladimir Rodionov <
> > vladrodionov@gmail.com>
> > wrote:
> >
> > > No, ExportSnapshot does not use DistCp it runs its own M/R job to copy
> > data
> > > over to a new destination.
> > >
> > > In a map task it uses HDFS API to create/write data to a new
> destination.
> > > Therefore, the easiest way to secure communication
> > > during this operation is to use secure HDFS transport.
> > >
> > >
> >
> http://www.cloudera.com/content/cloudera/en/documentation/cdh4/v4-3-1/CDH4-Security-Guide/cdh4sg_topic_14_2.html
> > >
> > > but there is caveat ...
> > >
> > > ExportSnapshot does not support external cluster configuration - you
> > can't
> > > provide path to external cluster config dir. This seems like a good
> > feature
> > > request.
> > >
> > > -Vlad
> > >
> > >
> > >
> > >
> > > On Thu, Mar 12, 2015 at 10:38 AM, Akmal Abbasov <
> > akmal.abbasov@icloud.com>
> > > wrote:
> > >
> > > > Hi, I am new to Hadoop Hbase. I have a Hbase cluster in one
> datacenter,
> > > > and I need to  create a backup in the second one. Currently the
> second
> > > > HBase cluster is ready, and I would like to import data from first
> > > cluster.
> > > > I would like to use exportSnapshot tool for this, I’ve tried it one
> my
> > > > test environment, and it worked well.
> > > > But, since know I am going to export to a different cluster in
> > different
> > > > datacenter, I would like to be sure that my data is secure. So how I
> > can
> > > > make exportSnapshot secure?
> > > > As far as I understood exportSnapshot uses distcp tool to copy
> snapshot
> > > to
> > > > destination cluster, so in this case is it enough to configure
> distcp?
> > > > Thank you!
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message