yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
a41a4e0331fbc0beff63bb28fa59228cc9a751df
doc-exports/docs/mrs/umn/admin_guide_000277.html
Yang, Tong 2195db241c MRS UMN 20231220 version update 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Reviewed-by: Rechenburg, Matthias <matthias.rechenburg@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2024-05-16 09:40:21 +00:00

108 lines
14 KiB
HTML
Raw Blame History

<a name="admin_guide_000277"></a><a name="admin_guide_000277"></a>
<h1 class="topictitle1">Configuring Hadoop Security Parameters</h1>
<div id="body1530067732193"><div class="section" id="admin_guide_000277__s608e0c361474408a9178fb8cffe89e29"><h4 class="sectiontitle">Configuring Security Channel Encryption</h4><p id="admin_guide_000277__en-us_topic_0046736705_p5852437">The channels between components are not encrypted by default. You can set the following parameters to configure security channel encryption.</p>
<p id="admin_guide_000277__en-us_topic_0046736705_p52671936">Page access for setting parameters: On <span id="admin_guide_000277__text67509419010">MRS</span> Manager, click <strong id="admin_guide_000277__b2044211311598">Cluster</strong>, click the name of the desired cluster, click <strong id="admin_guide_000277__b1644333135912">Services</strong>, and click the target service. On the displayed page, click <strong id="admin_guide_000277__b14443203165912">Configuration</strong> and click <strong id="admin_guide_000277__b544413316597">All Configurations</strong>. Enter a parameter name in the search box.</p>
<div class="note" id="admin_guide_000277__en-us_topic_0046736705_note4285383"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p class="text" id="admin_guide_000277__en-us_topic_0046736705_p38568449">Restart corresponding services for the modification to take effect after you modify configuration parameters.</p>
</div></div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="admin_guide_000277__en-us_topic_0046736705_table11571729" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description</caption><thead align="left"><tr id="admin_guide_000277__en-us_topic_0046736705_row61436467"><th align="left" class="cellrowborder" valign="top" width="7.5200000000000005%" id="mcps1.3.1.5.2.5.1.1"><p id="admin_guide_000277__p1047971004413"><strong id="admin_guide_000277__b124151516113120">Service</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="26.150000000000002%" id="mcps1.3.1.5.2.5.1.2"><p id="admin_guide_000277__en-us_topic_0046736705_p10297939"><strong id="admin_guide_000277__en-us_topic_0046736705_b25572589">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="52.32%" id="mcps1.3.1.5.2.5.1.3"><p id="admin_guide_000277__en-us_topic_0046736705_p58113810"><strong id="admin_guide_000277__b8423527069528">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="14.01%" id="mcps1.3.1.5.2.5.1.4"><p id="admin_guide_000277__en-us_topic_0046736705_p19274797"><strong id="admin_guide_000277__en-us_topic_0046736705_b39255446">Default Value</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="admin_guide_000277__en-us_topic_0046736705_row25574597"><td class="cellrowborder" valign="top" width="7.5200000000000005%" headers="mcps1.3.1.5.2.5.1.1 "><p id="admin_guide_000277__p147912103446">HBase</p>
</td>
<td class="cellrowborder" valign="top" width="26.150000000000002%" headers="mcps1.3.1.5.2.5.1.2 "><p id="admin_guide_000277__en-us_topic_0046736705_p58276509">hbase.rpc.protection</p>
</td>
<td class="cellrowborder" valign="top" width="52.32%" headers="mcps1.3.1.5.2.5.1.3 "><p id="admin_guide_000277__en-us_topic_0046736705_p22776773">Indicates whether the HBase channels, including the remote procedure call (RPC) channels for HBase clients to access the HBase server and the RPC channels between the HMaster and RegionServer, are encrypted. If this parameter is set to <strong id="admin_guide_000277__b1504930193817">privacy</strong>, the channels are encrypted and the authentication, integrity, and privacy functions are enabled. If this parameter is set to <strong id="admin_guide_000277__b19908135115384">integrity</strong>, the channels are not encrypted and only the authentication and integrity functions are enabled. If this parameter is set to <strong id="admin_guide_000277__b1884113153913">authentication</strong>, the channels are not encrypted, only packets are authenticated, and integrity and privacy are not required.</p>
<div class="note" id="admin_guide_000277__en-us_topic_0046736705_note3664366"><span class="notetitle"> NOTE: </span><div class="notebody"><p class="textintable" id="admin_guide_000277__en-us_topic_0046736705_p32979301">The privacy mode encrypts transmitted content, including sensitive information such as user tokens, to ensure the security of the transmitted content. However, this mode has great impact on performance. Compared with the other two modes, this mode reduces read/write performance by about 60%. Modify the configuration based on the enterprise security requirements. The configuration items on the client and server must be the same.</p>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="14.01%" headers="mcps1.3.1.5.2.5.1.4 "><p id="admin_guide_000277__en-us_topic_0046736705_p54077734">-</p>
</td>
</tr>
<tr id="admin_guide_000277__en-us_topic_0046736705_row16937562"><td class="cellrowborder" valign="top" width="7.5200000000000005%" headers="mcps1.3.1.5.2.5.1.1 "><p id="admin_guide_000277__p174791810194416">HDFS</p>
</td>
<td class="cellrowborder" valign="top" width="26.150000000000002%" headers="mcps1.3.1.5.2.5.1.2 "><p id="admin_guide_000277__en-us_topic_0046736705_p29765295">dfs.encrypt.data.transfer</p>
</td>
<td class="cellrowborder" valign="top" width="52.32%" headers="mcps1.3.1.5.2.5.1.3 "><p id="admin_guide_000277__en-us_topic_0046736705_p62178680">Indicates whether the HDFS data transfer channels and the channels for clients to access HDFS are encrypted. The HDFS data transfer channels include the data transfer channels between DataNodes and the Data Transfer (DT) channels for clients to access DataNodes. The value <strong id="admin_guide_000277__b1294317285113336">true</strong> indicates that the channels are encrypted. The channels are not encrypted by default.</p>
</td>
<td class="cellrowborder" valign="top" width="14.01%" headers="mcps1.3.1.5.2.5.1.4 "><p id="admin_guide_000277__en-us_topic_0046736705_p3308318">false</p>
</td>
</tr>
<tr id="admin_guide_000277__en-us_topic_0046736705_row29774863"><td class="cellrowborder" valign="top" width="7.5200000000000005%" headers="mcps1.3.1.5.2.5.1.1 "><p id="admin_guide_000277__p134791410104417">HDFS</p>
</td>
<td class="cellrowborder" valign="top" width="26.150000000000002%" headers="mcps1.3.1.5.2.5.1.2 "><p id="admin_guide_000277__en-us_topic_0046736705_p62953674">dfs.encrypt.data.transfer.algorithm</p>
</td>
<td class="cellrowborder" valign="top" width="52.32%" headers="mcps1.3.1.5.2.5.1.3 "><p id="admin_guide_000277__en-us_topic_0046736705_p66082838">Indicates whether the HDFS data transfer channels and the channels for clients to access HDFS are encrypted. This parameter is valid only when <strong id="admin_guide_000277__b743229730113336">dfs.encrypt.data.transfer</strong> is set to <strong id="admin_guide_000277__b1661858360113336">true</strong>.</p>
<p id="admin_guide_000277__en-us_topic_0046736705_p57874634">The default value is <strong id="admin_guide_000277__b932311266113336">3des</strong>, indicating that 3DES algorithm is used to encrypt data. The value can also be set to <strong id="admin_guide_000277__b720050480113336">rc4</strong>. However, to avoid security risks, you are not advised to set the parameter to this value.</p>
</td>
<td class="cellrowborder" valign="top" width="14.01%" headers="mcps1.3.1.5.2.5.1.4 "><p id="admin_guide_000277__en-us_topic_0046736705_p57333745">3des</p>
</td>
</tr>
<tr id="admin_guide_000277__en-us_topic_0046736705_row46241663"><td class="cellrowborder" valign="top" width="7.5200000000000005%" headers="mcps1.3.1.5.2.5.1.1 "><p id="admin_guide_000277__p1247971018441">HDFS</p>
</td>
<td class="cellrowborder" valign="top" width="26.150000000000002%" headers="mcps1.3.1.5.2.5.1.2 "><p id="admin_guide_000277__en-us_topic_0046736705_p54587245">hadoop.rpc.protection</p>
</td>
<td class="cellrowborder" valign="top" width="52.32%" headers="mcps1.3.1.5.2.5.1.3 "><p id="admin_guide_000277__en-us_topic_0046736705_p59490699">Indicates whether the RPC channels of each module in Hadoop are encrypted. The channels include:</p>
<ul id="admin_guide_000277__en-us_topic_0046736705_ul65654243"><li id="admin_guide_000277__en-us_topic_0046736705_li54017281">RPC channels for clients to access HDFS</li><li id="admin_guide_000277__en-us_topic_0046736705_li16393485">RPC channels between modules in HDFS, for example, between DataNode and NameNode</li><li id="admin_guide_000277__en-us_topic_0046736705_li13323640">RPC channels for clients to access YARN</li><li id="admin_guide_000277__en-us_topic_0046736705_li52803899">RPC channels between NodeManager and ResourceManager</li><li id="admin_guide_000277__en-us_topic_0046736705_li5473047">RPC channels for Spark to access YARN and HDFS</li><li id="admin_guide_000277__en-us_topic_0046736705_li49257430">RPC channels for MapReduce to access YARN and HDFS</li><li id="admin_guide_000277__en-us_topic_0046736705_li40663687">RPC channels for HBase to access HDFS</li></ul>
<p id="admin_guide_000277__en-us_topic_0046736705_p30428869">The default value is <strong id="admin_guide_000277__b1088005167113336">privacy</strong>, indicating encrypted transmission. The value <strong id="admin_guide_000277__b1297850460113336">authentication</strong> indicates that transmission is not encrypted.</p>
<div class="note" id="admin_guide_000277__en-us_topic_0046736705_note5424368"><span class="notetitle"> NOTE: </span><div class="notebody"><p class="textintable" id="admin_guide_000277__en-us_topic_0046736705_p48819313">You can set this parameter on the HDFS component configuration page. The parameter setting is valid globally, that is, the setting of whether the RPC channel is encrypted takes effect on all modules in Hadoop.</p>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="14.01%" headers="mcps1.3.1.5.2.5.1.4 "><ul id="admin_guide_000277__ul126721846184612"><li id="admin_guide_000277__li86721946174614">Security mode: <strong id="admin_guide_000277__b18381950175110">privacy</strong></li><li id="admin_guide_000277__li87384944613">Normal mode: <strong id="admin_guide_000277__b226415615119">authentication</strong></li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="admin_guide_000277__sa7ffddfc170a43359d5bd738966900f7"><h4 class="sectiontitle">Setting the Maximum Number of Concurrent Web Connections</h4><p id="admin_guide_000277__p170412320640">To ensure web server reliability, new connections are rejected when the number of user connections reaches a specific threshold. This prevents DDOS attacks and service unavailability caused by too many users accessing the web server at the same time.</p>
<p id="admin_guide_000277__en-us_topic_0046736705_p60013597">Page access for setting parameters: On <span id="admin_guide_000277__text15312181518257">MRS</span> Manager, click <strong id="admin_guide_000277__b133131433125312">Cluster</strong>, click the name of the desired cluster, click <strong id="admin_guide_000277__b831333315318">Services</strong>, and click the target service. On the displayed page, click <strong id="admin_guide_000277__b18315933195313">Configuration</strong> and click <strong id="admin_guide_000277__b13315163318530">All Configurations</strong>. Enter a parameter name in the search box.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="admin_guide_000277__en-us_topic_0046736705_table62042342" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameter description</caption><thead align="left"><tr id="admin_guide_000277__en-us_topic_0046736705_row63757280"><th align="left" class="cellrowborder" valign="top" width="7.5200000000000005%" id="mcps1.3.2.4.2.5.1.1"><p id="admin_guide_000277__p83212615018"><strong id="admin_guide_000277__b114911202312">Service</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="26.150000000000002%" id="mcps1.3.2.4.2.5.1.2"><p id="admin_guide_000277__en-us_topic_0046736705_p64066064"><strong id="admin_guide_000277__en-us_topic_0046736705_b39723666">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="52.32%" id="mcps1.3.2.4.2.5.1.3"><p id="admin_guide_000277__en-us_topic_0046736705_p63500359"><strong id="admin_guide_000277__b178074480536">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="14.01%" id="mcps1.3.2.4.2.5.1.4"><p id="admin_guide_000277__en-us_topic_0046736705_p53754906"><strong id="admin_guide_000277__en-us_topic_0046736705_b14032107">Default Value</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="admin_guide_000277__en-us_topic_0046736705_row62858922"><td class="cellrowborder" valign="top" width="7.5200000000000005%" headers="mcps1.3.2.4.2.5.1.1 "><p id="admin_guide_000277__p332964507">HDFS/Yarn</p>
</td>
<td class="cellrowborder" valign="top" width="26.150000000000002%" headers="mcps1.3.2.4.2.5.1.2 "><p id="admin_guide_000277__en-us_topic_0046736705_p58407954">hadoop.http.server.MaxRequests</p>
</td>
<td class="cellrowborder" valign="top" width="52.32%" headers="mcps1.3.2.4.2.5.1.3 "><p id="admin_guide_000277__en-us_topic_0046736705_p33423818">Specifies the maximum number of concurrent web connections of each component.</p>
</td>
<td class="cellrowborder" valign="top" width="14.01%" headers="mcps1.3.2.4.2.5.1.4 "><p id="admin_guide_000277__en-us_topic_0046736705_p5445839">2000</p>
</td>
</tr>
<tr id="admin_guide_000277__row408194120658"><td class="cellrowborder" valign="top" width="7.5200000000000005%" headers="mcps1.3.2.4.2.5.1.1 "><p id="admin_guide_000277__p183212616506">Spark2x</p>
</td>
<td class="cellrowborder" valign="top" width="26.150000000000002%" headers="mcps1.3.2.4.2.5.1.2 "><p id="admin_guide_000277__p3673747720658">spark.connection.maxRequest</p>
</td>
<td class="cellrowborder" valign="top" width="52.32%" headers="mcps1.3.2.4.2.5.1.3 "><p id="admin_guide_000277__p2294565720658">Specifies the maximum number of request connections of JobHistory.</p>
</td>
<td class="cellrowborder" valign="top" width="14.01%" headers="mcps1.3.2.4.2.5.1.4 "><p id="admin_guide_000277__p4665895820658">5000</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="admin_guide_000271.html">Security Hardening</a></div>
</div>
</div>
View Git Blame Copy Permalink