vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide/mrs_01_0810.html
Yang, Tong 6182f91ba8 MRS component operation guide_normal 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2022-12-09 14:55:21 +00:00

41 lines
6.2 KiB
HTML
Raw Blame History

<a name="mrs_01_0810"></a><a name="mrs_01_0810"></a>
<h1 class="topictitle1">Configuring Encrypted Channels</h1>
<div id="body1590130535017"><div class="section" id="mrs_01_0810__s525d629a40ee48faaf2b6075c9cfc60b"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_0810__a28d3cf08440143e4a3182e05db49dea6">Encrypted channel is an encryption protocol of remote procedure call (RPC) in HDFS. When a user invokes RPC, the user's login name will be transmitted to RPC through RPC head. Then RPC uses Simple Authentication and Security Layer (SASL) to determine an authorization protocol (Kerberos and DIGEST-MD5) to complete RPC authorization. When users deploy security clusters, they need to use encrypted channels and configure the following parameters. For details about the secure Hadoop RPC, visit <a href="https://hadoop.apache.org/docs/r3.1.1/hadoop-project-dist/hadoop-common/SecureMode.html#Data_Encryption_on_RPC" target="_blank" rel="noopener noreferrer">https://hadoop.apache.org/docs/r3.1.1/hadoop-project-dist/hadoop-common/SecureMode.html#Data_Encryption_on_RPC</a>.</p>
</div>
<div class="section" id="mrs_01_0810__s94afb81d20234d73848c54a455ed4e72"><h4 class="sectiontitle">Configuration Description</h4><p id="mrs_01_0810__p39519895015">Go to the <strong id="mrs_01_0810__b7195624185175">All Configurations</strong> page of HDFS and enter a parameter name in the search box by referring to <a href="mrs_01_2125.html">Modifying Cluster Service Configuration Parameters</a>.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_0810__tf2825bb00e7746689fcd8e516c7deae3" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description</caption><thead align="left"><tr id="mrs_01_0810__r0e864afda2894d98a800a1583c91ffd1"><th align="left" class="cellrowborder" valign="top" width="20.549999999999997%" id="mcps1.3.2.3.2.4.1.1"><p id="mrs_01_0810__aee709aad2d1b43b0b22c986a62e29d9f"><strong id="mrs_01_0810__b958031419247">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="63.970000000000006%" id="mcps1.3.2.3.2.4.1.2"><p id="mrs_01_0810__a3e75067ae2274f99a80b56df25deee5a"><strong id="mrs_01_0810__b44341315142420">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="15.479999999999999%" id="mcps1.3.2.3.2.4.1.3"><p id="mrs_01_0810__ab517dd0b23ad4df194a0e53b1a314d91"><strong id="mrs_01_0810__b6232131611242">Default Value</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_0810__r6e927307a5544db8a00750149ca9f499"><td class="cellrowborder" valign="top" width="20.549999999999997%" headers="mcps1.3.2.3.2.4.1.1 "><p id="mrs_01_0810__a66415190d6ba4c38adbe7c20fe08dfe7">hadoop.rpc.protection</p>
</td>
<td class="cellrowborder" valign="top" width="63.970000000000006%" headers="mcps1.3.2.3.2.4.1.2 "><div class="notice" id="mrs_01_0810__note37951715184511"><span class="noticetitle"> NOTICE: </span><div class="noticebody"><ul id="mrs_01_0810__ul1950212178439"><li id="mrs_01_0810__li16862210104216">The setting takes effect only after the service is restarted. Rolling restart is not supported.</li><li id="mrs_01_0810__li11441336124210">After the setting, you need to download the client configuration again. Otherwise, the HDFS cannot provide the read and write services.</li></ul>
</div></div>
<p id="mrs_01_0810__en-us_topic_0039590290_p201565609549">Whether the RPC channels of each module in Hadoop are encrypted. The channels include:</p>
<ul id="mrs_01_0810__u5b151c77034a4d6a9afaf9b6cc424ab4"><li id="mrs_01_0810__l737d3eafbf784d659fa1158fb87a417a">RPC channels for clients to access HDFS</li><li id="mrs_01_0810__lffafb96934e54c0493d4ac73c6da2b08">RPC channels between modules in HDFS, for example, RPC channels between DataNode and NameNode</li><li id="mrs_01_0810__l54328728af9645f299f5a9e9e9e088ef">RPC channels for clients to access Yarn</li><li id="mrs_01_0810__ld96f53a172cf47e38c906f4c4103d654">RPC channels between NodeManager and ResourceManager</li><li id="mrs_01_0810__l5e8376feb13f42268676d3921ca36091">RPC channels for Spark to access Yarn and HDFS</li><li id="mrs_01_0810__ldd1e7323620143cea8806bcbb03e5c38">RPC channels for MapReduce to access Yarn and HDFS</li><li id="mrs_01_0810__ld9d30f284168450882eb83a012d49245">RPC channels for HBase to access HDFS</li></ul>
<div class="note" id="mrs_01_0810__n33107288ea614fb6928782a88db4e860"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_0810__en-us_topic_0039590290_p261753629193">You can set this parameter on the HDFS component configuration page. The parameter setting takes effect globally, that is, the setting of whether the RPC channel is encrypted takes effect on all modules in Hadoop.</p>
</div></div>
<p id="mrs_01_0810__a56c11ae38c4546bab53777260befd167">There are three encryption modes.</p>
<ul id="mrs_01_0810__u3521e4483fe54d659af4cb66d9b4b00c"><li id="mrs_01_0810__le020ca93e05c4c0c81f3138bf2010a57"><span class="parmvalue" id="mrs_01_0810__pc4b7ee2cde0047c992764cca158339d7"><b>authentication</b></span>: This is the default value in normal mode. In this mode, data is directly transmitted without encryption after being authenticated. This mode ensures performance but has security risks. </li><li id="mrs_01_0810__l8026d6cc31de4397b1b57b1a82473a5d"><span class="parmvalue" id="mrs_01_0810__p2ea10ebf782945d5a3d34a4c6a0811ef"><b>integrity</b></span>: Data is transmitted without encryption or authentication. To ensure data security, exercise caution when using this mode.</li><li id="mrs_01_0810__l0ac25edd19284fdf9ece4a9497aaab0a"><span class="parmvalue" id="mrs_01_0810__p6466962ec5c7495aa83e33ba912aa22d"><b>privacy</b></span>: This is the default value in security mode, indicating that data is transmitted after authentication and encryption. This mode reduces the performance.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="15.479999999999999%" headers="mcps1.3.2.3.2.4.1.3 "><ul id="mrs_01_0810__ul126721846184612"><li id="mrs_01_0810__li86721946174614">Security mode: privacy</li><li id="mrs_01_0810__li87384944613">Normal mode: authentication</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_0790.html">Using HDFS</a></div>
</div>
</div>
View Git Blame Copy Permalink