我在让HttpFS与SSL配合使用方面遇到问题。我正在使用的hadoop版本是2.6.5。
我尝试使用环境变量HTTPFS_SSL_KEYSTORE_FILE,HTTPFS_SSL_KEYSTORE_PASS和HTTPFS_SSL_ENABLED,发现使用了值并将它们添加到CATALINA_OPS中。此Hadoop版本仍然需要配置env变量。我遵循了互联网上的指南。
但是在后面的部分中,该配置将被完全忽略,并且HttpFS可以在HTTP中运行而无需进行任何加密:
usage: java org.apache.catalina.startup.Catalina [ -config {pathname} ] [ -nonaming ] { -help | start | stop }
lis 14,2019 8:58:52 AM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib/x86_64-linux-gnu/jni:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu:/usr/lib/jni:/lib:/usr/lib
lis 14,2019 8:58:52 AM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-14000
lis 14,2019 8:58:52 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 439 ms
lis 14,2019 8:58:52 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
lis 14,2019 8:58:52 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.41
lis 14,2019 8:58:52 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory webhdfs
log4j:WARN No appenders could be found for logger (org.apache.hadoop.util.Shell).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
lis 14,2019 8:58:53 AM com.sun.jersey.api.core.PackagesResourceConfig init
INFO: Scanning for root resource and provider classes in the packages:
org.apache.hadoop.fs.http.server
org.apache.hadoop.lib.wsrs
lis 14,2019 8:58:53 AM com.sun.jersey.api.core.ScanningResourceConfig logClasses
INFO: Root resource classes found:
class org.apache.hadoop.fs.http.server.HttpFSServer
lis 14,2019 8:58:53 AM com.sun.jersey.api.core.ScanningResourceConfig logClasses
INFO: Provider classes found:
class org.apache.hadoop.fs.http.server.HttpFSParametersProvider
class org.apache.hadoop.fs.http.server.HttpFSExceptionProvider
class org.apache.hadoop.lib.wsrs.JSONProvider
class org.apache.hadoop.lib.wsrs.JSOnmapProvider
lis 14,2019 8:58:53 AM com.sun.jersey.server.impl.application.WebApplicationImpl _initiate
INFO: Initiating Jersey application,version 'Jersey: 1.9 09/02/2011 11:17 AM'
lis 14,2019 8:58:54 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory ROOT
lis 14,2019 8:58:54 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-14000
lis 14,2019 8:58:54 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 1720 ms
这是curl https://localhost:14000的输出:
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
这是curl http://localhost:14000的输出:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed under the Apache License,Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,software
distributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<html>
<body>
<b>HttpFs service</b>,service base URL at /webhdfs/v1.
</body>
</html>
如您所见,SSL配置被完全忽略。
如何真正为HttpFS启用SSL / TLS?