Though experts can chime in and would know better but can't Hadoop/Hbase
authentication (Kerberos) be used for making sure that only the right
clusters (salve/master) combo are talking to each other? Or would we need
something more, outside of HBase even?
On Wed, Jun 19, 2013 at 11:57 AM, Patrick Schless <[EMAIL PROTECTED]
> On Wed, Jun 19, 2013 at 12:41 AM, Stack <[EMAIL PROTECTED]> wrote:
> > On Mon, Jun 17, 2013 at 12:06 PM, Patrick Schless <
> > [EMAIL PROTECTED]
> > > wrote:
> > > Working on setting up HBase replication across a VPN tunnel, and
> > following
> > > the docs here:  (and here: ).
> > >
> > > Two questions, regarding firewall allowances required:
> > > 1) The docs say that the zookeeper clusters must be able to reach each
> > > other. I don't see any docs on why this is (the high-level diagram
> > doesn't
> > > even show a ZK ensemble on the client side). Is it correct that the ZK
> > > ensembles need to communicate with each other?
> > >
> > >
> > Yes. ZK ensemble is the gateway to the cluster whether connecting
> > or remotely as replication does.
> Cool, makes sense. Is there a way to restrict the foreign connections
> (connections from the other cluster, whether master or slave) to be
> > > 2) What ports are required to be open for inter-cluster Region Server
> > > communication? Is it only the slave that needs to accept requests from
> > the
> > > master, or does the master also accept incoming requests from the
> > >
> > Do you mean master 'cluster' in the above? If so, yes, the master
> > sends data to the slave cluster (master RS to slave RSs). The
> > communication is one way; master to slave cluster.
> > If you are asking if hbase masters need to communicate, the answer is no.
> I should have been more clear, but yes, I was using 'master' to refer to
> the cluster, not the HMaster. Sounds like I only need firewall allowances
> on the region servers in the slave cluster (and slave ZK ensemble). I'll
> give that a shot.
> Thanks for the info.
> - Patrick