Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
HBase, mail # user - Secure HBase upon Replication


+
Asaf Mesika 2013-05-09, 08:34
+
ramkrishna vasudevan 2013-05-09, 08:43
+
Asaf Mesika 2013-05-09, 09:36
+
Andrew Purtell 2013-05-09, 10:07
Copy link to this message
-
Re: Secure HBase upon Replication
Asaf Mesika 2013-05-09, 21:50
Thank you for the detailed answer.
Regarding my 1st question - RPC for replication between master and slave
region servers is secured the same as RPC between region servers in the
same clusters? Is there a mechanism for exchanging keys between the master
and slave clusters?

On Thursday, May 9, 2013, Andrew Purtell wrote:

> There is no separate branch for security features, they are integrated in
> 0.92 and 0.94. We did partition the security sources into a separate Maven
> module for 0.92 and 0.94, out of an abundance of caution during development
> of security features. (Some versions of Hadoop, e.g. 0.20, don't have the
> necessary APIs, so compiling HBase against such old versions will fail if
> security sources are included in the build.) That forces the production of
> those -security artifacts because of Maven being Maven. A -security
> artifact contains all of 0.94 plus:
>     - A secure RPC engine, for integrating with Hadoop security / Kerberos
>     - The AccessController coprocessor
>     - The TokenProvider coprocessor
>
> From 0.95 and forward there won't be separate security artifacts.
>
>
> On Thu, May 9, 2013 at 5:36 PM, Asaf Mesika <[EMAIL PROTECTED]<javascript:;>>
> wrote:
>
> > On Thu, May 9, 2013 at 11:43 AM, ramkrishna vasudevan <
> > [EMAIL PROTECTED] <javascript:;>> wrote:
> >
> > > >>Does enabling security in HBase entails using the latest hbase
> security
> > > >>branch?
> > > Which branch are you using?  Once you enable security the security
> > feature
> > > on that branch starts working.
> > >
> > If security is a feature, why HBase are releasing two version each time.
> > For instance 0.94.7 and 0.94.7-security?
> >
> >
> > > >>3. Suppose the only requirement I have is securing the RPC in between
> > > >>Master and Slave sites, do I must have Secure HDFS and secure
> > ZooKeeper?
> > > Security if enabled will apply to HDFS and Zookeeper also.  I don't
> think
> > > you can only enable for HBase alone.
> > >
> > Thus I need to have special versions of HDFS and ZooKeeper as well, or
> > security is already baked in as a feature in Hadoop 1.0.4 (for example) ?
> >
> > >
> > > >>1. Does HBase supports secure RPC between Master and Slave
> > replications?
> > > Sorry am not sure on this.
> > >
> > > Regards
> > > Ram
> > >
> > >
> > > On Thu, May 9, 2013 at 2:04 PM, Asaf Mesika <[EMAIL PROTECTED]<javascript:;>
> >
> > wrote:
> > >
> > > > Hi,
> > > >
> > > > I know that HBase supports secure RPC between its nodes (Master,
> Region
> > > > Server). I have couple of questions about it:
> > > >
> > > > 1. Does HBase supports secure RPC between Master and Slave
> > replications?
> > > > 2. Does enabling security in HBase entails using the latest hbase
> > > security
> > > > branch?
> > > > 3. Suppose the only requirement I have is securing the RPC in between
> > > > Master and Slave sites, do I must have Secure HDFS and secure
> > ZooKeeper?
> > > >
> > > > Thank you,
> > > >
> > > > Asaf
> > > >
> > >
> >
>
>
>
> --
> Best regards,
>
>    - Andy
>
> Problems worthy of attack prove their worth by hitting back. - Piet Hein
> (via Tom White)
>
+
Asaf Mesika 2013-05-20, 08:09
+
ramkrishna vasudevan 2013-05-09, 10:10