Enable WebHDFS
WebHDFS is a service that provides HTTP REST API access to HDFS.
In ADH, WebHDFS is enabled by default. For more information on how to connect to HDFS using HTTP REST API, see the Connect to HDFS article.
For secure clusters, configure additional parameters in hdfs-site.xml:
-
Create a new principal for the HTTP service:
$ addprinc -randkey HTTP/$<HOST>@$<REALM>.COM
Where
<HOST>
is the FDQN or IP address of the NameNode’s host, and<REALM>
is the name of the Kerberos realm. -
Generate the keytab for the HTTP service:
$ xst -norandkey -k /etc/security/spnego.service.keytab HTTP/$<HOST>
Where
<HOST>
is the FDQN or IP address of the NameNode’s host. -
Make sure that the keytab is connected to the service:
$ klist –k -t /etc/security/spnego.service.keytab
-
Set the principal created earlier as the
dfs.web.authentication.kerberos.principal
parameter’s value and the keytab as thedfs.web.authentication.kerberos.keytab
. The result should look like this:<property> <name>dfs.web.authentication.kerberos.principal</name> <value>HTTP/$<HOST>@$<REALM>.COM</value> </property> <property> <name>dfs.web.authentication.kerberos.keytab</name> <value>/etc/security/spnego.service.keytab</value> </property>
-
Reboot the NameNode and DataNode services.