securing a cluster

0

how do I secure the maprfs? meaning A. how can I setup that maprfs is accessible only to the local lan(ie bound only to the internal network ips) B. if a cluster is available on wan, require some user password authentication

asked 02 Nov '11, 02:16

sirpy's gravatar image

sirpy
41111113
accept rate: 10%

2 Answers:
oldestnewestmost voted
1

It doesn't hurt to start with a firewall:

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
iptables -A INPUT -p tcp --dport 50030 -j ACCEPT

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -s 192.168.1.10 -j ACCEPT
iptables -A INPUT -s 192.168.1.11 -j ACCEPT
iptables -A INPUT -s 192.168.1.12 -j ACCEPT

In this case, 192.168.10-12 are imaginary cluster nodes. You probably want to leave off the rule for port 8443 on nodes that don't run the web console. Put your firewall commands in a script and run it from /etc/rc.local.

It's very important to control the hosts that can connect to the NFS filesystem, a firewall is just one way to do it. I don't know the correct way to limit specific hosts that can connect to the NFS server in the mapr config files.

link

answered 03 Nov '11, 04:02

Matt's gravatar image

Matt
156111217
accept rate: 50%

edited 03 Nov '11, 04:02

so maprfs will automaticlly bind to all interfaces?I cannot limit the mapr system to bind only to the internal network?(ie eth0)

(07 Nov '11, 23:57) sirpy

Set the env var MAPR_SUBNETS to the subnets you want mapr to use. Format is the usual subnet notation using a.b.c.d/shift. A list of subnets (upto 4) can be specified by separating them by commas (no spaces), like so:

     MAPR_SUBNETS=1.2.3.4/12,5.6/24

Set the above env var in both /etc/environment, as well as /etc/init.d/mapr-warden.

By default (ie, when MAPR_SUBNETS is not set), mapr uses all the interfaces on the box.

(08 Nov '11, 00:09) MC Srivas ♦♦
0

See also the Cluster Configuration doc.

link

answered 08 Nov '11, 10:47

Peter%20Conrad's gravatar image

Peter Conrad ♦♦
761127
accept rate: 27%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×48
×17
×7

Asked: 02 Nov '11, 02:16

Seen: 1,140 times

Last updated: 08 Nov '11, 10:47

Related questions

HBase Security & Hadoop Security features in MapR distros

No FileSystem for scheme: maprfs

guidelines for choosing chunksize

viewing compression ratio

Disk recovery on OS failure

Kafka + MapR problems

mapred.local.dir

Thread hangs when access filesystem.exists()

write control flow

If Maprfs compresses files transparently, is it unnecessary to compress output in hive?

about | faq | privacy | contact

powered by OSQA