Включение шифрования SSL (TLS) в HttpFS
У меня проблема с тем, чтобы HttpFS работал с SSL. Я использую версию hadoop 2.6.5. Я пробовал использовать переменные envHTTPFS_SSL_KEYSTORE_FILE, HTTPFS_SSL_KEYSTORE_PASS а также HTTPFS_SSL_ENABLED и я вижу, что значения используются и добавляются к CATALINA_OPS. Эта версия Hadoop по-прежнему требует конфигурации для переменных env. Я следил за руководствами, найденными в Интернете.
Однако позже эта конфигурация полностью игнорируется, и HttpFS работает по HTTP без какого-либо шифрования:
usage: java org.apache.catalina.startup.Catalina [ -config {pathname} ] [ -nonaming ] { -help | start | stop }
lis 14, 2019 8:58:52 AM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib/x86_64-linux-gnu/jni:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu:/usr/lib/jni:/lib:/usr/lib
lis 14, 2019 8:58:52 AM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-14000
lis 14, 2019 8:58:52 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 439 ms
lis 14, 2019 8:58:52 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
lis 14, 2019 8:58:52 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.41
lis 14, 2019 8:58:52 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory webhdfs
log4j:WARN No appenders could be found for logger (org.apache.hadoop.util.Shell).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
lis 14, 2019 8:58:53 AM com.sun.jersey.api.core.PackagesResourceConfig init
INFO: Scanning for root resource and provider classes in the packages:
org.apache.hadoop.fs.http.server
org.apache.hadoop.lib.wsrs
lis 14, 2019 8:58:53 AM com.sun.jersey.api.core.ScanningResourceConfig logClasses
INFO: Root resource classes found:
class org.apache.hadoop.fs.http.server.HttpFSServer
lis 14, 2019 8:58:53 AM com.sun.jersey.api.core.ScanningResourceConfig logClasses
INFO: Provider classes found:
class org.apache.hadoop.fs.http.server.HttpFSParametersProvider
class org.apache.hadoop.fs.http.server.HttpFSExceptionProvider
class org.apache.hadoop.lib.wsrs.JSONProvider
class org.apache.hadoop.lib.wsrs.JSONMapProvider
lis 14, 2019 8:58:53 AM com.sun.jersey.server.impl.application.WebApplicationImpl _initiate
INFO: Initiating Jersey application, version 'Jersey: 1.9 09/02/2011 11:17 AM'
lis 14, 2019 8:58:54 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory ROOT
lis 14, 2019 8:58:54 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-14000
lis 14, 2019 8:58:54 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 1720 ms
Это результат curl https://localhost:14000:
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Это результат curl http://localhost:14000:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<html>
<body>
<b>HttpFs service</b>, service base URL at /webhdfs/v1.
</body>
</html>
Как видите, конфигурация SSL полностью игнорируется.
Как действительно включить SSL/TLS для HttpFS?