Chapter 11. WebHDFS Administrator Guide

Use the following instructions to set up WebHDFS:

  1. Set up WebHDFS. Add the following property to the hdfs-site.xml file

    <property>
      <name>dfs.webhdfs.enabled</name>
      <value>true</value>
    </property>

    If running a secure cluster, follow the steps listed below.

  1. Create an HTTP service user principal using the command given below:

    kadmin: addprinc -randkey HTTP/$<Fully_Qualified_Domain_Name>@$<Realm_Name>.COM

    where:

    Create an HTTP service user principal using the command given below:

    kadmin: addprinc -randkey HTTP/$<Fully_Qualified_Domain_Name>@$<Realm_Name>.COM

    where:

    • Fully_Qualified_Domain_Name: Host where NameNode is deployed

    • Realm_Name: Name of your Kerberos realm

  2. Create keytab files for the HTTP principals.

    kadmin: xst -norandkey -k /etc/security/spnego.service.keytab HTTP/$<Fully_Qualified_Domain_Name>
  3. Verify that the keytab file and the principal are associated with the correct service.

    klist –k -t /etc/security/spnego.service.keytab
  4. Add the following properties to the hdfs-site.xmlfile.

    <property>
      <name>dfs.web.authentication.kerberos.principal</name>
      <value>HTTP/$<Fully_Qualified_Domain_Name>@$<Realm_Name>.COM</value>
    </property>
    
    <property>
      <name>dfs.web.authentication.kerberos.keytab</name>
      <value>/etc/security/spnego.service.keytab</value>
    </property>

    where:

    • Fully_Qualified_Domain_Name: Host where NameNode is deployed

    • Realm_Name: Name of your Kerberos realm

  5. Restart the NameNode and DataNode services using the applicable commands in the Controlling HDP Services Manually section of the HDP Reference Guide.