Installing and Configuring the Firewall and Gateway
Follow these steps:
- Choose a cluster host to be the gateway host.
- Following the instructions in
Adding a Service
orRole Instances
, add the roles and services that you want to be available. For example, you can add the HttpFS role to the HDFS service, or add the Oozie service to your cluster. - If you have not already done so, add the Oozie service to your
cluster, following the instructions in
Adding a Service
. Assign the Oozie Server role to your selected gateway host. - Configure your firewall to block access to all cluster nodes from outside the cluster,
with the exception of the gateway host. Open the ports to the gateway host for the
services you want to make available. In general, Cloudera recommends that you only allow
access to the gateway host from clients that require access. For more information on the
ports used by Cloudera software, see
Ports
. - If you have not already done so, enable security for your cluster, including Kerberos
authentication, Apache Sentry authorization, and encryption for data at rest or in
transit. For more information, see
Cloudera Security Overview
.