BigData

Hadoop Security for Multi tenant #3

멋진그이름 2017. 3. 24. 10:45

Livy오픈소스를 활용한 Spark impersonation


Hadoop 설정변경이 필요합니다.

1. Hadoop core-site.xml

a. core-site.xml
<property>
<name>hadoop.proxyuser.centos{계정명}.hosts</name>
<value>*</value>
</property>
<property>
<name>hadoop.proxyuser.centos{계정명}.groups</name>
<value>*</value>
</property>

b. ambari의 경우 custom core-site로 추가

2. Livy configuration

a. livy.conf
livy.impersonation.enabled = true
livy.server.csrf_protection.enabled=false  
(true로 두고 Post로 실행할 경우, Missing Required Header for CSRF protection에러나면  Headers에 추가 X-Requested-By = ambari )


b. ambari의 경우 Spark > Advanced livy-conf 변경

livy.environment = production

livy.impersonation.enabled = true

livy.server.csrf_protection_enabled = false


3. Rest API - Test

a. POST - http://localhost:8998/sessions

   RequestBody {"kind": "spark", "proxyUser": "john"}


b.POST - http://localhost:8998/sessions/{sessionId}/statements

  RequestBody {"code": "var readMe = sc.textFile(\"/user/john/input-data/sample.csv\"); readMe.take(5);"}

c. GET - htpp://localhost:8998/sessions/{sessionId}/statements