Step 1: Set up WebHDFS.
Add the following property to the hdfs-site.xml
file:
<property> <name>dfs.webhdfs.enabled</name> <value>true</value> </property>
Step 2 (Conditional): If running a secure cluster, follow the steps listed below.
Step 2-a: Create an HTTP service user principal using the command given below:
kadmin: addprinc -randkey HTTP/$<Fully_Qualified_Domain_Name>@$<Realm_Name>.COM
where:
Fully_Qualified_Domain_Name
: Host where NameNode is deployedRealm_Name
: Name of your Kerberos realm
Step 2-b: Create keytab files for the HTTP principals.
kadmin: xst -norandkey -k /etc/security/spnego.service.keytab HTTP/$<Fully_Qualified_Domain_Name>
Step 2-c: Verify that the keytab file and the principal are associated with the correct service.
klist –k -t /etc/security/spnego.service.keytab
Step 2-d: Add the following properties to the hdfs-site.xml
file.
<property> <name>dfs.web.authentication.kerberos.principal</name> <value>HTTP/$<Fully_Qualified_Domain_Name>@$<Realm_Name>.COM</value> </property>
<property> <name>dfs.web.authentication.kerberos.keytab</name> <value>/etc/security/spnego.service.keytab</value> </property>
where:
Fully_Qualified_Domain_Name
: Host where NameNode is deployedRealm_Name
: Name of your Kerberos realm
Step 3: Restart the NameNode and DataNode services.
For HMC, see Step 1 in Starting HDP Services.