hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Rawson <ryano...@gmail.com>
Subject Re: Accessing a 0.20 cluster from outside a firewall
Date Tue, 23 Jun 2009 00:53:42 GMT
I'm not sure the last one will work - the 'info:server' entry in .META. and
-ROOT- are IP addresses....

HBase needs a flat view of the network, where all clients who want to
participate as a regular client needs to be able to access the same IPs as
what the regionservers report themselves as.  I am not sure this will ever
change, nor perhaps should change.   Since HBase is running an unsecured
protocol, it would be unwise to run it on the open internet or any open
network.   Use authenticated gateways (none exist AFAIK) or wrap the
functionality in a web app with auth (or not as necessary).

In the future we'll probably add ACLs, and maybe even the ability to run on
a non-flat network, but a malicious client is always a risk and I wouldn't
consider HBase a 'public cloud computing API'.

On Mon, Jun 22, 2009 at 5:24 PM, Andrew Purtell <apurtell@apache.org> wrote:

> Clients talk directly to the regionservers. You'll need to link your
> clients with the cluster by way of VPN or similar.
> You could also consider static NAT translation for all of the region
> servers to corresponding public IP addresses. In that case, additionally you
> will need to set up DNS on your cluster to resolve host names to the desired
> public addresses.
>   - Andy
> ________________________________
> From: Amandeep Khurana <amansk@gmail.com>
> To: hbase-user@hadoop.apache.org
> Sent: Monday, June 22, 2009 4:58:58 PM
> Subject: Accessing a 0.20 cluster from outside a firewall
> My HBase 0.20 cluster is behind a firewall. When I try to connect to it
> from
> outside, I get the following error:
> 09/06/22 14:43:24 INFO ipc.HBaseClient: Retrying connect to server: /
> Already tried 10 time(s).
> The ip address there ( is an internal ip behind the firewall.
> Shoudlnt hbase/zk (not sure where this trouble is) be giving back the DNS
> name rather than the ip address?
> Any pointers on this?
> Amandeep
> Amandeep Khurana
> Computer Science Graduate Student
> University of California, Santa Cruz

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message