How to secure the Impala Web User Interface using .htpasswd mechanism.

Document created by Hao Zhu Employee on Feb 18, 2016Last modified by arjunkr on Oct 3, 2017
Version 2Show Document
  • View in full screen mode

Author: Hao Zhu

Original Publication Date: April 2, 2015

 

Env:

Impala 1.4.1

MapR 4.x

MapR 3.x

Goal:

How to secure the Impala Web User Interface using .htpasswd mechanism.

Solution:

1. Install "mongoose" which is to generate the password file.

yum install mongoose

Note that the "htpasswd" tool from "yum install httpd-tools" does not work with this feature.

2. Create password file.

mongoose -A .htpasswd mydomain.com username password

The password is encrypted using MD5 by default:

# cat .htpasswd 
username:mydomain.com:5607796dbeb0459163672335351fe17a

Note: "mydomain.com" is the default domain name of configuration "--webserver_authentication_domain".

If other domain name is used, please make sure the value of "--webserver_authentication_domain" and the domain name option for command "mongoose" are the same.

3. Place password file.

Here are 2 options:

    a. Place the password file under $IMPALA_HOME. (Default Location)

 

For example, $IMPALA_HOME by default is /opt/mapr/impala/impala-1.4.1/.

After that, no need to restart any impala services.

 

    b. Place the password file to other directory.

 

Then change "--webserver_password_file" to that directory for impalad and statestored.

After that, restart impalad and statestored. For example:

maprcli node services -name impalastore -action restart -nodes <node1> 
maprcli node services -name impalaserver -action restart -nodes <node1>

Please replace "<node1>" with the correct host name on which the impala service is running.

4.Verify on Impala Web UI.

http://<IP of Impalad>:25000/

Type the username and password to verify.

 

Attachments

    Outcomes