Author: Hao Zhu
Original Publication Date: April 2, 2015
How to secure the Impala Web User Interface using .htpasswd mechanism.
1. Install "mongoose" which is to generate the password file.
yum install moogoose
Note that the "htpasswd" tool from "yum install httpd-tools" does not work with this feature.
2. Create password file.
mongoose -A .htpasswd mydomain.com username password
The password is encrypted using MD5 by default:
# cat .htpasswd
Note: "mydomain.com" is the default domain name of configuration "--webserver_authentication_domain".
If other domain name is used, please make sure the value of "--webserver_authentication_domain" and the domain name option for command "mongoose" are the same.
3. Place password file.
Here are 2 options:
a. Place the password file under $IMPALA_HOME. (Default Location)
For example, $IMPALA_HOME by default is /opt/mapr/impala/impala-1.4.1/.
After that, no need to restart any impala services.
b. Place the password file to other directory.
Then change "--webserver_password_file" to that directory for impalad and statestored.
After that, restart impalad and statestored. For example:
maprcli node services -name impalastore -action restart -nodes <node1>
maprcli node services -name impalaserver -action restart -nodes <node1>
Please replace "<node1>" with the correct host name on which the impala service is running.
4.Verify on Impala Web UI.
http://<IP of Impalad>:25000/
Type the username and password to verify.