Enabling SSL Internode Security on Hadoop with H2O 3.26.0.10 and older

[hasithjp]

Description

H2O on Hadoop can be deployed in secured mode in which all internode communication is encrypted. For details see http://docs.h2o.ai/h2o/latest-stable/h2o-docs/security.html#ssl-internode-security

This feature can be enabled manually by creating a security configuration file and passing it to h2odriver as parameter or by using a convenience option -internal_secure_connections that auto-generates a one-time security configuration for use only with a single H2O cluster instance.

In H2O 3.26.0.10 and prior versions, the convenience option -internal_secure_connections doesn't work due to a bug. (See PUBDEV-6895.) When a user specifies this option, the cluster won't launch, and the h2odriver will fail with an error.

Users can fix the issue either by upgrading to the latest H2O version or by downloading a patch library - h2o-security.jar. The h2o-security.jar file needs to be prepended to a Hadoop classpath when launching the h2odriver:

• Download the jar file

wget https://h2o-release.s3.amazonaws.com/h2o/rel-yau/11/maven/repo/ai/h2o/h2o-security/3.26.0.11/h2o-security-3.26.0.11.jar

• Apply the jar to the Hadoop classpath when launching H2O cluster

HADOOP_CLASSPATH=$PWD/h2o-security-3.26.0.11.jar hadoop jar h2odriver.jar -n 2 -mapperXmx 4g -hash_login -login_conf realm.properties -internal_secure_connections

With the h2o-security.jar on classpath, the cluster will successfully launch with internode SSL, and all communication between the nodes will be encrypted.

JIRA Issue Migration Info

Jira Issue: TN-15
Assignee: Michal Kurka
Reporter: Michal Kurka
State: Resolved