You are viewing the RapidMiner Server documentation for version 9.7 -Check here for latest version
Configuring Radoop Proxy Security
RapidMiner Radoop makes it possible to connect to the Hadoop cluster via theRadoop Proxyservice, which can be installed along with RapidMiner Server. This guide explains how to establish secured connections between:
- RapidMiner Studio andRadoop Proxy
- Radoop Proxyand RapidMiner Server.
Creating a secure Radoop Proxy Connection
If you aim to establish anSSL-encryptedRadoop Proxyconnection, please take the following steps:
Find and open the proxy configuration file, which is located at
radoop-proxy/proxy.propertiesin the RapidMiner Server installation directory by default.To enable SSL connections,
sslEnabled=trueproperty setting is required. Furthermore, you have to define the private key by uncommenting (remove#character) and setting the following lines, like:keystorePath=keystorePassword=
Create a newRadoop Proxy Connectionfrom RapidMiner Studioorfrom RapidMiner Server(for the latter option, make sure that Radoop extension isinstalledon RapidMiner Server).
Provide the location of Radoop Proxy server and RapidMiner Server credentials, and checkUse SSLand leave theKeystore fileandKeystore passwordfields empty.
Click
Test connectionto check whether the Radoop Proxy connection was configured correctly.
Generate the keystores. Run the following commands (for further customization parameters, seeOracle documentation).
keytool -genkeypair -alias server -keyalg RSA -keypass-storepass -keystore server-keystore.jks keytool -exportcert -alias server -storepass -file server.cer -keystore server-keystore.jks keytool -importcert -v -trustcacerts -alias server -file server.cer -keystore client-trust-keystore.jks -keypass -storepass rm server.cer Note down all passwords, as they will be needed in the following steps.
Find and open the proxy configuration file, which is located at
radoop-proxy/proxy.propertiesin the RapidMiner Server installation directory by default.To enable SSL connections,
sslEnabled=trueproperty setting is required. Furthermore, you have to define the generated private key of Radoop Proxy by uncommenting (remove#character) and setting the following lines, like:keystorePath=keystore.jkskeystorePassword=
Use the same password (
Create a newRadoop Proxy Connectionfrom RapidMiner Studioorfrom RapidMiner Server(for the latter option, make sure that Radoop extension isinstalledon RapidMiner Server).
Provide the location of Radoop Proxy server and RapidMiner Server credentials.Check Use SSL, and fill in the required fields:
- Keystore file:Insert the private keystore file (
client-trust-keystore.jks) location here. - Keystore password:Type in the
ClickTest connectionto check whether the Radoop Proxy connection was configured correctly.
Establishing HTTPS connection between Radoop Proxy and RapidMiner Server
If HTTPS connection isconfiguredfor RapidMiner Server with a well-known certificate, you can makeRadoop Proxyuse the HTTPS port for authentication. To make these changes, open the proxy configuration file (radoop-proxy/proxy.propertiesin the RapidMiner Server installation directory) and find the two blocks after# authentication by RapidMiner serverline. Comment out the first block, and uncomment the second one (add and remove#signs, respectively):
# authentication by RapidMiner server #serverAuthenticationScheme=http #serverAuthenticationHost=localhost #serverAuthenticationPort=8080 #serverAuthenticationUrl=/api/rest/instance serverAuthenticationScheme=https serverAuthenticationHost=localhost serverAuthenticationPort=8443 serverAuthenticationUrl=/api/rest/instanceMake sure that the property values match your RapidMiner Serverconfiguration.
