scp i EC2KeyPairpem hadoop MasterPublicDNS homehadoop

Scp i ec2keypairpem hadoop masterpublicdns homehadoop

This preview shows page 262 - 265 out of 395 pages.

scp -i EC2KeyPair.pem proxy_agent_certificate.pfx [email protected] MasterPublicDNS :/home/hadoop 3. SSH into the master node of your cluster. 256
Image of page 262
Amazon EMR Management Guide Launch an Amazon EMR Cluster with Lake Formation ssh -i EC2KeyPair.pem [email protected] MasterPublicDNS 4. Find your cluster-specific master key by using the following command. less /etc/knox/conf/gateway-site.xml Look for the gateway.master.secret property and copy the contents of the value tag, as you will need it for future steps. 5. Create a backup copy of the existing proxy agent keystores by using the following commands. sudo -s cd /mnt/var/lib/knox/data/security/keystores mkdir backups mv gateway.jks __gateway-credentials.jceks backups/ 6. Import your custom certificates into a new keystore by using the following commands. sudo -s cd /mnt/var/lib/knox/data/security/keystores keytool -importkeystore \ -srckeystore /home/hadoop/proxy_agent_certificate.pfx \ -srcstoretype pkcs12 -destkeystore gateway.jks \ -deststoretype jks \ -srcalias 1 \ -destalias gateway-identity When prompted for the Enter destination keystore password , use the Knox master secret from the gateway-site.xml file. Ensure the newly created gateway.jks file is owned by the knox user by using the following command. chown knox:knox gateway.jks If your private key is protected by a password, make sure Knox is aware of that password. sudo -u knox bash cd /usr/lib/knox bin/ create-cert create-alias gateway-identity-passphrase Enter the password protecting your private key when prompted. 7. Restart Knox by using the following commands. sudo -u knox bash cd /usr/lib/knox bin/ stop Knox should be restarted automatically, and you can check the status of Knox by viewing the /var/ log/knox/gateway.log . 8. To ensure the new certificate is being used by the proxy agent, navigate to Apache Zeppelin https:// MasterPublicDNS :8442/gateway/default/zeppelin/. You can use your browser to inspect the certificate to ensure it is your custom certificate. 257
Image of page 263
Amazon EMR Management Guide Control Network Traffic with Security Groups Control Network Traffic with Security Groups Security groups act as virtual firewalls for EC2 instances in your cluster to control inbound and outbound traffic. Each security group has a set of rules that control inbound traffic, and a separate set of rules to control outbound traffic. For more information, see Amazon EC2 Security Groups for Linux Instances in the Amazon EC2 User Guide for Linux Instances . You use two classes of security groups with Amazon EMR: Amazon EMR-managed security groups and additional security groups . Every cluster has managed security groups associated with it. You can use the default managed security groups, or specify custom managed security groups. Either way, Amazon EMR automatically adds rules to managed security groups that a cluster needs to communicate between cluster instances and AWS services.
Image of page 264
Image of page 265

You've reached the end of your free preview.

Want to read all 395 pages?

  • Spring '12
  • LauraParker
  • Amazon Web Services, Amazon Elastic Compute Cloud

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes
A+ icon
Ask Expert Tutors