src/contrib/hdfsproxy/README - hadoop-common - Git at Google

 HDFSPROXY is an HTTPS proxy server that exposes the same HSFTP interface as a
 real cluster. It authenticates users via user certificates and enforce access
 control based on configuration files.

 Starting up an HDFSPROXY server is similar to starting up an HDFS cluster.
 Simply run "hdfsproxy" shell command. The main configuration file is
 hdfsproxy-default.xml, which should be on the classpath. hdfsproxy-env.sh
 can be used to set up environmental variables. In particular, JAVA_HOME should
 be set. Additional configuration files include user-certs.xml,
 user-permissions.xml and ssl-server.xml, which are used to specify allowed user
 certs, allowed directories/files, and ssl keystore information for the proxy,
 respectively. The location of these files can be specified in
 hdfsproxy-default.xml. Environmental variable HDFSPROXY_CONF_DIR can be used to
 point to the directory where these configuration files are located. The
 configuration files of the proxied HDFS cluster should also be available on the
 classpath (hdfs-default.xml and hdfs-site.xml).

 Mirroring those used in HDFS, a few shell scripts are provided to start and
 stop a group of proxy servers. The hosts to run hdfsproxy on are specified in
 hdfsproxy-hosts file, one host per line. All hdfsproxy servers are stateless
 and run independently from each other. Simple load balancing can be set up by
 mapping all hdfsproxy server IP addresses to a single hostname. Users should
 use that hostname to access the proxy. If an IP address look up for that
 hostname returns more than one IP addresses, an HFTP/HSFTP client will randomly
 pick one to use.

 Command "hdfsproxy -reloadPermFiles" can be used to trigger reloading of
 user-certs.xml and user-permissions.xml files on all proxy servers listed in
 the hdfsproxy-hosts file. Similarly, "hdfsproxy -clearUgiCache" command can be
 used to clear the UGI caches on all proxy servers.

 For tomcat based installation.
 1. set up the environment and configuration files.
 	 a) export HADOOP_CONF_DIR=${user.home}/devel/source-conf
 	 	source-conf directory should point to the source cluster's configuration directory,
 	 	where core-site.xml, and hdfs-site.xml should already be correctly configured for
 	 	the source cluster settings.
 	 b) export HDFSPROXY_CONF_DIR=${user.home}/devel/proxy-conf
 	  proxy-conf directory should point to the proxy's configuration directory, where
 	  hdfsproxy-default.xml, etc, should already be properly configured.

 2. cd ==> hdfsproxy directory,  ant war

 3. download and install tomcat6, change tomcat conf/server.xml file to include https support.
 	 uncomment item below SSL HTTP/1.1 Connector and add paths, resulting something look like this:
 	 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                maxThreads="150" scheme="https" secure="true" keystoreFile="${user.home}/grid/hdfsproxy-conf/server2.keystore"
                keystorePass="changeme" keystoreType="JKS"  clientAuth="true" sslProtocol="TLS" />
 4. copy war file in step 2 to tomcat's webapps directory and rename it to ROOT.war
 5. export JAVA_OPTS="-Djavax.net.ssl.trustStore=${user.home}/grid/hdfsproxy-conf/server2.keystore -Djavax.net.ssl.trustStorePassword=changeme"
 6. start up tomcat with tomcat's bin/startup.sh
	HDFSPROXY is an HTTPS proxy server that exposes the same HSFTP interface as a
	real cluster. It authenticates users via user certificates and enforce access
	control based on configuration files.

	Starting up an HDFSPROXY server is similar to starting up an HDFS cluster.
	Simply run "hdfsproxy" shell command. The main configuration file is
	hdfsproxy-default.xml, which should be on the classpath. hdfsproxy-env.sh
	can be used to set up environmental variables. In particular, JAVA_HOME should
	be set. Additional configuration files include user-certs.xml,
	user-permissions.xml and ssl-server.xml, which are used to specify allowed user
	certs, allowed directories/files, and ssl keystore information for the proxy,
	respectively. The location of these files can be specified in
	hdfsproxy-default.xml. Environmental variable HDFSPROXY_CONF_DIR can be used to
	point to the directory where these configuration files are located. The
	configuration files of the proxied HDFS cluster should also be available on the
	classpath (hdfs-default.xml and hdfs-site.xml).

	Mirroring those used in HDFS, a few shell scripts are provided to start and
	stop a group of proxy servers. The hosts to run hdfsproxy on are specified in
	hdfsproxy-hosts file, one host per line. All hdfsproxy servers are stateless
	and run independently from each other. Simple load balancing can be set up by
	mapping all hdfsproxy server IP addresses to a single hostname. Users should
	use that hostname to access the proxy. If an IP address look up for that
	hostname returns more than one IP addresses, an HFTP/HSFTP client will randomly
	pick one to use.

	Command "hdfsproxy -reloadPermFiles" can be used to trigger reloading of
	user-certs.xml and user-permissions.xml files on all proxy servers listed in
	the hdfsproxy-hosts file. Similarly, "hdfsproxy -clearUgiCache" command can be
	used to clear the UGI caches on all proxy servers.

	For tomcat based installation.
	1. set up the environment and configuration files.
	a) export HADOOP_CONF_DIR=${user.home}/devel/source-conf
	source-conf directory should point to the source cluster's configuration directory,
	where core-site.xml, and hdfs-site.xml should already be correctly configured for
	the source cluster settings.
	b) export HDFSPROXY_CONF_DIR=${user.home}/devel/proxy-conf
	proxy-conf directory should point to the proxy's configuration directory, where
	hdfsproxy-default.xml, etc, should already be properly configured.

	2. cd ==> hdfsproxy directory, ant war

	3. download and install tomcat6, change tomcat conf/server.xml file to include https support.
	uncomment item below SSL HTTP/1.1 Connector and add paths, resulting something look like this:
	<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
	maxThreads="150" scheme="https" secure="true" keystoreFile="${user.home}/grid/hdfsproxy-conf/server2.keystore"
	keystorePass="changeme" keystoreType="JKS" clientAuth="true" sslProtocol="TLS" />
	4. copy war file in step 2 to tomcat's webapps directory and rename it to ROOT.war
	5. export JAVA_OPTS="-Djavax.net.ssl.trustStore=${user.home}/grid/hdfsproxy-conf/server2.keystore -Djavax.net.ssl.trustStorePassword=changeme"
	6. start up tomcat with tomcat's bin/startup.sh