hadoop http address綁定內網地址

hadoop默認配置裏http address接口domain段均爲0.0.0.0，表示可通過任一網卡訪問http接口，對於雙網卡服務器(一個內網，一個外網)，意味着公網用戶可以隨意訪問hadoop系統開放的web資源，存在極大的安全隱患。
我們可以修改配置將domain段替換成內網IP，這對於dfs.http.address、mapred.job.tracker.http.address沒什麼問題，但dfs.datanode.http.address需要到每個datanode上去修改，這太不現實了，可以通過以下方法實現自動配置。
通過local.bind.address參數 爲http address綁定內網IP：
1、修改$HADOOP_HOME/conf/hadoop-env.sh

#bind_ip=$(/sbin/ifconfig eth1:0 | grep 'inet addr:' | cut -d: -f2 | awk '{print $1}')
#replace eth1:0 with your NIC / alias  這種方式需要所有機器內外網對應的網卡順序一致
#bind_ip=$(/sbin/ifconfig | fgrep 'inet addr:172.16' | cut -d: -f2 | awk '{print $1}')
#這種方式需要所有機器內網IP前綴一致
bind_ip=$(/bin/hostname)
#這種方式需要在/etc/hosts裏將hostname指向內網IP
export BIND_OPTS="-Dlocal.bind.address=${bind_ip}"
# Command specific options appended to HADOOP_OPTS when specified
export HADOOP_NAMENODE_OPTS="-Dcom.sun.management.jmxremote $HADOOP_NAMENODE_OPTS $BIND_OPTS"
export HADOOP_SECONDARYNAMENODE_OPTS="-Dcom.sun.management.jmxremote $HADOOP_SECONDARYNAMENODE_OPTS $BIND_OPTS"
export HADOOP_DATANODE_OPTS="-Dcom.sun.management.jmxremote $HADOOP_DATANODE_OPTS $BIND_OPTS"
export HADOOP_BALANCER_OPTS="-Dcom.sun.management.jmxremote $HADOOP_BALANCER_OPTS $BIND_OPTS" 
export HADOOP_JOBTRACKER_OPTS="-Dcom.sun.management.jmxremote $HADOOP_JOBTRACKER_OPTS $BIND_OPTS"
export HADOOP_TASKTRACKER_OPTS="-Dcom.sun.management.jmxremote $HADOOP_TASKTRACKER_OPTS $BIND_OPTS"

2、修改$HADOOP_HOME/conf/hdfs-site.xml

<property>
<property>
     <name>dfs.http.address</name>
     <value>${local.bind.address}:50070</value>
</property>
<property>
     <name>dfs.https.address</name>
     <value>${local.bind.address}:50470</value>
</property>
<property>
     <name>dfs.secondary.http.address</name>
     <value>${local.bind.address}:50090</value>
</property>
<property>
     <name>dfs.datanode.address</name>
     <value>${local.bind.address}:50010</value>
</property>
<property>
     <name>dfs.datanode.ipc.address</name>
     <value>${local.bind.address}:50020</value>
</property>
<property>
     <name>dfs.datanode.http.address</name>
     <value>${local.bind.address}:50075</value>
</property>
<property>
     <name>dfs.datanode.https.address</name>
     <value>${local.bind.address}:50475</value>
</property>

3、修改$HADOOP_HOME/conf/mapred-site.xml

<property>
     <name>mapred.job.tracker.http.address</name>
     <value>${local.bind.address}:50030</value>
</property>
<property>
     <name>mapred.task.tracker.http.address</name>
     <value>${local.bind.address}:50060</value>
</property>

4、重啓

$HADOOP_HOME/bin/stop-all.sh
$HADOOP_HOME/bin/start-all.sh