Help Center/ MapReduce Service/ User Guide/ MRS Cluster O&M/ MRS Cluster Security Configuration/ MRS Cluster Security Hardening/ Configuring the IP Address Whitelist for Modifying Data in an HBase Read-Only Cluster
Updated on 2024-09-23 GMT+08:00

Configuring the IP Address Whitelist for Modifying Data in an HBase Read-Only Cluster

If the Replication function is enabled for HBase in an MRS 3.x and later cluster, a protection mechanism for data modification is added on the standby HBase cluster to ensure data consistency between the active and standby clusters. Upon receiving an RPC request for data modification, the standby HBase cluster checks the permission of the user who sends the request (only HBase manage users have the modification permission). Then it checks the validity of the source IP address of the request. Only modification requests from IP addresses in the white list are accepted. The IP address white list is configured by the hbase.replication.allowedIPs item.

Log in to FusionInsight Manager and choose Cluster > Services > HBase. Click Configurations and search for the parameter name in Table 1.

Table 1 Parameter description

Parameter

Description

Default Value

hbase.replication.allowedIPs

Only replication requests from specified IP addresses are allowed. Only regular expressions separated by commas (,) are supported. Each pattern can be any of the following:

  • Regex pattern

    Example: 10.18.40.*, 10.18.*, 10.18.40.11

  • Range pattern (Range can be specified only in the last octet)

    Example: 10.18.40.[10-20]

If this item is empty (default value), the white list contains only the IP address of the RegionServer of the cluster, indicating that only modification requests from the RegionServer of the standby HBase cluster are accepted.

N/A