One other option, since a read-only configuration isn't currently available,
you could configure Apache HTTPD as a reverse proxy in front of the stargate
server and use mod_rewrite to only allow get requests through. Since I
believe stargate follows the RESTful conventions for request methods, you
can just allow GET requests. Something like:
# block non-get requests
RewriteCond %{REQUEST_METHOD} !^GET$
RewriteRule ^(.*) $1 [F]
# allow everything else
RewriteRule ^(.*) http://stargate.host.name/$1 [P,QSA]
Not sure if that's exactly right, but it should return a 403 response code
(forbidden) for any non-GET requests. Get requests will continue on and get
proxied through to "stargate.host.name".
You could extend this to lock down specific paths for certain tables, etc.
as well.
--gh
On Tue, Oct 26, 2010 at 7:03 PM, Ted Yu <[email protected]> wrote:
> Alternatively, is there a way to configure Stargate to serve read requests
> only ?
>
> On Tue, Oct 26, 2010 at 6:58 PM, Ted Yu <[email protected]> wrote:
>
> > Ops are wary of developers (inside firewall) performing operations
> against
> > 8080.
> >
> > If Stargate isn't a good choice, what other methods can I use to query
> > selected rows from each region server ? Parsing HTML is not ideal either.
> >
> > Thanks
> >
> >
> > On Tue, Oct 26, 2010 at 6:33 PM, Jonathan Gray <[email protected]>
> wrote:
> >
> >> If monitoring is inside firewall, then why do you have to "open" ports?
> >> Requiring all monitoring to go through port 80 seems rather odd. Your
> ops
> >> guys don't support ganglia, jmx, etc. on standard or custom ports?
> >>
> >> > -----Original Message-----
> >> > From: Ted Yu [mailto:[email protected]]
> >> > Sent: Tuesday, October 26, 2010 4:45 PM
> >> > To: [email protected]
> >> > Subject: Re: hbase monitoring through stargate
> >> >
> >> > The monitoring is done inside firewall.
> >> > They won't open any ports at all.
> >> >
> >> > Does anyone run Stargate in production ?
> >> >
> >> > On Tue, Oct 26, 2010 at 4:35 PM, Stack <[email protected]> wrote:
> >> >
> >> > > You can change the port it runs on? Or are ops saying they won't
> >> > open
> >> > > any ports at all for you? Do you have to monitor from outside the
> >> > > firewall?
> >> > > St.Ack
> >> > >
> >> > > On Tue, Oct 26, 2010 at 4:28 PM, Ted Yu <[email protected]>
> wrote:
> >> > > > Stargate provides REST service through certain port.
> >> > > > Ops told me that they cannot open additional port from hbase
> >> > cluster for
> >> > > > security reasons.
> >> > > >
> >> > > > I want to hear opinions/approaches w.r.t. hbase monitoring in
> >> > production
> >> > > > through stargate.
> >> > > >
> >> > > > Thanks
> >> > > >
> >> > >
> >>
> >
> >
>
