OpenSearch/docs/en/security/tribe-clients-integrations/hadoop.asciidoc

[[hadoop]]
=== ES-Hadoop and Security

Elasticsearch for Apache Hadoop ("ES-Hadoop") is capable of using HTTP basic and
PKI authentication and/or TLS/SSL when accessing an Elasticsearch cluster. For
full details please refer to the ES-Hadoop documentation, in particular the
`Security` section.

For authentication purposes, select the user for your ES-Hadoop client (for
maintenance purposes it is best to create a dedicated user). Then, assign that
user to a role with the privileges required by your Hadoop/Spark/Storm job.
Configure ES-Hadoop to use the user name and password through the
`es.net.http.auth.user` and `es.net.http.auth.pass` properties.

If PKI authentication is enabled, setup the appropriate `keystore` and `truststore`
instead through `es.net.ssl.keystore.location` and `es.net.truststore.location`
(and their respective `.pass` properties to specify the password).

For secured transport, enable SSL/TLS through the `es.net.ssl` property by
setting it to `true`. Depending on your SSL configuration (keystore, truststore, etc...)
you might need to set other parameters as well - please refer to the
http://www.elastic.co/guide/en/elasticsearch/hadoop/current/configuration.html[ES-Hadoop] documentation,
specifically the `Configuration` and `Security` chapters.
[DOCS] Migrated security topics from x-pack repo to x-pack-elasticsearch. Original commit: elastic/x-pack-elasticsearch@e54aa1fd0a2f0e60013d7e427329e4408fa578fe 2017-04-06 21:29:29 -04:00			`[[hadoop]]`
			`=== ES-Hadoop and Security`

			`Elasticsearch for Apache Hadoop ("ES-Hadoop") is capable of using HTTP basic and`
			`PKI authentication and/or TLS/SSL when accessing an Elasticsearch cluster. For`
			`full details please refer to the ES-Hadoop documentation, in particular the`
			`Security` section.

			`For authentication purposes, select the user for your ES-Hadoop client (for`
			`maintenance purposes it is best to create a dedicated user). Then, assign that`
			`user to a role with the privileges required by your Hadoop/Spark/Storm job.`
			`Configure ES-Hadoop to use the user name and password through the`
			`es.net.http.auth.user` and `es.net.http.auth.pass` properties.

			If PKI authentication is enabled, setup the appropriate `keystore` and `truststore`
			instead through `es.net.ssl.keystore.location` and `es.net.truststore.location`
			(and their respective `.pass` properties to specify the password).

			For secured transport, enable SSL/TLS through the `es.net.ssl` property by
			setting it to `true`. Depending on your SSL configuration (keystore, truststore, etc...)
			`you might need to set other parameters as well - please refer to the`
			`http://www.elastic.co/guide/en/elasticsearch/hadoop/current/configuration.html[ES-Hadoop] documentation,`
			specifically the `Configuration` and `Security` chapters.