Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-3162

Document how to run Explore in a secure cluster

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.0
    • Fix Version/s: 3.1.0
    • Component/s: Docs
    • Labels:
    • Rank:
      1|hzywx3:

      Description

      • JobHistoryServer required

      hive-site.xml:

      <property>
        <name>hive.metastore.sasl.enabled</name>
        <value>true</value>
        <description>If true, the metastore thrift interface will be secured with SASL. Clients must authenticate with Kerberos.</description>
      </property>
      <property>
        <name>hive.metastore.kerberos.keytab.file</name>
        <value>/etc/security/keytabs/hive.service.keytab</value>
        <description>The path to the Kerberos Keytab file containing the metastore thrift server's service principal.</description>
      </property>
      <property>
        <name>hive.metastore.kerberos.principal</name>
        <value>hive/_HOST@CONTINUUITY.NET</value>
        <description>The service principal for the metastore thrift server. The special string _HOST will be replaced automatically with the correct host name.</description>
      </property>
      <property>
        <name>hive.server2.authentication</name>
        <value>KERBEROS</value>
      </property>
      <property>
        <name>hive.server2.authentication.kerberos.principal</name>
        <value>cdap/_HOST@CONTINUUITY.NET</value>
      </property>
      <property>
        <name>hive.server2.authentication.kerberos.keytab</name>
        <value>/etc/security/keytabs/cdap.service.keytab</value>
      </property>
      

      core-site.xml:

      <property>
        <name>hadoop.proxyuser.hive.groups</name>
        <value>cdap,hadoop,hive</value>
      </property>
      <property>
        <name>hadoop.proxyuser.hive.hosts</name>
        <value>*</value>
      </property>
      

      mapred-site.xml:

      <property>
        <name>mapreduce.jobhistory.keytab</name>
        <value>/etc/security/keytabs/jhs.service.keytab</value>
      </property>
      <property>
        <name>mapreduce.jobhistory.principal</name>
          <value>jhs/_HOST@CONTINUUITY.NET</value>
      </property>
      <property>
        <name>mapreduce.jobhistory.address</name>
          <value>HOSTNAME_OF_JHS:10020</value>
      </property>
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                John John Jackson
                Reporter:
                alvin Alvin Wang
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: