svn commit: r951792 - in /websites/staging/accumulo/trunk/content: ./ 1.7/accumulo_user_manual.html

[buildbot]

Author: buildbot
Date: Mon May 18 22:00:41 2015
New Revision: 951792

Log:
Staging update by buildbot for accumulo

Modified:
    websites/staging/accumulo/trunk/content/   (props changed)
    websites/staging/accumulo/trunk/content/1.7/accumulo_user_manual.html

Propchange: websites/staging/accumulo/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Mon May 18 22:00:41 2015
@@ -1 +1 @@
-1680096
+1680113

Modified: websites/staging/accumulo/trunk/content/1.7/accumulo_user_manual.html
==============================================================================
--- websites/staging/accumulo/trunk/content/1.7/accumulo_user_manual.html 
(original)
+++ websites/staging/accumulo/trunk/content/1.7/accumulo_user_manual.html Mon 
May 18 22:00:41 2015
@@ -5488,128 +5488,88 @@ all Accumulo servers must share the same
 <p>A number of properties need to be changed to account to properly configure 
servers
 in <code>accumulo-site.xml</code>.</p>
 </div>
-<div class="ulist">
-<ul>
-<li>
-<p><strong>general.kerberos.keytab</strong>=<em>/etc/security/keytabs/accumulo.service.keytab</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>The path to the keytab for Accumulo on local filesystem.</p>
-</li>
-<li>
-<p>Change the value to the actual path on your system.</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>general.kerberos.principal</strong>=<em>accumulo/_HOST@REALM</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>The Kerberos principal for Accumulo, needs to match the keytab.</p>
-</li>
-<li>
-<p>"_HOST" can be used instead of the actual hostname in the principal and 
will be
-automatically expanded to the current FQDN which reduces the configuration 
file burden.</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>instance.rpc.sasl.enabled</strong>=<em>true</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>Enables SASL for the Thrift Servers (supports GSSAPI)</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>instance.security.authenticator</strong>=<em>org.apache.accumulo.server.security.handler.KerberosAuthenticator</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>Configures Accumulo to use the Kerberos principal as the Accumulo 
username/principal</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>instance.security.authorizor</strong>=<em>org.apache.accumulo.server.security.handler.KerberosAuthorizor</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>Configures Accumulo to use the Kerberos principal for authorization 
purposes</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>instance.security.permissionHandler</strong>=<em>org.apache.accumulo.server.security.handler.KerberosPermissionHandler</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>Configures Accumulo to use the Kerberos principal for permission 
purposes</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>trace.token.type</strong>=<em>org.apache.accumulo.core.client.security.tokens.KerberosToken</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>Configures the Accumulo Tracer to use the KerberosToken for authentication 
when
-serializing traces to the trace table.</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>trace.user</strong>=<em>accumulo/_HOST@REALM</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>The tracer process needs valid credentials to serialize traces to 
Accumulo.</p>
-</li>
-<li>
-<p>While the other server processes are creating a SystemToken from the 
provided keytab and principal, we can
-still use a normal KerberosToken and the same keytab/principal to serialize 
traces. Like
-non-Kerberized instances, the table must be created and permissions granted to 
the trace.user.</p>
-</li>
-<li>
-<p>The same <code>_HOST</code> replacement is performed on this value, 
substituted the FQDN for <code>_HOST</code>.</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>general.delegation.token.lifetime</strong>=<em>7d</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>The length of time that the server-side secret used to create delegation 
tokens is valid.
-After a server-side secret expires, a delegation token created with that 
secret is no longer valid.</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>general.delegation.token.update.interval</strong>=<em>1d</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>The frequency in which new server-side secrets should be generated to 
create delegation
-tokens for clients. Generating new secrets reduces the likelihood of 
cryptographic attacks.</p>
-</li>
-</ul>
-</div>
-</li>
-</ul>
-</div>
+<table class="tableblock frame-all grid-all spread">
+<colgroup>
+<col style="width: 33%;">
+<col style="width: 33%;">
+<col style="width: 33%;">
+</colgroup>
+<thead>
+<tr>
+<th class="tableblock halign-left valign-top">Key</th>
+<th class="tableblock halign-left valign-top">Default Value</th>
+<th class="tableblock halign-left valign-top">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">general.kerberos.keytab</p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">/etc/security/keytabs/accumulo.service.keytab</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">The path 
to the keytab for Accumulo on local filesystem. Change the value to the actual 
path on your system.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">general.kerberos.principal</p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">accumulo/_HOST@REALM</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">The 
Kerberos principal for Accumulo, needs to match the keytab. "_HOST" can be used 
instead of the actual hostname in the principal and will be automatically 
expanded to the current FQDN which reduces the configuration file 
burden.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">instance.rpc.sasl.enabled</p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">true</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Enables 
SASL for the Thrift Servers (supports GSSAPI)</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">rpc.sasl.qop</p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">auth</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">One of 
"auth", "auth-int", or "auth-conf". These map to the SASL defined properties for
+quality of protection. "auth" is authentication only. "auth-int" is 
authentication and data
+integrity. "auth-conf" is authentication, data integrity and 
confidentiality.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">instance.security.authenticator</p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">org.apache.accumulo.server.security.
+handler.KerberosAuthenticator</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Configures 
Accumulo to use the Kerberos principal as the Accumulo 
username/principal</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">instance.security.authorizor</p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">org.apache.accumulo.server.security.
+handler.KerberosAuthorizor</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Configures 
Accumulo to use the Kerberos principal for authorization purposes</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">instance.security.permissionHandler</p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">org.apache.accumulo.server.security.
+handler.KerberosPermissionHandler</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Configures 
Accumulo to use the Kerberos principal for permission purposes</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">trace.token.type</p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">org.apache.accumulo.core.client.
+security.tokens.KerberosToken</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Configures 
the Accumulo Tracer to use the KerberosToken for authentication when 
serializing traces to the trace table.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">trace.user</p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">accumulo/_HOST@REALM</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">The tracer 
process needs valid credentials to serialize traces to Accumulo. While the 
other server processes are
+creating a SystemToken from the provided keytab and principal, we can still 
use a normal KerberosToken and the same
+keytab/principal to serialize traces. Like non-Kerberized instances, the table 
must be created and permissions granted
+to the trace.user. The same <code>_HOST</code> replacement is performed on 
this value, substituted the FQDN for <code>_HOST</code>.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">general.delegation.token.lifetime</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">7d</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">The length 
of time that the server-side secret used to create delegation tokens is valid. 
After a server-side secret
+expires, a delegation token created with that secret is no longer 
valid.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock">general.delegation.token.update.interval</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">1d</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">The 
frequency in which new server-side secrets should be generated to create 
delegation tokens for clients. Generating
+new secrets reduces the likelihood of cryptographic attacks.</p></td>
+</tr>
+</tbody>
+</table>
 <div class="paragraph">
 <p>Although it should be a prerequisite, it is ever important that you have 
DNS properly
 configured for your nodes and that Accumulo is configured to use the FQDN. It
@@ -7157,7 +7117,7 @@ modes that are more common when running
 <div class="sect3">
 <h4 id="_known_failure_modes_setup_and_troubleshooting">16.15.1. Known failure 
modes: Setup and Troubleshooting</h4>
 <div class="paragraph">
-<p>In addition to the general failure modes of running Sqrrl, VMs can 
introduce a
+<p>In addition to the general failure modes of running Accumulo, VMs can 
introduce a
 couple of environmental challenges that can affect process stability. Clock
 drift is something that is more common in VMs, especially when VMs are
 suspended and resumed. Clock drift can cause Accumulo servers to assume that
@@ -10916,7 +10876,7 @@ An example is <em>java.lang.String</em>,
 </div>
 <div id="footer">
 <div id="footer-text">
-Last updated 2015-05-12 14:49:53 EDT
+Last updated 2015-05-18 17:01:54 EDT
 </div>
 </div>
 </body>