Repository: incubator-impala Updated Branches: refs/heads/master 13837262b -> c6673634b
IMPALA-5006 [DOCS] Remove chunks of Cloudera-specific content from the Impala Security Guide. The scope of this gerrit is dealing with chunks of CM content still remaining in the security guide. Some of work on the SSL, LDAP and Sentry topics was done by John in a separate gerrit. Change-Id: I65a2aa96d7d45f6c1b348105727ddb5c4a6be6d2 Reviewed-on: http://gerrit.cloudera.org:8080/6231 Reviewed-by: John Russell <[email protected]> Tested-by: Impala Public Jenkins Project: http://git-wip-us.apache.org/repos/asf/incubator-impala/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-impala/commit/c6673634 Tree: http://git-wip-us.apache.org/repos/asf/incubator-impala/tree/c6673634 Diff: http://git-wip-us.apache.org/repos/asf/incubator-impala/diff/c6673634 Branch: refs/heads/master Commit: c6673634bb7aff2cd007bc886eba302cfaf33eb6 Parents: 1383726 Author: Ambreen Kazi <[email protected]> Authored: Thu Mar 2 13:22:41 2017 -0800 Committer: Impala Public Jenkins <[email protected]> Committed: Mon Mar 6 19:08:31 2017 +0000 ---------------------------------------------------------------------- docs/topics/impala_auditing.xml | 38 ++----------------------- docs/topics/impala_kerberos.xml | 32 --------------------- docs/topics/impala_lineage.xml | 12 +------- docs/topics/impala_security_guidelines.xml | 4 +-- 4 files changed, 5 insertions(+), 81 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/c6673634/docs/topics/impala_auditing.xml ---------------------------------------------------------------------- diff --git a/docs/topics/impala_auditing.xml b/docs/topics/impala_auditing.xml index 8dd5b23..2d5e46c 100644 --- a/docs/topics/impala_auditing.xml +++ b/docs/topics/impala_auditing.xml @@ -49,21 +49,15 @@ under the License. in your <cmdname>impalad</cmdname> startup options. The log directory must be a local directory on the server, not an HDFS directory. - <p audience="hidden"> - For a cluster managed by Cloudera Manager, see - <xref - href="cn_iu_audit_log.xml#xd_583c10bfdbd326ba--6eed2fb8-14349d04bee--7d6f/section_v25_lmy_bn"/>. - </p> </li> <li> Decide how many queries will be represented in each log file. By default, Impala starts a new log file every 5000 queries. To specify a different number, <ph - audience="standalone">include + audience="standalone">include the option <codeph>-max_audit_event_log_file_size=<varname>number_of_queries</varname></codeph> in the <cmdname>impalad</cmdname> startup options</ph> - <xref href="cn_iu_audit_log.xml#xd_583c10bfdbd326ba--6eed2fb8-14349d04bee--7d6f/section_v25_lmy_bn" audience="integrated"> - configure Impala Daemon logging in Cloudera Manager</xref>. + <xref href="cn_iu_audit_log.xml#xd_583c10bfdbd326ba--6eed2fb8-14349d04bee--7d6f/section_v25_lmy_bn" audience="integrated">configure Impala Daemon logging in Cloudera Manager</xref>. </li> <li> @@ -71,13 +65,6 @@ under the License. and produce reports based on the audit logs collected from all the hosts in the cluster. </li> - - <li audience="hidden"> - Use Cloudera Navigator or Cloudera Manager to filter, visualize, and produce reports based on the audit - data. (The Impala auditing feature works with Cloudera Manager 4.7 to 5.1 and Cloudera Navigator 2.1 and - higher.) Check the audit data to ensure that all activity is authorized and detect attempts at - unauthorized access. - </li> </ul> <p outputclass="toc inpage"/> @@ -275,25 +262,4 @@ Here is an excerpt from a sample audit log file: </p> </conbody> </concept> - - <concept id="auditing_reviewing" audience="hidden"> - - <title>Reviewing the Audit Logs</title> - <prolog> - <metadata> - <data name="Category" value="Logs"/> - </metadata> - </prolog> - - <conbody> - - <p> - You typically do not review the audit logs in raw form. The Cloudera Manager Agent periodically transfers - the log information into a back-end database where it can be examined in consolidated form. See - <ph audience="standalone">the <xref href="http://www.cloudera.com/content/cloudera-content/cloudera-docs/Navigator/latest/Cloudera-Navigator-Installation-and-User-Guide/Cloudera-Navigator-Installation-and-User-Guide.html"; - scope="external" format="html">Cloudera Navigator documentation</xref> for details</ph> - <xref href="cn_iu_audits.xml#cn_topic_7" audience="integrated" />. - </p> - </conbody> - </concept> </concept> http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/c6673634/docs/topics/impala_kerberos.xml ---------------------------------------------------------------------- diff --git a/docs/topics/impala_kerberos.xml b/docs/topics/impala_kerberos.xml index 8812389..480a861 100644 --- a/docs/topics/impala_kerberos.xml +++ b/docs/topics/impala_kerberos.xml @@ -48,15 +48,6 @@ under the License. <cmdname>impalad</cmdname> or <cmdname>statestored</cmdname>. </p> - <p audience="hidden"> - For more information on enabling Kerberos authentication, see the - topic on Configuring Hadoop Security in the - <xref href="http://www.cloudera.com/documentation/enterprise/latest/topics/cdh_sg_cdh5_hadoop_security.html"; scope="external" format="html">CDH 5 Security Guide</xref>. - When using Impala in a managed environment, Cloudera Manager automatically completes Kerberos configuration. - <ph rev="upstream">Cloudera</ph> recommends using a consistent format, such as - <codeph>impala/_HOST@Your-Realm</codeph>, but you can use any three-part Kerberos server principal. - </p> - <note conref="../shared/impala_common.xml#common/authentication_vs_authorization"/> <p> @@ -107,29 +98,6 @@ under the License. name of the <codeph>keytab</codeph> file containing the credentials for the principal. </p> - <p audience="hidden"> - Impala supports the Cloudera ODBC driver and the Kerberos interface provided. To use Kerberos through the - ODBC driver, the host type must be set depending on the level of the ODBC driver: - </p> - - <ul audience="hidden"> - <li> - <codeph>SecImpala</codeph> for the ODBC 1.0 driver. - </li> - - <li> - <codeph>SecBeeswax</codeph> for the ODBC 1.2 driver. - </li> - - <li> - Blank for the ODBC 2.0 driver or higher, when connecting to a secure cluster. - </li> - - <li> - <codeph>HS2NoSasl</codeph> for the ODBC 2.0 driver or higher, when connecting to a non-secure cluster. - </li> - </ul> - <p> To enable Kerberos in the Impala shell, start the <cmdname>impala-shell</cmdname> command using the <codeph>-k</codeph> flag. http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/c6673634/docs/topics/impala_lineage.xml ---------------------------------------------------------------------- diff --git a/docs/topics/impala_lineage.xml b/docs/topics/impala_lineage.xml index f444836..7ba5b17 100644 --- a/docs/topics/impala_lineage.xml +++ b/docs/topics/impala_lineage.xml @@ -56,13 +56,6 @@ under the License. not tampered with. </p> - <p audience="hidden"> - You interact with this feature through <term>lineage diagrams</term> showing relationships between tables and - columns. For instructions about interpreting lineage diagrams, see - <xref audience="integrated" href="cn_iu_lineage.xml" /> - <xref audience="standalone" href="http://www.cloudera.com/documentation/enterprise/latest/topics/cn_iu_lineage.html"; scope="external" format="html"/>. - </p> - <section id="column_lineage"> <title>Column Lineage</title> @@ -119,10 +112,7 @@ under the License. <p> To enable or disable this feature, set or remove the <codeph>-lineage_event_log_dir</codeph> - configuration option for the <cmdname>impalad</cmdname> daemon. <ph audience="hidden">For - information about turning the lineage feature on and off through Cloudera Manager, see - <xref audience="integrated" href="datamgmt_impala_lineage_log.xml"/> - <xref audience="standalone" href="http://www.cloudera.com/documentation/enterprise/latest/topics/datamgmt_impala_lineage_log.html"; scope="external" format="html"/>.</ph> + configuration option for the <cmdname>impalad</cmdname> daemon. </p> </section> http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/c6673634/docs/topics/impala_security_guidelines.xml ---------------------------------------------------------------------- diff --git a/docs/topics/impala_security_guidelines.xml b/docs/topics/impala_security_guidelines.xml index cfe27b5..f664491 100644 --- a/docs/topics/impala_security_guidelines.xml +++ b/docs/topics/impala_security_guidelines.xml @@ -87,8 +87,8 @@ under the License. <p> The Impala authorization feature makes use of the HDFS file ownership and permissions mechanism; for background information, see the - <xref href="https://archive.cloudera.com/cdh/3/hadoop/hdfs_permissions_guide.html"; scope="external" format="html">CDH - HDFS Permissions Guide</xref>. Set up users and assign them to groups at the OS level, corresponding to the + <xref href="https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html"; scope="external" format="html">HDFS Permissions Guide</xref>. + Set up users and assign them to groups at the OS level, corresponding to the different categories of users with different access levels for various databases, tables, and HDFS locations (URIs). Create the associated Linux users using the <cmdname>useradd</cmdname> command if necessary, and add them to the appropriate groups with the <cmdname>usermod</cmdname> command.
