Thanks. I will add the Kerberos installation procedure to the installation-preparation activities.
I hope someone can comment on the questions related to manipulation of the Hadoop environment? Thanks, Gunnar On Wed, Feb 3, 2016 at 4:30 PM, Roberta Marton <[email protected]> wrote: > The Kerberos installation procedure sets up security attributes as > required. > > > > Roberta > > > > *From:* Gunnar Tapper [mailto:[email protected]] > *Sent:* Wednesday, February 3, 2016 3:28 PM > *To:* [email protected] > *Subject:* Re: Trafodion user security > > > > OK. So this is a prerequisite for install, right? Any need for similar > configuration at the HDFS level? The installer does a bunch of things to > HDFS directly. > > > > Some other questions related to installation: > > > > 1. I assume that Trafodion is the only project using HBase-TRX and, > therefore, it's OK to overwrite $HADOOP_PATH/hbase-trx*? > > 2. Is Trafodion the only project using /hbase-staging, /bulkload, and > /lobs? The installer seems to assume that those directories do not exist. > Perhaps they get created under the Trafodion user's root directory rather > than the actual root directory? > > > > Overall, I am trying to understand and document what happens to the user's > Hadoop environment when the Trafodion Installer runs so that there are no > surprises after the installer has made changes to the environment and > restarted HBase, Zookeeper, and HDFS. > > > > Thanks, > > > > Gunnar > > > > On Wed, Feb 3, 2016 at 4:05 PM, Roberta Marton <[email protected]> > wrote: > > If you are not running with security enabled (aka Kerberos), then no > privilege checking is performed so you should not have to add the Trafodion > ID. > > If you are running with Kerberos enabled, then you need to give the > trafodion ID necessary privileges in HBase and HDFS. This, of course, > requires a Trafodion principal defined in Kerberos. > > > > For example, in HBase, after creating and setting up your Kerberos ID, you > grant trafodion privileges: > > > > $ sudo -u hbase hbase shell > > grant 'trafodion', 'RWXCA' > > exit > > > > Roberta > > > > *From:* Gunnar Tapper [mailto:[email protected]] > *Sent:* Wednesday, February 3, 2016 2:19 PM > *To:* [email protected] > *Subject:* Trafodion user security > > > > Hi, > > > > From what I understand, Trafodion runs under its own user ID and group, > which needs sudo access to the ip and arping Linux utilities. > > > > However, it's not clear to me if this user ID need to be added to HDFS and > HBase, too? > > > > -- > > Thanks, > > > > Gunnar > > *If you think you can you can, if you think you can't you're right.* > > > > > > -- > > Thanks, > > > > Gunnar > > *If you think you can you can, if you think you can't you're right.* > -- Thanks, Gunnar *If you think you can you can, if you think you can't you're right.*
