Contents:
This section describes how to configure the Designer Cloud Powered by Trifacta® platform for integration with KMS system for Cloudera. It assumes that access to the cluster is gated by Sentry.
Before you begin, please verify the pre-requisites. See Configure for KMS.
Configure Hadoop Cluster
NOTE: These changes should be applied through the management console for the Hadoop cluster before pushing the client configuration files to the nodes of the cluster.
In the following sections:
-
[hadoop.user
(default=trifacta
)]
- the userID accessing the cluster component
[hadoop.group
(default=trifactausers
)]
-the appropriate group of user accessing the cluster component
Enable HDFS Encryption
On the Cloudera cluster, you may enable HDFS encryption using a designated Java KeyStore. For more information, see http://www.cloudera.com/documentation/enterprise/latest/topics/sg_hdfs_encryption_wizard.html?scroll=concept_n2p_5vq_vt#concept_fcq_phr_wt_unique_1.
Java KMS Configuration
Additional configuration for the Java KMS is required. See http://www.cloudera.com/documentation/enterprise/latest/topics/cdh_sg_kms.html.
Java KeyStore KMS Configuration
In the kms-site.xml
configuration file, please locate the following properties:
NOTE: If you have deployed Cloudera Manager for your cluster, do not modify these properties in the file. Make any modifications through the Cloudera Manager console.
<property> <name>hadoop.kms.authentication.kerberos.keytab</name> <value>${user.home}/kms.keytab</value> </property>
In Cloudera Manager, you may wish to change the following safety value value. Navigate to KMS service > Configuration > Advanced > Key Management Server Proxy Advanced Configuration Snippet (Safety Valve) for kms-site.xml. Modify the following:
<property> <name>hadoop.kms.aggregation.delay.ms</name> <value>10000</value> </property>
In the kms-site.xml
file, insert the following properties, which are required properties for the Key Management Server Advanced Configuration safety value:
<property> <name>hadoop.kms.authentication.kerberos.principal</name> <value>*</value> </property> <property> <name>hadoop.kms.proxyuser.[hadoop.user].groups</name> <value>[hadoop.group]</value> </property> <property> <name>hadoop.kms.proxyuser.[hadoop.user].hosts</name> <value>*</value> </property>
HDFS Configuration
In httpfs-site.xml
, please insert the following properties, which are the safety value for HttpFS Advanced Configuration:
<property> <name>httpfs.proxyuser.[hadoop.user].groups</name> <value>[hadoop.group]</value> </property> <property> <name>httpfs.proxyuser.[hadoop.user].hosts</name> <value>*</value> </property>
Save the files.
Validate
After the configuration is complete, you can try to import a dataset from a source stored in a cluster location managed by KMS, assuming that any required authentication configuration has been completed. See Import Data Page.
For more information, see Configure Hadoop Authentication.
This page has no comments.