This section describes how to configure the Trifacta® platform for integration with KMS system for Hortonworks Data Platform. It assumes that access to the cluster is gated by Ranger.
Before you begin, please verify the pre-requisites. See Configure for KMS.
Configure Hadoop Cluster
NOTE: These changes should be applied through the management console for the Hadoop cluster before pushing the client configuration files to the nodes of the cluster.
In the following sections:
]- the userID accessing the cluster component
]-the appropriate group of user accessing the cluster component
Add Trifacta user properties to KMS site file
In Ambari on the Hortonworks cluster, navigate to KMS > Configs > Advanced > kms-site. Add the following properties:
Configuration for Ranger
If you are using Ranger's Key Management System, additional configuration is required.
- For more information on installing KMS, see http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_Ranger_KMS_Admin_Guide/content/ch02s01.html.
NOTE: These changes apply to the Hortonworks cluster only. Make changes through Ambari; avoid editing configuration files directly. Configuration files do not need to be shared with the Trifacta platform.
KMS Configuration for Hive
If you are using Hive, please add the Hive users and groups information to
Verify Kerberos authentication for KMS
If Kerberos is deployed, edit
kms-site.xml and verify the following properties in
Verify users for KMS
If you are using Kerberos KMS authentication, verify the following properties in
Configure connection to the KMS node
NOTE: The following changes need to be applied to the Hortonworks cluster configuration files and then shared with the Trifacta node. For more information on the files required by the platform, see Configure for Hadoop.
core-site.xml for KMS
core-site.xml and make the following change:
hdfs-site.xml for KMS
hdfs-site.xml and make the following change:
dbks-site.xml for KMS
NOTE: The following changes is required only if Ranger's KMS system is enabled. If so, this change enables access to files that are stored in secured folders.
dbks-site.xml and make the following change:
NOTE: If the existing value is
hdfs, you may leave it as-is.
Save the files.
After the configuration is complete, you can try to import a dataset from a source stored in a cluster location managed by KMS, assuming that any required authentication configuration has been completed. See Import Data Page.
For more information, see Configure Hadoop Authentication.
This page has no comments.