Contents:
This section describes how to configure the Designer Cloud Powered by Trifacta® platform for integration with KMS system for Cloudera. It assumes that access to the cluster is gated by Sentry.
Before you begin, please verify the pre-requisites. See Configure for KMS.
Configure Hadoop Cluster
NOTE: These changes should be applied through the management console for the Hadoop cluster before pushing the client configuration files to the nodes of the cluster.
In the following sections:
-
[hadoop.user(default=trifacta)]- the userID accessing the cluster component
[hadoop.group(default=trifactausers)]-the appropriate group of user accessing the cluster component
Enable HDFS Encryption
On the Cloudera cluster, you may enable HDFS encryption using a designated Java KeyStore. For more information, see http://www.cloudera.com/documentation/enterprise/latest/topics/sg_hdfs_encryption_wizard.html?scroll=concept_n2p_5vq_vt#concept_fcq_phr_wt_unique_1.
Java KMS Configuration
Additional configuration for the Java KMS is required. See http://www.cloudera.com/documentation/enterprise/latest/topics/cdh_sg_kms.html.
Java KeyStore KMS Configuration
In the kms-site.xml configuration file, please locate the following properties:
NOTE: If you have deployed Cloudera Manager for your cluster, do not modify these properties in the file. Make any modifications through the Cloudera Manager console.
<property>
<name>hadoop.kms.authentication.kerberos.keytab</name>
<value>${user.home}/kms.keytab</value>
</property>
In Cloudera Manager, you may wish to change the following safety value value. Navigate to KMS service > Configuration > Advanced > Key Management Server Proxy Advanced Configuration Snippet (Safety Valve) for kms-site.xml. Modify the following:
<property>
<name>hadoop.kms.aggregation.delay.ms</name>
<value>10000</value>
</property>
In the kms-site.xml file, insert the following properties, which are required properties for the Key Management Server Advanced Configuration safety value:
<property> <name>hadoop.kms.authentication.kerberos.principal</name> <value>*</value> </property> <property> <name>hadoop.kms.proxyuser.[hadoop.user].groups</name> <value>[hadoop.group]</value> </property> <property> <name>hadoop.kms.proxyuser.[hadoop.user].hosts</name> <value>*</value> </property>
HDFS Configuration
In httpfs-site.xml, please insert the following properties, which are the safety value for HttpFS Advanced Configuration:
<property> <name>httpfs.proxyuser.[hadoop.user].groups</name> <value>[hadoop.group]</value> </property> <property> <name>httpfs.proxyuser.[hadoop.user].hosts</name> <value>*</value> </property>
Save the files.
Validate
After the configuration is complete, you can try to import a dataset from a source stored in a cluster location managed by KMS, assuming that any required authentication configuration has been completed. See Import Data Page.
For more information, see Configure Hadoop Authentication.
This page has no comments.