• R/O
  • SSH
  • HTTPS

metasearch: Commit


Commit MetaInfo

Revision570 (tree)
Time2013-10-28 20:55:58
Authorwhitestar

Log Message

HDP 2.0.6.0 configurations (with security) 0.

Change Summary

Incremental Difference

--- hadoop_conf/branches/localhost-hdp2.0/etc/hadoop/conf/hdfs-site.xml (revision 569)
+++ hadoop_conf/branches/localhost-hdp2.0/etc/hadoop/conf/hdfs-site.xml (revision 570)
@@ -61,4 +61,103 @@
6161 </description>
6262 </property>
6363
64+ <property>
65+ <name>dfs.namenode.kerberos.principal</name>
66+ <value>hdfs/_HOST@${this.realm}</value>
67+ <!-- _HOST is replaced with the fs.defaultFS's host name -->
68+ <!-- <value>hdfs/${this.namenode.fqdn}@${this.realm}</value> -->
69+ <description>Kerberos principal name for the NameNode</description>
70+ </property>
71+ <property>
72+ <name>dfs.namenode.keytab.file</name>
73+ <value>${this.keytab.dir}/nn.keytab</value>
74+ <description>
75+ Combined keytab file containing the namenode service and host
76+ principals.
77+ </description>
78+ </property>
79+ <property>
80+ <name>dfs.secondary.namenode.kerberos.principal</name>
81+ <value>hdfs/${this.secondary.namenode.fqdn}@${this.realm}</value>
82+ <!-- <value>hdfs/_HOST@${this.realm}</value> -->
83+ <description>
84+ Kerberos principal name for the secondary NameNode.
85+ </description>
86+ </property>
87+ <property>
88+ <name>dfs.secondary.namenode.keytab.file</name>
89+ <value>${this.keytab.dir}/cn.keytab</value>
90+ <description>
91+ Combined keytab file containing the namenode service and host
92+ principals.
93+ </description>
94+ </property>
95+ <!-- for KSSL (NOT RECOMMENDED). Note: N/A on the CDH4 -->
96+ <property>
97+ <name>hadoop.security.use-weak-http-crypto</name>
98+ <value>false</value>
99+ </property>
100+ <property>
101+ <name>dfs.block.access.token.enable</name>
102+ <value>true</value>
103+ <description>
104+ If "true", access tokens are used as capabilities for accessing
105+ datanodes.
106+ If "false", no access tokens are checked on accessing datanodes.
107+ </description>
108+ </property>
109+ <property>
110+ <name>dfs.datanode.kerberos.principal</name>
111+ <value>hdfs/localhost@${this.realm}</value>
112+ <!-- <value>hdfs/_HOST@${this.realm}</value> -->
113+ <description>
114+ The Kerberos principal that the DataNode runs as. "_HOST" is
115+ replaced by the real host name.
116+ </description>
117+ </property>
118+ <property>
119+ <name>dfs.datanode.keytab.file</name>
120+ <value>${this.keytab.dir}/dn.keytab</value>
121+ <description>
122+ The filename of the keytab file for the DataNode.
123+ </description>
124+ </property>
125+ <property>
126+ <name>dfs.namenode.kerberos.internal.spnego.principal</name>
127+ <value>${dfs.web.authentication.kerberos.principal}</value>
128+ <!-- <value>HTTP/_HOST@${this.realm}</value> -->
129+ <!-- _HOST is replaced with dfs.namenode.http-address's host name. -->
130+ </property>
131+ <property>
132+ <name>dfs.secondary.namenode.kerberos.internal.spnego.principal</name>
133+ <value>HTTP/${this.secondary.namenode.fqdn}@${this.realm}</value>
134+ <!-- <value>HTTP/_HOST@${this.realm}</value> -->
135+ <!-- _HOST is replaced with dfs.namenode.secondary.http-address's host name. -->
136+ </property>
137+
138+ <property>
139+ <name>dfs.datanode.address</name>
140+ <value>0.0.0.0:1004</value>
141+ </property>
142+ <property>
143+ <name>dfs.datanode.http.address</name>
144+ <value>0.0.0.0:1006</value>
145+ </property>
146+
147+ <property>
148+ <name>dfs.namenode.http-address</name>
149+ <value>${this.namenode.fqdn}:50070</value>
150+ </property>
151+ <property>
152+ <name>dfs.namenode.secondary.http-address</name>
153+ <value>${this.secondary.namenode.fqdn}:50090</value>
154+ </property>
155+ <property>
156+ <name>dfs.web.authentication.kerberos.principal</name>
157+ <value>HTTP/_HOST@${this.realm}</value>
158+ </property>
159+ <property>
160+ <name>dfs.web.authentication.kerberos.keytab</name>
161+ <value>${this.keytab.dir}/HTTP.keytab</value>
162+ </property>
64163 </configuration>
--- hadoop_conf/branches/localhost-hdp2.0/etc/hadoop/conf/core-site.xml (revision 569)
+++ hadoop_conf/branches/localhost-hdp2.0/etc/hadoop/conf/core-site.xml (revision 570)
@@ -28,6 +28,15 @@
2828 <!-- <value>grid.example.com</value> -->
2929 </property>
3030 <property>
31+ <name>this.realm</name>
32+ <value>LOCALDOMAIN</value>
33+ <!-- <value>GRID.EXAMPLE.COM</value> -->
34+ </property>
35+ <property>
36+ <name>this.keytab.dir</name>
37+ <value>/grid/etc/keytabs/localhost</value>
38+ </property>
39+ <property>
3140 <name>this.namenode.fqdn</name>
3241 <value>localhost</value>
3342 <!-- <value>${this.cluster.name}-nn.${this.domain}</value> -->
@@ -42,4 +51,92 @@
4251 <value>/tmp/hadoop-${user.name}</value>
4352 </property>
4453
54+ <property>
55+ <name>hadoop.security.authentication</name>
56+ <value>kerberos</value>
57+ <description>
58+ Set the authentication for the cluster. Valid values are: simple or
59+ kerberos.
60+ </description>
61+ </property>
62+ <property>
63+ <name>hadoop.security.authorization</name>
64+ <value>true</value>
65+ <description>
66+ Enable authorization for different protocols.
67+ </description>
68+ </property>
69+ <property>
70+ <name>hadoop.security.auth_to_local</name>
71+ <value>
72+ RULE:[2:$1@$0](.*@${this.realm})s/@.*//
73+ RULE:[1:$1@$0](.*@${this.realm})s/@.*//
74+ RULE:[2:$1@$0](hdfs@.*${this.realm})s/.*/hdfs/
75+ RULE:[2:$1@$0](yarn@.*${this.realm})s/.*/yarn/
76+ RULE:[2:$1@$0](mapred@.*${this.realm})s/.*/mapred/
77+ DEFAULT</value>
78+ </property>
79+ <property>
80+ <name>hadoop.security.group.mapping</name>
81+ <value>org.apache.hadoop.security.JniBasedUnixGroupsMapping</value>
82+ </property>
83+ <property>
84+ <name>hadoop.security.groups.cache.secs</name>
85+ <value>14400</value>
86+ </property>
87+ <property>
88+ <name>hadoop.kerberos.kinit.command</name>
89+ <value>/usr/bin/kinit</value>
90+ </property>
91+
92+ <property>
93+ <name>hadoop.http.filter.initializers</name>
94+ <value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
95+ <!-- <value>org.apache.hadoop.http.lib.StaticUserWebFilter</value> -->
96+ <description>The name of a class that initializes an input filter for Jetty.
97+ This filter will always return Dr.Who as the web user when the servlets
98+ query for the authenticated user </description>
99+ </property>
100+ <property>
101+ <name>hadoop.http.authentication.signature.secret.file</name>
102+ <value>/grid/etc/hadoop-http-auth-signature-secret</value>
103+ </property>
104+ <property>
105+ <name>hadoop.http.authentication.cookie.domain</name>
106+ <value>${this.domain}</value>
107+ </property>
108+ <property>
109+ <name>hadoop.http.authentication.type</name>
110+ <value>kerberos</value>
111+ <description>Defines authentication used for the HTTP web-consoles.
112+ The supported values are: simple | kerberos | #AUTHENTICATION_HANDLER_CLASSNAME#.
113+ The dfeault value is simple.</description>
114+ </property>
115+ <property>
116+ <name>hadoop.http.authentication.kerberos.principal</name>
117+ <value>HTTP/localhost@${this.realm}</value>
118+ <!-- <value>HTTP/_HOST@${this.realm}</value>
119+ _HOST N/A!: v1.0, HDP1.2; OK: v2.0, CDH3, CDH4 -->
120+ </property>
121+ <property>
122+ <name>hadoop.http.authentication.kerberos.keytab</name>
123+ <value>${this.keytab.dir}/HTTP.keytab</value>
124+ </property>
125+
126+ <property>
127+ <name>hadoop.proxyuser.oozie.hosts</name>
128+ <value>localhost</value>
129+ </property>
130+ <property>
131+ <name>hadoop.proxyuser.oozie.groups</name>
132+ <value>hadoopers</value>
133+ </property>
134+ <property>
135+ <name>hadoop.proxyuser.httpfs.hosts</name>
136+ <value>localhost</value>
137+ </property>
138+ <property>
139+ <name>hadoop.proxyuser.httpfs.groups</name>
140+ <value>hadoopers</value>
141+ </property>
45142 </configuration>
--- hadoop_conf/branches/localhost-hdp2.0/etc/hadoop/conf/mapred-site.xml (revision 569)
+++ hadoop_conf/branches/localhost-hdp2.0/etc/hadoop/conf/mapred-site.xml (revision 570)
@@ -67,4 +67,23 @@
6767 </property>
6868 -->
6969
70+ <property>
71+ <name>mapreduce.jobhistory.principal</name>
72+ <value>mapred/${this.jobhistory.fqdn}@${this.realm}</value>
73+ <!-- <value>mapred/_HOST@${this.realm}</value> -->
74+ </property>
75+ <property>
76+ <name>mapreduce.jobhistory.keytab</name>
77+ <value>${this.keytab.dir}/jh.keytab</value>
78+ </property>
79+
80+ <property>
81+ <name>mapreduce.jobhistory.webapp.spnego-principal</name>
82+ <value>HTTP/${this.jobhistory.fqdn}@${this.realm}</value>
83+ <!-- <value>HTTP/_HOST@${this.realm}</value> -->
84+ </property>
85+ <property>
86+ <name>mapreduce.jobhistory.webapp.spnego-keytab-file</name>
87+ <value>${this.keytab.dir}/HTTP.keytab</value>
88+ </property>
7089 </configuration>
--- hadoop_conf/branches/localhost-hdp2.0/etc/hadoop/conf/yarn-site.xml (revision 569)
+++ hadoop_conf/branches/localhost-hdp2.0/etc/hadoop/conf/yarn-site.xml (revision 570)
@@ -94,5 +94,88 @@
9494 <value>MALLOC_ARENA_MAX=$MALLOC_ARENA_MAX,LD_LIBRARY_PATH=${HADOOP_COMMON_HOME}/lib/native</value>
9595 </property>
9696
97+ <property>
98+ <name>yarn.acl.enable</name>
99+ <value>true</value>
100+ </property>
101+ <property>
102+ <name>yarn.admin.acl</name>
103+ <value> yarn,gridops</value>
104+ </property>
105+ <property>
106+ <name>yarn.resourcemanager.principal</name>
107+ <value>yarn/${this.resourcemanager.fqdn}@${this.realm}</value>
108+ <!-- <value>yarn/_HOST@${this.realm}</value> -->
109+ </property>
110+ <property>
111+ <name>yarn.resourcemanager.keytab</name>
112+ <value>${this.keytab.dir}/rm.keytab</value>
113+ </property>
114+ <property>
115+ <name>yarn.nodemanager.principal</name>
116+ <value>yarn/localhost@${this.realm}</value>
117+ <!-- <value>yarn/_HOST@${this.realm}</value> -->
118+ </property>
119+ <property>
120+ <name>yarn.nodemanager.keytab</name>
121+ <value>${this.keytab.dir}/nm.keytab</value>
122+ </property>
123+
124+ <property>
125+ <name>yarn.nodemanager.container-executor.class</name>
126+ <value>org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor</value>
127+ </property>
128+ <property>
129+ <name>yarn.nodemanager.linux-container-executor.group</name>
130+ <value>yarn</value>
131+ </property>
132+ <property>
133+ <name>yarn.nodemanager.linux-container-executor.resources-handler.class</name>
134+ <value>org.apache.hadoop.yarn.server.nodemanager.util.CgroupsLCEResourcesHandler</value>
135+ <description>The class which should help the LCE handle resources.</description>
136+ </property>
137+ <property>
138+ <name>yarn.nodemanager.linux-container-executor.cgroups.hierarchy</name>
139+ <value>/hadoop-yarn</value>
140+ <description>The cgroups hierarchy under which to place YARN proccesses (cannot contain commas).
141+ If yarn.nodemanager.linux-container-executor.cgroups.mount is false (that is, if cgroups have
142+ been pre-configured), then this cgroups hierarchy must already exist and be writable by the
143+ NodeManager user, otherwise the NodeManager may fail.
144+ Only used when the LCE resources handler is set to the CgroupsLCEResourcesHandler.</description>
145+ </property>
146+ <property>
147+ <name>yarn.nodemanager.linux-container-executor.cgroups.mount</name>
148+ <value>false</value>
149+ <description>Whether the LCE should attempt to mount cgroups if not found.
150+ Only used when the LCE resources handler is set to the CgroupsLCEResourcesHandler.</description>
151+ </property>
152+ <property>
153+ <name>yarn.nodemanager.linux-container-executor.cgroups.mount-path</name>
154+ <value></value>
155+ <description>Where the LCE should attempt to mount cgroups if not found. Common locations
156+ include /sys/fs/cgroup and /cgroup; the default location can vary depending on the Linux
157+ distribution in use. This path must exist before the NodeManager is launched.
158+ Only used when the LCE resources handler is set to the CgroupsLCEResourcesHandler, and
159+ yarn.nodemanager.linux-container-executor.cgroups.mount is true.</description>
160+ </property>
161+
162+ <property>
163+ <name>yarn.resourcemanager.webapp.spnego-principal</name>
164+ <value>HTTP/${this.resourcemanager.fqdn}@${this.realm}</value>
165+ <!-- <value>HTTP/_HOST@${this.realm}</value> -->
166+ </property>
167+ <property>
168+ <name>yarn.resourcemanager.webapp.spnego-keytab-file</name>
169+ <value>${this.keytab.dir}/HTTP.keytab</value>
170+ </property>
171+ <property>
172+ <name>yarn.nodemanager.webapp.spnego-principal</name>
173+ <value>HTTP/localhost@${this.realm}</value>
174+ <!-- <value>HTTP/_HOST@${this.realm}</value> -->
175+ </property>
176+ <property>
177+ <name>yarn.nodemanager.webapp.spnego-keytab-file</name>
178+ <value>${this.keytab.dir}/HTTP.keytab</value>
179+ </property>
97180 </configuration>
98181
Show on old repository browser