Cloudera Enterprise 5.15.x | Other versions
Llama Authentication
Note:
The use of the Llama component for integrated resource management within YARN is no longer supported with CDH 5.5 / Impala 2.3 and higher. The Llama support code is removed entirely in CDH 5.10 / Impala 2.8 and higher.
For clusters running Impala alongside other data management components, you define static service pools to define the resources available to Impala and other components. Then within the area allocated for Impala, you can create dynamic service pools, each with its own settings for the Impala admission control feature.
This section describes how to configure Llama in CDH 5 with Kerberos security in a Hadoop cluster.
Note: Llama has been tested only in a Cloudera Manager deployment. For information on using Cloudera
Manager to configure Llama and Impala, see Installing Impala.
Note: Llama has been tested only in a Cloudera Manager deployment. For information on using Cloudera
Manager to configure Llama and Impala, see Installing Impala.Configuring Llama to Support Kerberos Security
- Create a Llama service user principal using the syntax: llama/fully.qualified.domain.name@YOUR-REALM. This principal is used to authenticate with the Hadoop cluster, where fully.qualified.domain.name is the host where Llama
is running and YOUR-REALM is the name of your Kerberos realm:
$ kadmin kadmin: addprinc -randkey llama/fully.qualified.domain.name@YOUR-REALM
- Create a keytab file with the Llama principal:
$ kadmin kadmin: xst -k llama.keytab llama/fully.qualified.domain.name
- Test that the credentials in the keytab file work. For example:
$ klist -e -k -t llama.keytab
- Copy the llama.keytab file to the Llama configuration directory. The owner of the llama.keytab file should be the llama user and the file should have owner-only read permissions.
- Edit the Llama llama-site.xml configuration file in the Llama configuration directory by setting the following properties:
Property Value llama.am.server.thrift.security true llama.am.server.thrift.kerberos.keytab.file llama/conf.keytab llama.am.server.thrift.kerberos.server.principal.name llama/fully.qualified.domain.name llama.am.server.thrift.kerberos.notification.principal.name impala - Restart Llama to make the configuration changes take effect.
Page generated May 18, 2018.
| << Configuring Impala Delegation for Hue and BI Tools | ©2016 Cloudera, Inc. All rights reserved | Configuring Oozie Authentication >> |
| Terms and Conditions Privacy Policy |