Workflow Credentials Parameters
You must set workflow credentials if you are running actions in a secured cluster. You set the credentials at the global level, then select the user when you create or edit an action node.
Some action types talk to external services such as HCatalog, HBase Region Server, and Hive Server 2. In these circumstances, extra configuration is required to authenticate. Kerberos credentials are used to obtain delegation tokens on behalf of the user from the external service.
Table 8.2. HCat Workflow Credentials Parameters
| Parameter Name | Description | Additional Information | Example |
|---|---|---|---|
| Name | The name used to identify the credentials. | hive-cred | |
| Type | Options are HCat, Hive2, and HBase. | ||
| HCat Metastore Principal | The name of the Kerberos principal to be used for HCatalog. | ||
| HCat Metastore URL | This is a Thrift URI used to make metadata requests to a remote Metastore, allowing multiple Hive clients to connect to a remote service. | The same value as the Ambari setting: Hive service>Configs tab>Advanced tab>General section>hive.metastore.uris field | |
| Custom Properties Name/Value |
Table 8.3. Hive2 Workflow Credentials Parameters
| Parameter Name | Description | Additional Information | Example |
|---|---|---|---|
| Name | The name used to identify the credentials. | hive-cred | |
| Type | Options are HCat, Hive2, and HBase. | ||
| Hive2 JDBC URL | The JDBC connection location for interacting with the database. | Hive>Configs>Advanced>Hive Metastore>Database URL | |
| Hive2 Server Principal | The name of the Kerberos principal to be used for Hive Server 2. | ||
| Custom Properties Name/Value |
Table 8.4. HBase Workflow Credentials Parameters
| Parameter Name | Description | Additional Information | Example |
|---|---|---|---|
| Name | The name used to identify the credentials. | hive-cred | |
| Type | Options are HCat, Hive2, and HBase. | ||
| Hadoop Security Auth | Possible values are simple (no authentication), and kerberos. | ||
| HBase Security Auth | Possible values are simple (no authentication), and kerberos. | Authentication type for HBase security. For the client to be able to communicate with the cluster, the hbase.security.authentication in the client- and server-side site files must match. | HBase>Configs>Advanced>hbase-site.xml |
| HBase Master Kerberos Principal | The Kerberos principal name that should be used to run the HMaster process. | The Kerberos principal name that should be used to run the HRegionServer process. | |
| HBase Regionserver Kerberos Principal | A list of servers that are part of the ZooKeeper quorum for running in replicated mode. | ||
| HBase ZooKeeper Quorum | A list of ZooKeeper server addresses, separated by commas, that are to be used by the ZKFailoverController in automatic failover. | ||
| Hadoop RPC Protection | A comma-separated list of protection values for secured SASL connections. Possible values are authentication, integrity, and privacy. | Authentication = authentication only, no integrity or privacy. Integrity = authentication and integrity are enabled. Privacy = authentication, integrity, and privacy are enabled. | |
| HBase RPC Protection | A comma-separated list of protection values for secured SASL connections. Possible values are authentication, integrity, and privacy. | ||
| Custom Properties Name/Value |