As previously mentioned, the Accumulo-on-Slider application package includes
both non-secure (appConfig-default.json
) and secure
(appConfig-secured-default.json
) versions of the application
specification. On secure clusters, you should use the secure version of the
application specification.
To configure Accumulo for Kerberos, the following properties should be changed
in the appConfig.json
file to specify a keytab and principal
for Accumulo processes to use. You must generate the keytabs on all the hosts and
provide their location to Accumulo in the keytab property. If the keytab is not
headless, the recommended form for the principal is accumulo/_HOST@<realm>
,
with the realm for your system. The Slider Application Master also needs a keytab
and a principal, which can be (but does not need to be) the same one used for the
Accumulo processes.
"global": { "site.accumulo-site.general.kerberos.keytab": "", "site.accumulo-site.general.kerberos.principal": "", }, "components": { "slider-appmaster": { "slider.am.keytab.local.path": "", "slider.keytab.principal.name": "" } }
should be changed to:
"global": { "site.accumulo-site.general.kerberos.keytab": <keytab file abs path>, "site.accumulo-site.general.kerberos.principal": <principal name>, }, "components": { "slider-appmaster": { "slider.am.keytab.local.path": <keytab file abs path>, "slider.keytab.principal.name": <principal name> } }
Note | |
---|---|
For more information on configuring Accumulo-on-Slider on secure clusters, including information about keytab-associated properties and the available keytab distribution options, see Apache Slider Security. |