Non-Ambari Cluster Installation Guide
Also available as:
PDF
loading table of contents...

Configuring Atlas in a Kerberized Cluster

If your cluster is in a Kerberized environment, complete the following steps to configure Atlas.

  1. Create the Atlas JAAS configuration file.

    /etc/atlas/conf/atlas-jass.conf

  2. Update Atlas METADATS_OPTS to include the login configuration. METADATA_OPTS must include "java.security.auth.config' set to the above Atlas JAAS configuration file. For example:

    -Xmx1024m -Djava.security.auth.login.config=/etc/atlas/conf/atlas-jaas.conf

  3. Update the hbase-site.xml file to include the following:

    <property>
          <name>zookeeper.znode.parent</name>
          <value>/hbase-secure</value>
        </property>
    
        <property>
          <name>hbase.security.authentication</name>
          <value>kerberos</value>
        </property>
    
        <property>
          <name>hbase.security.authorization</name>
          <value>true</value>
        </property>
    
        <property>
          <name>hbase.master.kerberos.principal</name>
          <value>hbase/_HOST@EXAMPLE.COM</value>
        </property>
    
        <property>
          <name>hbase.master.keytab.file</name>
          <value>/etc/security/keytabs/hbase.service.keytab</value>
        </property>
    
        <property>
          <name>hbase.regionserver.kerberos.principal</name>
          <value>hbase/_HOST@EXAMPLE.COM</value>
        </property>
    
        <property>
          <name>hbase.regionserver.keytab.file</name>
          <value>/etc/security/keytabs/hbase.service.keytab</value>
        </property>
    
  4. Create the hbase_master_jaas.conf file and the hbase_regionserver_jaas.conf file in /usr/hdp/current/hbase_regionserver/conf.

  5. Update hbase-env.sh. HBASE_MASTER_OPTS and HBASE_REGIONSERVER_OPTS must include ‘java.security.auth.login.config’ for the above jaas.conf files. For example:

    export
    HBASE_MASTER_OPTS="-Djava.security.auth.login.config=/usr/hdp/current/hbase-regionserver/conf/hbase_master_jaas.conf …”
    
    export
    HBASE_REGIONSERVER_OPTS="-Djava.security.auth.login.config=/usr/hdp/current/hbase-regionserver/conf/hbase_regionserver_jaas.conf …”
  6. Restart the services.