Configuring Atlas in a Kerberized Cluster
If your cluster is in a Kerberized environment, complete the following steps to configure Atlas.
Create the Atlas JAAS configuration file.
/etc/atlas/conf/atlas-jass.conf
Update Atlas METADATS_OPTS to include the login configuration. METADATA_OPTS must include "java.security.auth.config' set to the above Atlas JAAS configuration file. For example:
-Xmx1024m -Djava.security.auth.login.config=/etc/atlas/conf/atlas-jaas.conf
Update the hbase-site.xml file to include the following:
<property> <name>zookeeper.znode.parent</name> <value>/hbase-secure</value> </property> <property> <name>hbase.security.authentication</name> <value>kerberos</value> </property> <property> <name>hbase.security.authorization</name> <value>true</value> </property> <property> <name>hbase.master.kerberos.principal</name> <value>hbase/_HOST@EXAMPLE.COM</value> </property> <property> <name>hbase.master.keytab.file</name> <value>/etc/security/keytabs/hbase.service.keytab</value> </property> <property> <name>hbase.regionserver.kerberos.principal</name> <value>hbase/_HOST@EXAMPLE.COM</value> </property> <property> <name>hbase.regionserver.keytab.file</name> <value>/etc/security/keytabs/hbase.service.keytab</value> </property>
Create the
hbase_master_jaas.conf
file and thehbase_regionserver_jaas.conf
file in/usr/hdp/current/hbase_regionserver/conf
.Update
hbase-env.sh
. HBASE_MASTER_OPTS and HBASE_REGIONSERVER_OPTS must include ‘java.security.auth.login.config’ for the above jaas.conf files. For example:export HBASE_MASTER_OPTS="-Djava.security.auth.login.config=/usr/hdp/current/hbase-regionserver/conf/hbase_master_jaas.conf …” export HBASE_REGIONSERVER_OPTS="-Djava.security.auth.login.config=/usr/hdp/current/hbase-regionserver/conf/hbase_regionserver_jaas.conf …”
Restart the services.