Configuring for Secure Clusters
There are two sets of configuration properties required to secure the Atlas server: service identify properties and HTTP authentication properties.
Set the service identify properties.
The following properties designate the authentication mechanism leveraged by the server to establish its identity:
atlas.authentication.method = simple|kerberos
atlas.authentication.principal = atlas/_HOST
(required if the method selected is "kerberos")atlas.authentication.keytab = <path to keytab file containing defined principal>
Set the HTTP Authentication properties.
The properties for configuring the Atlas server HTTP authentication mechanism are:
atlas.http.authentication.enabled = true|false
atlas.http.authentication.type = simple|kerberos
atlas.http.authentication.kerberos.principal = HTTP/_HOST
(required for Kerberos authentication type)atlas.http.authentication.kerberos.keytab = <path to SPNEGO keytab>
(required for Kerberos authentication type)Configure the Hive post execution hook by manually adding the following properties to
hive-site.xml
:<property> <name>atlas.cluster.name</name> <value>NAME-OF-CLUSTER</value> </property> <property> <name>atlas.rest.address</name> <value>http://ATLAS-FQDN:21000</value> </property>
Add the Atlas hook to list of any existing Hive post execution hooks. For example:
<property> <name>hive.exec.post.hooks</name> <value>org.apache.hadoop.hive.ql.hooks.ATSHook, org.apache.atlas.hive.hook.HiveHook</value> </property>