Non-Ambari Cluster Installation Guide
Also available as:
PDF
loading table of contents...

Configuring for Secure Clusters

There are two sets of configuration properties required to secure the Atlas server: service identify properties and HTTP authentication properties.

  1. Set the service identify properties.

    The following properties designate the authentication mechanism leveraged by the server to establish its identity:

    atlas.authentication.method = simple|kerberos

    atlas.authentication.principal = atlas/_HOST (required if the method selected is "kerberos")

    atlas.authentication.keytab = <path to keytab file containing defined principal>

  2. Set the HTTP Authentication properties.

    The properties for configuring the Atlas server HTTP authentication mechanism are:

    atlas.http.authentication.enabled = true|false

    atlas.http.authentication.type = simple|kerberos

    atlas.http.authentication.kerberos.principal = HTTP/_HOST (required for Kerberos authentication type)

    atlas.http.authentication.kerberos.keytab = <path to SPNEGO keytab> (required for Kerberos authentication type)

  3. Configure the Hive post execution hook by manually adding the following properties to hive-site.xml:

    <property>
          <name>atlas.cluster.name</name>
          <value>NAME-OF-CLUSTER</value>
        </property>
    
        <property>
          <name>atlas.rest.address</name>
          <value>http://ATLAS-FQDN:21000</value>
        </property>
    
  4. Add the Atlas hook to list of any existing Hive post execution hooks. For example:

    <property>
          <name>hive.exec.post.hooks</name>
          <value>org.apache.hadoop.hive.ql.hooks.ATSHook, org.apache.atlas.hive.hook.HiveHook</value>
        </property>