Configuring a trust between clusters

As Administrator, create the CDP Private Cloud Base source and target clusters for Hive replication, you must understand the prerequisites for setting up a trust between the source and target clusters. Depending on your source and target cluster security, you set up a one- or two-way trust between clusters.

You need to set up a one-way trust for replication under the following conditions:
  • Your source and target clusters for replication are kerberized clusters.
  • The staging directory is on the source cluster.

    The target cluster accesses the staging directory on the source cluster and the DistCp jobs also run on the target cluster.

Otherwise, you configure a two-way trust.

The CDP Private Cloud Base source and target clusters for Hive replication are running.

Different Kerberos KDC servers in different realms

When the CDP Private Cloud Base source cluster and target cluster use different Kerberos KDC servers with different realms, you must set up a two-way KDC trust between the clusters. Hive replication policies use a common staging location on the source or target cluster. To set the staging location path, use the configuration parameter hive.repl.rootdir to configure the HDFS root directory for all replication dumps in the source cluster. The REPL DUMP command dumps data into the staging location and the REPL LOAD commands reads the data from the staging location. The REPL DUMP runs in the source cluster and the REPL LOAD runs in the target cluster. When the staging location is on the target cluster, the source cluster hosts must access the target HDFS staging location. The target KDC must trust the connections from the source using trusted keytabs. Similarly, if the staging location is on the source cluster, the target cluster hosts must access the source HDFS staging location.

To set up two-way trust between the CDP Private Cloud Base source cluster and target cluster. For more information, see topics Distcp between secure clusters in different Kerberos realms and Adding trusted realms to the cluster..

Access the remote HDFS endpoint to verify whether the trust set up is successful.
kinit krbtgt/DRS@DRT
hadoop fs -ls hdfs://[***REMOTE HDFS ENDPOINT***]:8020/