Replicating from unsecure to secure clusters

You can use Replication Manager to replicate data from an unsecure cluster, one that does not use Kerberos authentication, to a secure cluster, a cluster that uses Kerberos. Note that the reverse is not true.

Replication Manager does not support replicating from a secure cluster to an unsecure cluster. To perform the replication, the destination cluster must be managed by Cloudera Manager 6.1.0 or higher. The source cluster must run Cloudera Manager 5.14.0 or higher in order to be able to replicate to Cloudera Manager 6.

To enable replication from an unsecure cluster to a secure cluster, you need a user that exists on all the hosts on both the source cluster and destination cluster. Specify this user in the Run As Username field when you create a replication policy.

  1. On a host in the source or destination cluster, add a user with the following command:
    sudo -u hdfs hdfs dfs -mkdir -p /user/<username>
    For example, the following command creates a user named milton:
    sudo -u hdfs hdfs dfs -mkdir -p /user/milton
  2. Set the permissions for the user directory with the following command:
    sudo -u hdfs hdfs dfs -chown <username> /user/username
    For example, the following command makes milton the owner of the milton directory:
    sudo -u hdfs hdfs dfs -chown milton /user/milton
  3. Create the supergroup group for the user you created in step 1 with the following command:
    groupadd supergroup
  4. Add the user you created in step 1 to the group you created:
    usermod -G supergroup <username>
    For example, add milton to the group named supergroup:
    usermod -G supergroup milton
  5. Repeat this process for all hosts in the source and destination clusters so that the user and group exists on all of them.
After you complete this process, specify the user you created in the Run As Username field when you create a replication policy.