Cloudera Docs

Add secure Accumulo on CDP service to your cluster

To ensure data availability to diverse sets of users with varying levels of permissions and security clearance, add a secure Accumulo on CDP service.

If your secure Accumulo on CDP service needs to be FIPS compliant, ensure that you have followed the FIPS specific deployment setup steps provided in Installing and Configuring CDP with FIPS.

  • Install Accumulo CSD file.
  • Install CDP.
  • Add the HDFS and ZooKeeper services to your CDP deployment.
  • Install the Accumulo parcel.
  • Ensure that you have a SASL enabled Kerberized cluster.
  1. Navigate to the Cloudera Manager Admin Console home page.
  2. Select the action menu of the cluster to which you want to add the Accumulo on CDP service (for example, Cluster 1), and select Add Service.
  3. Select Accumulo on CDP and click Continue.
  4. Select the dependent services and click Continue.
  5. Assign the Accumulo roles to the hosts in your cluster:
    • Assign a Table Server role on each host to which the DataNode role is assigned.
    • Assign the Monitor, Garbage Collector, Tracer, and Master role to non-DataNodes. Ensure that the Tracer Role is on the same node as the Master.
    • Assign the Gateway role to any hosts here you want to use the Accumulo service and that do not already have other Accumulo roles assigned.
  6. Click Continue.
  7. Configure the Accumulo Instance Secret.
  8. Set the Accumulo Instance Name.
  9. Select Enable Kerberos Authentication.
  10. If this is the first installation of Accumulo, ensure that the Initial Accumulo option is selected.
  11. Click Continue.
  12. Wait while Cloudera Manager does the initial service setup.
  13. Click Continue.
  14. Click Finish.
  15. Restart all role except Tracers.
  16. Create a client configuration file for the admin user.

    This step needs to be performed on each Gateway machine where you will run an Accumulo client.

    Client configuration can be created by editing the configuration file in the following way:
    instance.rpc.sasl.enabled=true
rpc.sasl.qop=auth-conf
kerberos.server.primary=accumulo

    By default, the Accumulo principal on which master is running becomes the administrator principal. You can set up a different administrative user. For more information, see the Administrative User section of the user manual. In this case you need to change the auth.principal and auth.token configuration properties accordingly.

Ensure that the trace table exists.