Permission Requirements for Package-based Installations and Upgrades of CDH
The following sections describe the permission requirements for package-based installation and upgrades of CDH with and without Cloudera Manager. The permission requirements are not controlled by Cloudera but result from standard UNIX system requirements for the installation and management of packages and running services.
Permission Requirements for Package-Based CDH Installation with Cloudera Manager
Task | Permissions Required |
---|---|
Install Cloudera Manager (using cloudera-manager-installer.bin) | root or sudo access on a single host |
Manually start/stop/restart the Cloudera Manager Server (that is, log onto the host running Cloudera Manager and execute: service cloudera-scm-server action) | root or sudo |
Run Cloudera Manager Server. | cloudera-scm |
Install CDH components through Cloudera Manager. | One of the following, configured during initial installation of Cloudera Manager:
|
Install the Cloudera Manager Agent through Cloudera Manager. | One of the following, configured during initial installation of Cloudera Manager:
|
Run the Cloudera Manager Agent. | If single user
mode is not enabled, access to the root account during runtime, through one of the following scenarios:
|
Manually start/stop/restart the Cloudera Manager Agent process. | If single user
mode is not enabled, root or sudo access.
This permission requirement ensures that services managed by the Cloudera Manager Agent assume the appropriate user (that is, the HDFS service assumes the hdfs user) for correct privileges. Any action request for a CDH service managed within Cloudera Manager does not require root or sudo access, because the action is handled by the Cloudera Manager Agent, which is already running under the root user. |
Permission Requirements for Package-Based CDH Installation without Cloudera Manager
Task | Permissions Required |
---|---|
Install CDH products. | root or sudo access for the installation of any RPM-based package during the time of installation and service startup/shut down. Passwordless SSH under the root user is not required for the installation (SSH root keys). |
Upgrade a previously installed CDH package. | root or sudo access. Passwordless SSH under the root user is not required for the upgrade process (SSH root keys). |
Manually install or upgrade hosts in a CDH ready cluster. | Passwordless SSH as root (SSH root keys), so that scripts can be used to help manage the CDH package and configuration across the cluster. |
Change the CDH package (for example: RPM upgrades, configuration changes the require CDH service restarts, addition of CDH services). | root or sudo access to restart any host impacted by this change, which could cause a restart of a given service on each host in the cluster. |
Start/stop/restart a CDH service. | root or sudo according to UNIX standards. |