Preparing to create a Hive replication policy
Before you create the Hive replication policies in CDP Public Cloud Replication Manager, you must prepare the clusters and verify cluster access and cloud credentials.
Do the source cluster and target cluster meet the requirements to create an
Hive replication policy?
For more information, see Support matrix for Replication Manager on CDP Public Cloud.
Is the source CDH cluster or source CDP Private Cloud Base cluster registered
as a classic cluster on the Management Console?
CDH clusters and CDP Private Cloud Base clusters are managed by Cloudera Manager. To enable these on-premises clusters for Replication Manager, you must register them as classic clusters on the Management Console. After registration, you can use them for data migration purposes.
- Does the target Data Hub use Cloudera Manager 7.9.0 or higher? If not, upgrade Cloudera Manager to version 7.9.0 or higher.
Have you configured the all-database, table, column Ranger
policy for the hdfs user on the source cluster and target
cluster to perform all the operations on all databases and tables?
The hdfs user role is used to import Hive Metastore and must have access to all Hive datasets, including all operations. Otherwise, Hive import fails during the replication process. On the target cluster, the hive user must have Ranger admin privileges. The same hive user performs the metadata import operation.To provide access, navigate to the hdfs user permission to the all-database, table, column policy name.section, and provide
Is an external account configured on the source CDH cluster's Cloudera Manager
which allows the CDH cluster to access CDP cloud storage?
Do you have the required cluster access to create replication policies?
Power users, the user who onboarded the source and target clusters, and users with ClassicClusterAdmin or ClassicClusterUser resource roles can create replication policies on clusters for which they have access. For more information, see Understanding account roles and resource roles.
Do you have the required cluster access to view the replication policies?
Existing Hive replication policies are visible to users who have access to the source cluster in the replication policy. A warning appears if you do not have access to the source cluster.
If you can view the policies, you can perform other actions on the policy including policy update and policy delete operations.
Is the required cloud credential that you want to use in the replication policy
registered with the Replication Manager service?
For more information, see Working with cloud credentials.
- Do you need to replicate data securely? If so, ensure that the SSL/TLS certificate exchange between two Cloudera Manager instances that manage source and target clusters respectively is configured. For more information, see Configuring SSL/TLS certificate exchange between two Cloudera Manager instances.
Are the following ports open and available for Replication Manager?
Table 1. Minimum ports required for Hive replication policies Connectivity required for Default Port Type Description Data transfer from classic cluster hosts to cloud storage 80 or 443 (TLS) Outbound Outgoing port. All classic cluster nodes must be able to access S3/ADLS Gen2 endpoint. Cloudera Manager Admin Console HTTP 7180 or 7183 (when TLS enabled) Inbound Incoming port. Open on the source cluster to enable the target Cloudera Manager in cloud to communicate to the on-premises Cloudera Manager. Classic cluster 6000-6049 for CCMv1
443 for CCMv2
Connecting the source classic cluster to the CDP Management Console through Cluster Connectivity Manager (CCM)Consider the following best practices while using CDP Public Cloud on Microsoft Azure ADLS Gen2 (ABFS):
The following system architecture diagram shows the interaction between components during Hive replication using Hive replication policies:
- Ensure that the on-premises cluster (port 443) can access the https://login.microsoftonline.com endpoint. This is because the Hadoop client in the on-premises cluster (CDH/CDP Private Cloud Base) connects to the endpoint to acquire the access tokens before it connects to Azure ADLS storage. For more information, see the General Azure guidelines row in the Azure-specific endpoints table.
- Ensure that the steps mentioned in the General Azure guidelines and Azure Data Lake Storage Gen 2 rows in the Azure-specific endpoints table are complete so that the endpoint connects to the target path successfully.