Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Applies to: Kyvos Enterprise   Kyvos Cloud    Kyvos Azure Marketplace    Kyvos Single Node Installation

Kyvos Single Node Standard Installation    Kyvos Free

The Hadoop Authorization type can be None, Sentry, or Ranger.

Info

  • The Sentry option is available ONLY if Cloudera is selected as the Hadoop Vendor.
  • From Kyvos 2023.3 onwards, you can see the last performed Hadoop Authorization operation details, including progress status and start time, by clicking the i icon located next to the Revert button To view more comprehensive details, simply click the  View Details link, which will take you to the  Operations  page, where you can view the operation information in detail. 

The following figure illustrates the Hadoop Authorization configuration.

Info

The figure shows the Hadoop Authorization configuration fields displayed for Sentry. Fields for Ranger and Sentry, both are described in the following sections.

Prerequisites for Sentry

If using Sentry, make the following configurations on the Cloudera Manager before proceeding.

  1. Go to the HDFS service of Cloudera Manager and add the following properties and values in the Cluster-wide Advanced Configuration Snippet (Safety Valve) for core-site.xml
    This is available if user impersonation is enabled in Kyvos using the following properties.
    • hadoop.proxyuser.kyvos.hosts
    • hadoop.proxyuser.kyvos.groups
  2. Go to Sentry service of Cloudera Manager and add kyvos in the service.allow.connect property.
  3. On the navigation pane, click Security > Hadoop Authorization

  4. Enter details as: 

    Authorization Type

    Parameter/Field 

    Comments/Description 

    SENTRY





    Sentry Source Node

    To use the Hive Source Node, select the Same As Hive Node option. Else, select the Other Node option.

    Sentry Node Host Name

    If you selected the Other Node option above, enter the DNS name or IP address of the Sentry Node.

    Use different user account for accessing Sentry Node

    Select the check box if you want to use a different user account (other than the login user) for accessing the Sentry node. If you select this option, you will be prompted to provide Username, Authentication Type, and Password/Shared Key for authentication.

    Sentry Library Path

    Provide the absolute path for the Sentry library file jar inclusion to enable Sentry in Kyvos Manager.

    Refer to the  Appendix  for the Hadoop library and configuration paths for Cloudera.

    Sentry Configuration File

    Upload the Sentry configuration file. 

    RANGER

    Add Parameter

    No additional configuration is required for this.

    NOTE: Kyvos does not support Column level security with Ranger, as Ranger does not provide the ability to integrate column-level security with a third party.

    The JDBC URL under HCatalog Parameters is mandatory for Ranger authorization while configuring the Hadoop ecosystem on the Kyvos Manager portal.

  5. Click the Validate button to validate the Sentry settings for user authentication and paths that connect to the Sentry node
  • No labels