Reply
New Contributor
Posts: 1
Registered: ‎09-11-2018

Impersonation - Cloudera 5.13

[ Edited ]

Hi there,

I am seeking for the proper step to allow impersonation.

I am trying to achieve impersonation by allowing sdc from external system to create table and insert data using the default cloudera user.

This is my test environment (Cloudera VMware - Quickstart.cloudera  5.13)

cat /usr/lib/hadoop/cloudera/cdh_version.properties shows this:

# Autogenerated build properties
version=2.6.0-cdh5.13.0
git.hash=42e8860b182e55321bd5f5605264da4adc8882be
cloudera.hash=42e8860b182e55321bd5f5605264da4adc8882be
cloudera.cdh.hash=92e97f10234ee5290b82890ea38671f16344028f
cloudera.cdh-packaging.hash=c5f90582119ab994c6e6711f5578370ca6cef0b7
cloudera.base-branch=cdh5-base-2.6.0
cloudera.build-branch=cdh5-2.6.0_5.13.0
cloudera.pkg.version=2.6.0+cdh5.13.0+2639
cloudera.pkg.release=1.cdh5.13.0.p0.34
cloudera.cdh.release=cdh5.13.0
cloudera.build.time=2017.10.04-17:55:01GMT

cloudera.pkg.name=hadoop

So basically, I want the core-site.xml file to have these entries:

<property>
  <name>hadoop.proxyuser.sdc.hosts</name>
  <value>*</value>
</property>
<property>
  <name>hadoop.proxyuser.sdc.users</name>
  <value>cloudera</value>
</property>

Instead of editing the core-site.xml file directly from the filesystem, I edited in from Clouder Manager by going through these steps below:

1. Go to Cloudera Manager. Click on HDFS on the left panel
2. Go to to the Configuration tab
3. On the left panel, under the SCOPE, click on HDFS (Service-Wide)
4. On the left panel, under the CATEGORY, click on Advanced
5. On the main panel, expand Cluster-wide Advanced Configuration Snippet (Safety Valve) for core-site.xml
6. Key in the name,value pair;
   - hadoop.proxyuser.sdc.hosts and *
   - hadoop.proxyuser.sdc.users and cloudera
7. Save the changes
8. Restart the stale services


Here are few questions:

1. Say if the changes are properly picked up, which main core-site.xml will it write to (as there are few of them)?

/etc/hadoop/conf.empty/core-site.xml
/etc/hadoop/conf.impala/core-site.xml
/etc/hadoop/conf.pseudo/core-site.xml
/etc/hadoop-kms/conf.dist/core-site.xml
/etc/impala/conf.dist/core-site.xml
/etc/oozie/conf.dist/hadoop-conf/core-site.xml

2. If the impersonation is set up properly, when the user sdc runs impersonation as cloudera, should the file created in /user/hive/warehouse owned by the user, cloudera or should it show up as anonymous? If I still see the file being created under the user, anonymous, can I safely conclude that the impersonation didn't work?

 

Can anyone see why after the restart, all files create are still belonging to the user, anonymous? Where step did I miss?


 

Announcements