Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Impala client configuration documentation out of sync with CM

Labels:
avatar
author-rank ScottE
Explorer

Created on ‎05-04-2017 11:36 PM - edited ‎09-16-2022 04:33 AM

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/impala_ssl.html shows a bunch of "TLS/SSL ... Client" properties that no longer appear in CM for CDH 5.9.0. Is there an update to the documentation available that covers this?

 

I have Impala running behind a proxy and I am also wondering about how this fits in.

 

While I am here, HiveServer2 documentation indicates Kerberos and LDAP client authentication can co-exist but CM doesn't allow for this.

 

Clearly the documentation around client authentication could be better. Any pointers to updates would be appreciated.

 

Thanks, S.

 

1,500 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank ScottE
Explorer

Created ‎05-26-2017 06:26 AM

@ScottE wrote:

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/impala_ssl.html shows a bunch of "TLS/SSL ... Client" properties that no longer appear in CM for CDH 5.9.0. Is there an update to the documentation available that covers this?

 

I have Impala running behind a proxy and I am also wondering about how this fits in.

 

While I am here, HiveServer2 documentation indicates Kerberos and LDAP client authentication can co-exist but CM doesn't allow for this.

For the above three items:

The "TLS/SSL ... Client" properties are now just prefixed simply "Impala TLS/SSL Server" - this should be a documentation change.

 

If Impala is behind a proxy you need to configure HAProxy with a TLS certificate and have it connect to the Impala Server instances also using TLS. The HAProxy documentation will help, but some additional documentaiton from Cloudera would be nice.

 

HiveServer2 does not support simultaineous kerberos and LDAP authentication (the way Impala does). To achieve this for Hive you need to run a second HiveServer2 instance, configuring one with kerbeos authentication and the other with LDAP.

View solution in original post

1,431 Views
0 Kudos
0
1 REPLY 1

avatar
author-rank ScottE
Explorer

Created ‎05-26-2017 06:26 AM

@ScottE wrote:

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/impala_ssl.html shows a bunch of "TLS/SSL ... Client" properties that no longer appear in CM for CDH 5.9.0. Is there an update to the documentation available that covers this?

 

I have Impala running behind a proxy and I am also wondering about how this fits in.

 

While I am here, HiveServer2 documentation indicates Kerberos and LDAP client authentication can co-exist but CM doesn't allow for this.

For the above three items:

The "TLS/SSL ... Client" properties are now just prefixed simply "Impala TLS/SSL Server" - this should be a documentation change.

 

If Impala is behind a proxy you need to configure HAProxy with a TLS certificate and have it connect to the Impala Server instances also using TLS. The HAProxy documentation will help, but some additional documentaiton from Cloudera would be nice.

 

HiveServer2 does not support simultaineous kerberos and LDAP authentication (the way Impala does). To achieve this for Hive you need to run a second HiveServer2 instance, configuring one with kerbeos authentication and the other with LDAP.

1,432 Views
0 Kudos
0
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements