Cloudera Community
techiegreenhorn
user rank
Rising Star

Re: Using Distcp on Encryption Zones

by Guru in Support Questions
‎10-25-2016 05:18 PM
‎10-25-2016 05:18 PM
Take a look at the link below for a detailed explanation. In short though, yes, a database dump and load of the keys is necessary using the provided "exportKeysToJCEKS.sh" and "importKeysToJCEKS.sh" scripts. https://community.hortonworks.com/articles/51909/how-to-copy-encrypted-data-between-two-hdp-cluster.html ... View more

Re: HDP services High Availability

by Master Guru Master Guru in Support Questions
‎06-22-2016 11:47 AM
‎06-22-2016 11:47 AM
Hi @Laurence Da Luz, thanks for the correction! I'll edit my answer. ... View more

Re: Choosing Kerberos approach for Hadoop cluster ...

by Rising Star in Community Articles
‎06-20-2016 01:06 PM
‎06-20-2016 01:06 PM
@Shishir Saxena In approach a, lack of involvement from enterprise security teams is not a positive thing. When dealing with a large enterprise, security is paramount and we should never be recommending that HDP administrators be permitted to manage authentication systems. Separation of duties is a core security principle and should not be taken lightly. ... View more

Re: Falcon for Teeing

by Contributor in Support Questions
‎05-09-2017 08:14 AM
‎05-09-2017 08:14 AM
Hi @Greenhorn Techie, Just curious to know how you implemented it? ... View more

Re: Staging on edge nodes

by Rising Star in Support Questions
‎05-23-2016 04:00 PM
‎05-23-2016 04:00 PM
@Benjamin Leonhardi Thanks for your response. ... View more

Re: Multiple clusters on Ambari

by Master Mentor in Support Questions
‎10-21-2018 02:18 PM
‎10-21-2018 02:18 PM
@Robert Levas @Alex Goron How about the functionality of managing remote cluster? Personally I haven't implemented that but you can register and manage a remote cluster! ... View more

Re: Comparing Clusters' configurations

by New Contributor in Support Questions
‎01-27-2017 04:50 PM
‎01-27-2017 04:50 PM
If you are still seeking a solution you could use Orcaconfig to compare dumped XMLs. https://www.orcaconfig.com/compare-configurations/. It's designed to automatically compare configurations in complex environments. Hope this helps you. (yep I work there) ... View more

Re: Hadoop Security

by Master Guru in Support Questions
‎04-11-2016 11:47 AM
1 Kudo
‎04-11-2016 11:47 AM
1 Kudo
So it depends: In reality a lot of AD teams will not even consider giving admin access to any outside tool ( even if its resticted to an OU. ). So 2. is definitely used in reality. But yes it is cumbersome. Regarding 1 and 3: MIT KDC Has the advantage of not needing to touch the AD system. You can have your own Kerberos instance for all service users and you then simply need to enable a trust from the MIT system to the AD system to have your business users being able to access the cluster too. Reasons for using an MIT KDC with trust from AD: - There are often restrictions of putting service users in the corporate AD - if the corporate AD somehow gets inaccessible or the whole cluster would be stopped. - You put less stress on the corporate AD for large systems - For small clusters that are used by a single team or if the cluster is purely automated ( i.e. not directly accessible to lots of business users ) you can use MIT KDC only and create local users for work. No need for AD at all. This is the fastest and most pain free way to setup a kerberized cluster ( using PAM authentication for Hive and local users in hue and ambari ) . However this obviously fails down once you need to give access to a large number of business users. AD directly also has big advantages: - Normally your business users are already in the AD and will stay there so you need to create hadoop specific groups anyhow and add your users to them. So the MIT KDC while easier to setup doesn't really provide any real purpose that AD couldn't do on its own. - The AD team will take care of backup/DR/security and you do not need to worry about that on your MIT KDC. I think in general if the AD team is pretty flexible and accessible going AD alone is preferable. You would do MIT KDC + AD trust if you expect problems with that and want to have as much control as possible in the hadoop team. ... View more

Re: Hortonworks Data Flow (Apache Nifi)

by Master Mentor in Support Questions
‎03-28-2016 01:22 AM
‎03-28-2016 01:22 AM
Nifi 0.6 release adds ability to run simple change capture cases with QueryDatabaseTable by maintaining timestamps. This might start turning the needle towards nifi away from sqoop https://cwiki.apache.org/confluence/display/NIFI/Release+Notes ... View more

Re: Hortonworks Data Flow (Apache Nifi)

by Rising Star in Support Questions
‎02-11-2016 08:45 PM
1 Kudo
‎02-11-2016 08:45 PM
1 Kudo
@Neeraj Sabharwal @Artem Ervits Just wondering what is the best mechanism to ingest data from relational sources into HDP. To use a combination of ExecuteSQL and putHDFS processors or to use Sqoop and deliver the data to HDP? Many Thanks ... View more
Contact Me
Online
Offline
Last Visited
‎11-19-2017 12:45 PM
Community Statistics
Member Since ‎04-26-2016 05:28 AM
Last Visited ‎11-19-2017 12:45 PM
Posts 78
Kudos received 32