Venkat and Bowen,
Very good proposal!
Looking forward for the patch.
Regard,s
Mohammad
On Thursday, April 10, 2014 8:01 PM, Venkat Ranganathan
<vranganat...@hortonworks.com> wrote:
Bowen
Look into the HDP 2.0 oozie hcatalog examples dir where we have the
changes needed to run the hcatalog sample in a secure cluster (we also
validated in the secure encrypted cluster).
It would be good to contribute it to the oozie codebase.
Venkat
On Thu, Apr 10, 2014 at 1:27 PM, Mona Chitnis <chit...@yahoo-inc.com> wrote:
> That¹s right.
>
> On 4/9/14, 7:03 PM, "bowen zhang" <bowenzhang...@yahoo.com> wrote:
>
>>Do you need to add "cred" into action in workflow.xml? Like, instead of
>>having "<action name="pig-node">", you need "<action name="pig-node"
>>cred="hcatauth">"
>>bowen
>>
>>
>>On Wednesday, April 9, 2014 6:13 PM, Mona Chitnis <chit...@yahoo-inc.com>
>>wrote:
>>
>>Hello Bowen,
>>
>>1) In the oozie action, you would need to add <credentials> tag with the
>>following properties and specify type hcat. Then the HCatCredentialHelper
>>class would be invoked for accessing tables through HCatalog.
>>
>><credential name='hcatauth' type='hcat'>
>> <property>
>> <name>hcat.metastore.uri</name>
>> <value>${HCAT_URI}</value>
>> </property>
>> <property>
>> <name>hcat.metastore.principal</name>
>> <value>${HCAT_PRINCIPAL}</value>
>> </property>
>></credential>
>>
>>2) For the messaging medium between Oozie and HCatalog (if you are
>>utilizing notifications), you¹d need to setup separate authentication
>>mechanisms for Oozie and HCatalog to authenticate with the message broker
>>and for Oozie workflows to be able to consume messages meant only for
>>that user. In Yahoo, we use an internal Certificate Authority based
>>mechanism. I haven¹t tried to setup secure Oozie with something like
>>secure ActiveMQ yet.
>>
>>3) hive-site.xml is included in Oozie classpath. This has the
>>security-oriented properties enabled
>>E.g.
>>
>><property>
>>
>> <name>hive.security.authorization.enabled</name>
>>
>> <value>true</value>
>>
>> <description>Perform authorization checks on the client</description>
>>
>></property>
>>
>>If I¹ve missed out something, other dev¹s please comment.
>>
>>‹
>>Mona
>>
>>
>>On 4/9/14, 5:50 PM, "bowen zhang"
>><bowenzhang...@yahoo.com<mailto:bowenzhang...@yahoo.com>> wrote:
>>
>>Hi all,
>>I am wondering whether we have docs for oozie-hcat integration in secure
>>mode. Because I assume we should need more configs for secure mode. Can
>>anyone from yahoo comment on this?
>>
>>Bowen
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
