SlideShare a Scribd company logo

How to create a secured cloudera cluster

Download as PPTX, PDF
T
Tiago Simões

This presentation, it’s for everyone that is curious with Big Data and does have the know how to start learning... With this, you will be able to create quickly a Kerberos secured Cloudera Cluster.

Technology
1 of 28
How-to create a Secured Cloudera Cluster Cloudera Manager + Kerberos + CentOS
Introduction This presentation, it’s for everyone that is curious with Big Data and does have the know how to start learning... With this, you will be able to create quickly a Kerberos secured Cloudera Cluster.
Architecture This architecture enables a Cluster with several layers of security.
Pre-Assumptions 1. VM Centos 6.9 2. VM Requirements 26Gb with 4 vcores 3. root user or user with sudo access
Prepare Cloudera Installation Set VM Hostname sudo nano /etc/hosts; 10.111.22.3 cm515.localdomain sudo hostname cm515.localdomain; sudo nano /etc/sysconfig/network; HOSTNAME=cm515.localdomain Clear iptables Rules sudo iptables -F; sudo nano /etc/rc.local; iptables -F Note: just need to change the highlighted values for your own values. Make iptables Rules Executable on Startup sudo chmod +x /etc/rc.d/rc.local; sudo sed -i 's/IPTABLES_SAVE_ON_RESTART="no"/IPTABLES_SAVE_ON_RESTART="yes"/' /etc/sysconfig/iptables-config; Make Cloudera Manager Rules Executable on Startup echo "echo never > /sys/kernel/mm/transparent_hugepage/enabled" >> /etc/rc.local; echo "echo never > /sys/kernel/mm/transparent_hugepage/defrag" >> /etc/rc.local; echo never > /sys/kernel/mm/transparent_hugepage/enabled; echo never > /sys/kernel/mm/transparent_hugepage/defrag;
Prepare Cloudera Installation Disable Selinux sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config; sudo setenforce 0; Reboot sudo reboot Check Selinux sestatus Install & Start NTP service sudo yum install ntp; sudo service ntpd status; sudo service ntpd start; Note: just need to change the highlighted values for your own values. Configure NTP service sudo nano /etc/ntp.conf server 10.111.22.5 prefer iburst burst minpoll 4 maxpoll 4 server 10.111.22.6 iburst burst minpoll 4 maxpoll 4 sudo service ntpd restart; Change Host Check Parameters sudo sysctl vm.swappiness=10; sudo echo "vm.swappiness = 10" >> /etc/sysctl.conf Disable IPV6 sudo nano /etc/sysctl.conf net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.all.disable_ipv6=1
Cloudera Manager Installation There’s many ways to do the Cloudera Cluster installation, such as a installation binary wizard file. But i've found that the most reliable way is the following: Create Cloudera Repo sudo nano /etc/yum.repos.d/cloudera-manager.repo name=Cloudera Manager baseurl=http://archive.cloudera.com/cm5/redhat/6/x86_64/cm/5.15.1/ gpgkey =https://archive.cloudera.com/cm5/redhat/6/x86_64/cm/RPM-GPG-KEY-cloudera gpgcheck = 1 sudo yum repolist; Note: just need to change the highlighted values for your own values.
Cloudera Manager Installation Install Java & Cloudera Server + Agent sudo yum install oracle-j2sdk1.8 -y; sudo yum install cloudera-manager-agent -y; sudo yum install cloudera-manager-server -y; Install JDBC Connector for MariaDB sudo mkdir -p /usr/share/java/; cd /usr/share/java/; sudo chmod 777 /usr/share/java; sudo wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.46.tar.gz; sudo unzip mysql-connector-java-5.1.46.zip; cd mysql-connector-java-5.1.46; sudo cp mysql-connector-java-5.1.46-bin.jar /usr/share/java/mysql-connector-java.jar; sudo chmod 777 /usr/share/java/mysql-connector-java.jar; Note 1: just need to change the highlighted values for your own values. Note 2: Cloudera agent installation must be done in each cluster node and the server only on the server node. Note 3: It was chosen the MariaDB for Cloudera DB due to is reallibily and easy configuration. MariaDB Repo configuration sudo nano /etc/yum.repos.d/MariaDB.repo; [mariadb] name = MariaDB baseurl = https://yum.mariadb.org/10.0/centos/6/x86_64/ gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaD gpgcheck=1
Cloudera Manager Installation MariaDB Server Installation sudo yum clean all; sudo yum install mariadb-server -y; Enable MariaDB Start on boot cd /etc/init.d; sudo chkconfig --add mysql; sudo chkconfig mysql on; sudo chkconfig --list mysql; sudo service mysql start; Set MariaDB root password sudo mysql_secure_installation Remove anonymous users? [Y/n] - Y Disallow root login remotely? [Y/n] - N Remove test database and access to it? [Y/n] - Y Reload privilege tables now? [Y/n] - Y Create Cloudera Services Databases & Users mysql -u root -p - - User: ClouderaManagerServer create user 'scm'@'%' IDENTIFIED BY 'password'; grant all privileges ON *.* TO 'scm'@'%' WITH GRANT OPTION; create database scm default character set utf8; - - User: Sentry create database sentry default character set utf8; grant all on sentry.* to 'sentry'@'%' identified by 'password'; - - User: Hive create database metastore default character set utf8; grant all on metastore.* to 'hive'@'%' identified by 'password'; - - User: Hue create database hue default character set utf8; grant all on hue.* to 'hue'@'%' identified by 'password';
Cloudera Manager Installation Create Cloudera Services Databases & Users - - User: Oozie create database oozie default character set utf8; grant all on oozie.* to 'oozie'@'%' identified by 'password'; - - User: Activity Monitor create database amon default character set utf8; grant all on amon.* to 'amon'@'%' identified by 'password'; - - User: Reports Manager create database rman default character set utf8; grant all on rman.* to 'rman'@'%' identified by 'password'; exit; Create Cloudera DB /usr/share/cmf/schema/scm_prepare_database.sh mysql --host cm515.localdomain --port 3306 scm scm; Note: just need to change the highlighted values for your own values. Start Cloudera Server & Agent sudo service cloudera-scm-server start; sudo service cloudera-scm-agent start;
Configure Cloudera Manager If you are running you VM in a Windows PC, you should add an entry on your host file that’s locate in c:WindowsSystem32driversetchosts. After you can login in your browser an open the url http://cm515.localdomain:7180 The login details will be: Username: admin Password: admin Configure CDH Hosts Select Repository Note 1: just need to change the highlighted values for your own values. Note 2: always chose Parcels.
Configure Cloudera Manager JDK Installation (Optional) Single User Mode Note: On Single User Mode: don't select it, because If single user mode is not enabled, the Cloudera Manager Agent runs as root so that it can make sure the required directories are created and that processes and files are owned by the appropriate user (for example, the hdfs and mapred users).
Configure Cloudera Manager Login Credentials Note: Choose root and select an appropriate password. Installation Agents and Parcels (Wizard - Automatic)
Configure Cloudera Manager Choose Services Note: Choose only services that you need, more services requires more resources Assign Roles Note: Don’t assign the role Telemetry Publisher!
Configure Cloudera Manager Configure Cluster Databases Note: this is a mere example of cloudera services (there are more…) Kudu Service Additional Configs (Opticional) Note: you can chose a different directory, for example /u01/kudu/...
After Cluster Started You will have some issues, therefore i’ll recommend a full restart to the Cluster. Then you should have only two issues and both on HDFS service, such as: Start & Add Services (rpc, nfs) sudo service rpcbind start; sudo service nfs start; sudo service nfs stop; sudo chkconfig rpcbind on; sudo chkconfig nfs on; Restart NFS Gateway Role (CM - HDFS)
After Cluster Started Fix HDFS Under-Replicated Blocks sudo -u hdfs hdfs fsck / | grep 'Under replicated' | awk -F':' '{print $1}' >> /tmp/under_replicated_files for hdfsfile in `cat /tmp/under_replicated_files`; do echo "Fixing $hdfsfile :" ; sudo -u hdfs hadoop fs -setrep 3 $hdfsfile; done Note 1: just need to change the highlighted values for your own values. Note 2: this is issue will appear on a VM (one node cluster) for test purpose you won’t need the replication by 3.
Secure the Cluster There can be many ways to secure your Cluster, i’ve found that the best way in cost and benefits it’s with Kerberos, but keep in mind that with future configurations such as Zeppelin, Jupyter and so on there i’ll be some “hurdles”. Set Kerberos Realm sudo yum install -y krb5-server openldap-clients krb5-workstation Install Kerberos Server and Open Ldap Client sudo sed -i.orig 's/EXAMPLE.COM/DOMAIN.COM/g' /etc/krb5.conf Set the hostname for the kerberos server sudo sed -i.m1 's/kerberos.example.com/cm515.localdomain/g' /etc/krb5.conf Change Domain Name sudo sed -i.m2 's/example.com/domain.com/g' /etc/krb5.conf Create the kerberos database sudo kdb5_util create -s Note 1: enter a new password for kerberos database Note 2: just need to change the highlighted values for your own values.
Secure the Cluster Update ACL File to enable */admin with admin privileges sudo sed -i 's/EXAMPLE.COM/DOMAIN.COM/' /var/kerberos/krb5kdc/kadm5.acl; Update the kdc.conf file to allow renewable sudo sed -i.m3 '/supported_enctypes/a default_principal_flags = +renewable, +forwardable' /var/kerberos/krb5kdc/kdc.conf Fix the indenting sudo sed -i.m4 's/^default_principal_flags/ default_principal_flags/' /var/kerberos/krb5kdc/kdc.conf Update kdc.conf file sudo sed -i.orig 's/EXAMPLE.COM/DOMAIN.COM/g' /var/kerberos/krb5kdc/kdc.conf Add a line to the file with ticket life sudo sed -i.m1 '/dict_file/a max_life = 1d' /var/kerberos/krb5kdc/kdc.conf Add a max renewable life sudo sed -i.m1 '/dict_file/a max_life = 1d' /var/kerberos/krb5kdc/kdc.conf Note: just need to change the highlighted values for your own values.
Secure the Cluster Indent the two new lines in the file sudo sed -i.m3 's/^max_/ max_/' /var/kerberos/krb5kdc/kdc.conf Start up the kdc server and the admin server sudo service krb5kdc start; sudo service kadmin start; Create krbtgt principal sudo kadmin.local <<eoj modprinc -maxrenewlife 1week krbtgt/DOMAIN.COM@DOMAIN.COM eoj Add the admin user that CM will use to provision kerberos in the cluster sudo kadmin.local <<eoj addprinc -pw password cloudera-scm/admin@DOMAIN.COM modprinc -maxrenewlife 1week cloudera-scm/admin@DOMAIN.COM eoj Note: just need to change the highlighted values for your own values.
Secure the Cluster Add user to be super user for HDFS sudo kadmin.local <<eoj addprinc -pw password hdfs@DOMAIN.COM modprinc -maxrenewlife 1week hdfs@DOMAIN.COM eoj Test authentication as the CM admin user kinit cloudera-scm/admin@DOMAIN.COM Check characteristics of the ticket klist -e Note1: this info will be used later on Cloudera Manager Note2: just need to change the highlighted values for your own values. Make the kerberos services start on boot sudo chkconfig kadmin on; sudo chkconfig krb5kdc on;
Cloudera Manager - Kerberos Configuration For start you should open your browser and login to Cloudera manager with the url: http://cm515.localdomain:7180/cmf/login Enable Kerberos Note 1: check all boxes.
Cloudera Manager - Kerberos Configuration Setup KDC Kerberos Encryption Types: aes256-cts-hmac-sha1-96 KDC Security Realm: cm515.localdomain Kerberos Server Host: DOMAIN.COM KDC Admin Server Host: cm515.localdomain Domain Realm: domain.com Maximum Renewable Life: 7 Note 2: just need to change the highlighted values for your own values. Configure krb5.conf Note 1: check the manage krb5.conf box and forwardable tickets .
Cloudera Manager - Kerberos Configuration Setup KDC Username: cloudera-scm/admin @ DOMAIN.COM Password: password Configure Kerberos Principals Note: just need to change the highlighted values for your own values. Configure Ports
Cloudera Manager - Kerberos Configuration A successful output of a enabled Kerberos on Cloudera Manager should me something like this:
Additional Issues In some cases it can appear some additional issues such as: Error on the Role Instance “Telemetry Publisher” and access denied to the root user on mysql. Error on Role Instance - Telemetry Publisher Usually this role isn’t necessary, therefore you need to remove it (Delete) To do so...you have to stop all Cloudera Management Services and then on Actions: Delete the role.
Additional Issues Access denied for user 'root'@'localhost' sudo nano /etc/my.cnf; [mysqld] skip-grant-tables sudo service mysql restart; mysql -u root -p Note 1: just press enter - no password FLUSH privileges; ALTER USER 'root'@'localhost' IDENTIFIED BY 'welcome1'; exit; mysql -u root -p Note 2: retry again and enter the new chosen password Note 3: just need to change the highlighted values for your own values. Remove Grant Flag sudo nano /etc/my.cnf; [mysqld] #skip-grant-tables sudo service mysql restart;
Thanks Big Data Engineer Tiago Simões

Recommended

How to configure a hive high availability connection with zeppelin
How to configure a hive high availability connection with zeppelinHow to configure a hive high availability connection with zeppelin
How to configure a hive high availability connection with zeppelinTiago Simões
 
How to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisHow to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisTiago Simões
 
How to scheduled jobs in a cloudera cluster without oozie
How to scheduled jobs in a cloudera cluster without oozieHow to scheduled jobs in a cloudera cluster without oozie
How to scheduled jobs in a cloudera cluster without oozieTiago Simões
 
How to implement a gdpr solution in a cloudera architecture
How to implement a gdpr solution in a cloudera architectureHow to implement a gdpr solution in a cloudera architecture
How to implement a gdpr solution in a cloudera architectureTiago Simões
 
How to create a multi tenancy for an interactive data analysis with jupyter h...
How to create a multi tenancy for an interactive data analysis with jupyter h...How to create a multi tenancy for an interactive data analysis with jupyter h...
How to create a multi tenancy for an interactive data analysis with jupyter h...Tiago Simões
 
Hadoop on ec2
Hadoop on ec2Hadoop on ec2
Hadoop on ec2Mark Kerzner
 
Automated Java Deployments With Rpm
Automated Java Deployments With RpmAutomated Java Deployments With Rpm
Automated Java Deployments With RpmMartin Jackson
 
Set up Hadoop Cluster on Amazon EC2
Set up Hadoop Cluster on Amazon EC2Set up Hadoop Cluster on Amazon EC2
Set up Hadoop Cluster on Amazon EC2IMC Institute
 

Recommended

How to configure a hive high availability connection with zeppelin
How to configure a hive high availability connection with zeppelinHow to configure a hive high availability connection with zeppelin
How to configure a hive high availability connection with zeppelinTiago Simões
 
How to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisHow to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisTiago Simões
 
How to scheduled jobs in a cloudera cluster without oozie
How to scheduled jobs in a cloudera cluster without oozieHow to scheduled jobs in a cloudera cluster without oozie
How to scheduled jobs in a cloudera cluster without oozieTiago Simões
 
How to implement a gdpr solution in a cloudera architecture
How to implement a gdpr solution in a cloudera architectureHow to implement a gdpr solution in a cloudera architecture
How to implement a gdpr solution in a cloudera architectureTiago Simões
 
How to create a multi tenancy for an interactive data analysis with jupyter h...
How to create a multi tenancy for an interactive data analysis with jupyter h...How to create a multi tenancy for an interactive data analysis with jupyter h...
How to create a multi tenancy for an interactive data analysis with jupyter h...Tiago Simões
 
Hadoop on ec2
Hadoop on ec2Hadoop on ec2
Hadoop on ec2Mark Kerzner
 
Automated Java Deployments With Rpm
Automated Java Deployments With RpmAutomated Java Deployments With Rpm
Automated Java Deployments With RpmMartin Jackson
 
Set up Hadoop Cluster on Amazon EC2
Set up Hadoop Cluster on Amazon EC2Set up Hadoop Cluster on Amazon EC2
Set up Hadoop Cluster on Amazon EC2IMC Institute
 
How to go the extra mile on monitoring
How to go the extra mile on monitoringHow to go the extra mile on monitoring
How to go the extra mile on monitoringTiago Simões
 
How to create a secured multi tenancy for clustered ML with JupyterHub
How to create a secured multi tenancy for clustered ML with JupyterHubHow to create a secured multi tenancy for clustered ML with JupyterHub
How to create a secured multi tenancy for clustered ML with JupyterHubTiago Simões
 
Multinode kubernetes-cluster
Multinode kubernetes-clusterMultinode kubernetes-cluster
Multinode kubernetes-clusterRam Nath
 
Kubernetes installation
Kubernetes installationKubernetes installation
Kubernetes installationAhmed Mekawy
 
Describing Kafka security in AsyncAPI
Describing Kafka security in AsyncAPIDescribing Kafka security in AsyncAPI
Describing Kafka security in AsyncAPIDale Lane
 
Build Automation 101
Build Automation 101Build Automation 101
Build Automation 101Martin Jackson
 
Replacing Squid with ATS
Replacing Squid with ATSReplacing Squid with ATS
Replacing Squid with ATSKit Chan
 
Useful Kafka tools
Useful Kafka toolsUseful Kafka tools
Useful Kafka toolsDale Lane
 
Failsafe Mechanism for Yahoo Homepage
Failsafe Mechanism for Yahoo HomepageFailsafe Mechanism for Yahoo Homepage
Failsafe Mechanism for Yahoo HomepageKit Chan
 
IT Infrastructure Through The Public Network Challenges And Solutions
IT Infrastructure Through The Public Network Challenges And SolutionsIT Infrastructure Through The Public Network Challenges And Solutions
IT Infrastructure Through The Public Network Challenges And SolutionsMartin Jackson
 
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기Ji-Woong Choi
 
My sql failover test using orchestrator
My sql failover test using orchestratorMy sql failover test using orchestrator
My sql failover test using orchestratorYoungHeon (Roy) Kim
 
Fixing Growing Pains With Puppet Data Patterns
Fixing Growing Pains With Puppet Data PatternsFixing Growing Pains With Puppet Data Patterns
Fixing Growing Pains With Puppet Data PatternsMartin Jackson
 
[오픈소스컨설팅] EFK Stack 소개와 설치 방법
[오픈소스컨설팅] EFK Stack 소개와 설치 방법[오픈소스컨설팅] EFK Stack 소개와 설치 방법
[오픈소스컨설팅] EFK Stack 소개와 설치 방법Open Source Consulting
 
MySQL Monitoring using Prometheus & Grafana
MySQL Monitoring using Prometheus & GrafanaMySQL Monitoring using Prometheus & Grafana
MySQL Monitoring using Prometheus & GrafanaYoungHeon (Roy) Kim
 
Docker Security Paradigm
Docker Security ParadigmDocker Security Paradigm
Docker Security ParadigmAnis LARGUEM
 
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platformDrupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platformHector Iribarne
 
Cloudera cluster setup and configuration
Cloudera cluster setup and configurationCloudera cluster setup and configuration
Cloudera cluster setup and configurationSudheer Kondla
 
Query logging with proxysql
Query logging with proxysqlQuery logging with proxysql
Query logging with proxysqlYoungHeon (Roy) Kim
 
How Helm, The Package Manager For Kubernetes, Works
How Helm, The Package Manager For Kubernetes, WorksHow Helm, The Package Manager For Kubernetes, Works
How Helm, The Package Manager For Kubernetes, WorksMatthew Farina
 
Configuring Your First Hadoop Cluster On EC2
Configuring Your First Hadoop Cluster On EC2Configuring Your First Hadoop Cluster On EC2
Configuring Your First Hadoop Cluster On EC2benjaminwootton
 
Freeradius edir
Freeradius edirFreeradius edir
Freeradius edirJonas Segovia Velazquez
 

More Related Content

What's hot

How to go the extra mile on monitoring
How to go the extra mile on monitoringHow to go the extra mile on monitoring
How to go the extra mile on monitoringTiago Simões
 
How to create a secured multi tenancy for clustered ML with JupyterHub
How to create a secured multi tenancy for clustered ML with JupyterHubHow to create a secured multi tenancy for clustered ML with JupyterHub
How to create a secured multi tenancy for clustered ML with JupyterHubTiago Simões
 
Multinode kubernetes-cluster
Multinode kubernetes-clusterMultinode kubernetes-cluster
Multinode kubernetes-clusterRam Nath
 
Kubernetes installation
Kubernetes installationKubernetes installation
Kubernetes installationAhmed Mekawy
 
Describing Kafka security in AsyncAPI
Describing Kafka security in AsyncAPIDescribing Kafka security in AsyncAPI
Describing Kafka security in AsyncAPIDale Lane
 
Replacing Squid with ATS
Replacing Squid with ATSReplacing Squid with ATS
Replacing Squid with ATSKit Chan
 
Useful Kafka tools
Useful Kafka toolsUseful Kafka tools
Useful Kafka toolsDale Lane
 
Failsafe Mechanism for Yahoo Homepage
Failsafe Mechanism for Yahoo HomepageFailsafe Mechanism for Yahoo Homepage
Failsafe Mechanism for Yahoo HomepageKit Chan
 
IT Infrastructure Through The Public Network Challenges And Solutions
IT Infrastructure Through The Public Network Challenges And SolutionsIT Infrastructure Through The Public Network Challenges And Solutions
IT Infrastructure Through The Public Network Challenges And SolutionsMartin Jackson
 
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기Ji-Woong Choi
 
My sql failover test using orchestrator
My sql failover test using orchestratorMy sql failover test using orchestrator
My sql failover test using orchestratorYoungHeon (Roy) Kim
 
Fixing Growing Pains With Puppet Data Patterns
Fixing Growing Pains With Puppet Data PatternsFixing Growing Pains With Puppet Data Patterns
Fixing Growing Pains With Puppet Data PatternsMartin Jackson
 
[오픈소스컨설팅] EFK Stack 소개와 설치 방법
[오픈소스컨설팅] EFK Stack 소개와 설치 방법[오픈소스컨설팅] EFK Stack 소개와 설치 방법
[오픈소스컨설팅] EFK Stack 소개와 설치 방법Open Source Consulting
 
MySQL Monitoring using Prometheus & Grafana
MySQL Monitoring using Prometheus & GrafanaMySQL Monitoring using Prometheus & Grafana
MySQL Monitoring using Prometheus & GrafanaYoungHeon (Roy) Kim
 
Docker Security Paradigm
Docker Security ParadigmDocker Security Paradigm
Docker Security ParadigmAnis LARGUEM
 
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platformDrupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platformHector Iribarne
 
Cloudera cluster setup and configuration
Cloudera cluster setup and configurationCloudera cluster setup and configuration
Cloudera cluster setup and configurationSudheer Kondla
 
How Helm, The Package Manager For Kubernetes, Works
How Helm, The Package Manager For Kubernetes, WorksHow Helm, The Package Manager For Kubernetes, Works
How Helm, The Package Manager For Kubernetes, WorksMatthew Farina
 

What's hot (20)

How to go the extra mile on monitoring
How to go the extra mile on monitoringHow to go the extra mile on monitoring
How to go the extra mile on monitoring
 
How to create a secured multi tenancy for clustered ML with JupyterHub
How to create a secured multi tenancy for clustered ML with JupyterHubHow to create a secured multi tenancy for clustered ML with JupyterHub
How to create a secured multi tenancy for clustered ML with JupyterHub
 
Multinode kubernetes-cluster
Multinode kubernetes-clusterMultinode kubernetes-cluster
Multinode kubernetes-cluster
 
Kubernetes installation
Kubernetes installationKubernetes installation
Kubernetes installation
 
Describing Kafka security in AsyncAPI
Describing Kafka security in AsyncAPIDescribing Kafka security in AsyncAPI
Describing Kafka security in AsyncAPI
 
Build Automation 101
Build Automation 101Build Automation 101
Build Automation 101
 
Replacing Squid with ATS
Replacing Squid with ATSReplacing Squid with ATS
Replacing Squid with ATS
 
Useful Kafka tools
Useful Kafka toolsUseful Kafka tools
Useful Kafka tools
 
Failsafe Mechanism for Yahoo Homepage
Failsafe Mechanism for Yahoo HomepageFailsafe Mechanism for Yahoo Homepage
Failsafe Mechanism for Yahoo Homepage
 
IT Infrastructure Through The Public Network Challenges And Solutions
IT Infrastructure Through The Public Network Challenges And SolutionsIT Infrastructure Through The Public Network Challenges And Solutions
IT Infrastructure Through The Public Network Challenges And Solutions
 
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
 
My sql failover test using orchestrator
My sql failover test using orchestratorMy sql failover test using orchestrator
My sql failover test using orchestrator
 
Fixing Growing Pains With Puppet Data Patterns
Fixing Growing Pains With Puppet Data PatternsFixing Growing Pains With Puppet Data Patterns
Fixing Growing Pains With Puppet Data Patterns
 
[오픈소스컨설팅] EFK Stack 소개와 설치 방법
[오픈소스컨설팅] EFK Stack 소개와 설치 방법[오픈소스컨설팅] EFK Stack 소개와 설치 방법
[오픈소스컨설팅] EFK Stack 소개와 설치 방법
 
MySQL Monitoring using Prometheus & Grafana
MySQL Monitoring using Prometheus & GrafanaMySQL Monitoring using Prometheus & Grafana
MySQL Monitoring using Prometheus & Grafana
 
Docker Security Paradigm
Docker Security ParadigmDocker Security Paradigm
Docker Security Paradigm
 
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platformDrupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platform
 
Cloudera cluster setup and configuration
Cloudera cluster setup and configurationCloudera cluster setup and configuration
Cloudera cluster setup and configuration
 
Query logging with proxysql
Query logging with proxysqlQuery logging with proxysql
Query logging with proxysql
 
How Helm, The Package Manager For Kubernetes, Works
How Helm, The Package Manager For Kubernetes, WorksHow Helm, The Package Manager For Kubernetes, Works
How Helm, The Package Manager For Kubernetes, Works
 

Similar to How to create a secured cloudera cluster

Configuring Your First Hadoop Cluster On EC2
Configuring Your First Hadoop Cluster On EC2Configuring Your First Hadoop Cluster On EC2
Configuring Your First Hadoop Cluster On EC2benjaminwootton
 
Clouldera Implementation Guide for Production Deployments
Clouldera Implementation Guide for Production DeploymentsClouldera Implementation Guide for Production Deployments
Clouldera Implementation Guide for Production DeploymentsAhmed Mekawy
 
Things I've learned working with Docker Support
Things I've learned working with Docker SupportThings I've learned working with Docker Support
Things I've learned working with Docker SupportSujay Pillai
 
Introction to docker swarm
Introction to docker swarmIntroction to docker swarm
Introction to docker swarmHsi-Kai Wang
 
TrinityCore server install guide
TrinityCore server install guideTrinityCore server install guide
TrinityCore server install guideSeungmin Shin
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context ConstraintsAlessandro Arrichiello
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefMatt Ray
 
Bdc from bare metal to k8s
Bdc from bare metal to k8sBdc from bare metal to k8s
Bdc from bare metal to k8sChris Adkin
 
Drupal, Memcache and Solr on Windows
Drupal, Memcache and Solr on WindowsDrupal, Memcache and Solr on Windows
Drupal, Memcache and Solr on WindowsAlessandro Pilotti
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesSreenivas Makam
 
Building cloud stack at scale
Building cloud stack at scaleBuilding cloud stack at scale
Building cloud stack at scaleShapeBlue
 
Component pack 6006 install guide
Component pack 6006 install guideComponent pack 6006 install guide
Component pack 6006 install guideRoberto Boccadoro
 
Software Defined Datacenter
Software Defined DatacenterSoftware Defined Datacenter
Software Defined DatacenterNETWAYS
 
Hdf installing-hdf
Hdf installing-hdfHdf installing-hdf
Hdf installing-hdfnmrrsc
 

Similar to How to create a secured cloudera cluster (20)

Configuring Your First Hadoop Cluster On EC2
Configuring Your First Hadoop Cluster On EC2Configuring Your First Hadoop Cluster On EC2
Configuring Your First Hadoop Cluster On EC2
 
Freeradius edir
Freeradius edirFreeradius edir
Freeradius edir
 
Clouldera Implementation Guide for Production Deployments
Clouldera Implementation Guide for Production DeploymentsClouldera Implementation Guide for Production Deployments
Clouldera Implementation Guide for Production Deployments
 
Things I've learned working with Docker Support
Things I've learned working with Docker SupportThings I've learned working with Docker Support
Things I've learned working with Docker Support
 
Introction to docker swarm
Introction to docker swarmIntroction to docker swarm
Introction to docker swarm
 
kubernetes practice
kubernetes practicekubernetes practice
kubernetes practice
 
TrinityCore server install guide
TrinityCore server install guideTrinityCore server install guide
TrinityCore server install guide
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and Chef
 
One-Man Ops
One-Man OpsOne-Man Ops
One-Man Ops
 
Simple docker hosting in FIWARE Lab
Simple docker hosting in FIWARE LabSimple docker hosting in FIWARE Lab
Simple docker hosting in FIWARE Lab
 
Bdc from bare metal to k8s
Bdc from bare metal to k8sBdc from bare metal to k8s
Bdc from bare metal to k8s
 
Drupal, Memcache and Solr on Windows
Drupal, Memcache and Solr on WindowsDrupal, Memcache and Solr on Windows
Drupal, Memcache and Solr on Windows
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting Techniques
 
Building cloud stack at scale
Building cloud stack at scaleBuilding cloud stack at scale
Building cloud stack at scale
 
Network Manual
Network ManualNetwork Manual
Network Manual
 
Component pack 6006 install guide
Component pack 6006 install guideComponent pack 6006 install guide
Component pack 6006 install guide
 
Software Defined Datacenter
Software Defined DatacenterSoftware Defined Datacenter
Software Defined Datacenter
 
Docker, c'est bonheur !
Docker, c'est bonheur !Docker, c'est bonheur !
Docker, c'est bonheur !
 
Hdf installing-hdf
Hdf installing-hdfHdf installing-hdf
Hdf installing-hdf
 

Recently uploaded

The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Recently uploaded (20)

The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

How to create a secured cloudera cluster

  • 1. How-to create a Secured Cloudera Cluster Cloudera Manager + Kerberos + CentOS
  • 2. Introduction This presentation, it’s for everyone that is curious with Big Data and does have the know how to start learning... With this, you will be able to create quickly a Kerberos secured Cloudera Cluster.
  • 3. Architecture This architecture enables a Cluster with several layers of security.
  • 4. Pre-Assumptions 1. VM Centos 6.9 2. VM Requirements 26Gb with 4 vcores 3. root user or user with sudo access
  • 5. Prepare Cloudera Installation Set VM Hostname sudo nano /etc/hosts; 10.111.22.3 cm515.localdomain sudo hostname cm515.localdomain; sudo nano /etc/sysconfig/network; HOSTNAME=cm515.localdomain Clear iptables Rules sudo iptables -F; sudo nano /etc/rc.local; iptables -F Note: just need to change the highlighted values for your own values. Make iptables Rules Executable on Startup sudo chmod +x /etc/rc.d/rc.local; sudo sed -i 's/IPTABLES_SAVE_ON_RESTART="no"/IPTABLES_SAVE_ON_RESTART="yes"/' /etc/sysconfig/iptables-config; Make Cloudera Manager Rules Executable on Startup echo "echo never > /sys/kernel/mm/transparent_hugepage/enabled" >> /etc/rc.local; echo "echo never > /sys/kernel/mm/transparent_hugepage/defrag" >> /etc/rc.local; echo never > /sys/kernel/mm/transparent_hugepage/enabled; echo never > /sys/kernel/mm/transparent_hugepage/defrag;
  • 6. Prepare Cloudera Installation Disable Selinux sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config; sudo setenforce 0; Reboot sudo reboot Check Selinux sestatus Install & Start NTP service sudo yum install ntp; sudo service ntpd status; sudo service ntpd start; Note: just need to change the highlighted values for your own values. Configure NTP service sudo nano /etc/ntp.conf server 10.111.22.5 prefer iburst burst minpoll 4 maxpoll 4 server 10.111.22.6 iburst burst minpoll 4 maxpoll 4 sudo service ntpd restart; Change Host Check Parameters sudo sysctl vm.swappiness=10; sudo echo "vm.swappiness = 10" >> /etc/sysctl.conf Disable IPV6 sudo nano /etc/sysctl.conf net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.all.disable_ipv6=1
  • 7. Cloudera Manager Installation There’s many ways to do the Cloudera Cluster installation, such as a installation binary wizard file. But i've found that the most reliable way is the following: Create Cloudera Repo sudo nano /etc/yum.repos.d/cloudera-manager.repo name=Cloudera Manager baseurl=http://archive.cloudera.com/cm5/redhat/6/x86_64/cm/5.15.1/ gpgkey =https://archive.cloudera.com/cm5/redhat/6/x86_64/cm/RPM-GPG-KEY-cloudera gpgcheck = 1 sudo yum repolist; Note: just need to change the highlighted values for your own values.
  • 8. Cloudera Manager Installation Install Java & Cloudera Server + Agent sudo yum install oracle-j2sdk1.8 -y; sudo yum install cloudera-manager-agent -y; sudo yum install cloudera-manager-server -y; Install JDBC Connector for MariaDB sudo mkdir -p /usr/share/java/; cd /usr/share/java/; sudo chmod 777 /usr/share/java; sudo wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.46.tar.gz; sudo unzip mysql-connector-java-5.1.46.zip; cd mysql-connector-java-5.1.46; sudo cp mysql-connector-java-5.1.46-bin.jar /usr/share/java/mysql-connector-java.jar; sudo chmod 777 /usr/share/java/mysql-connector-java.jar; Note 1: just need to change the highlighted values for your own values. Note 2: Cloudera agent installation must be done in each cluster node and the server only on the server node. Note 3: It was chosen the MariaDB for Cloudera DB due to is reallibily and easy configuration. MariaDB Repo configuration sudo nano /etc/yum.repos.d/MariaDB.repo; [mariadb] name = MariaDB baseurl = https://yum.mariadb.org/10.0/centos/6/x86_64/ gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaD gpgcheck=1
  • 9. Cloudera Manager Installation MariaDB Server Installation sudo yum clean all; sudo yum install mariadb-server -y; Enable MariaDB Start on boot cd /etc/init.d; sudo chkconfig --add mysql; sudo chkconfig mysql on; sudo chkconfig --list mysql; sudo service mysql start; Set MariaDB root password sudo mysql_secure_installation Remove anonymous users? [Y/n] - Y Disallow root login remotely? [Y/n] - N Remove test database and access to it? [Y/n] - Y Reload privilege tables now? [Y/n] - Y Create Cloudera Services Databases & Users mysql -u root -p - - User: ClouderaManagerServer create user 'scm'@'%' IDENTIFIED BY 'password'; grant all privileges ON *.* TO 'scm'@'%' WITH GRANT OPTION; create database scm default character set utf8; - - User: Sentry create database sentry default character set utf8; grant all on sentry.* to 'sentry'@'%' identified by 'password'; - - User: Hive create database metastore default character set utf8; grant all on metastore.* to 'hive'@'%' identified by 'password'; - - User: Hue create database hue default character set utf8; grant all on hue.* to 'hue'@'%' identified by 'password';
  • 10. Cloudera Manager Installation Create Cloudera Services Databases & Users - - User: Oozie create database oozie default character set utf8; grant all on oozie.* to 'oozie'@'%' identified by 'password'; - - User: Activity Monitor create database amon default character set utf8; grant all on amon.* to 'amon'@'%' identified by 'password'; - - User: Reports Manager create database rman default character set utf8; grant all on rman.* to 'rman'@'%' identified by 'password'; exit; Create Cloudera DB /usr/share/cmf/schema/scm_prepare_database.sh mysql --host cm515.localdomain --port 3306 scm scm; Note: just need to change the highlighted values for your own values. Start Cloudera Server & Agent sudo service cloudera-scm-server start; sudo service cloudera-scm-agent start;
  • 11. Configure Cloudera Manager If you are running you VM in a Windows PC, you should add an entry on your host file that’s locate in c:WindowsSystem32driversetchosts. After you can login in your browser an open the url http://cm515.localdomain:7180 The login details will be: Username: admin Password: admin Configure CDH Hosts Select Repository Note 1: just need to change the highlighted values for your own values. Note 2: always chose Parcels.
  • 12. Configure Cloudera Manager JDK Installation (Optional) Single User Mode Note: On Single User Mode: don't select it, because If single user mode is not enabled, the Cloudera Manager Agent runs as root so that it can make sure the required directories are created and that processes and files are owned by the appropriate user (for example, the hdfs and mapred users).
  • 13. Configure Cloudera Manager Login Credentials Note: Choose root and select an appropriate password. Installation Agents and Parcels (Wizard - Automatic)
  • 14. Configure Cloudera Manager Choose Services Note: Choose only services that you need, more services requires more resources Assign Roles Note: Don’t assign the role Telemetry Publisher!
  • 15. Configure Cloudera Manager Configure Cluster Databases Note: this is a mere example of cloudera services (there are more…) Kudu Service Additional Configs (Opticional) Note: you can chose a different directory, for example /u01/kudu/...
  • 16. After Cluster Started You will have some issues, therefore i’ll recommend a full restart to the Cluster. Then you should have only two issues and both on HDFS service, such as: Start & Add Services (rpc, nfs) sudo service rpcbind start; sudo service nfs start; sudo service nfs stop; sudo chkconfig rpcbind on; sudo chkconfig nfs on; Restart NFS Gateway Role (CM - HDFS)
  • 17. After Cluster Started Fix HDFS Under-Replicated Blocks sudo -u hdfs hdfs fsck / | grep 'Under replicated' | awk -F':' '{print $1}' >> /tmp/under_replicated_files for hdfsfile in `cat /tmp/under_replicated_files`; do echo "Fixing $hdfsfile :" ; sudo -u hdfs hadoop fs -setrep 3 $hdfsfile; done Note 1: just need to change the highlighted values for your own values. Note 2: this is issue will appear on a VM (one node cluster) for test purpose you won’t need the replication by 3.
  • 18. Secure the Cluster There can be many ways to secure your Cluster, i’ve found that the best way in cost and benefits it’s with Kerberos, but keep in mind that with future configurations such as Zeppelin, Jupyter and so on there i’ll be some “hurdles”. Set Kerberos Realm sudo yum install -y krb5-server openldap-clients krb5-workstation Install Kerberos Server and Open Ldap Client sudo sed -i.orig 's/EXAMPLE.COM/DOMAIN.COM/g' /etc/krb5.conf Set the hostname for the kerberos server sudo sed -i.m1 's/kerberos.example.com/cm515.localdomain/g' /etc/krb5.conf Change Domain Name sudo sed -i.m2 's/example.com/domain.com/g' /etc/krb5.conf Create the kerberos database sudo kdb5_util create -s Note 1: enter a new password for kerberos database Note 2: just need to change the highlighted values for your own values.
  • 19. Secure the Cluster Update ACL File to enable */admin with admin privileges sudo sed -i 's/EXAMPLE.COM/DOMAIN.COM/' /var/kerberos/krb5kdc/kadm5.acl; Update the kdc.conf file to allow renewable sudo sed -i.m3 '/supported_enctypes/a default_principal_flags = +renewable, +forwardable' /var/kerberos/krb5kdc/kdc.conf Fix the indenting sudo sed -i.m4 's/^default_principal_flags/ default_principal_flags/' /var/kerberos/krb5kdc/kdc.conf Update kdc.conf file sudo sed -i.orig 's/EXAMPLE.COM/DOMAIN.COM/g' /var/kerberos/krb5kdc/kdc.conf Add a line to the file with ticket life sudo sed -i.m1 '/dict_file/a max_life = 1d' /var/kerberos/krb5kdc/kdc.conf Add a max renewable life sudo sed -i.m1 '/dict_file/a max_life = 1d' /var/kerberos/krb5kdc/kdc.conf Note: just need to change the highlighted values for your own values.
  • 20. Secure the Cluster Indent the two new lines in the file sudo sed -i.m3 's/^max_/ max_/' /var/kerberos/krb5kdc/kdc.conf Start up the kdc server and the admin server sudo service krb5kdc start; sudo service kadmin start; Create krbtgt principal sudo kadmin.local <<eoj modprinc -maxrenewlife 1week krbtgt/DOMAIN.COM@DOMAIN.COM eoj Add the admin user that CM will use to provision kerberos in the cluster sudo kadmin.local <<eoj addprinc -pw password cloudera-scm/admin@DOMAIN.COM modprinc -maxrenewlife 1week cloudera-scm/admin@DOMAIN.COM eoj Note: just need to change the highlighted values for your own values.
  • 21. Secure the Cluster Add user to be super user for HDFS sudo kadmin.local <<eoj addprinc -pw password hdfs@DOMAIN.COM modprinc -maxrenewlife 1week hdfs@DOMAIN.COM eoj Test authentication as the CM admin user kinit cloudera-scm/admin@DOMAIN.COM Check characteristics of the ticket klist -e Note1: this info will be used later on Cloudera Manager Note2: just need to change the highlighted values for your own values. Make the kerberos services start on boot sudo chkconfig kadmin on; sudo chkconfig krb5kdc on;
  • 22. Cloudera Manager - Kerberos Configuration For start you should open your browser and login to Cloudera manager with the url: http://cm515.localdomain:7180/cmf/login Enable Kerberos Note 1: check all boxes.
  • 23. Cloudera Manager - Kerberos Configuration Setup KDC Kerberos Encryption Types: aes256-cts-hmac-sha1-96 KDC Security Realm: cm515.localdomain Kerberos Server Host: DOMAIN.COM KDC Admin Server Host: cm515.localdomain Domain Realm: domain.com Maximum Renewable Life: 7 Note 2: just need to change the highlighted values for your own values. Configure krb5.conf Note 1: check the manage krb5.conf box and forwardable tickets .
  • 24. Cloudera Manager - Kerberos Configuration Setup KDC Username: cloudera-scm/admin @ DOMAIN.COM Password: password Configure Kerberos Principals Note: just need to change the highlighted values for your own values. Configure Ports
  • 25. Cloudera Manager - Kerberos Configuration A successful output of a enabled Kerberos on Cloudera Manager should me something like this:
  • 26. Additional Issues In some cases it can appear some additional issues such as: Error on the Role Instance “Telemetry Publisher” and access denied to the root user on mysql. Error on Role Instance - Telemetry Publisher Usually this role isn’t necessary, therefore you need to remove it (Delete) To do so...you have to stop all Cloudera Management Services and then on Actions: Delete the role.
  • 27. Additional Issues Access denied for user 'root'@'localhost' sudo nano /etc/my.cnf; [mysqld] skip-grant-tables sudo service mysql restart; mysql -u root -p Note 1: just press enter - no password FLUSH privileges; ALTER USER 'root'@'localhost' IDENTIFIED BY 'welcome1'; exit; mysql -u root -p Note 2: retry again and enter the new chosen password Note 3: just need to change the highlighted values for your own values. Remove Grant Flag sudo nano /etc/my.cnf; [mysqld] #skip-grant-tables sudo service mysql restart;