- Notes, cautions, and warnings
- S3
- Amazon S3 API support in ECS
- S3 API supported and unsupported features
- Bucket policy support
- Object Tagging
- S3 Object Lock
- Object lifecycle management
- S3 Extensions
- Metadata Search
- S3 and Swift Interoperability
- Create and manage secret keys
- Authenticating with the S3 service
- Using s3curl with ECS
- Use SDKs to access the S3 service
- ECS S3 error codes
- Hadoop S3A for ECS
- Enabling data2 IP in ECS S3
- Cloud DVR
- ECS IAM for S3
- OpenStack Swift
- EMC Atmos
- CAS
- Setting up CAS support in ECS
- Cold Storage
- Compliance
- CAS retention in ECS
- Advanced retention for CAS applications: event-based retention, litigation hold, and the min/max governor
- Set up namespace retention policies
- Create and set up a bucket for a CAS user
- Set up a CAS object user
- Set up bucket ACLs for CAS
- ECS Management APIs that support CAS users
- Content Addressable Storage (CAS) SDK API support
- ECS CAS error codes
- Enabling data2 IP in CAS
- ECS Management REST API
- ECS HDFS
- ECS HDFS Introduction
- Configuring Hadoop to use ECS HDFS
- Hadoop authentication modes
- Migration from a simple to a Kerberos Hadoop cluster
- File system interaction
- Supported Hadoop applications
- Integrate a simple Hadoop cluster with ECS HDFS
- Install Hortonworks HDP using Ambari
- Create a bucket for HDFS using the ECS Portal
- Plan the ECS HDFS and Hadoop integration
- Obtain the ECS HDFS installation and support package
- Deploy the ECS HDFS Client Library
- Configure ECS client properties
- Set up Hive
- Verify Hadoop access to ECS
- Secure the bucket
- Relocate the default file system from HDFS to an ECS bucket
- Integrate a secure Hadoop cluster with ECS HDFS
- Verify that AD/LDAP is correctly configured with a secure Hadoop cluster
- Pig test fails: unable to obtain Kerberos principal
- Permission denied for AD user
- Permissions errors
- Failed to process request
- Enable Kerberos client-side logging and debugging
- Debug Kerberos on the KDC
- Eliminate clock skew
- Configure one or more new ECS nodes with the ECS service principal
- Workaround for Yarn directory does not exist error
- Set up the Kerberos KDC
- Configure AD user authentication for Kerberos
- Secure bucket metadata
- Hadoop core-site.xml properties for ECS HDFS
- Hadoop core-site.xml properties for ECS S3
- External key management
- Document feedback
ECS 3.6.2 Data Access Guide
Configure one or more new ECS nodes with the ECS service principal
Where you are adding one or more new nodes to an ECS configuration, the ECS service principal and corresponding keytab must be deployed to the new nodes.
- This procedure assumes that you have previously performed the steps Configure ECS nodes with the ECS service principal and have the Ansible playbooks installed and accessible.
- The list of ECS node IP addresses.
- The IP address of the KDC.
- The DNS resolution where you run this script should be the same as the DNS resolution for the Hadoop host, otherwise the vipr/_HOST@REALM will not work.
-
Log in to Node 1 and check that the tools have previously been installed and the playbooks are available.
The example used previously was:
/home/admin/ansible/viprfs-client-<ECS version>-<version>/playbooks
-
Edit the
inventory.txt file in the
playbooks/samples directory to add the ECS nodes.
The default entries are shown in the following extract.
[data_nodes] 192.168.2.[100:200] [kdc] 192.168.2.10
-
Start the utility container on ECS Node 1 and make the Ansible playbooks available to the container.
-
Load the utility container image.
Example:
sudo docker load -i /opt/emc/caspian/checker/docker/images/utilities.txz
-
Get the identity of the docker image.
Example:
admin@provo-lilac:~> sudo docker images
The output will give you the image identity:REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE utilities 1.5.0.0-403.cb6738e 186bd8577a7a 2 weeks ago 738.5 MB
-
Start and enter utilities image.
Example:
sudo docker run -v /opt/emc/caspian/fabric/agent/services/object/main/log:/opt/storageos/logs -v /home/admin/ansible/viprfs-client-3.0.0.0.85325.a05145b/playbooks:/ansible --name=ecs-tools -i -t --privileged --net=host 186bd8577a7a /bin/bash
In the example, the location to which the Ansible playbooks were unzipped /home/admin/ansible/viprfs-client-3.0.0.0.85325.a05145b/playbooks is mapped to the /ansible directory in the utility container.
-
Load the utility container image.
-
Change to the working directory in the container.
Example:
cd /ansible
-
Run the Ansible playbook to generate keytabs.
ansible-playbook -v -k -i inventory.txt generate-vipr-keytabs.yml
-
Run the Ansible playbook to configure the data nodes with the ECS service principal.
Make sure the /ansible/samples/keytab directory exists and the krb5.conf file is in the working directory /ansible/samples directory.
ansible-playbook -v -k -i inventory.txt setup-vipr-kerberos.yml
Verify that the correct ECS service principal, one per data node, has been created (from the KDC):# kadmin.local -q "list_principals" | grep vipr vipr/nile3-vm42.centera.lab.emc.com@MA.EMC.COM vipr/nile3-vm43.centera.lab.emc.com@MA.EMC.COM
Verify that correct keytab is generated and stored in location: /data/hdfs/krb5.keytab on all ECS data nodes. You can use the strings command on the keytab to extract the human readable text, and verify that it contains the correct principal. For example:dataservice-10-247-199-69:~ # strings /data/hdfs/krb5.keytab MA.EMC.COM vipr nile3-vm42.centera.lab.emc.com
In this case the principal is vipr/nile3-vm42.centera.lab.emc.com.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\