Secure MapR cluster may use either MapR-SASL or Kerberos to provide authentication. Therefore, the user that launches the
flume-ng JVM agent on a secure cluster can authenticate with the MapR-FS using a MapR user ticket or a Kerberos ticket.
When you authenticate with Kerberos, the user does not need to run the maprlogin utility to authenticate with the cluster as long a a valid kerberos ticket is present. When you authenticate with a mapr user ticket, you must run the maprlogin utility to generate a maprticket before you launch the flume-ng JVM agent.
This section includes the following topics:
Configure Flume agents to use MapR user tickets when writing to MapR-FS
If you use MapR-SASL (MapR user ticket) to authenticate, configure a dummy value for the Kerberos principal and keytab file in the flume.conf.
These dummy Kerberos principal and keytab files are not used with the HDFSSink operations. However, when the dummy Kerberos properties are not configured, Flume agent error logs display the following error messages:
These errors relate to Kerberos authentication prerequisite failures and can be ignored when you are not using Kerberos. Secure Flume operations with
maprlogin-mediated tickets continue to be available.
Configure Flume agents to use a Kerberos ticket when writing to MapR-FS
Create a keytab file called
flume.keytabwhich contains a principal that matches the Kerberos identity of the user that will be running
The flume.keytab file must be owned and readable only by the mapr user.
flume.conffile, configure the following properties:
The user component of the principal must be the username of the user running
path to file
Provide the path to your
For additional properties that you may want to configure, see the Apache Flume documentation.