You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by to...@apache.org on 2017/03/21 00:17:31 UTC
[34/51] [partial] kudu-site git commit: Publish commit(s) from site source repo: d114777 Update docs, add 1.3 release 836614e Update old download links to Apache Archive

http://git-wip-us.apache.org/repos/asf/kudu-site/blob/afc98840/docs/known_issues.html
----------------------------------------------------------------------
diff --git a/docs/known_issues.html b/docs/known_issues.html
index 9f51b36..574ddd0 100644
--- a/docs/known_issues.html
+++ b/docs/known_issues.html
@@ -216,12 +216,26 @@ or use large tables.</p>
 <div class="ulist">
 <ul>
 <li>
-<p>Authentication and authorization features are not implemented.</p>
+<p>Authorization is only available at a system-wide, coarse-grained level. Table-level,
+column-level, and row-level authorization features are not available.</p>
 </li>
 <li>
-<p>Data encryption is not built in. Kudu has been reported to run correctly
+<p>Data encryption at rest is not built in. Kudu has been reported to run correctly
 on systems using local block device encryption (e.g. <code>dmcrypt</code>).</p>
 </li>
+<li>
+<p>Kudu server Kerberos principals must follow the pattern <code>kudu/&lt;HOST&gt;@DEFAULT.REALM</code>.
+Configuring an alternate Kerberos principal is not supported.</p>
+</li>
+<li>
+<p>Kudu&#8217;s integration with Apache Flume does not support writing to Kudu clusters that
+require Kerberos authentication.</p>
+</li>
+<li>
+<p>Kudu client instances retrieve authentication tokens upon first contact with the
+cluster. These tokens expire after one week. Use of a single Kudu client instance
+for more than one week is not supported.</p>
+</li>
 </ul>
 </div>
 </div>
@@ -334,7 +348,7 @@ you can monitor the number of tablets per server in the web UI.</p>
 </div>
       <footer class="footer">
         <p class="small">
-        Copyright &copy; 2016 The Apache Software Foundation.  Last updated 2017-01-26 16:14:09 PST 
+        Copyright &copy; 2016 The Apache Software Foundation.  Last updated 2017-03-10 12:47:33 PST 
         </p>
       </footer>
     </div>

http://git-wip-us.apache.org/repos/asf/kudu-site/blob/afc98840/docs/kudu-master_configuration_reference.html
----------------------------------------------------------------------
diff --git a/docs/kudu-master_configuration_reference.html b/docs/kudu-master_configuration_reference.html
index 07d2ea6..d76ffb5 100644
--- a/docs/kudu-master_configuration_reference.html
+++ b/docs/kudu-master_configuration_reference.html
@@ -268,6 +268,35 @@ configuration tasks.</p>
 </div>
 </div>
 <div class="sect2">
+<h3 id="kudu-master_keytab_file"><a class="link" href="#kudu-master_keytab_file"><code>--keytab_file</code></a></h3>
+<div class="paragraph">
+<p>Path to the Kerberos Keytab file for this server. Specifying a keytab file will cause the server to kinit, and enable Kerberos to be used to authenticate RPC connections.</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">none</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
 <h3 id="kudu-master_rpc_bind_addresses"><a class="link" href="#kudu-master_rpc_bind_addresses"><code>--rpc_bind_addresses</code></a></h3>
 <div class="paragraph">
 <p>Comma-separated list of addresses to bind to for RPC connections. Currently, ephemeral ports (i.e. port 0) are not allowed.</p>
@@ -297,6 +326,93 @@ configuration tasks.</p>
 </div>
 </div>
 <div class="sect2">
+<h3 id="kudu-master_superuser_acl"><a class="link" href="#kudu-master_superuser_acl"><code>--superuser_acl</code></a></h3>
+<div class="paragraph">
+<p>The list of usernames to allow as super users, comma-separated. A '*' entry indicates that all authenticated users are allowed. If this is left unset or blank, the default behavior is that the identity of the daemon itself determines the superuser. If the daemon is logged in from a Keytab, then the local username from the Kerberos principal is used; otherwise, the local Unix username is used.</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">none</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">sensitive,stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
+<h3 id="kudu-master_user_acl"><a class="link" href="#kudu-master_user_acl"><code>--user_acl</code></a></h3>
+<div class="paragraph">
+<p>The list of usernames who may access the cluster, comma-separated. A '*' entry indicates that all authenticated users are allowed.</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><code>*</code></p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">sensitive,stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
+<h3 id="kudu-master_webserver_certificate_file"><a class="link" href="#kudu-master_webserver_certificate_file"><code>--webserver_certificate_file</code></a></h3>
+<div class="paragraph">
+<p>The location of the debug webserver&#8217;s SSL certificate file, in PEM format. If empty, webserver SSL support is not enabled</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">none</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
 <h3 id="kudu-master_webserver_port"><a class="link" href="#kudu-master_webserver_port"><code>--webserver_port</code></a></h3>
 <div class="paragraph">
 <p>Port to bind to for the web server</p>
@@ -326,6 +442,64 @@ configuration tasks.</p>
 </div>
 </div>
 <div class="sect2">
+<h3 id="kudu-master_webserver_private_key_file"><a class="link" href="#kudu-master_webserver_private_key_file"><code>--webserver_private_key_file</code></a></h3>
+<div class="paragraph">
+<p>The full path to the private key used as a counterpart to the public key contained in --ssl_server_certificate. If --ssl_server_certificate is set, this option must be set as well.</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">none</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
+<h3 id="kudu-master_webserver_private_key_password_cmd"><a class="link" href="#kudu-master_webserver_private_key_password_cmd"><code>--webserver_private_key_password_cmd</code></a></h3>
+<div class="paragraph">
+<p>A Unix command whose output returns the password used to decrypt the Webserver&#8217;s certificate private key file specified in --webserver_private_key_file. If the PEM key file is not password-protected, this command will not be invoked. The output of the command will be truncated to 1024 bytes, and then all trailing whitespace will be trimmed before it is used to decrypt the private key</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">none</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
 <h3 id="kudu-master_log_filename"><a class="link" href="#kudu-master_log_filename"><code>--log_filename</code></a></h3>
 <div class="paragraph">
 <p>Prefix of log filename - full path is &lt;log_dir&gt;/&lt;log_filename&gt;.[INFO|WARN|ERROR|FATAL]</p>
@@ -1284,7 +1458,7 @@ configuration tasks.</p>
 </div>
       <footer class="footer">
         <p class="small">
-        Copyright &copy; 2016 The Apache Software Foundation.  Last updated 2017-02-02 14:03:11 PST 
+        Copyright &copy; 2016 The Apache Software Foundation.  Last updated 2017-03-20 16:43:12 PDT 
         </p>
       </footer>
     </div>