You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by jr...@apache.org on 2017/03/06 19:45:13 UTC
incubator-impala git commit: IMPALA-5006 [DOCS] Remove chunks of
Cloudera-specific content from the Impala Security Guide.
Repository: incubator-impala
Updated Branches:
refs/heads/master 13837262b -> c6673634b
IMPALA-5006 [DOCS] Remove chunks of Cloudera-specific content
from the Impala Security Guide.
The scope of this gerrit is dealing with chunks of CM content
still remaining in the security guide. Some of work on the SSL,
LDAP and Sentry topics was done by John in a separate gerrit.
Change-Id: I65a2aa96d7d45f6c1b348105727ddb5c4a6be6d2
Reviewed-on: http://gerrit.cloudera.org:8080/6231
Reviewed-by: John Russell <jr...@cloudera.com>
Tested-by: Impala Public Jenkins
Project: http://git-wip-us.apache.org/repos/asf/incubator-impala/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-impala/commit/c6673634
Tree: http://git-wip-us.apache.org/repos/asf/incubator-impala/tree/c6673634
Diff: http://git-wip-us.apache.org/repos/asf/incubator-impala/diff/c6673634
Branch: refs/heads/master
Commit: c6673634bb7aff2cd007bc886eba302cfaf33eb6
Parents: 1383726
Author: Ambreen Kazi <am...@cloudera.com>
Authored: Thu Mar 2 13:22:41 2017 -0800
Committer: Impala Public Jenkins <im...@gerrit.cloudera.org>
Committed: Mon Mar 6 19:08:31 2017 +0000
----------------------------------------------------------------------
docs/topics/impala_auditing.xml | 38 ++-----------------------
docs/topics/impala_kerberos.xml | 32 ---------------------
docs/topics/impala_lineage.xml | 12 +-------
docs/topics/impala_security_guidelines.xml | 4 +--
4 files changed, 5 insertions(+), 81 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/c6673634/docs/topics/impala_auditing.xml
----------------------------------------------------------------------
diff --git a/docs/topics/impala_auditing.xml b/docs/topics/impala_auditing.xml
index 8dd5b23..2d5e46c 100644
--- a/docs/topics/impala_auditing.xml
+++ b/docs/topics/impala_auditing.xml
@@ -49,21 +49,15 @@ under the License.
in your <cmdname>impalad</cmdname> startup options.
The log directory must be a local directory on the
server, not an HDFS directory.
- <p audience="hidden">
- For a cluster managed by Cloudera Manager, see
- <xref
- href="cn_iu_audit_log.xml#xd_583c10bfdbd326ba--6eed2fb8-14349d04bee--7d6f/section_v25_lmy_bn"/>.
- </p>
</li>
<li>
Decide how many queries will be represented in each log file. By default,
Impala starts a new log file every 5000 queries. To specify a different number, <ph
- audience="standalone">include
+ audience="standalone">include
the option <codeph>-max_audit_event_log_file_size=<varname>number_of_queries</varname></codeph>
in the <cmdname>impalad</cmdname> startup options</ph>
- <xref href="cn_iu_audit_log.xml#xd_583c10bfdbd326ba--6eed2fb8-14349d04bee--7d6f/section_v25_lmy_bn" audience="integrated">
- configure Impala Daemon logging in Cloudera Manager</xref>.
+ <xref href="cn_iu_audit_log.xml#xd_583c10bfdbd326ba--6eed2fb8-14349d04bee--7d6f/section_v25_lmy_bn" audience="integrated">configure Impala Daemon logging in Cloudera Manager</xref>.
</li>
<li>
@@ -71,13 +65,6 @@ under the License.
and produce reports based on the audit logs collected
from all the hosts in the cluster.
</li>
-
- <li audience="hidden">
- Use Cloudera Navigator or Cloudera Manager to filter, visualize, and produce reports based on the audit
- data. (The Impala auditing feature works with Cloudera Manager 4.7 to 5.1 and Cloudera Navigator 2.1 and
- higher.) Check the audit data to ensure that all activity is authorized and detect attempts at
- unauthorized access.
- </li>
</ul>
<p outputclass="toc inpage"/>
@@ -275,25 +262,4 @@ Here is an excerpt from a sample audit log file:
</p>
</conbody>
</concept>
-
- <concept id="auditing_reviewing" audience="hidden">
-
- <title>Reviewing the Audit Logs</title>
- <prolog>
- <metadata>
- <data name="Category" value="Logs"/>
- </metadata>
- </prolog>
-
- <conbody>
-
- <p>
- You typically do not review the audit logs in raw form. The Cloudera Manager Agent periodically transfers
- the log information into a back-end database where it can be examined in consolidated form. See
- <ph audience="standalone">the <xref href="http://www.cloudera.com/content/cloudera-content/cloudera-docs/Navigator/latest/Cloudera-Navigator-Installation-and-User-Guide/Cloudera-Navigator-Installation-and-User-Guide.html"
- scope="external" format="html">Cloudera Navigator documentation</xref> for details</ph>
- <xref href="cn_iu_audits.xml#cn_topic_7" audience="integrated" />.
- </p>
- </conbody>
- </concept>
</concept>
http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/c6673634/docs/topics/impala_kerberos.xml
----------------------------------------------------------------------
diff --git a/docs/topics/impala_kerberos.xml b/docs/topics/impala_kerberos.xml
index 8812389..480a861 100644
--- a/docs/topics/impala_kerberos.xml
+++ b/docs/topics/impala_kerberos.xml
@@ -48,15 +48,6 @@ under the License.
<cmdname>impalad</cmdname> or <cmdname>statestored</cmdname>.
</p>
- <p audience="hidden">
- For more information on enabling Kerberos authentication, see the
- topic on Configuring Hadoop Security in the
- <xref href="http://www.cloudera.com/documentation/enterprise/latest/topics/cdh_sg_cdh5_hadoop_security.html" scope="external" format="html">CDH 5 Security Guide</xref>.
- When using Impala in a managed environment, Cloudera Manager automatically completes Kerberos configuration.
- <ph rev="upstream">Cloudera</ph> recommends using a consistent format, such as
- <codeph>impala/_HOST@Your-Realm</codeph>, but you can use any three-part Kerberos server principal.
- </p>
-
<note conref="../shared/impala_common.xml#common/authentication_vs_authorization"/>
<p>
@@ -107,29 +98,6 @@ under the License.
name of the <codeph>keytab</codeph> file containing the credentials for the principal.
</p>
- <p audience="hidden">
- Impala supports the Cloudera ODBC driver and the Kerberos interface provided. To use Kerberos through the
- ODBC driver, the host type must be set depending on the level of the ODBC driver:
- </p>
-
- <ul audience="hidden">
- <li>
- <codeph>SecImpala</codeph> for the ODBC 1.0 driver.
- </li>
-
- <li>
- <codeph>SecBeeswax</codeph> for the ODBC 1.2 driver.
- </li>
-
- <li>
- Blank for the ODBC 2.0 driver or higher, when connecting to a secure cluster.
- </li>
-
- <li>
- <codeph>HS2NoSasl</codeph> for the ODBC 2.0 driver or higher, when connecting to a non-secure cluster.
- </li>
- </ul>
-
<p>
To enable Kerberos in the Impala shell, start the <cmdname>impala-shell</cmdname> command using the
<codeph>-k</codeph> flag.
http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/c6673634/docs/topics/impala_lineage.xml
----------------------------------------------------------------------
diff --git a/docs/topics/impala_lineage.xml b/docs/topics/impala_lineage.xml
index f444836..7ba5b17 100644
--- a/docs/topics/impala_lineage.xml
+++ b/docs/topics/impala_lineage.xml
@@ -56,13 +56,6 @@ under the License.
not tampered with.
</p>
- <p audience="hidden">
- You interact with this feature through <term>lineage diagrams</term> showing relationships between tables and
- columns. For instructions about interpreting lineage diagrams, see
- <xref audience="integrated" href="cn_iu_lineage.xml" />
- <xref audience="standalone" href="http://www.cloudera.com/documentation/enterprise/latest/topics/cn_iu_lineage.html" scope="external" format="html"/>.
- </p>
-
<section id="column_lineage">
<title>Column Lineage</title>
@@ -119,10 +112,7 @@ under the License.
<p>
To enable or disable this feature, set or remove the <codeph>-lineage_event_log_dir</codeph>
- configuration option for the <cmdname>impalad</cmdname> daemon. <ph audience="hidden">For
- information about turning the lineage feature on and off through Cloudera Manager, see
- <xref audience="integrated" href="datamgmt_impala_lineage_log.xml"/>
- <xref audience="standalone" href="http://www.cloudera.com/documentation/enterprise/latest/topics/datamgmt_impala_lineage_log.html" scope="external" format="html"/>.</ph>
+ configuration option for the <cmdname>impalad</cmdname> daemon.
</p>
</section>
http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/c6673634/docs/topics/impala_security_guidelines.xml
----------------------------------------------------------------------
diff --git a/docs/topics/impala_security_guidelines.xml b/docs/topics/impala_security_guidelines.xml
index cfe27b5..f664491 100644
--- a/docs/topics/impala_security_guidelines.xml
+++ b/docs/topics/impala_security_guidelines.xml
@@ -87,8 +87,8 @@ under the License.
<p>
The Impala authorization feature makes use of the HDFS file ownership and permissions mechanism; for
background information, see the
- <xref href="https://archive.cloudera.com/cdh/3/hadoop/hdfs_permissions_guide.html" scope="external" format="html">CDH
- HDFS Permissions Guide</xref>. Set up users and assign them to groups at the OS level, corresponding to the
+ <xref href="https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html" scope="external" format="html">HDFS Permissions Guide</xref>.
+ Set up users and assign them to groups at the OS level, corresponding to the
different categories of users with different access levels for various databases, tables, and HDFS
locations (URIs). Create the associated Linux users using the <cmdname>useradd</cmdname> command if
necessary, and add them to the appropriate groups with the <cmdname>usermod</cmdname> command.