You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by jd...@apache.org on 2017/04/18 21:24:23 UTC
[1/5] kudu git commit: Bump version to 1.3.2-SNAPSHOT
Repository: kudu
Updated Branches:
refs/heads/branch-1.3.x e8f346940 -> 8213656d2
Bump version to 1.3.2-SNAPSHOT
Change-Id: Ie4c48aa6ec08a40500d85a1a53ccb48b64d2d4ef
Reviewed-on: http://gerrit.cloudera.org:8080/6669
Tested-by: Kudu Jenkins
Reviewed-by: Todd Lipcon <to...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/881789cd
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/881789cd
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/881789cd
Branch: refs/heads/branch-1.3.x
Commit: 881789cd33b6db6d9bfe1f00b74faf1e0f7b44d4
Parents: e8f3469
Author: Jean-Daniel Cryans <jd...@apache.org>
Authored: Tue Apr 18 09:35:56 2017 -0700
Committer: Jean-Daniel Cryans <jd...@apache.org>
Committed: Tue Apr 18 21:17:56 2017 +0000
----------------------------------------------------------------------
java/interface-annotations/pom.xml | 2 +-
java/kudu-client-tools/pom.xml | 2 +-
java/kudu-client/pom.xml | 2 +-
java/kudu-flume-sink/pom.xml | 2 +-
java/kudu-jepsen/pom.xml | 2 +-
java/kudu-mapreduce/pom.xml | 2 +-
java/kudu-spark/pom.xml | 2 +-
java/pom.xml | 2 +-
python/setup.py | 4 ++--
version.txt | 2 +-
10 files changed, 11 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kudu/blob/881789cd/java/interface-annotations/pom.xml
----------------------------------------------------------------------
diff --git a/java/interface-annotations/pom.xml b/java/interface-annotations/pom.xml
index 85201e4..15bf33e 100644
--- a/java/interface-annotations/pom.xml
+++ b/java/interface-annotations/pom.xml
@@ -21,7 +21,7 @@
<parent>
<groupId>org.apache.kudu</groupId>
<artifactId>kudu-parent</artifactId>
- <version>1.3.1</version>
+ <version>1.3.2-SNAPSHOT</version>
</parent>
<artifactId>interface-annotations</artifactId>
http://git-wip-us.apache.org/repos/asf/kudu/blob/881789cd/java/kudu-client-tools/pom.xml
----------------------------------------------------------------------
diff --git a/java/kudu-client-tools/pom.xml b/java/kudu-client-tools/pom.xml
index 73477ec..4f731a3 100644
--- a/java/kudu-client-tools/pom.xml
+++ b/java/kudu-client-tools/pom.xml
@@ -23,7 +23,7 @@
<parent>
<groupId>org.apache.kudu</groupId>
<artifactId>kudu-parent</artifactId>
- <version>1.3.1</version>
+ <version>1.3.2-SNAPSHOT</version>
</parent>
<artifactId>kudu-client-tools</artifactId>
http://git-wip-us.apache.org/repos/asf/kudu/blob/881789cd/java/kudu-client/pom.xml
----------------------------------------------------------------------
diff --git a/java/kudu-client/pom.xml b/java/kudu-client/pom.xml
index 3a30888..0c48082 100644
--- a/java/kudu-client/pom.xml
+++ b/java/kudu-client/pom.xml
@@ -23,7 +23,7 @@
<parent>
<groupId>org.apache.kudu</groupId>
<artifactId>kudu-parent</artifactId>
- <version>1.3.1</version>
+ <version>1.3.2-SNAPSHOT</version>
</parent>
<artifactId>kudu-client</artifactId>
http://git-wip-us.apache.org/repos/asf/kudu/blob/881789cd/java/kudu-flume-sink/pom.xml
----------------------------------------------------------------------
diff --git a/java/kudu-flume-sink/pom.xml b/java/kudu-flume-sink/pom.xml
index b1be9b6..2489cf0 100644
--- a/java/kudu-flume-sink/pom.xml
+++ b/java/kudu-flume-sink/pom.xml
@@ -15,7 +15,7 @@
<parent>
<artifactId>kudu-parent</artifactId>
<groupId>org.apache.kudu</groupId>
- <version>1.3.1</version>
+ <version>1.3.2-SNAPSHOT</version>
</parent>
<artifactId>kudu-flume-sink</artifactId>
<name>Kudu Flume NG Sink</name>
http://git-wip-us.apache.org/repos/asf/kudu/blob/881789cd/java/kudu-jepsen/pom.xml
----------------------------------------------------------------------
diff --git a/java/kudu-jepsen/pom.xml b/java/kudu-jepsen/pom.xml
index 2b0a266..e371442 100644
--- a/java/kudu-jepsen/pom.xml
+++ b/java/kudu-jepsen/pom.xml
@@ -20,7 +20,7 @@
<parent>
<groupId>org.apache.kudu</groupId>
<artifactId>kudu-parent</artifactId>
- <version>1.3.1</version>
+ <version>1.3.2-SNAPSHOT</version>
</parent>
<artifactId>kudu-jepsen</artifactId>
http://git-wip-us.apache.org/repos/asf/kudu/blob/881789cd/java/kudu-mapreduce/pom.xml
----------------------------------------------------------------------
diff --git a/java/kudu-mapreduce/pom.xml b/java/kudu-mapreduce/pom.xml
index 2e88935..85009e0 100644
--- a/java/kudu-mapreduce/pom.xml
+++ b/java/kudu-mapreduce/pom.xml
@@ -23,7 +23,7 @@
<parent>
<groupId>org.apache.kudu</groupId>
<artifactId>kudu-parent</artifactId>
- <version>1.3.1</version>
+ <version>1.3.2-SNAPSHOT</version>
</parent>
<artifactId>kudu-mapreduce</artifactId>
http://git-wip-us.apache.org/repos/asf/kudu/blob/881789cd/java/kudu-spark/pom.xml
----------------------------------------------------------------------
diff --git a/java/kudu-spark/pom.xml b/java/kudu-spark/pom.xml
index 599635e..32f28d7 100644
--- a/java/kudu-spark/pom.xml
+++ b/java/kudu-spark/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.apache.kudu</groupId>
<artifactId>kudu-parent</artifactId>
- <version>1.3.1</version>
+ <version>1.3.2-SNAPSHOT</version>
</parent>
<artifactId>kudu-${spark.version.label}_${scala.binary.version}</artifactId>
http://git-wip-us.apache.org/repos/asf/kudu/blob/881789cd/java/pom.xml
----------------------------------------------------------------------
diff --git a/java/pom.xml b/java/pom.xml
index 9d37eaa..20f5083 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -24,7 +24,7 @@
<groupId>org.apache.kudu</groupId>
<artifactId>kudu-parent</artifactId>
- <version>1.3.1</version>
+ <version>1.3.2-SNAPSHOT</version>
<packaging>pom</packaging>
<!-- inherit from the ASF POM for distribution management -->
http://git-wip-us.apache.org/repos/asf/kudu/blob/881789cd/python/setup.py
----------------------------------------------------------------------
diff --git a/python/setup.py b/python/setup.py
index ed8fd84..1a6538f 100644
--- a/python/setup.py
+++ b/python/setup.py
@@ -38,9 +38,9 @@ if Cython.__version__ < '0.21.0':
MAJOR = 1
MINOR = 3
-MICRO = 1
+MICRO = 2
VERSION = '%d.%d.%d' % (MAJOR, MINOR, MICRO)
-ISRELEASED = True
+ISRELEASED = False
setup_dir = os.path.abspath(os.path.dirname(__file__))
http://git-wip-us.apache.org/repos/asf/kudu/blob/881789cd/version.txt
----------------------------------------------------------------------
diff --git a/version.txt b/version.txt
index 3a3cd8c..934ff7e 100644
--- a/version.txt
+++ b/version.txt
@@ -1 +1 @@
-1.3.1
+1.3.2-SNAPSHOT
[2/5] kudu git commit: docs: Fix "make site"
Posted by jd...@apache.org.
docs: Fix "make site"
* "make site" was broken due to changed command-line argments on
"docs/support/scripts/make_site.sh". This patch fixes that
discrepancy.
* Also, assume the "apache" remote exists for the site build. That
assumption is consistent with the "build-support/push_to_asf.py"
script.
Change-Id: I9050eec37ea6b5b4917a4c8269de4178c3c14cb2
Reviewed-on: http://gerrit.cloudera.org:8080/6488
Tested-by: Kudu Jenkins
Reviewed-by: Todd Lipcon <to...@apache.org>
(cherry picked from commit b719b1e7c7e2a78f8e818a9c8275b5d030835811)
Reviewed-on: http://gerrit.cloudera.org:8080/6643
Reviewed-by: Mike Percy <mp...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/4e2e0d1e
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/4e2e0d1e
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/4e2e0d1e
Branch: refs/heads/branch-1.3.x
Commit: 4e2e0d1e9c951e4fc71e102c8762d05464b8e66f
Parents: 881789c
Author: Mike Percy <mp...@apache.org>
Authored: Fri Mar 24 19:33:43 2017 -0700
Committer: Jean-Daniel Cryans <jd...@apache.org>
Committed: Tue Apr 18 21:21:30 2017 +0000
----------------------------------------------------------------------
CMakeLists.txt | 4 ++--
docs/support/scripts/make_site.sh | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kudu/blob/4e2e0d1e/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 84329a5..2ec5f80 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1095,10 +1095,10 @@ endif (UNIX)
if (UNIX)
if (NOT DOXYGEN_FOUND)
add_custom_target(site
- ${CMAKE_CURRENT_SOURCE_DIR}/docs/support/scripts/make_site.sh)
+ ${CMAKE_CURRENT_SOURCE_DIR}/docs/support/scripts/make_site.sh --no-doxygen)
else ()
add_custom_target(site
- ${CMAKE_CURRENT_SOURCE_DIR}/docs/support/scripts/make_site.sh doxygen)
+ ${CMAKE_CURRENT_SOURCE_DIR}/docs/support/scripts/make_site.sh)
endif ()
endif (UNIX)
http://git-wip-us.apache.org/repos/asf/kudu/blob/4e2e0d1e/docs/support/scripts/make_site.sh
----------------------------------------------------------------------
diff --git a/docs/support/scripts/make_site.sh b/docs/support/scripts/make_site.sh
index 76913c2..ec24b54 100755
--- a/docs/support/scripts/make_site.sh
+++ b/docs/support/scripts/make_site.sh
@@ -41,7 +41,7 @@ if [ $# -gt 0 ]; then
"--no-doxygen") OPT_DOXYGEN='' ;;
"--help") usage ;;
"-h") usage ;;
- *) echo "Unknown command-line option: $arg"; usage ;;
+ *) echo "$0: Unknown command-line option: $arg"; usage ;;
esac
done
fi
@@ -75,7 +75,7 @@ fi
make -j$(getconf _NPROCESSORS_ONLN) $MAKE_TARGETS
# Check out the gh-pages repo into $SITE_OUTPUT_DIR
-git clone -q $(git config --get remote.origin.url) --reference $SOURCE_ROOT -b gh-pages --depth 1 "$SITE_OUTPUT_DIR"
+git clone -q $(git config --get remote.apache.url) --reference $SOURCE_ROOT -b gh-pages --depth 1 "$SITE_OUTPUT_DIR"
# Build the docs using the styles from the Jekyll site
rm -Rf "$SITE_OUTPUT_DIR/docs"
[3/5] kudu git commit: docs: Fix axis lable for
hash-range-partitioning
Posted by jd...@apache.org.
docs: Fix axis lable for hash-range-partitioning
Horizontal axis label should show range partition by time according to the example not (host, metric)
Change-Id: I619d2082941de257cee4270079b46116944c77a6
Reviewed-on: http://gerrit.cloudera.org:8080/6532
Reviewed-by: Dan Burkert <da...@apache.org>
Tested-by: Dan Burkert <da...@apache.org>
(cherry picked from commit 7206041f937f6c1dbd515e7cff4cd006573dc7d5)
Reviewed-on: http://gerrit.cloudera.org:8080/6644
Tested-by: Kudu Jenkins
Reviewed-by: Todd Lipcon <to...@apache.org>
Reviewed-by: Jean-Daniel Cryans <jd...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/b962cd44
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/b962cd44
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/b962cd44
Branch: refs/heads/branch-1.3.x
Commit: b962cd44f8ae198d1a605ad764fb6d282c927a27
Parents: 4e2e0d1
Author: Tony Foerster <to...@phdata.io>
Authored: Sun Apr 2 22:32:46 2017 -0500
Committer: Jean-Daniel Cryans <jd...@apache.org>
Committed: Tue Apr 18 21:21:44 2017 +0000
----------------------------------------------------------------------
docs/images/hash-range-partitioning-example.png | Bin 68262 -> 80584 bytes
docs/media-src/schema_design.graffle | 2 +-
2 files changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kudu/blob/b962cd44/docs/images/hash-range-partitioning-example.png
----------------------------------------------------------------------
diff --git a/docs/images/hash-range-partitioning-example.png b/docs/images/hash-range-partitioning-example.png
index 684b365..6e16ada 100644
Binary files a/docs/images/hash-range-partitioning-example.png and b/docs/images/hash-range-partitioning-example.png differ
http://git-wip-us.apache.org/repos/asf/kudu/blob/b962cd44/docs/media-src/schema_design.graffle
----------------------------------------------------------------------
diff --git a/docs/media-src/schema_design.graffle b/docs/media-src/schema_design.graffle
index 0903667..6787231 100644
--- a/docs/media-src/schema_design.graffle
+++ b/docs/media-src/schema_design.graffle
@@ -999,7 +999,7 @@
{\colortbl;\red255\green255\blue255;}
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\qc
-\f0\fs20 \cf0 RANGE (host, metric)}</string>
+\f0\fs20 \cf0 RANGE (time)}</string>
</dict>
<key>Wrap</key>
<string>NO</string>
[5/5] kudu git commit: [docs] Add security guide
Posted by jd...@apache.org.
[docs] Add security guide
Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Reviewed-on: http://gerrit.cloudera.org:8080/6479
Tested-by: Kudu Jenkins
Reviewed-by: Todd Lipcon <to...@apache.org>
(cherry picked from commit d5ac00c792616a6935e9786dd0183b33b3e6dfc9)
Reviewed-on: http://gerrit.cloudera.org:8080/6647
Reviewed-by: Jean-Daniel Cryans <jd...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/8213656d
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/8213656d
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/8213656d
Branch: refs/heads/branch-1.3.x
Commit: 8213656d26f226e786f23bcac1246426891cbbea
Parents: 9ad9993
Author: Dan Burkert <da...@apache.org>
Authored: Fri Mar 24 18:08:42 2017 -0700
Committer: Jean-Daniel Cryans <jd...@apache.org>
Committed: Tue Apr 18 21:24:00 2017 +0000
----------------------------------------------------------------------
docs/security.adoc | 243 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 243 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kudu/blob/8213656d/docs/security.adoc
----------------------------------------------------------------------
diff --git a/docs/security.adoc b/docs/security.adoc
new file mode 100644
index 0000000..1b54af3
--- /dev/null
+++ b/docs/security.adoc
@@ -0,0 +1,243 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+= Security
+
+:author: Kudu Team
+:imagesdir: ./images
+:icons: font
+:toc: left
+:toclevels: 3
+:doctype: book
+:backend: html5
+:sectlinks:
+:experimental:
+
+Kudu includes security features which allow Kudu clusters to be hardened against
+access from unauthorized users. This guide describes the security features
+provided by Kudu. <<configuration>> lists essential configuration options when
+deploying a secure Kudu cluster. <<known-limitations>> contains a list of
+known deficiencies in Kudu's security capabilities.
+
+== Authentication
+
+Kudu can be configured to enforce secure authentication among servers, and
+between clients and servers. Authentication prevents untrusted actors from
+gaining access to Kudu, and securely identifies the connecting user or services
+for authorization checks. Authentication in Kudu is designed to interoperate
+with other secure Hadoop components by utilizing Kerberos.
+
+Authentication can be configured on Kudu servers using the
+`--rpc-authentication` flag, which can be set to `required`, `optional`, or
+`disabled`. By default, the flag is set to `optional`. When `required`, Kudu
+will reject connections from clients and servers who lack authentication
+credentials. When `optional`, Kudu will attempt to use strong authentication,
+but will allow unauthenticated connections. When `disabled`, Kudu will only
+allow unauthenticated connections.
+
+WARNING: When the `--rpc-authentication` flag is set to `optional`,
+the cluster does not prevent access from unauthenticated users. To secure a
+cluster, use `--rpc-authentication=required`.
+
+=== Internal PKI
+
+Kudu uses an internal PKI system to issue X.509 certificates to servers in
+the cluster. Connections between peers who have both obtained certificates will
+use TLS for authentication, which doesn't require contacting the Kerberos KDC.
+These certificates are _only_ used for internal communication among Kudu
+servers, and between Kudu clients and servers. The certificates are never
+presented in a public facing protocol.
+
+By using internally-issued certificates, Kudu offers strong authentication which
+scales to huge clusters, and allows TLS encryption to be used without requiring
+you to manually deploy certificates on every node.
+
+=== Authentication Tokens
+
+After authenticating to a secure cluster, the Kudu client will automatically
+request an authentication token from the Kudu master. An authentication token
+encapsulates the identity of the authenticated user and carries the master's
+RSA signature so that its authenticity can be verified.
+
+This token will be used to authenticate subsequent connections. By default,
+authentication tokens are only valid for seven days, so that even if a token
+were compromised, it could not be used indefinitely. For the most part,
+authentication tokens should be completely transparent to users. By using
+authentication tokens, Kudu takes advantage of strong authentication without
+paying the scalability cost of communicating with a central authority for every
+connection.
+
+When used with distributed compute frameworks such as Spark, authentication
+tokens can simplify configuration and improve security. For example, the Kudu
+Spark connector will automatically retrieve an authentication token during the
+planning stage, and distribute the token to tasks. This allows Spark to work
+against a secured Kudu cluster where only the planner node has Kerberos
+credentials.
+
+== Scalability
+
+Kudu authentication is designed to scale to thousands of nodes, which requires
+avoiding unnecessary coordination with a central authentication authority (such
+as the Kerberos KDC). Instead, Kudu servers and clients will use Kerberos to
+establish initial trust with the Kudu master, and then use alternate credentials
+for subsequent connections. In particular, the master will issue internal
+X.509 certificates to servers, and temporary authentication tokens to clients.
+
+== Encryption
+
+Kudu allows all communications among servers and between clients and servers
+to be encrypted with TLS.
+
+Encryption can be configured on Kudu servers using the `--rpc-encryption` flag,
+which can be set to `required`, `optional`, or `disabled`. By default, the flag
+is set to `optional`. When `required`, Kudu will reject unencrypted connections.
+When `optional`, Kudu will attempt to use encryption, but will allow unencrypted
+connections. When `disabled`, Kudu will never use encryption. To secure a
+cluster, use `--rpc-encryption=required`.
+
+NOTE: Kudu will automatically turn off encryption on local loopback connections,
+since traffic from these connections is never exposed externally. This allows
+locality-aware compute frameworks like Spark and Impala to avoid encryption
+overhead, while still ensuring data confidentiality.
+
+== Coarse-Grained Authorization
+
+Kudu supports coarse-grained authorization of client requests based on the
+authenticated client Kerberos principal (i.e. user or service). The two levels
+of access which can be configured are:
+
+* *Superuser* - principals authorized as a superuser are able to perform
+certain administrative functionality such as using the `kudu` command line tool
+to diagnose or repair cluster issues.
+
+* *User* - principals authorized as a user are able to access and modify all
+data in the Kudu cluster. This includes the ability to create, drop, and alter
+tables as well as read, insert, update, and delete data.
+
+NOTE: Internally, Kudu has a third access level for the daemons themselves.
+This ensures that users cannot connect to the cluster and pose as tablet
+servers.
+
+Access levels are granted using whitelist-style Access Control Lists (ACLs), one
+for each of the two levels. Each access control list either specifies a
+comma-separated list of users, or may be set to `*` to indicate that all
+authenticated users are able to gain access at the specified level. See
+<<configuration>> below for examples.
+
+NOTE: The default value for the User ACL is `*`, which allows all users access
+to the cluster. However, if authentication is enabled, this still restricts access
+to only those users who are able to successfully authenticate via Kerberos.
+Unauthenticated users on the same network as the Kudu servers will be unable
+to access the cluster.
+
+[[web-ui]]
+== Web UI Encryption
+
+The Kudu web UI can be configured to use secure HTTPS encryption by providing
+each server with TLS certificates. See <<configuration>> for more information on
+web UI HTTPS configuration.
+
+== Web UI Redaction
+
+To prevent sensitive data from being exposed in the web UI, all row data is
+redacted. Table metadata, such as table names, column names, and partitioning
+information is not redacted. The web UI can be completely disabled by setting
+the `--webserver-enabled=false` flag on Kudu servers.
+
+WARNING: Disabling the web UI will also disable REST endpoints such as
+`/metrics`. Monitoring systems rely on these endpoints to gather metrics data.
+
+[[logs]]
+== Log Security
+
+To prevent sensitive data from being included in Kudu server logs, all row data
+is redacted by default. This feature can be turned off configuring the
+`--redact` flag.
+// TODO(dan): add link to configuration reference.
+
+[[configuration]]
+== Configuring a Secure Kudu Cluster
+
+The following configuration parameters should be set on all servers (master and
+tablet server) in order to ensure that a Kudu cluster is secure:
+
+```
+# Connection Security
+#--------------------
+--rpc-authentication=required
+--rpc-encryption=required
+--keytab-file=<path-to-kerberos-keytab>
+
+# Web UI Security
+#--------------------
+--webserver-certificate-file=<path-to-cert-pem>
+--webserver-private-key-file=<path-to-key-pem>
+# optional
+--webserver-private-key-password-cmd=<password-cmd>
+
+# If you prefer to disable the web UI entirely:
+--webserver-enabled=false
+
+# Coarse-grained authorization
+#--------------------------------
+
+# This example ACL setup allows the 'impala' user as well as the
+# 'nightly_etl_service_account' principal access to all data in the
+# Kudu cluster. The 'hadoopadmin' user is allowed to use administrative
+# tooling. Note that, by granting access to 'impala', other users
+# may access data in Kudu via the Impala service subject to its own
+# authorization rules.
+--user-acl=impala,nightly_etl_service_account
+--admin-acl=hadoopadmin
+```
+
+Further information about these flags can be found in the configuration
+flag reference.
+// TODO(todd) add a link
+
+
+[[known-limitations]]
+== Known Limitations
+
+Kudu has a few known security limitations:
+
+// TODO(danburkert): add JIRA links for each of these.
+
+Long-lived Tokens:: Kudu clients do not automatically request fresh tokens after
+initial token expiration, so long-lived clients in secure clusters are not
+supported. Note that applications such as Apache Impala construct new clients
+for each query and thus this limitation only affects the runtime of any single
+query.
+
+Custom Kerberos Principal:: Kudu does not support setting a custom service
+principal for Kudu processes. The principal must be 'kudu'.
+
+External PKI:: Kudu does not support externally-issued certificates for internal
+wire encryption (server to server and client to server).
+
+Fine-grained Authorization:: Kudu does not have the ability to restrict access
+based on operation type or target (table, column, etc). ACLs currently do not
+support authorization based on membership in a group.
+
+On-disk Encryption:: Kudu does not have built-in on-disk encryption. However,
+Kudu can be used with whole-disk encryption tools such as dm-crypt.
+
+Web UI Authentication:: The Kudu web UI lacks Kerberos-based authentication
+(SPNEGO), so access cannot be restricted based on Kerberos principals.
+
+Flume Integration:: Flume integration is not supported with secure Kudu clusters
+which require authentication or encryption.
[4/5] kudu git commit: Add ksck section to admin guide common
workflows
Posted by jd...@apache.org.
Add ksck section to admin guide common workflows
I've often wanted this when helping people through ksck.
Change-Id: I9631337b113d2c67be0057f728c68f792e8a4fd6
Reviewed-on: http://gerrit.cloudera.org:8080/6598
Reviewed-by: Adar Dembo <ad...@cloudera.com>
Tested-by: Kudu Jenkins
(cherry picked from commit 9d03677e45dfa5722d816645200071e4d78fb845)
Reviewed-on: http://gerrit.cloudera.org:8080/6646
Reviewed-by: Todd Lipcon <to...@apache.org>
Reviewed-by: Jean-Daniel Cryans <jd...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/9ad9993e
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/9ad9993e
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/9ad9993e
Branch: refs/heads/branch-1.3.x
Commit: 9ad9993eaa78555bb561130a905eafae2177c568
Parents: b962cd4
Author: Dan Burkert <da...@apache.org>
Authored: Fri Apr 7 17:15:25 2017 -0700
Committer: Jean-Daniel Cryans <jd...@apache.org>
Committed: Tue Apr 18 21:23:47 2017 +0000
----------------------------------------------------------------------
docs/administration.adoc | 74 ++++++++++++++++++++++++++++++++++++++++---
1 file changed, 70 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kudu/blob/9ad9993e/docs/administration.adoc
----------------------------------------------------------------------
diff --git a/docs/administration.adoc b/docs/administration.adoc
index d532561..7003160 100644
--- a/docs/administration.adoc
+++ b/docs/administration.adoc
@@ -367,8 +367,8 @@ are working properly, consider performing the following sanity checks:
be listed there with one master in the LEADER role and the others in the FOLLOWER role. The
contents of /masters on each master should be the same.
-* Run a Kudu system check (ksck) on the cluster using the `kudu` command line tool. Help for ksck
- can be viewed via `kudu cluster ksck --help`.
+* Run a Kudu system check (ksck) on the cluster using the `kudu` command line
+ tool. See <<ksck>> for more details.
=== Recovering from a dead Kudu Master in a Multi-Master Deployment
@@ -517,5 +517,71 @@ consider performing the following sanity checks:
be listed there with one master in the LEADER role and the others in the FOLLOWER role. The
contents of /masters on each master should be the same.
-* Run a Kudu system check (ksck) on the cluster using the `kudu` command line tool. Help for ksck
- can be viewed via `kudu cluster ksck --help`.
+* Run a Kudu system check (ksck) on the cluster using the `kudu` command line
+ tool. See <<ksck>> for more details.
+
+[[ksck]]
+=== Checking Cluster Health with `ksck`
+
+The `kudu` CLI includes a tool named `ksck` which can be used for checking
+cluster health and data integrity. `ksck` will identify issues such as
+under-replicated tablets, unreachable tablet servers, or tablets without a
+leader.
+
+`ksck` should be run from the command line, and requires the full list of master
+addresses to be specified:
+
+[source,bash]
+----
+$ kudu cluster ksck master-01.example.com,master-02.example.com,master-03.example.com
+----
+
+To see a full list of the options available with `ksck`, use the `--help` flag.
+If the cluster is healthy, `ksck` will print a success message, and return a
+zero (success) exit status.
+
+----
+Connected to the Master
+Fetched info from all 1 Tablet Servers
+Table IntegrationTestBigLinkedList is HEALTHY (1 tablet(s) checked)
+
+The metadata for 1 table(s) is HEALTHY
+OK
+----
+
+If the cluster is unhealthy, for instance if a tablet server process has
+stopped, `ksck` will report the issue(s) and return a non-zero exit status:
+
+----
+Connected to the Master
+WARNING: Unable to connect to Tablet Server 8a0b66a756014def82760a09946d1fce
+(tserver-01.example.com:7050): Network error: could not send Ping RPC to server: Client connection negotiation failed: client connection to 192.168.0.2:7050: connect: Connection refused (error 61)
+WARNING: Fetched info from 0 Tablet Servers, 1 weren't reachable
+Tablet ce3c2d27010d4253949a989b9d9bf43c of table 'IntegrationTestBigLinkedList'
+is unavailable: 1 replica(s) not RUNNING
+ 8a0b66a756014def82760a09946d1fce (tserver-01.example.com:7050): TS unavailable [LEADER]
+
+ Table IntegrationTestBigLinkedList has 1 unavailable tablet(s)
+
+ WARNING: 1 out of 1 table(s) are not in a healthy state
+ ==================
+ Errors:
+ ==================
+ error fetching info from tablet servers: Network error: Not all Tablet Servers are reachable
+ table consistency check error: Corruption: 1 table(s) are bad
+
+ FAILED
+ Runtime error: ksck discovered errors
+----
+
+To verify data integrity, the optional `--checksum_scan` flag can be set, which
+will ensure the cluster has consistent data by scanning each tablet replica and
+comparing results. The `--tables` or `--tablets` flags can be used to limit the
+scope of the checksum scan to specific tables or tablets, respectively. For
+example, checking data integrity on the `IntegrationTestBigLinkedList` table can
+be done with the following command:
+
+[source,bash]
+----
+$ kudu cluster ksck --checksum_scan --tables IntegrationTestBigLinkedList master-01.example.com,master-02.example.com,master-03.example.com
+----