accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r951792 - in /websites/staging/accumulo/trunk/content: ./ 1.7/accumulo_user_manual.html
Date Mon, 18 May 2015 22:00:42 GMT
Author: buildbot
Date: Mon May 18 22:00:41 2015
New Revision: 951792

Log:
Staging update by buildbot for accumulo

Modified:
    websites/staging/accumulo/trunk/content/   (props changed)
    websites/staging/accumulo/trunk/content/1.7/accumulo_user_manual.html

Propchange: websites/staging/accumulo/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Mon May 18 22:00:41 2015
@@ -1 +1 @@
-1680096
+1680113

Modified: websites/staging/accumulo/trunk/content/1.7/accumulo_user_manual.html
==============================================================================
--- websites/staging/accumulo/trunk/content/1.7/accumulo_user_manual.html (original)
+++ websites/staging/accumulo/trunk/content/1.7/accumulo_user_manual.html Mon May 18 22:00:41
2015
@@ -5488,128 +5488,88 @@ all Accumulo servers must share the same
 <p>A number of properties need to be changed to account to properly configure servers
 in <code>accumulo-site.xml</code>.</p>
 </div>
-<div class="ulist">
-<ul>
-<li>
-<p><strong>general.kerberos.keytab</strong>=<em>/etc/security/keytabs/accumulo.service.keytab</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>The path to the keytab for Accumulo on local filesystem.</p>
-</li>
-<li>
-<p>Change the value to the actual path on your system.</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>general.kerberos.principal</strong>=<em>accumulo/_HOST@REALM</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>The Kerberos principal for Accumulo, needs to match the keytab.</p>
-</li>
-<li>
-<p>"_HOST" can be used instead of the actual hostname in the principal and will be
-automatically expanded to the current FQDN which reduces the configuration file burden.</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>instance.rpc.sasl.enabled</strong>=<em>true</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>Enables SASL for the Thrift Servers (supports GSSAPI)</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>instance.security.authenticator</strong>=<em>org.apache.accumulo.server.security.handler.KerberosAuthenticator</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>Configures Accumulo to use the Kerberos principal as the Accumulo username/principal</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>instance.security.authorizor</strong>=<em>org.apache.accumulo.server.security.handler.KerberosAuthorizor</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>Configures Accumulo to use the Kerberos principal for authorization purposes</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>instance.security.permissionHandler</strong>=<em>org.apache.accumulo.server.security.handler.KerberosPermissionHandler</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>Configures Accumulo to use the Kerberos principal for permission purposes</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>trace.token.type</strong>=<em>org.apache.accumulo.core.client.security.tokens.KerberosToken</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>Configures the Accumulo Tracer to use the KerberosToken for authentication when
-serializing traces to the trace table.</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>trace.user</strong>=<em>accumulo/_HOST@REALM</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>The tracer process needs valid credentials to serialize traces to Accumulo.</p>
-</li>
-<li>
-<p>While the other server processes are creating a SystemToken from the provided keytab
and principal, we can
-still use a normal KerberosToken and the same keytab/principal to serialize traces. Like
-non-Kerberized instances, the table must be created and permissions granted to the trace.user.</p>
-</li>
-<li>
-<p>The same <code>_HOST</code> replacement is performed on this value,
substituted the FQDN for <code>_HOST</code>.</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>general.delegation.token.lifetime</strong>=<em>7d</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>The length of time that the server-side secret used to create delegation tokens
is valid.
-After a server-side secret expires, a delegation token created with that secret is no longer
valid.</p>
-</li>
-</ul>
-</div>
-</li>
-<li>
-<p><strong>general.delegation.token.update.interval</strong>=<em>1d</em></p>
-<div class="ulist">
-<ul>
-<li>
-<p>The frequency in which new server-side secrets should be generated to create delegation
-tokens for clients. Generating new secrets reduces the likelihood of cryptographic attacks.</p>
-</li>
-</ul>
-</div>
-</li>
-</ul>
-</div>
+<table class="tableblock frame-all grid-all spread">
+<colgroup>
+<col style="width: 33%;">
+<col style="width: 33%;">
+<col style="width: 33%;">
+</colgroup>
+<thead>
+<tr>
+<th class="tableblock halign-left valign-top">Key</th>
+<th class="tableblock halign-left valign-top">Default Value</th>
+<th class="tableblock halign-left valign-top">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">general.kerberos.keytab</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">/etc/security/keytabs/accumulo.service.keytab</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">The path
to the keytab for Accumulo on local filesystem. Change the value to the actual path on your
system.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">general.kerberos.principal</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">accumulo/_HOST@REALM</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">The Kerberos
principal for Accumulo, needs to match the keytab. "_HOST" can be used instead of the actual
hostname in the principal and will be automatically expanded to the current FQDN which reduces
the configuration file burden.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">instance.rpc.sasl.enabled</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Enables SASL
for the Thrift Servers (supports GSSAPI)</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">rpc.sasl.qop</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">auth</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">One of "auth",
"auth-int", or "auth-conf". These map to the SASL defined properties for
+quality of protection. "auth" is authentication only. "auth-int" is authentication and data
+integrity. "auth-conf" is authentication, data integrity and confidentiality.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">instance.security.authenticator</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">org.apache.accumulo.server.security.
+handler.KerberosAuthenticator</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Configures
Accumulo to use the Kerberos principal as the Accumulo username/principal</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">instance.security.authorizor</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">org.apache.accumulo.server.security.
+handler.KerberosAuthorizor</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Configures
Accumulo to use the Kerberos principal for authorization purposes</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">instance.security.permissionHandler</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">org.apache.accumulo.server.security.
+handler.KerberosPermissionHandler</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Configures
Accumulo to use the Kerberos principal for permission purposes</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">trace.token.type</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">org.apache.accumulo.core.client.
+security.tokens.KerberosToken</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Configures
the Accumulo Tracer to use the KerberosToken for authentication when serializing traces to
the trace table.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">trace.user</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">accumulo/_HOST@REALM</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">The tracer
process needs valid credentials to serialize traces to Accumulo. While the other server processes
are
+creating a SystemToken from the provided keytab and principal, we can still use a normal
KerberosToken and the same
+keytab/principal to serialize traces. Like non-Kerberized instances, the table must be created
and permissions granted
+to the trace.user. The same <code>_HOST</code> replacement is performed on this
value, substituted the FQDN for <code>_HOST</code>.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">general.delegation.token.lifetime</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">7d</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">The length
of time that the server-side secret used to create delegation tokens is valid. After a server-side
secret
+expires, a delegation token created with that secret is no longer valid.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">general.delegation.token.update.interval</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">1d</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">The frequency
in which new server-side secrets should be generated to create delegation tokens for clients.
Generating
+new secrets reduces the likelihood of cryptographic attacks.</p></td>
+</tr>
+</tbody>
+</table>
 <div class="paragraph">
 <p>Although it should be a prerequisite, it is ever important that you have DNS properly
 configured for your nodes and that Accumulo is configured to use the FQDN. It
@@ -7157,7 +7117,7 @@ modes that are more common when running
 <div class="sect3">
 <h4 id="_known_failure_modes_setup_and_troubleshooting">16.15.1. Known failure modes:
Setup and Troubleshooting</h4>
 <div class="paragraph">
-<p>In addition to the general failure modes of running Sqrrl, VMs can introduce a
+<p>In addition to the general failure modes of running Accumulo, VMs can introduce
a
 couple of environmental challenges that can affect process stability. Clock
 drift is something that is more common in VMs, especially when VMs are
 suspended and resumed. Clock drift can cause Accumulo servers to assume that
@@ -10916,7 +10876,7 @@ An example is <em>java.lang.String</em>,
 </div>
 <div id="footer">
 <div id="footer-text">
-Last updated 2015-05-12 14:49:53 EDT
+Last updated 2015-05-18 17:01:54 EDT
 </div>
 </div>
 </body>



Mime
View raw message