drill-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bridg...@apache.org
Subject drill-site git commit: drill 1.10 updates
Date Thu, 16 Mar 2017 03:11:30 GMT
Repository: drill-site
Updated Branches:
  refs/heads/asf-site 5e1615d2c -> 80182e299


drill 1.10 updates


Project: http://git-wip-us.apache.org/repos/asf/drill-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/drill-site/commit/80182e29
Tree: http://git-wip-us.apache.org/repos/asf/drill-site/tree/80182e29
Diff: http://git-wip-us.apache.org/repos/asf/drill-site/diff/80182e29

Branch: refs/heads/asf-site
Commit: 80182e299235a76afdbc961fffe5e9d8d14e57b8
Parents: 5e1615d
Author: Bridget Bevens <bbevens@maprtech.com>
Authored: Wed Mar 15 20:11:15 2017 -0700
Committer: Bridget Bevens <bbevens@maprtech.com>
Committed: Wed Mar 15 20:11:15 2017 -0700

----------------------------------------------------------------------
 .../index.html                                  | 61 ++++++++++----------
 .../configuring-plain-authentication/index.html |  2 +-
 docs/secure-communication-paths/index.html      |  4 +-
 feed.xml                                        |  4 +-
 4 files changed, 36 insertions(+), 35 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/drill-site/blob/80182e29/docs/configuring-kerberos-authentication/index.html
----------------------------------------------------------------------
diff --git a/docs/configuring-kerberos-authentication/index.html b/docs/configuring-kerberos-authentication/index.html
index 27313f8..af534ca 100644
--- a/docs/configuring-kerberos-authentication/index.html
+++ b/docs/configuring-kerberos-authentication/index.html
@@ -1155,7 +1155,7 @@
 <li><p>The drillbit service has access to the keytab, a file that contains a
list of keys for principals.  The key allows the service to decrypt the client’s ticket
granting service ticket, identify the principal, and grant access.</p></li>
 </ol>
 
-<p><img src="http://i.imgur.com/U6e8FR5.png" alt="Kerberos Auth Process Overview"></p>
+<p><img src="/docs/img/kerberosauthprocess.png" alt="">  </p>
 
 <h2 id="server-authentication-process">Server Authentication Process</h2>
 
@@ -1163,7 +1163,7 @@
 
 <h2 id="enabling-authentication">Enabling Authentication</h2>
 
-<p>During startup, a drillbit service must authenticate. At runtime, Drill uses the
keytab file. Trust is based on the keytab file; it’s secrets are shared with the KDC. The
drillbit service also uses this keytab credential to validate service tickets from clients.
Based on this information, the drillbit determines whether the client’s identity can be
verified to use its service. </p>
+<p>During startup, a drillbit service must authenticate. At runtime, Drill uses the
keytab file. Trust is based on the keytab file; its secrets are shared with the KDC. The drillbit
service also uses this keytab credential to validate service tickets from clients. Based on
this information, the drillbit determines whether the client’s identity can be verified
to use its service. </p>
 
 <hr>
 
@@ -1173,40 +1173,40 @@
 
 <hr>
 
-<p><img src="http://i.imgur.com/04S0vss.png" alt="Kerberos Client-Server Connection">
 </p>
+<p><img src="/docs/img/kerberclientserver.png" alt="">  </p>
 
 <ol>
-<li><p>Create a Kerberos principal identity and a keytab file.  You can create
one principal for each drillbit or one principal for all drillbits in a cluster. The drill.keytab
file must be owned by and readable by the administrator user. </p>
+<li>Create a Kerberos principal identity and a keytab file.  You can create one principal
for each drillbit or one principal for all drillbits in a cluster. The drill.keytab file must
be owned by and readable by the administrator user.<br></li>
+</ol>
 
 <ul>
 <li><p>For a single principal per node in cluster:</p>
-<div class="highlight"><pre><code class="language-text" data-lang="text">#
kadmin  
-: addprinc -randkey &lt;username&gt;/&lt;FQDN&gt;@&lt;REALM&gt;.COM
 
-: ktadd -k /opt/mapr/conf/drill.keytab &lt;username&gt;/&lt;FQDN&gt;@&lt;REALM&gt;.COM
+<div class="highlight"><pre><code class="language-text" data-lang="text">
   # kadmin  
+    : addprinc -randkey &lt;username&gt;/&lt;FQDN&gt;@&lt;REALM&gt;.COM
 
+    : ktadd -k /opt/mapr/conf/drill.keytab &lt;username&gt;/&lt;FQDN&gt;@&lt;REALM&gt;.COM
 
 </code></pre></div></li>
-<li><p>For a single principal per cluster, use <code>&lt;clustername&gt;</code>
instead of <code>&lt;FQDN&gt;</code>:</p>
-<div class="highlight"><pre><code class="language-text" data-lang="text">#
kadmin  
-: addprinc -randkey &lt;username&gt;/&lt;clustername&gt;@&lt;REALM&gt;.COM
 
-: ktadd -k /opt/mapr/conf/drill.keytab &lt;username&gt;/&lt;FQDN&gt;@&lt;REALM&gt;.COM
+<li><p>For a single principal per cluster, use <code>&lt;clustername&gt;</code>
instead of <code>&lt;FQDN&gt;</code>: </p>
+<div class="highlight"><pre><code class="language-text" data-lang="text">
   # kadmin  
+    : addprinc -randkey &lt;username&gt;/&lt;clustername&gt;@&lt;REALM&gt;.COM
 
+    : ktadd -k /opt/mapr/conf/drill.keytab &lt;username&gt;/&lt;FQDN&gt;@&lt;REALM&gt;.COM
 </code></pre></div></li>
-</ul></li>
-<li><p>Add the Kerberos principal identity and keytab file to the <code>drill-override.conf</code>
file.  </p>
+</ul>
+
+<ol>
+<li>Add the Kerberos principal identity and keytab file to the <code>drill-override.conf</code>
file.<br></li>
+</ol>
 
 <ul>
 <li><p>The instance name must be lowercase. Also, if _HOST is set as the instance
name in the principal, it is replaced with the fully qualified domain name of that host for
the instance name. For example, if a drillbit running on <code>host01.aws.lab</code>
uses <code>drill/_HOST@&lt;EXAMPLE&gt;.COM</code> as the principal, the
canonicalized principal is <code>drill/host01.aws.lab@&lt;EXAMPLE&gt;.COM</code>.
</p>
-<div class="highlight"><pre><code class="language-text" data-lang="text">
drill.exec {  
-    security: {  
-      user.auth.enabled:true,  
-      auth.mechanisms:[“KERBEROS”],  
-      auth.principal:“drill/&lt;clustername&gt;@&lt;REALM&gt;.COM”, 

-      auth.keytab:“/etc/drill/conf/drill.keytab”  
+<div class="highlight"><pre><code class="language-text" data-lang="text">
    drill.exec {  
+        security: {  
+          user.auth.enabled:true,  
+          auth.mechanisms:[“KERBEROS”],  
+          auth.principal:“drill/&lt;clustername&gt;@&lt;REALM&gt;.COM”,
 
+          auth.keytab:“/etc/drill/conf/drill.keytab”  
+        }  
     }  
-}  
 </code></pre></div></li>
-</ul></li>
-</ol>
-
-<ul>
 <li><p>To configure multiple mechanisms, extend the mechanisms list and provide
additional configuration parameters. For example, the following configuration enables Kerberos
and Plain (username and password) mechanisms. See Installing and Configuring Plain Authentication
for PAM configuration instructions. </p>
 <div class="highlight"><pre><code class="language-text" data-lang="text">
    drill.exec: {  
         security: {  
@@ -1217,14 +1217,15 @@
            auth.principal:&quot;drill/&lt;clustername&gt;@&lt;REALM&gt;.COM&quot;,
 
            auth.keytab:&quot;/etc/drill/conf/drill.keytab&quot;  
             }  
-        }    
-</code></pre></div>
+        }  
+</code></pre></div></li>
+</ul>
+
 <ol>
 <li><p>Restart the drillbit process on each Drill node.  </p>
-
-<p><DRILLINSTALL_HOME>/bin/drillbit.sh restart </p></li>
-</ol></li>
-</ul>
+<div class="highlight"><pre><code class="language-text" data-lang="text">&lt;DRILLINSTALL_HOME&gt;/bin/drillbit.sh
restart 
+</code></pre></div></li>
+</ol>
 
 <h2 id="using-connection-urls">Using Connection URLs</h2>
 

http://git-wip-us.apache.org/repos/asf/drill-site/blob/80182e29/docs/configuring-plain-authentication/index.html
----------------------------------------------------------------------
diff --git a/docs/configuring-plain-authentication/index.html b/docs/configuring-plain-authentication/index.html
index a969127..64dcbb2 100644
--- a/docs/configuring-plain-authentication/index.html
+++ b/docs/configuring-plain-authentication/index.html
@@ -1144,7 +1144,7 @@ When using PAM for authentication, each user that has permission to
run Drill qu
 
 <p>The following image illustrates the PAM user authentication process in Drill.  The
client passes a username and password to the drillbit as part of the connection request, which
then passes the credentials to PAM.  If PAM authenticates the user, the connection request
passes the authentication phase and the connection is established. The user will be authorized
to access Drill and issue queries against the file system or other storage plugins, such as
Hive or HBase.  </p>
 
-<p><img src="http://i.imgur.com/JkuApo2.png" alt="Plain Auth Process"></p>
+<p><img src="/docs/img/plainauthprocess.png" alt=""></p>
 
 <p>If PAM cannot authenticate the user, the connection request will not pass the authentication
phase, and the user will not be authorized to access Drill. The connection is terminated as
<code>AUTH_FAILED</code>.</p>
 

http://git-wip-us.apache.org/repos/asf/drill-site/blob/80182e29/docs/secure-communication-paths/index.html
----------------------------------------------------------------------
diff --git a/docs/secure-communication-paths/index.html b/docs/secure-communication-paths/index.html
index bdaecab..5f8c055 100644
--- a/docs/secure-communication-paths/index.html
+++ b/docs/secure-communication-paths/index.html
@@ -1120,7 +1120,7 @@
 
     </div>
 
-     Mar 15, 2017
+     Mar 16, 2017
 
     <link href="/css/docpage.css" rel="stylesheet" type="text/css">
 
@@ -1136,7 +1136,7 @@
 <li>Drillbit to storage plugin</li>
 </ol>
 
-<p><img src="http://i.imgur.com/2ndkLt6.png" alt="Secure Communication Paths"></p>
+<p><img src="/docs/img/securecommunicationpaths.png" alt=""></p>
 
 <h2 id="web-client-to-drillbit">Web Client to Drillbit</h2>
 

http://git-wip-us.apache.org/repos/asf/drill-site/blob/80182e29/feed.xml
----------------------------------------------------------------------
diff --git a/feed.xml b/feed.xml
index 7e55685..7449322 100644
--- a/feed.xml
+++ b/feed.xml
@@ -6,8 +6,8 @@
 </description>
     <link>/</link>
     <atom:link href="/feed.xml" rel="self" type="application/rss+xml"/>
-    <pubDate>Wed, 15 Mar 2017 19:45:02 -0700</pubDate>
-    <lastBuildDate>Wed, 15 Mar 2017 19:45:02 -0700</lastBuildDate>
+    <pubDate>Wed, 15 Mar 2017 20:07:29 -0700</pubDate>
+    <lastBuildDate>Wed, 15 Mar 2017 20:07:29 -0700</lastBuildDate>
     <generator>Jekyll v2.5.2</generator>
     
       <item>


Mime
View raw message