impala-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject incubator-impala git commit: IMPALA-5006 [DOCS] Remove chunks of Cloudera-specific content from the Impala Security Guide.
Date Mon, 06 Mar 2017 19:45:13 GMT
Repository: incubator-impala
Updated Branches:
  refs/heads/master 13837262b -> c6673634b

IMPALA-5006 [DOCS] Remove chunks of Cloudera-specific content
from the Impala Security Guide.

The scope of this gerrit is dealing with chunks of CM content
still remaining in the security guide. Some of work on the SSL,
LDAP and Sentry topics was done by John in a separate gerrit.

Change-Id: I65a2aa96d7d45f6c1b348105727ddb5c4a6be6d2
Reviewed-by: John Russell <>
Tested-by: Impala Public Jenkins


Branch: refs/heads/master
Commit: c6673634bb7aff2cd007bc886eba302cfaf33eb6
Parents: 1383726
Author: Ambreen Kazi <>
Authored: Thu Mar 2 13:22:41 2017 -0800
Committer: Impala Public Jenkins <>
Committed: Mon Mar 6 19:08:31 2017 +0000

 docs/topics/impala_auditing.xml            | 38 ++-----------------------
 docs/topics/impala_kerberos.xml            | 32 ---------------------
 docs/topics/impala_lineage.xml             | 12 +-------
 docs/topics/impala_security_guidelines.xml |  4 +--
 4 files changed, 5 insertions(+), 81 deletions(-)
diff --git a/docs/topics/impala_auditing.xml b/docs/topics/impala_auditing.xml
index 8dd5b23..2d5e46c 100644
--- a/docs/topics/impala_auditing.xml
+++ b/docs/topics/impala_auditing.xml
@@ -49,21 +49,15 @@ under the License.
         in your <cmdname>impalad</cmdname> startup options.
         The log directory must be a local directory on the
         server, not an HDFS directory.
-        <p audience="hidden">
-	  For a cluster managed by Cloudera Manager, see
-          <xref
-          href="cn_iu_audit_log.xml#xd_583c10bfdbd326ba--6eed2fb8-14349d04bee--7d6f/section_v25_lmy_bn"/>.
-        </p>
         Decide how many queries will be represented in each log file. By default,
         Impala starts a new log file every 5000 queries. To specify a different number, <ph
-          audience="standalone">include
+        audience="standalone">include
         the option <codeph>-max_audit_event_log_file_size=<varname>number_of_queries</varname></codeph>
         in the <cmdname>impalad</cmdname> startup options</ph>
-        <xref href="cn_iu_audit_log.xml#xd_583c10bfdbd326ba--6eed2fb8-14349d04bee--7d6f/section_v25_lmy_bn"
-        configure Impala Daemon logging in Cloudera Manager</xref>.
+        <xref href="cn_iu_audit_log.xml#xd_583c10bfdbd326ba--6eed2fb8-14349d04bee--7d6f/section_v25_lmy_bn"
audience="integrated">configure Impala Daemon logging in Cloudera Manager</xref>.
@@ -71,13 +65,6 @@ under the License.
         and produce reports based on the audit logs collected
         from all the hosts in the cluster. 
-      <li audience="hidden">
-        Use Cloudera Navigator or Cloudera Manager to filter, visualize, and produce reports
based on the audit
-        data. (The Impala auditing feature works with Cloudera Manager 4.7 to 5.1 and Cloudera
Navigator 2.1 and
-        higher.) Check the audit data to ensure that all activity is authorized and detect
attempts at
-        unauthorized access.
-      </li>
     <p outputclass="toc inpage"/>
@@ -275,25 +262,4 @@ Here is an excerpt from a sample audit log file:
-  <concept id="auditing_reviewing" audience="hidden">
-    <title>Reviewing the Audit Logs</title>
-  <prolog>
-    <metadata>
-      <data name="Category" value="Logs"/>
-    </metadata>
-  </prolog>
-    <conbody>
-      <p>
-        You typically do not review the audit logs in raw form. The Cloudera Manager Agent
periodically transfers
-        the log information into a back-end database where it can be examined in consolidated
form. See
-        <ph audience="standalone">the <xref href=""
-            scope="external" format="html">Cloudera Navigator documentation</xref>
for details</ph>
-            <xref href="cn_iu_audits.xml#cn_topic_7" audience="integrated" />.
-      </p>
-    </conbody>
-  </concept>
diff --git a/docs/topics/impala_kerberos.xml b/docs/topics/impala_kerberos.xml
index 8812389..480a861 100644
--- a/docs/topics/impala_kerberos.xml
+++ b/docs/topics/impala_kerberos.xml
@@ -48,15 +48,6 @@ under the License.
       <cmdname>impalad</cmdname> or <cmdname>statestored</cmdname>.
-    <p audience="hidden">
-      For more information on enabling Kerberos authentication, see the
-      topic on Configuring Hadoop Security in the
-      <xref href=""
scope="external" format="html">CDH 5 Security Guide</xref>.
-      When using Impala in a managed environment, Cloudera Manager automatically completes
Kerberos configuration.
-      <ph rev="upstream">Cloudera</ph> recommends using a consistent format,
such as
-      <codeph>impala/_HOST@Your-Realm</codeph>, but you can use any three-part
Kerberos server principal.
-    </p>
     <note conref="../shared/impala_common.xml#common/authentication_vs_authorization"/>
@@ -107,29 +98,6 @@ under the License.
         name of the <codeph>keytab</codeph> file containing the credentials for
the principal.
-      <p audience="hidden">
-        Impala supports the Cloudera ODBC driver and the Kerberos interface provided. To
use Kerberos through the
-        ODBC driver, the host type must be set depending on the level of the ODBC driver:
-      </p>
-      <ul audience="hidden">
-        <li>
-          <codeph>SecImpala</codeph> for the ODBC 1.0 driver.
-        </li>
-        <li>
-          <codeph>SecBeeswax</codeph> for the ODBC 1.2 driver.
-        </li>
-        <li>
-          Blank for the ODBC 2.0 driver or higher, when connecting to a secure cluster.
-        </li>
-        <li>
-          <codeph>HS2NoSasl</codeph> for the ODBC 2.0 driver or higher, when
connecting to a non-secure cluster.
-        </li>
-      </ul>
         To enable Kerberos in the Impala shell, start the <cmdname>impala-shell</cmdname>
command using the
         <codeph>-k</codeph> flag.
diff --git a/docs/topics/impala_lineage.xml b/docs/topics/impala_lineage.xml
index f444836..7ba5b17 100644
--- a/docs/topics/impala_lineage.xml
+++ b/docs/topics/impala_lineage.xml
@@ -56,13 +56,6 @@ under the License.
       not tampered with.
-    <p audience="hidden">
-      You interact with this feature through <term>lineage diagrams</term> showing
relationships between tables and
-      columns. For instructions about interpreting lineage diagrams, see
-      <xref audience="integrated" href="cn_iu_lineage.xml" />
-      <xref audience="standalone" href=""
scope="external" format="html"/>.
-    </p>
     <section id="column_lineage">
       <title>Column Lineage</title>
@@ -119,10 +112,7 @@ under the License.
         To enable or disable this feature, set or remove the <codeph>-lineage_event_log_dir</codeph>
-        configuration option for the <cmdname>impalad</cmdname> daemon. <ph
-        information about turning the lineage feature on and off through Cloudera Manager,
-        <xref audience="integrated" href="datamgmt_impala_lineage_log.xml"/>
-        <xref audience="standalone" href=""
scope="external" format="html"/>.</ph>
+        configuration option for the <cmdname>impalad</cmdname> daemon.
diff --git a/docs/topics/impala_security_guidelines.xml b/docs/topics/impala_security_guidelines.xml
index cfe27b5..f664491 100644
--- a/docs/topics/impala_security_guidelines.xml
+++ b/docs/topics/impala_security_guidelines.xml
@@ -87,8 +87,8 @@ under the License.
         The Impala authorization feature makes use of the HDFS file ownership and permissions
mechanism; for
         background information, see the
-        <xref href=""
scope="external" format="html">CDH
-        HDFS Permissions Guide</xref>. Set up users and assign them to groups at the
OS level, corresponding to the
+        <xref href=""
scope="external" format="html">HDFS Permissions Guide</xref>.
+        Set up users and assign them to groups at the OS level, corresponding to the
         different categories of users with different access levels for various databases,
tables, and HDFS
         locations (URIs). Create the associated Linux users using the <cmdname>useradd</cmdname>
command if
         necessary, and add them to the appropriate groups with the <cmdname>usermod</cmdname>

View raw message