kudu-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From t...@apache.org
Subject [34/51] [partial] kudu git commit: Update docs, add 1.3 release
Date Tue, 21 Mar 2017 00:16:41 GMT
http://git-wip-us.apache.org/repos/asf/kudu/blob/d114777e/docs/known_issues.html
----------------------------------------------------------------------
diff --git a/docs/known_issues.html b/docs/known_issues.html
index c11ef4d..fd3574c 100644
--- a/docs/known_issues.html
+++ b/docs/known_issues.html
@@ -2,7 +2,7 @@
 title: Known Issues and Limitations
 layout: default
 active_nav: docs
-last_updated: 'Last updated 2017-01-26 16:14:09 PST'
+last_updated: 'Last updated 2017-03-10 12:47:33 PST'
 ---
 <!--
 
@@ -126,12 +126,26 @@ or use large tables.</p>
 <div class="ulist">
 <ul>
 <li>
-<p>Authentication and authorization features are not implemented.</p>
+<p>Authorization is only available at a system-wide, coarse-grained level. Table-level,
+column-level, and row-level authorization features are not available.</p>
 </li>
 <li>
-<p>Data encryption is not built in. Kudu has been reported to run correctly
+<p>Data encryption at rest is not built in. Kudu has been reported to run correctly
 on systems using local block device encryption (e.g. <code>dmcrypt</code>).</p>
 </li>
+<li>
+<p>Kudu server Kerberos principals must follow the pattern <code>kudu/&lt;HOST&gt;@DEFAULT.REALM</code>.
+Configuring an alternate Kerberos principal is not supported.</p>
+</li>
+<li>
+<p>Kudu&#8217;s integration with Apache Flume does not support writing to Kudu
clusters that
+require Kerberos authentication.</p>
+</li>
+<li>
+<p>Kudu client instances retrieve authentication tokens upon first contact with the
+cluster. These tokens expire after one week. Use of a single Kudu client instance
+for more than one week is not supported.</p>
+</li>
 </ul>
 </div>
 </div>

http://git-wip-us.apache.org/repos/asf/kudu/blob/d114777e/docs/kudu-master_configuration_reference.html
----------------------------------------------------------------------
diff --git a/docs/kudu-master_configuration_reference.html b/docs/kudu-master_configuration_reference.html
index ed929db..8a44ecb 100644
--- a/docs/kudu-master_configuration_reference.html
+++ b/docs/kudu-master_configuration_reference.html
@@ -2,7 +2,7 @@
 title: kudu-master Flags
 layout: default
 active_nav: docs
-last_updated: 'Last updated 2017-02-02 14:03:11 PST'
+last_updated: 'Last updated 2017-03-20 16:43:12 PDT'
 ---
 <!--
 
@@ -178,6 +178,35 @@ configuration tasks.</p>
 </div>
 </div>
 <div class="sect2">
+<h3 id="kudu-master_keytab_file"><a class="link" href="#kudu-master_keytab_file"><code>--keytab_file</code></a></h3>
+<div class="paragraph">
+<p>Path to the Kerberos Keytab file for this server. Specifying a keytab file will
cause the server to kinit, and enable Kerberos to be used to authenticate RPC connections.</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">none</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
 <h3 id="kudu-master_rpc_bind_addresses"><a class="link" href="#kudu-master_rpc_bind_addresses"><code>--rpc_bind_addresses</code></a></h3>
 <div class="paragraph">
 <p>Comma-separated list of addresses to bind to for RPC connections. Currently, ephemeral
ports (i.e. port 0) are not allowed.</p>
@@ -207,6 +236,93 @@ configuration tasks.</p>
 </div>
 </div>
 <div class="sect2">
+<h3 id="kudu-master_superuser_acl"><a class="link" href="#kudu-master_superuser_acl"><code>--superuser_acl</code></a></h3>
+<div class="paragraph">
+<p>The list of usernames to allow as super users, comma-separated. A '*' entry indicates
that all authenticated users are allowed. If this is left unset or blank, the default behavior
is that the identity of the daemon itself determines the superuser. If the daemon is logged
in from a Keytab, then the local username from the Kerberos principal is used; otherwise,
the local Unix username is used.</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">none</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">sensitive,stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
+<h3 id="kudu-master_user_acl"><a class="link" href="#kudu-master_user_acl"><code>--user_acl</code></a></h3>
+<div class="paragraph">
+<p>The list of usernames who may access the cluster, comma-separated. A '*' entry indicates
that all authenticated users are allowed.</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock"><code>*</code></p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">sensitive,stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
+<h3 id="kudu-master_webserver_certificate_file"><a class="link" href="#kudu-master_webserver_certificate_file"><code>--webserver_certificate_file</code></a></h3>
+<div class="paragraph">
+<p>The location of the debug webserver&#8217;s SSL certificate file, in PEM format.
If empty, webserver SSL support is not enabled</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">none</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
 <h3 id="kudu-master_webserver_port"><a class="link" href="#kudu-master_webserver_port"><code>--webserver_port</code></a></h3>
 <div class="paragraph">
 <p>Port to bind to for the web server</p>
@@ -236,6 +352,64 @@ configuration tasks.</p>
 </div>
 </div>
 <div class="sect2">
+<h3 id="kudu-master_webserver_private_key_file"><a class="link" href="#kudu-master_webserver_private_key_file"><code>--webserver_private_key_file</code></a></h3>
+<div class="paragraph">
+<p>The full path to the private key used as a counterpart to the public key contained
in --ssl_server_certificate. If --ssl_server_certificate is set, this option must be set as
well.</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">none</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
+<h3 id="kudu-master_webserver_private_key_password_cmd"><a class="link" href="#kudu-master_webserver_private_key_password_cmd"><code>--webserver_private_key_password_cmd</code></a></h3>
+<div class="paragraph">
+<p>A Unix command whose output returns the password used to decrypt the Webserver&#8217;s
certificate private key file specified in --webserver_private_key_file. If the PEM key file
is not password-protected, this command will not be invoked. The output of the command will
be truncated to 1024 bytes, and then all trailing whitespace will be trimmed before it is
used to decrypt the private key</p>
+</div>
+<table class="tableblock frame-all grid-all" style="width: 50%;">
+<colgroup>
+<col style="width: 25%;">
+<col style="width: 75%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Type</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Default</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">none</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Tags</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">stable</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<p>&#160;</p>
+</div>
+</div>
+<div class="sect2">
 <h3 id="kudu-master_log_filename"><a class="link" href="#kudu-master_log_filename"><code>--log_filename</code></a></h3>
 <div class="paragraph">
 <p>Prefix of log filename - full path is &lt;log_dir&gt;/&lt;log_filename&gt;.[INFO|WARN|ERROR|FATAL]</p>


Mime
View raw message