Details
-
New Feature
-
Status: Closed
-
Major
-
Resolution: Later
-
None
-
None
Description
Security is not supported. Only authorized user (GLOBAL ADMIN) must be allowed to perform backup/restore. See: HBASE-7367 for good discussion on snapshot security model.
- Backup between two secured (Kerberos) clusters (Cross-realm authentication is required to use distcp/export snapshot between two secured cluster?)
- Backup between secured (Kerberos) and secured non-Kerberos cluster (AWS)
- Backup between secured and unsecured cluster
- Restore between two Kerberos clusters
- Restore from non-Kerberos (AWS) to Kerberos
- Restore from unsecured to secured (Kerberos)
- Users must be able to run backup/restore for table if they have admin privileges for a table
Some relevant JIRAs
https://issues.apache.org/jira/browse/HADOOP-8828
https://issues.apache.org/jira/browse/HDFS-6776
Links:
http://henning.kropponline.de/2015/10/04/distcp-between-kerberized-and-none-kerberized-cluster/
http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.2/bk_Sys_Admin_Guides/content/distcp_and_security_settings.html
https://discuss.zendesk.com/hc/en-us/articles/203176207-Setting-up-a-kerberos-cross-realm-trust-for-distcp
http://www.cloudera.com/documentation/enterprise/5-5-x/topics/cdh_admin_distcp_secure_insecure.html
https://www.cloudera.com/documentation/enterprise/5-4-x/topics/cdh_admin_distcp_data_cluster_migrate.html
https://www.cloudera.com/documentation/enterprise/5-7-x/topics/cdh_admin_distcp_data_cluster_migrate.html
Attachments
Issue Links
- incorporates
-
HBASE-16178 HBase restore command fails on cluster with encrypted HDFS
-
- Open
-
- is part of
-
-
- Closed
-