WANdisco Fusion ®

1. Introduction

1.1. WD Fusion User Guide

Welcome to the User Guide for WD Fusion, version 2.10

1.2. What is WD Fusion?

WD Fusion is a software application that allows Hadoop deployments to replicate HDFS data between Hadoop clusters that are running different, even incompatible versions of Hadoop. It is even possible to replicate between different vendor distributions and versions of Hadoop.

1.2.1. Benefits

  • Virtual File System for Hadoop, compatible with all Hadoop applications.

  • Single, virtual Namespace that integrates storage from different types of Hadoop, including CDH, HDP, EMC Isilon, Amazon S3/EMRFS and MapR.

  • Storage can be globally distributed.

  • WAN replication using Wandisco’s patented active-active replication technology, delivering single-copy consistent hdfs data, replicated between far-flung data centers.

1.3. Using this guide

This guide describes how to install and administer WD Fusion as part of a multi data center Hadoop deployment, using either on premises or cloud-based clusters. We break down the guide into the following three sections:

Deployment Guide

This section describes the evaluation and review process, on to the actual software installation. Use the deployment guide for getting set up. If you need to make changes on your platform, recheck the Deployment Checklist to ensure that you’re not going to impact Hadoop data replication.

User Guide

This section describes all the common actions and procedures that are required as part of managing WD Fusion in a deployment. It covers how to work with the UI’s monitoring and management tools. Use the Admin Guide if you need to know how to do something.

Reference Guide

This section describes the UI, systematically covering all screens and providing an explanation for what everything does. Use the Reference Guide if you need to check what something does on the UI, or gain a better understanding of WD Fusion’s underlying architecture.

1.4. Admonitions

In the guide we highlight types of information using the following call outs:

The alert symbol highlights important information.
The STOP symbol cautions you against doing something.
Tips are principles or practices that you’ll benefit from knowing or using.
The KB symbol shows where you can find more information, such as in our online Knowledgebase.

1.5. Get support

See our online Knowledgebase which contains updates and more information.

If you need more help raise a case on our support website.

1.6. Give feedback

If you find an error or if you think some information needs improving, raise a case on our support website or email docs@wandisco.com.

2. Release Notes

2.1. Release 2.10 Build 46

13 April 2017

WANdisco is pleased to present WD Fusion 2.10 as the next major release of the Fusion platform, available now from the WANdisco file distribution site. This release includes significant new product functionality that leverages the Fusion architecture to support a broader range of use cases, expand performance and scale, and ease the administration of Fusion environments.

2.2. Installation

Find detailed installation instructions in the user guide at http://docs.wandisco.com/bigdata/wdfusion/2.10/#install

2.2.1. Upgrades from Earlier Versions

As a major release, Fusion 2.10 introduces incompatibilities with the network protocols and storage formats used by prior versions. Please contact WANdisco support for information on the upgrade mechanism appropriate for your environment.


2.3. New Feature Highlights

This release includes the following major new features.

2.3.1. WANdisco Fusion for Network File Systems

WD Fusion 2.10 adds support for replicating data efficiently from Network File Systems (NFS) for NetApp devices to any mix of on-premises and cloud environments. This feature allows data replication at any scale from NFS to other Fusion zones.

2.3.2. User Interface

The WD Fusion user interface now presents a logical view of the Fusion operational components, Fusion zones and bandwidth limit policies in place of the physical map of locations. This makes it easier to observe the deployment of complex solutions and navigate directly to detailed views of individual item configuration.

2.3.3. Client Bypass

An improvement has been made to the mechanism used by the HDFS and HCFS client library to detect when a working Fusion server is unavailable. This allows clients to bypass the Fusion server when needed without waiting for a TCP connection loss or timeout.

2.3.4. Replication of Read-Only Locations

Fusion 2.10 can be configured to replicate from storage system locations that do not provide write access for the identity used by the Fusion server.

2.3.5. S3 Enhancements

Fusion configuration options now include custom S3 endpoints so that replication can occur to non-AWS S3 providers. Additionally, when Fusion is hosted in AWS EC2, replication can occur to an S3 endpoint that is in a region other than where the Fusion services reside.

2.3.6. Repair Features and Improvements

The Fusion repair feature allows the transfer of initial content between Fusion zones that have not previously replicated, and can be used as a mechanism to perform once-off replication that remains consistent with other replication activity. Repair has been enhanced significantly in Fusion 2.10, including the following:

Auto-Parallelization of Repair

Fusion repair functionality has been extended with major improvements in performance by automatically scaling a single repair task across multiple threads of execution. This removes the need to issue multiple repair requests for subset of a replicated location. It also provides the ability to tune the threads used for repair independently of those used for consensus-driven activity of replicated content.

Checkpoint Repair

When initiating a repair task for initial data transfer or similar, you now have the option of selecting a checkpoint repair. This avoids the need for Fusion to scan the file system of the originating zone under the repair path to determine content. Checkpoint repair refers to content from an HDFS fsimage file, avoiding the need to lock other operations during a repair scan.

Repair Cancellation

You can cancel a repair task that is underway.

Resource Consumption for Repair

Heap requirements for repair execution are now independent of the volume of data under repair.

Global View of Repair Status

Repair task status is available from any node, regardless of origin.

2.3.7. Consistency Check Features and Improvements

Consistency Check ACL Information

File system ACL information will be reported by consistency check and repaired by repair.

Consistency Check Cancellation

You can cancel consistency checks that are underway.

Resource Requirements for Consistency Check

Resource requirements for consistency check are now independent of the volume of metadata against which the check is performed.

2.3.8. User Interface Security

The WANdisco Fusion user interface can be accessed over HTTPS, and for that configuration to be performed independently of other SSL configuration.

2.3.9. Relocatable Installation

You can choose to install WD Fusion 2.10 in a location other than the default /opt/wandisco.

2.3.10. Network Support for Firewalled Fusion Zones

Fusion 2.10 can operate in an environment where one Fusion zone does not allow inbound network connectivity. This is typical for a secured on-premises deployment, where it may be difficult to modify or establish corporate firewall rules to allow inbound TCP connections to the Fusion services.

2.3.11. ACL Replication

ACL replication can be enabled to allow changes from local- and remote-originated zones to be replicated. ACL information will be represented in consistency check results as appropriate.

2.3.12. Enhanced Logging

Among a range of minor improvements to logged information, Fusion 2.10 adds the ability to log the identity of the proxy user for which requests are made.

2.3.13. Manual Fast Bypass

This feature introduces a mechanism to quickly prevent applications from using Fusion when interacting with the underlying file system, without the need to make configuration changes. The fusion.replicated.dir.exchange configuration property in core-site.xml specifies the location under which a directory named bypass can be created to trigger this. Subsequent client activity in that cluster will bypass coordination through Fusion.

2.3.14. API to Track Completion of Transfers for a Specified Location

The API to track the status of transfers under a replicated directory now allows that tracking to be limited to a sub-directory of a replicated location.

2.3.15. Installation without Root Identity

Fusion 2.10 can be installed as a non-root user with sufficient permissions (sudo tar, sudo ambari-server, sudo cp).

2.3.16. Shadow Client JAR

The Fusion 2.10 client library for HDFS and HCFS compatibility ensures that classpath conflicts do not occur with any client application, allowing Fusion to be used by applications that use alternative versions of the Guava and Netty libraries.

2.3.17. Unsidelining

Periods of extended network outage between Fusion zones can be accommodated by limits that allow Fusion servers to identify a sidelined node, ensuring that operation of other nodes can continue in its absence. Prior to this release, bringing a sidelined node back into operation was a completely manual process. Fusion 2.10 adds a mechanism by which sidelined nodes can be recovered and participate in ongoing activity.

2.3.18. Operation as an HDFS Non-Superuser

To support operation in environments where minimal security privileges must be allocated, the Fusion server can now operate as a principal without HDFS superuser privileges.

2.3.19. Selective Replication of open() Requests

A configuration option (fusion.client.coordinate.read) is provided to allow coordination of open() requests, which by default is false.

2.3.20. Preferred Writer Selection

This release provides an API by which a preferred writer node can be specified for a given replicated path. The writer node is the Fusion server instance responsible for executing modifications to the local zone’s metadata via the file system API.

2.3.21. Grace Period for License Expiry

License expiration allows continued operation for a short grace period (by default one month for production licenses), during which notifications are presented to the administrator about the license expiry. This is in addition to the existing warnings provided prior to license expiration.

Additionally, license expiry does not halt operation of the Fusion server, which remains available to service activities that occur in non-replicated locations.

2.3.22. New Platform Support

WD Fusion has added support for the following new platforms since Fusion 2.9:

  • CDH 5.9 and 5.10

  • HDP 2.5

  • HDInsights 3.2 - 3.5

  • IBM BigInsights 3.0

  • Amazon EMR 5.3 and 5.4

  • MapR 5.2.0


2.4. Available Packages

This release of WANdisco Fusion supports the following versions of Hadoop:

  • CDH 5.2.0 - CDH 5.10.0

  • HDP 2.1.0 - HDP 2.5.0

  • MapR 4.0.1 - MapR 5.2.0

  • Pivotal HD 3.0.0 - 3.4.0

  • IOP (BigInsights) 2.1.2 - 4.2

The trial download includes the installation packages for CDH and HDP distributions only.


2.5. System Requirements

Before installing, ensure that your systems, software and hardware meet the requirements found in our online user guide at docs.wandisco.com/bigdata/wdfusion/2.10/#_deployment_guide

2.5.1. Certified Third-Party Components

WANdisco certifies the interoperability of Fusion with a wide variety of systems, including Hadoop distributions, object storage platforms, cloud environments, and applications.

  • Amazon S3

  • Amazon EMR 4.6, 4.7.1, 5.0

  • Ambari 1.6, 1.7, 2.0, 3.1

  • CDH 4.4, 5.2 - 5.10

  • EMC Isilon 7.2, 8.0

  • Google Cloud Storage

  • Google Cloud Dataproc

  • HDP 2.1.0 - 2.5.0

  • IBM BI 2.1.2 - 4.2

  • MapR M4.0 - M5.0

  • Microsoft Azure Blob Storage

  • Microsoft Azure HDInsights 3.2 - 3.5

  • MySQL (Hive Metastore)

  • Oracle BDA

  • Pivotal HD 3.0 - 3.4

2.5.2. Client Applications Supported

WANdisco Fusion is architected for maximum compatibility and interoperability with applications that use standard Hadoop File System APIs. All applications that use the standard Hadoop Distributed File System API or any Hadoop-Compatible File System API should be interoperable with WANdisco Fusion, and will be treated as supported applications. Additionally, Fusion supports the replication of content with Amazon S3 and S3-compatible objects stores, locally-mounted file systems, and NetApp NFS devices, but does not require or provide application compatibility libraries for these storage services.

2.6. Known Issues

Fusion 2.10 includes a small set of known issues with workarounds. In each case, resolution for the known issues is underway.

  • Renaming the parent directory of a location with current file transfers may result in incomplete transfer - FUS-387.

In some circumstances, modification of the metadata for a parent directory within a replicated location can prevent the completion of content transfer that is underway for files underneath that directory. Fusion’s metadata consistency is unaffected, but file content may not be available in full. Consistency check and repair can be used to both detect and resolve any resulting missing content.

  • Metadata change following move of file from non-replicated to replicated location may be overwritten - FUS-3433

Under certain conditions, a metadata modification to a file that has recently been moved from a non-replicated to replicated location may be lost. Consistency check and repair can be used to both detect and resolve any resulting missing content.

  • Fusion does not support truncate command - FUS-3022

The public boolean truncate(Path f, long newLength) operation in org.apache.hadoop.fs.FileSystem (> 2.7.0) is not yet supported. Files will be truncated only in the cluster where the operation is initiated. Consistency check and repair can be used to both detect and resolve any resulting inconsistencies.

  • Fusion does not support concat() operation - FUS-3714

The public void concat(Path trg, Path[] psrcs) operation in org.apache.hadoop.fs.FileSystem is not yet supported, and will result in filesystem inconsistency. Consistency check and repair can be used to both detect and resolve any resulting inconsistencies.

  • Consistency check will not be marked as done when initiated from a non-writer node - FUS-2675

While a consistency check initiated via the API at a non-writer node will execute and complete, its status will not be marked as such. The workaround is to ensure that consistency check operations are only initiated at writer nodes.

2.7. Other Improvements

In addition to the highlighted features listed above, Fusion 2.10 includes a wide set of improvements in performance, functionality, scale, interoperability and general operation.

  • Parallel repair functionality avoids duplicate repair activity - FUS-3073

  • Correction to handling of specific path names to avoid issues with Hive replication - FUS-3543

  • Stack installer does not access non-initialized variables (fix for install on Oracle Enterprise Linux) - FUS-3551

  • Installation completes with WebHDFS disabled - FUS-3555

  • /fusion/fs no longer returns 500 response when adding removed replicated location - FUS-2148

  • Talkback does not attempt to ssh to KDC as root user - FUS-3192

  • Consistency check tasks can be cancelled - FUS-3053

  • service fusion-server restart displays success - FUS-3193

  • Installer supports configuration changes needed for SOLR - FUS-3200

  • Client library no longer conflicts with user jars - FUS-3372, FUS-3407

  • CDH parcel upgrade performed for alternatives - FUS-3418

  • IHC SSL configuration no longer in core-site.xml - FUS-2828

  • MapR 5.2.0 support - FUS-2870

  • Fusion UI now applies auth_to_local setting when browsing HDFS - FUI-3995

  • Repair page redesigned to avoid unselectable source of truth - FUI-3759

  • Fusion handshake token directory installer input is pre-populated when adding node to an existing zone - FUI-3920

  • UI correctly displayed size of replicated folder - FUI-3974/FUI-3995

  • Support for CDH 5.9 - FUI-4084

  • Support for Cloudera Manager 5.9 - FUI-4085

  • Support for CDH and Cloudera Manager 5.10 - FUI-4089

  • Consistency check marked as done when initiated from a non-writer node - FUI-3921/FUS-2675

  • Improved checks for Fusion client installation - FUI-3922

  • Install accommodates HIVE_AUX_JARS with single jar - FUS-3438

  • Allow operation with ambari-agent as non-root user - FUS-3211

  • Log proxy.user.name for requests - FUS-3154

  • Improve default exclusion paths for Hive tables - HIVE-310

  • Heap requirements for consistency check now independent of data volume - FUS-2402, FUS-3292

  • Avoid out of memory under failed socket connection scenario - DCO-683

  • Empty metadata content does not result in recursive delete - FUS-3190

  • Correct permission replication for Hive tables - FUS-3095, REPL-16

  • Allow cancellation of repair tasks that are underway - FUS-3052

  • Provide aggregate reporting of repair status across zones - FUS-2823, FUS-2948

  • Integrate with alternative native SSL libraries - FUS-2859

  • Talkback improves host resolution - FUS-3249

  • Service init functions allow AD groups with spaces in name - FUI-4278

  • RPM upgrades do not overwrite logging configuration - FUI-3894

  • Email alert interval polling defaults to 60s - FUI-3768

  • Metastore starts with DBTokenStore configured on CDH 5.5 - HIVE-384, HIVE-389

  • Support replication of external tables via default DSM - HIVE-225, HIVE-284

  • Correct Metastore configuration deployment with multiple nodes - HIVE-299

  • Bypass mechanism for replicated Metastore - HIVE-134

  • Metastore event listener replication - HIVE-222, HIVE-243, HIVE-234, REPL-2, REPL-7

  • WD Hive Metastore service status in Cloudera Manager - HIVE-257

  • Correct Hive installation on RHEL 7 - HIVE-261

  • Improve installation of Hive for HDP configuration - HIVE-296

  • Stack removal for Hive improved - HIVE-307

  • Standardized Java detection - FUS-2479, FUI-3165, HIVE-327

  • Hive support for CDH 5.9 - HIVE-356

  • Hive support for CDH 5.10 - HIVE-257

  • Correct permissions on /tmp/wd-hive-metrics.log et al. - HIVE-392

  • Sidelined DSMs no longer trigger re-elections - FUS-3083

  • fusion.ssl.enabled property renamed to fusion.client.ssl.enabled - FUS-3013

  • Additional properties for S3 configuration - FUS-3513

  • Client requests to sidelined DSM no longer retry - FUS-3003, FUS-2927, FUS-3051, FUS-3299

  • HttpFS classpath corrections - FUS-3201

3. Deployment Guide

3.1. WANdisco server requirements

This section describes hardware requirements for deploying Hadoop using WD Fusion. These are guidelines that provide a starting point for setting up data replication between your Hadoop clusters.

Glossary
We’ll be using terms that relate to the Hadoop ecosystem, WD Fusion and WANdisco’s DconE replication technology. If you encounter any unfamiliar terms checkout the Glossary.
Example Workflow
Figure 1. server configuration for WD Fusion
WD Fusion UI

A separate server that provides administrators with a browser-based management console for each WD Fusion server. This can be installed on the same machine as WD Fusion’s server or on a different machine within your data center.

IHC Server

Inter Hadoop Communication servers handle the traffic that runs between zones or data centers that use different versions of Hadoop. IHC Servers are matched to the version of Hadoop running locally. It’s possible to deploy different numbers of IHC servers at each data center, additional IHC Servers can form part of a High Availability mechanism.

WD Fusion servers don’t need to be collocated with IHC servers
If you deploy using the installer, both the WD Fusion and IHC servers are installed into the same system by default. This configuration is made for convenience, but they can be installed on separate systems. This would be recommended if your servers don’t have the recommended amount of system memory.
WD Fusion Client

Client jar files to be installed on each Hadoop client, such as mappers and reducers that are connected to the cluster. The client is designed to have a minimal memory footprint and impact on CPU utilization.

WD Fusion must not be collocated with HDFS servers (DataNodes, etc)
HDFS’s default block placement policy dictates that if a client is collocated on a DataNode, then that collocated DataNode will receive 1 block of whatever file is being put into HDFS from that client. This means that if the WD Fusion Server (where all transfers go through) is collocated on a DataNode, then all incoming transfers will place 1 block onto that DataNode. In which case the DataNode is likely to consume lots of disk space in a transfer-heavy cluster, potentially forcing the WD Fusion Server to shut down in order to keep the Prevaylers from getting corrupted.

3.2. Licensing

WD Fusion includes a licensing model that can limit operation based on time, the number of nodes and the volume of data under replication. WANdisco generates a license file matched to your agreed usage model. You need to renew your license if you exceeds these limits or if your license period ends. See License renewals.

3.2.1. License Limits

When your license limits are exceeded, WD Fusion will operate in a limited manner, but allows you to apply a new license to bring the system back to full operation. Once a license is no longer valid:

  • Write operations to replicated locations are blocked,

  • Warnings and notifications related to the license expiry are delivered to the administrator,

  • Replication of data will no longer occur,

  • Consistency checks and repair operations are not allowed, and

  • Operations for adding replication rules and memberships will be denied.

Each different type of license has different limits.

Evaluation license

To simplify the process of pre-deployment testing, WD Fusion is supplied with an evaluation license (also known as a "trial license"). This type of license imposes limits:

Source Time limit No. fusion servers No. of Zones Replicated Data Plugins Specified IPs

Website

14 days

1-2

1-2

5TB

No

No

Production license

Customers entering production need a production license file for each node. These license files are tied to the node’s IP address. In the event that a node needs to be moved to a new server with a different IP address customers should contact WANdisco’s support team and request that a new license be generated. Production licenses can be set to expire or they can be perpetual.

Source Time limit No. fusion servers No. of Zones Replicated Data Plugins Specified IPs

WANdisco

variable (default: 1 year)

variable (default: 20)

variable (default: 10)

variable (default: 20TB)

Yes

Yes

Unlimited license

For large deployments, Unlimited licenses are available, for which there are no usage limits.

3.2.2. License renewals

  1. The WD Fusion UI provides a warning message whenever you log in. Example Workflow

  2. A warning also appears under the Settings tab on the license Settings panel. Follow the link to the website. Example Workflow

  3. Complete the form to set out your requirements for license renewal. Example Workflow

3.3. Prequisites Checklist

The following prerequisites checklist apply to both the WD Fusion server and for separate IHC servers. We recommend that you deploy on physical hardware rather than on a virtual platform, however, there are no reasons why you can’t deploy on a virtual environment.

3.3.1. Scaling a deployment

How much WD Fusion you need to deploy is not proportionate to the amount of data stored in your clusters, or the number of nodes in your clusters. You deploy WD Fusion/IHC server nodes in proportion to the data traffic between clusters; the more data traffic you need to handle, the more resources you need to put into the WD Fusion server software.

If you plan to locate both the WD Fusion and IHC servers on the same machine then check the Collocated Server requirements:

CPUs

Small WD Fusion server deployment : 8 cores
Large WD Fusion server deployment: : 16 cores
Architecture: 64-bit only.

System memory

There are no special memory requirements, except for the need to support a high throughput of data:
Type: Use ECC RAM
Size: Recommended 64 GB recommended (minimum of 16 GB)
Small WD Fusion server Deployment: 32 GB
Large WD Fusion server deployment: 128 GB
System memory requirements are matched to the expected cluster size and should take into account the number of files and block size. The more RAM you have, the bigger the supported file system, or the smaller the block size.

Collocation of WD Fusion/IHC servers
Both the WD Fusion server and the IHC server are, by default, installed on the same machine, in which case you would need to double the minimum memory requirements stated above. E.g. Size: Recommended 64 GB recommended (minimum of 32 GB)
Small WD Fusion server Deployment: 64 GB
Large WD Fusion server deployment: 128 GB or more
Storage space

Type: Hadoop operations are storage-heavy and disk-intensive so we strongly recommend that you use enterprise-class Solid State Drives (SSDs).
Size: Recommended: 1 TiB
Minimum: You need at least 250 GiB of disk space for a production environment.

Network Connectivity

Minimum 1Gb Ethernet between local nodes.
Small WANdisco Fusion server: 2Gbps
Large WANdisco Fusion server: 4x10 Gbps (cross-rack)
TCP Port Allocation: The following default TCP ports need to be reserved for WD Fusion installations:

Network diagram illustrating basic connections/port arrangement.

Hadoop Platform

WD Fusion Server

DConE replication port: 6444
DCone port handles all coordination traffic that manages replication. It needs to be open between all WD Fusion nodes. Nodes that are situated in zones that are external to the data center’s network will require unidirectional access through the firewall.

Application/REST API: 8082
REST port is used by the WD Fusion application for configuration and reporting, both internally and via REST API. The port needs to be open between all WD Fusion nodes and any systems or scripts that interface with WD Fusion through the REST API.

WD Fusion Client port: 8023
Port used by WD Fusion server to communicate with HCFS/HDFS clients. The port is generally only open to the local WD Fusion server, however you must make sure that it is open to edge nodes.

WD Fusion Server listening port: 8024
Port used by WD Fusion server to listen for connections from remote IHC servers. It is only used in unidirectional mode, but it’s always opened for listening. Remote IHCs connect to this port if the connection can’t be made in the other direction because of a firewall. The SSL configuration for this port is controlled by the same ihc.ssl.enabled property that is used for IHC connections performed from the other side. See Enable SSL for WD Fusion

IHC ports: 7000-range or 9000-range
7000 range, (exact port is determined at installation time based on what ports are available), used for data transfer between Fusion Server and IHC servers. Must be accessible from all WD Fusion nodes in the replicated system.
9000 range, exact port is determined at installation time based on available ports), used for an HTTP Server that exposes JMX metrics from the IHC server.

WD Fusion UI

Web UI interface: 8083 Used to access the WD Fusion Administration UI by end users (requires authentication), also used for inter-UI communication. This port should be accessible from all Fusion servers in the replicated system as well as visible to any part of the network where administrators require UI access.

3.3.2. Software requirements

Operating systems:

RHEL 6 x86_64
RHEL 7 x86_64
Oracle Linux 6 x86_64
Oracle Linux 7 x86_64
CentOS 6 x86_64
CentOS 7 x86_64
Ubuntu 12.04LTS
Ubuntu 14.04LTS
SLES 11 x86_64

Web browsers

Mozilla Firefox 11 and higher
Google Chrome

Java

Java JRE 1.7 / 1.8 See Supported versions Hadoop requires Java JRE 1.7. as a minimum. It is built and tested on Oracle’s version of Java Runtime Environment. We have now added support for Open JDK 7, which is used in Amazon Cloud deployments. For other types of deployment we recommend running with Oracle’s Java as it has undergone more testing.

Architecture

64-bit only
Heap size: Set Java Heap Size of to a minimum of 1Gigabytes, or the maximum available memory on your server.
Use a fixed heap size. Give -Xminf and -Xmaxf the same value. Make this as large as your server can support.
Avoid Java defaults. Ensure that garbage collection will run in an orderly manner. Configure NewSize and MaxNewSize Use 1/10 to 1/5 of Max Heap size for JVMs larger than 4GB. Stay deterministic!
When deploying to a cluster, make sure you have exactly the same version of the Java environment on all nodes.

Where’s Java?
Although WD Fusion only requires the Java Runtime Environment (JRE), Cloudera and Hortonworks may install the full Oracle JDK with the high strength encryption package included. This JCE package is a requirement for running Kerberized clusters.
For good measure, remove any JDK 6 that might be present in /usr/java. Make sure that /usr/java/default and /usr/java/latest point to an instance of java 7 version, your Hadoop manager should install this.

+ Ensure that you set the JAVA_HOME environment variable for the root user on all nodes. Remember that, on some systems, invoking sudo strips environmental variables, so you may need to add the JAVA_HOME to Sudo’s list of preserved variables.

Due to a bug in JRE 7, you should not run FINER level logging for javax.security.sasl if you are running on JDK 7. Doing so may result in an NPE. You can guard against the problem by locking down logging with the addition of the following line in WD Fusion’s logger.properties file (in /etc/fusion/server):
`javax.security.sasl.level=INFO`

The problem has been fixed for JDK 8. FUS-1946 Due to a bug in JDK 8 prior to 8u60, replication throughput with SSL enabled can be extremely slow (less than 4MB/sec). This is down to an inefficient GCM implementation.

Workaround
Upgrade to Java 8u60 or greater, or ensure WD Fusion is able to make use of OpenSSL libraries instead of JDK. Requirements for this can be found at http://netty.io/wiki/requirements-for-4.x.html[FUS-3041]

File descriptor/Maximum number of processes limit

Maximum User Processes and Open Files limits are low by default on some systems. It is possible to check their value with the ulimit or limit command:

ulimit -u && ulimit -n

-u The maximum number of processes available to a single user.
-n The maximum number of open file descriptors.

For optimal performance, we recommend both hard and soft limits values to be set to 64000 or more:

RHEL6 and later: A file /etc/security/limits.d/90-nproc.conf explicitly overrides the settings in security.conf, i.e.:

      # Default limit for number of user's processes to prevent
      # accidental fork bombs.
      # See rhbz #432903 for reasoning.
      * soft nproc 1024 <- Increase this limit or ulimit -u will be reset to 1024

Ambari/Pivotal HD and Cloudera manager will set various ulimit entries, you must ensure hard and soft limits are set to 64000 or higher. Check with the ulimit or limit command. If the limit is exceeded the JVM will throw an error: java.lang.OutOfMemoryError: unable to create new native thread.

Additional requirements

iptables Use the following procedure to temporarily disable iptables, during installation:

RedHat 6
  1. Turn off with

$ sudo chkconfig iptables off
  1. Reboot the system.

  2. On completing installation, re-enable with

$ sudo chkconfig iptables on

3.3.3. RedHat 7

  1. Turn off with

$ sudo systemctl disable firewalld
  1. Reboot the system.

  2. On completing installation, re-enable with

$ sudo systemctl enable firewalld

Comment out requiretty in /etc/sudoers
The installer’s use of sudo won’t work with some linux distributions (CentOS where /etc/sudoer sets enables requiretty, where sudo can only be invoked from a logged in terminal session, not through cron or a bash script. When enabled the installer will fail with an error:

execution refused with "sorry, you must have a tty to run sudo" message
Ensure that requiretty is commented out:
# Defaults	requiretty
SSL encryption

Basics
WD Fusion supports SSL for any or all of the three channels of communication: Fusion Server - Fusion Server, Fusion Server - Fusion Client, and Fusion Server - IHC Server.

keystore
A keystore (containing a private key / certificate chain) is used by an SSL server to encrypt the communication and create digital signatures.

truststore
A truststore is used by an SSL client for validating certificates sent by other servers. It simply contains certificates that are considered "trusted". For convenience you can use the same file as both the keystore and the truststore, you can also use the same file for multiple processes.

Enabling SSL

You can enable SSL during installation (Step 4 Server) or through the SSL Settings screen, selecting a suitable Fusion HTTP Policy Type. It is also possible to enable SSL through a manual edit of the application.properties file. We don’t recommend using the manual method, although it is available if needed: Enable HTTPS.

Due to a bug in JDK 8 prior to 8u60, replication throughput with SSL enabled can be extremely slow (less than 4MB/sec). This is down to an inefficient GCM implementation.

Workaround
Upgrade to Java 8u60 or greater, or ensure WD Fusion is able to make use of OpenSSL libraries instead of JDK. Requirements for this can be found at http://netty.io/wiki/requirements-for-4.x.html FUS-3041

3.3.4. Supported versions

This table shows the versions of Hadoop and Java that we currently support:

Distribution:

Console:

JRE:

Apache Hadoop 2.5.0

Oracle JDK 1.7 / 1.8 or OpenJDK 7

HDP 2.1 / 2.2 / 2.3 / 2.4

Ambari 1.6.1 / 1.7 / 2.1
Support for EMC Isilon 7.2.0.1 and 7.2.0.2

Oracle JDK 1.7 / 1.8 or OpenJDK 7

CDH 5.2.0 / 5.3.0 / 5.4 / 5.5 / 5.6 / 5.7 / 5.8

Cloudera Manager 5.3.x, 5.4.x, 5.5.x, 5.6.x, 5.7.x and 5.8.x
Support for EMC Isilon 7.2.0.1 and 7.2.0.2

Oracle JDK 1.7 / 1.8 or OpenJDK 7

Pivotal HD 3.0, 3.4

Ambari 1.6.1 / 1.7

Oracle JDK 1.7 / 1.8 or OpenJDK 7

MapR 4.0.x, 4.1.0, 5.0.0

Ambari 1.6.1 / 1.7

Oracle JDK 1.7 / 1.8 or OpenJDK 7

3.3.5. Supported applications

Supported Big Data applications my be noted here, as we complete testing:

Application:

Version Supported:

Tested with:

Syncsort DMX-h:

8.2.4.

See Knowledge base

3.3.6. Final Preparations

We’ll now look at what you should know and do as you begin the installation.

Time requirements

The time required to complete a deployment of WD Fusion will in part be based on its size, larger deployments with more nodes and more complex replication rules will take correspondingly more time to set up. Use the guide below to help you plan for deployments.

  • Run through this document and create a checklist of your requirements. (1-2 hours).

  • Complete the WD Fusion installation (about 20 minutes per node, or 1 hour for a test deployment).

  • Complete client installations and complete basic tests (1-2 hours).

Of course, this is a guideline to help you plan your deployment. You should think ahead and determine if there are additional steps or requirements introduced by your organization’s specific needs.

Network requirements

See the deployment checklist for a list of the TCP ports that need to be open for WD Fusion.

3.3.7. Kerberos Security

If you are running Kerberos on your cluster you should consider the following requirements:

  • Kerberos is already installed and running on your cluster

  • Fusion-Server is configured for Kerberos as described in Setting up Kerberos.

  • Kerberos Configuration before starting the installation

Before running the installer on a platform that is secured by Kerberos, you’ll need to run through the following steps: Setting up Kerberos.

Warning about mixed Kerberized / Non-Kerberized zones
In deployments that mix kerberized and non-kerberized zones it’s possible that permission errors will occur because the different zones don’t share the same underlying system superusers. In this scenario you would need to ensure that the superuser for each zone is created on the other zones.

For example, if you connect a Zone that runs CDH, which has superuser 'hdfs" with a zone running MapR, which has superuser 'mapr', you would need to create the user 'hdfs' on the MapR zone and 'mapr' on the CDH zone.

Kerberos Relogin Failure with Hadoop 2.6.0 and JDK7u80 or later
Hadoop Kerberos relogin fails silently due to HADOOP-10786. This impacts Hadoop 2.6.0 when JDK7u80 or later is used (including JDK8). Users should downgrade to JDK7u79 or earlier, or upgrade to Hadoop 2.6.1 or later.
Manual instructions

See the Knowledge Base for instructions on setting up manual Kerberos settings. You only need these in special cases as the steps have been handled by the installer. See Manual Updates for WD Fusion UI Configuration.

See the above Knowledge Base article for instructions on setting up auth-to-local permissions, mapping a Kerberos principal onto a local system user. See the KB article - Setting up Auth-to-local.

3.3.8. Clean Environment

Before you start the installation you must ensure that there are no existing WD Fusion installations or WD Fusion components installed on your elected machines. If you are about to upgrade to a new version of WD Fusion you must first make sure that you run through the removal instructions provided in the Appendix - Cleanup WD Fusion.

Ensure HADOOP_HOME is set in the environment
Where the hadoop command isn’t in the standard system path, administrators must ensure that the HADOOP_HOME environment variable is set for the root user and the user WD fusion will run as, typically hdfs. When set, HADOOP_HOME must be the parent of the bin directory into which the Hadoop scripts are installed. Example: if the hadoop command is:
/opt/hadoop-2.6.0-cdh5.4.0/bin/hadoop

then HADOOP_HOME must be set to

/opt/hadoop-2.6.0-cdh5.4.0/.

3.3.9. Installer File

You need to match WANdisco’s WD Fusion installer file to each data center’s version of Hadoop. Installing the wrong version of WD Fusion will result in the IHC servers being misconfigured.

Why installation requires root user

WD Fusion core and WD Fusion UI packages are installed using root permissions, using the RPM tool (or equivalent for .deb packages). RPM requires root to run - hence the need for the permissions. The main requirement for running with root is the need for the installer to create the folder structure for WD Fusion components, e.g.

  • application files = /opt/wandisco…​

  • configuration = /etc/wandisco/…​

  • logging = /var/log/wandisco/…​

Once all files are put into place, they are permissioned and owned by a specific fusion user. After the installation of the artifacts root is not used and the Fusion processes themselves are run as a specific Fusion user (usually "hdfs").

3.3.10. License File

After completing an evaluation deployment, you will need to contact WANdisco about getting a license file for moving your deployment into production.

4. Installation

This section will run through the installation of WD Fusion from the initial steps where we make sure that your existing environment is compatible, through the procedure for installing the necessary components and then finally configuration.

Deployment Checklist

Important hardware and software requirements, along with considerations that need to be made before starting to install WD Fusion.

Final Preparations

Things that you need to do immediately before you start the installation.

Starting the installer

Step by step guide to the installation process when using the unified installer. For instructions on completing a fully manual installation see On-premises Installation.

Configuration

Runs through the changes you need to make to start WD Fusion working on your platform.

Working in the Hadoop ecosystem

Necessary steps for getting WD Fusion to work with supported Hadoop applications.

Deployment appendix

Extras that you may need that we didn’t want cluttering up the installation guide.

4.1. On premises installation

The following section covers the installation of WANdisco Fusion into a cluster that is based in your organization’s own premises.

Installation via sudo-restricted non-root user

In some deployments it may not be permitted to complete the installation using root user. It should be possible to complete an installation with a limited set of sudo commands.

  • On the WD Fusion server, user need to be able to:

    "sudo /tmp/fusion-ui-server_rpm_installer.sh"  +f

    Use your own file path and installer file name.
    From then on, the UI installer runs as user-specified hdfs superuser.

  • on an Ambari server, the user needs to be able to sudo tar (to extract the stack bundle) and sudo ambari-server in order to restart Ambari and pick up the stack. Also, potentially sudo cp if the stack can’t, in the first case, be uploaded to the correct directory.

4.1.1. Starting the installation

Use the following steps to complete an installation using the installer file. This requires an administrator to enter details throughout the procedure. Once the initial settings are entered through the terminal session, the installation is then completed through a browser or alternatively, using a Silent Installation option to handle configuration Programmatically.

  1. Open a terminal session on your first installation server. Copy the WD Fusion installer script into a suitable directory.

  2. Make the script executable, e.g.

    chmod +x fusion-ui-server-<version>_rpm_installer.sh
  3. Execute the file with root permissions, e.g.

    sudo ./fusion-ui-server-<version>_rpm_installer.sh
  4. The installer will now start.

    Verifying archive integrity... All good.
    Uncompressing WANdisco Fusion..............................
    
        ::   ::  ::     #     #   ##    ####  ######   #   #####   #####   #####
       :::: :::: :::    #     #  #  #  ##  ## #     #  #  #     # #     # #     #
      ::::::::::: :::   #  #  # #    # #    # #     #  #  #       #       #     #
     ::::::::::::: :::  # # # # #    # #    # #     #  #   #####  #       #     #
      ::::::::::: :::   # # # # #    # #    # #     #  #        # #       #     #
       :::: :::: :::    ##   ##  #  ## #    # #     #  #  #     # #     # #     #
        ::   ::  ::     #     #   ## # #    # ######   #   #####   #####   #####
    
    Welcome to the WANdisco Fusion installation
    
    You are about to install WANdisco Fusion version 2.4-206
    
    Do you want to continue with the installation? (Y/n) y

    The installer will perform an integrity check, confirm the product version that will be installed, then invite you to continue. Enter "Y" to continue the installation. The installer performs some basic checks and lets you modify the Java heap settings. The heap settings apply only to the WD Fusion UI.

    Checking prerequisites:
    
    Checking for perl: OK
    Checking for java: OK
    
    INFO: Using the following Memory settings:
    
    INFO: -Xms128m -Xmx512m
    
    Do you want to use these settings for the installation? (Y/n) y

    The installer checks for Perl and Java. See the Installation Checklist Java Requirements for more information about these requirements. Enter "Y" to continue the installation.

  5. Next, confirm the port that will be used to access WD Fusion through a browser.

    Which port should the UI Server listen on? [8083]:
  6. Select the Hadoop version and type from the list of supported platforms:

    Please specify the appropriate backend from the list below:
    [0] cdh-5.2.0
    [1] cdh-5.3.0
    [2] cdh-5.4.0
    [3] cdh-5.5.0
    [4] cdh-5.6.0
    [5] cdh-5.7.0
    [6] cdh-5.8.0
    Which fusion backend do you wish to use? 5
    You chose cdh-5.7.0:5.7.0.2.3.0.0-2557
MapR/Pivotal availability

The MapR/PHD versions of Hadoop have been removed from the trial version of WD Fusion in order to reduce the size of the installer for most prospective customers. These versions are run by a small minority of customers, while their presence nearly doubled the size of the installer package. Contact WANdisco if you need to evaluate WD Fusion running with MapR or PHD.

Additional available packages

[1] mapr-4.0.1
[2] mapr-4.0.2
[3] mapr-4.1.0
[4] mapr-5.0.0
[5] phd-3.0.0
MapR requirements

URI MapR needs to use WD Fusion’s native "fusion:///" URI, instead of the default hdfs:///.

Ensure that during installation you select the Use WD Fusion URI with HCFS file system URI option.

Superuser
If you install into a MapR cluster then you need to assign the MapR superuser system account/group mapr if you need to run WD Fusion using the fusion:/// URI. See the requirement for MapR Client Configuration. See the requirement for MapR impersonation. When using MapR and doing a TeraSort run, if one runs without the simple partitioner configuration, then the YARN containers will fail with a Fusion Client ClassNotFoundException. The remedy is to set yarn.application.classpath on each node’s yarn-site.xml.
FUI-1853

  1. The installer now confirms which system user/group will be applied to WD Fusion.

    We strongly advise against running Fusion as the root user. For default HDFS setups, the set to 'hdfs'. However, you should choose a user appropriate for running HDFS commands on your system.
    Which user should Fusion run as? [hdfs] Checking 'hdfs' …​ …​ 'hdfs' found.
    Please choose an appropriate group for your system. By default HDP uses the 'hadoop' group. Which group should Fusion run as? [hadoop] Checking 'hadoop' …​ …​ 'hadoop' found.

  2. The installer does a search for the commonly used account and group, assigning these by default. Check the summary to confirm that your chosen settings are appropriate: Installing with the following settings:

User and Group:                     hdfs:hadoop
Hostname:                           node04-example.host.com
Fusion Admin UI Listening on:       0.0.0.0:8083
Fusion Admin UI Minimum Memory:     128
Fusion Admin UI Maximum memory:     512
Platform:                           cdh-5.7.0 (5.7.0.2.3.0.0-2557)
Manager Type                        CLOUDERA
Manager Host and Port:              :
Fusion Server Hostname and Port:    node04-example.host.com:8082
SSL Enabled:                        false

Do you want to continue with the installation? (Y/n) y

You are now given a summary of all the settings provided so far. If these settings are correct then enter "Y" to complete the installation of the WD Fusion server. . The package will now install

Installing hdp-2.1.0 packages:
  fusion-hdp-2.1.0-server-2.4_SNAPSHOT-1130.noarch.rpm ...
   Done
  fusion-hdp-2.1.0-ihc-server-2.4_SNAPSHOT-1130.noarch.rpm ...
   Done
Installing fusion-ui-server package
Starting fusion-ui-server:[  OK  ]
Checking if the GUI is listening on port 8083: .....Done
  1. The WD Fusion server will now start up:

Please visit http://<YOUR-SERVER-ADDRESS>.com:8083/ to access the WANdisco Fusion

		If 'http://<YOUR-SERVER-ADDRESS>.com' is internal or not available from your browser, replace this with an externally available address to access it.

Installation Complete
[root@node05 opt]#

At this point the WD Fusion server and corresponding IHC server will be installed. The next step is to configure the WD Fusion UI through a browser or using the silent installation script.

4.1.2. Configure WD Fusion through a browser

Follow this section to complete the installation by configuring WD Fusion using a browser-based graphical user interface.

Silent Installation
For large deployments it may be worth using Silent Installation option.
  1. Open a web browser and point it at the provided URL. e.g

http://<YOUR-SERVER-ADDRESS>.com:8083/
  1. In the first "Welcome" screen you’re asked to choose between Create a new Zone and Add to an existing Zone.

    Installer start
    Figure 2. Welcome - Installer screen

    Make your selection as follows: Adding a new WD Fusion cluster Select Add Zone. Adding additional WD Fusion servers to an existing WD Fusion cluster Select Add to an existing Zone.

    High Availability for WD Fusion / IHC Servers
    It’s possible to enable High Availability in your WD Fusion cluster by adding additional WD Fusion/IHC servers to a zone. These additional nodes ensure that in the event of a system outage, there will remain sufficient WD Fusion/IHC servers running to maintain replication.

    Add HA nodes to the cluster using the installer and choosing to Add to an existing Zone, using a new node name.

    Configuration for High Availability
    When setting up the configuration for a High Availability cluster, ensure that fs.defaultFS, located in the core-site.xml is not duplicated between zones. This property is used to determine if an operation is being executed locally or remotely, if two separate zones have the same default file system address, then problems will occur. WD Fusion should never see the same URI (Scheme + authority) for two different clusters.
  2. Run through the installer’s detailed Environment checks. For more details about exactly what is checked in this stage, see Environmental Checks in the Appendix.

    License1
    Figure 3. Installer screen
  3. On clicking validate the installer will run through a series of checks of your system’s hardware and software setup and warn you if any of WD Fusion’s prerequisites are missing.

    License1
    Figure 4. Validation results

    Any element that fails the check should be addressed before you continue the installation. Warnings may be ignored for the purposes of completing the installation, especially if the installation is only for evaluation purposes and not for production. However, when installing for production, you should also address all warnings, or at least take note of them and exercise due care if you continue the installation without resolving and revalidating.

  4. Upload the license file.

    License1
    Figure 5. Installer screen
  5. The conditions of your license agreement will be presented in the top panel, including License Type, Expiry data, Name Node Limit and Data Node Limit.

    License1
    Figure 6. "Check screenp
  6. Read through the EULA. When the scroll bar reaches the bottom you can click on the I agree to the EULA to continue, then click Next Step.

    License1
    Figure 7. License screen
  7. Enter settings for the WD Fusion server

    License1
    Figure 8. Server setting

    WD Fusion Server

    Fully Qualified Domain Name / IP

    The full hostname for the server.

    We have detected the following hostname/IP addresses for this machine.

    The installer will try to detect the server’s hostname from its network settings. Additional hostnames will be listed on a dropdown selector.

DConE Port

TCP port used by WD Fusion for replicated traffic. Validation will check that the port is free and that it can be bound to.

Fusion HTTP Policy Type

Sets the policy for communication with the WD Fusion Core Server API.

Select from one of the following policies:
Only HTTP - WD Fusion will not use SSL encryption on its API traffic.
Only HTTPS - WD Fusion will only use SSL encryption for API traffic.
Use HTTP and HTTPS - WD Fusion will use both encrypted and un-encrypted traffic.

Known Issue
Currently, the HTTP policy and SSL settings both independently alter how WD Fusion uses SSL, when they should be linked. You need to make sure that your HTTP policy selection and the use of SSL (enabled in the next section of the Installer) are in sync. If you choose either to the policies that use HTTPS, then you must enable SSL. If you stick with "Only HTTP" then you must ensure that you do not enable SSL. In a future release these two settings will be linked so it wont be possible to have contradictory settings.
Fusion HTTP Server Port

The TCP port used for standard HTTP traffic. Validation checks whether the port is free and that it can be bound.

Maximum Java heap size (GB)

Enter the maximum Java Heap value for the WD inter-Hadoop Communication server.

Umask (currently 0022)

Set the default permissions applied to newly created files. The value 022 results in default directory permissions 755 and default file permissions 644. This ensures that the installation will be able to start up/restart.

Advanced options
Advanced options
Figure 9. Advanced Options

Custom Fusion Request Port
You can provide a custom TCP port for the Fusion Request Port (also known as WD Fusion client port). The default value is 8023.

Strict Recovery
Two advanced options are provided to change the way that WD Fusion responds to a system shutdown where WD Fusion was not shutdown cleanly. Currently the default setting is to not enforce a panic event in the logs, if during startup we detect that WD Fusion wasn’t shutdown. This is suitable for using the product as part of an evaluation effort. However, when operating in a production environment, you may prefer to enforce the panic event which will stop any attempted restarts to prevent possible corruption to the database.

  • DConE panic if db is dirty

    This option lets you enable the strict recovery option for WANdisco’s replication engine, to ensure that any corruption to its prevayler database doesn’t lead to further problems. When the checkbox is ticked, WD Fusion will log a panic message whenever WD Fusion is not properly shutdown, either due to a system or application problem.

  • App panic if db is dirty

    This option lets you enable the strict recovery option for WD Fusion’s database, to ensure that any corruption to its internal database doesn’t lead to further problems. When the checkbox is ticked, WD Fusion will log a panic message whenever WD Fusion is not properly shutdown, either due to a system or application problem.

Push Threshold

If synchronizing with s3 then the Hadoop clusters that replicate to object stores (because it could be more than s3) should turn set to off '0'.
Custom UI hostname

Lets you set a custom hostname for the Fusion UI, distinct from the communication.hostname which is already set as part of the install and used by WD Fusion nodes to connect to the Fusion server.

Custom UI Port

Lets to change WD Fusion UI’s default port, in case it is assigned elsewhere, e.g. Cloudera’s headamp debug server also uses it.

Strict Recovery

See explanation of the Strict Recovery Advanced Options.

Only apply these options if you fully understand what they do.
The following advanced options provide a number of low level configuration settings that may be required for installation into certain environments. The incorrect application of some of these settings could cause serious problems, so for this reason we strongly recommend that you discuss their use with WANdisco’s support team before enabling them.
IHC Server
IHC
Figure 10. IHC Server details
Maximum Java heap size (GB)

Enter the maximum Java Heap value for the WD Inter-Hadoop Communication server.

IHC network interface

The hostname for the IHC server.

Advanced Options (optional)

IHC server binding address In the advanced settings you can decide which address the IHC server will bind to. The address is optional, by default the IHC server binds to all interfaces (0.0.0.0), using the port specified in the ihc.server field. In all cases the port should be identical to the port used in the ihc.server address. i.e.

_/etc/wandisco/fusion/ihc/server/cdh-5.4.0/2.6.0-cdh5.4.0.ihc_ or _/etc/wandisco/fusion/ihc/server/localfs-2.7.0/2.7.0.ihc_

Once all settings have been entered, click Next step.

  1. Next, you will enter the settings for your new Zone.

Zone Information

Entry fields for zone properties:

Fully Qualified Domain Name

The full hostname for the server.

Node ID

A unique identifier that will be used by WD Fusion UI to identify the server.

Location Name (optional)

A location name that can quickly identify where the server is located.

Induction failure
If induction fails, attempting a fresh installation may be the most straight forward cure, however, it is possible to push through an induction manually, using the REST API. See Handling Induction Failure.
Known issue with Location names
You must use different Location names/Node IDs for each zone. If you use the same name for multiple zones, then you will not be able to complete the induction between those nodes.
DConE Port

TCP port used by WD Fusion for replicated traffic.

Zone Name

The name used to identify the zone in which the server operates.

Management Endpoint

Select the Hadoop manager that you are using, i.e. Cloudera Manager, Ambari or Pivotal HD. The selection will display the entry fields for your selected manager.

Advanced Options
Only apply these options if you fully understand what they do.
The following Advanced Options provide a number of low level configuration settings that may be required for installation into certain environments. The incorrect application of some of these settings could cause serious problems, so for this reason we strongly recommend that you discuss their use with WANdisco’s support team before enabling them.
URI Selection

The default behavior for WD Fusion is to fix all replication to the Hadoop Distributed File System / hdfs:/// URI. Setting the hdfs-scheme provides the widest support for Hadoop client applications, since some applications can’t support the available "fusion:///" URI they can only use the HDFS protocol. Each option is explained below:

Use HDFS URI with HDFS file system

The element appears in a radio button selector:

URI Option A

This option is available for deployments where the Hadoop applications support neither the WD Fusion URI nor the HCFS standards. WD Fusion operates entirely within HDFS.

This configuration will not allow paths with the fusion:/// uri to be used; only paths starting with hdfs:/// or no scheme that correspond to a mapped path will be replicated. The underlying file system will be an instance of the HDFS DistributedFileSystem, which will support applications that aren’t written to the HCFS specification.

Use WD Fusion URI with HCFS file system
URI Option B

This is the default option that applies if you don’t enable Advanced Options, and was the only option in WD Fusion prior to version 2.6. When selected, you need to use fusion:// for all data that must be replicated over an instance of the Hadoop Compatible File System. If your deployment includes Hadoop applications that are either unable to support the Fusion URI or are not written to the HCFS specification, this option will not work.

Use Fusion URI with HDFS file system
URI option C

This differs from the default in that while the WD Fusion URI is used to identify data to be replicated, the replication is performed using HDFS itself. This option should be used if you are deploying applications that can support the WD Fusion URI but not the Hadoop Compatible File System.

Benefits of HDFS.
The following advanced options provide a number of low level configuration settings that may be required for installation into certain environments. The incorrect application of some of these settings could cause serious problems, so for this reason we strongly recommend that you discuss their use with WANdisco’s support team before enabling them.

Use Fusion URI and HDFS URI with HDFS file system

This "mixed mode" supports all the replication schemes (fusion://, hdfs:// and no scheme) and uses HDFS for the underlying file system, to support applications that aren’t written to the HCFS specification.

URI Option D

4.2. Silent Installation

The "Silent" installation tools are still under development, although, with a bit of scripting, it should now be possible to automate WD Fusion node installation. The following section looks at the provided tools, in the form of a number of scripts, which automate different parts of the installation process.

Client Installations
The silent installer does not handle the deployment of client stacks/parcels. You must be aware of the following: Stacks/Parcels must be in place before the silent installer is run, this includes restarting/checking for parcels on their respective managers. Failure to do so will leave the HDFS cluster in a state without fusion clients and running with a config that expects them to be there (basically completely borked), this can be fixed by reverting service configs if necessary. See Installing Parcels See Installing Stacks

4.2.1. Overview

The silent installation process supports two levels: Unattended installation handles just the command line steps of the installation, leaving the web UI-based configuration steps in the hands of an administrator. See unattended installation.

Fully Automated also includes the steps to handle the configuration without the need for user interaction. See link:[Fully Automated installation].

4.2.2. Unattended Installation

Use the following command for an unattended installation where an administrator will complete the configuration steps using the browser UI.

sudo FUSIONUI_USER=x FUSIONUI_GROUP=y FUSIONUI_FUSION_BACKEND_CHOICE=z ./fusion-ui-server_rpm_installer.sh

4.2.3. Set the environment

There are a number of properties that need to be set up before the installer can be run:

FUSIONUI_USER

User which will run WD Fusion services. This should match the user who runs the hdfs service.

FUSIONUI_GROUP

Group of the user which will run Fusion services. The specified group must be one that FUSIONUI_USER is in.

Check FUSIONUI_USER is in FUSIONUI_GROUP

Verify that your chosen user is in your selected group.

> groups hdfs
hdfs : hdfs hadoop
FUSIONUI_FUSION_BACKEND_CHOICE

Should be one of the supported package names, as per the following list: +

  • cdh-5.2.0:2.5.0-cdh5.2.0

  • cdh-5.3.0:2.5.0-cdh5.3.0

  • cdh-5.4.0:2.6.0-cdh5.4.0

  • cdh-5.5.0:2.6.0-cdh5.5.0

  • hdp-2.1.0:2.4.0.2.1.5.0-695

  • hdp-2.2.0:2.6.0.2.2.0.0-2041

  • hdp-2.3.0:2.7.1.2.3.0.0-2557

  • mapr-4.0.1:2.4.1-mapr-1408

  • mapr-4.0.2:2.5.1-mapr-1501

  • mapr-4.1.0:2.5.1-mapr-1503

  • mapr-5.0.0:2.7.0-mapr-1506

  • phd-3.0.0:2.6.0.3.0.0.0-249

  • emr-4.6.0:2.7.2-amzn-1

  • emr-4.7.1:2.7.2-amzn-2

  • emr-5.0.0:2.7.2-amzn-3

This mode only automates the initial command line installation step, the configuration steps still need to be handled manually in the browser steps.

Example
sudo FUSIONUI_USER=hdfs FUSIONUI_GROUP=hadoop FUSIONUI_FUSION_BACKEND_CHOICE=hdp-2.3.0 ./fusion-ui-server_rpm_installer.sh

4.2.4. Fully Automated Installation

This mode is closer to a full "Silent" installation as it handles the configuration steps as well as the installation.

Properties that need to be set:

SILENT_CONFIG_PATH

Path for the environmental variables used in the command-line driven part of the installation. The paths are added to a file called silent_installer_env.sh.

SILENT_PROPERTIES_PATH

Path to 'silent_installer.properties' file. This is a file that will be parsed during the installation, providing all the remaining paramaters that are required for getting set up. The template is annotated with information to guide you through making the changes that you’ll need.
Take note that parameters stored in this file will automatically override any default settings in the installer.

FUSIONUI_USER

User which will run Fusion services. This should match the user who runs the hdfs service.

FUSIONUI_GROUP

Group of the user which will run Fusion services. The specified group must be one that FUSIONUI_USER is in.

FUSIONUI_FUSION_BACKEND_CHOICE

Should be one of the supported package names, as per the following list:

FUSIONUI_UI_HOSTNAME

The hostname for the WD Fusion server.

FUSIONUI_UI_PORT

Specify a fusion-ui-server port (default is 8083)

FUSIONUI_TARGET_HOSTNAME

The hostname or IP of the machine hosting the WD Fusion server.

FUSIONUI_TARGET_PORT

The fusion-server port (default is 8082)

FUSIONUI_MEM_LOW

Starting Java Heap value for the WD Fusion server.

FUSIONUI_MEM_HIGH

Maximum Java Heap.

FUSIONUI_UMASK

Sets the default permissions applied to newly created files. The value 022 results in default directory permissions 755 and default file permissions 644. This ensures that the installation will be able to start up/restart.

FUSIONUI_INIT

Sets whether the server will start automatically when the system boots. Set as "1" for yes or "0" for no

Cluster Manager Variables are deprecated
The cluster manager variables are mostly redundant as they generally get set in different processes though they currently remain in the installer code.

FUSIONUI_MANAGER_TYPE
FUSIONUI_MANAGER_HOSTNAME
FUSIONUI_MANAGER_PORT
FUSIONUI_MANAGER_TYPE

"AMBARI", "CLOUDERA", "MAPR" or "UNMANAGED_EMR". This setting can still be used but it is generally set at a different point in the installation now.

validation.environment.checks.enabled
validation.manager.checks.enabled

Note manager validation is currently not available for S3 installs

validation.kerberos.checks.enabled

Note kerberos validation is currently not available for S3 installs

If this part of the installation fails it is possible to re-run the silent_installer part of the installation by running:

/opt/wandisco/fusion-ui-server/scripts/silent_installer_full_install.sh /path/to/silent_installer.properties

4.2.5. Uninstall WD Fusion UI only

This procedure is useful for UI-only installations:

sudo yum erase -y fusion-ui-server
sudo rm -rf /opt/wandisco/fusion-ui-server /etc/wandisco/fusion/ui

4.2.6. To UNINSTALL Fusion UI, Fusion Server and Fusion IHC Server (leaving any fusion clients installed):

sudo yum erase -y "fusion-*-server"
sudo rm -rf /opt/wandisco/fusion-ui-server /etc/wandisco/fusion/ui

4.2.7. Silent Installation files

For every package of WD Fusion there’s both an env.sh and a .properties file. The env.sh sets environment variables that complete the initial command step of an installation. The env.sh also points to a properties file that is used to automate the browser-based portion of the installer. The properties files for the different installation types are provided below:

silent_installer.properties

standard HDFS installation.

emr_silent_installer.properties

properties file for Amazon EMR-based installation.

s3_silent_installer.properties

properties file for Amazon S3-based installation.

swift_silent_installer.properties

file for IMB swift-based installation.

azure_silent_installer.properties

properties file for Microsoft Azure-based installation.

google_silent_installer.properties

Google-based installation properties file

4.3. Manual installation

The following procedures covers the hands-on approach to installation and basic setup of a deployment that deploys over the LocalFileSystem. For the vast majority of cases you should use the previous Installer-based LocalFileSystem Deployment procedure.

Don’t do it this way unless you have to.
We provide this example to illustrate how a completely hands-on installation can be performed. We don’t recommend that you use it for a deployment unless you absolutely can’t use the installers. Instead, use it as a reference so that you can see what changes are made by our installer.

4.3.1. Non-HA Local filesystem setup

  1. Start with the regular WD Fusion setup. You can go through either the installation manually or using the installer.

  2. When you select the $user:$group you should pick a master user account that will have complete access to the local directory that you plan to replicate. You can set this manually by modifying etc/wandisco/fusion-env.sh setting FUSION_SERVER_GROUP to $group and FUSION_SERVER_USER to $user.

  3. Next, you’ll need to configure the core-site.xml, typically in /etc/hadoop/conf/, and override “fs.file.impl” to “com.wandisco.fs.client.FusionLocalFs”, “fs.defaultFS” to "file:///", and "fusion.underlyingFs" to "file:///". (Make sure to add the usual Fusion properties as well, such as "fusion.server").

  4. If you are running with fusion URI, (via “fs.fusion.impl”), then you should still set the value to “com.wandisco.fs.client.FusionLocalFs”.

  5. If you are running with Kerberos then you should also override “fusion.handshakeToken.dir” to point to some directory that will exist within the local directory you plan to replicate to/from. You should also make sure to have “fs.fusion.keytab” and “fs.fusion.principal” defined as usual.

  6. Ensure that the local directory you plan to replicate to/from alreadly exists. If not, create it and give it 777 permissions or create a symlink (locally) that will point to the local path you plan to replicate to/from.

  7. For example, if you want to replicate /repl1/ but don’t want to create a directory on your root level, you can create a symlink to repl1 on your root level and point it to wherever you want to actually be your replicated directory. In the case of using NFS, it should be used to point to /mnt/nfs/.

  8. Set-up an NFS.

Be sure to point your replicated directory to your NFS mount, either directly or using a a symlink.

4.3.2. HA local file system setup

  1. Install Fusion UI, Server, IHC, and Client (for LocalFileSystem) on every node you plan to use for HA.

  2. When you select the $user:$group you should pick a master user account that will have complete access to the local directory that you plan to replicate. You can set this manually by modifying /etc/wandisco/fusion-env.sh setting FUSION_SERVER_GROUP to $group and FUSION_SERVER_USER to $user.

  3. Next, you’ll need to configure the core-site.xml, typically in /etc/hadoop/conf/, and override “fs.file.impl” to “com.wandisco.fs.client.FusionLocalFs”, “fs.defaultFS” to "file:///", and “fusion.underlyingFs” to "file:///". (Make sure to add the usual Fusion properties as well, such as "fs.fusion.server").

  4. If you are running with fusion URI, (via “fs.fusion.impl”), then you should still set the value to “com.wandisco.fs.client.FusionLocalFs”.

  5. If you are running with Kerberos then you should also override “fusion.handshakeToken.dir” to point to some directory that will exist within the local directory you plan to replicate to/from. You should also make sure to have “fs.fusion.keytab” and “fs.fusion.principal” defined as usual.

  6. Ensure that the local directory you plan to replicate to/from alreadly exists. If not, create it and give it 777 permissions or create a symlink (locally) that will point to the local path you plan to replicate to/from.

  7. For ex, if you want to replicate /repl1/ but don’t want to create a directory on your root level, you can create a symlink to repl1 on your root level and point it to wherever you want to actually be your replicated directory. In the case of using NFS, it should be used to point to /mnt/nfs/.

  8. Now follow a regular HA set up, making sure that you copy over the core-site.xml and fusion-env.sh everywhere so all HA nodes have the same configuration.

  9. Create the replicated directory (or symlink to it) on every HA node and chmod it to 777.

5. Working in the Hadoop ecosystem

The deployment section covers the final step in setting up a WD Fusion cluster, where supported Hadoop applications are plugged into WD Fusion’s synchronized distributed namespace. It won’t be possible to cover all the requirements for all the third-party software covered here, we strongly recommend that you get hold of the corresponding documentation for each Hadoop application before you work through these procedures.

Deployed Hadoop applications

5.1. Hive

This guide integrates WD Fusion with Apache Hive, it aims to accomplish the following goals:

  • Replicate Hive table storage.

  • Use fusion URIs as store paths.

  • Use fusion URIs as load paths.

  • Share the Hive metastore between two clusters.

5.1.1. Prerequisites

  • Knowledge of Hive architecture.

  • Ability to modify Hadoop site configuration.

  • WD Fusion installed and operating.

5.1.2. Replicating Hive Storage via fusion:///

The following requirements come into play if you have deployed WD Fusion using with its native fusion:/// URI.

In order to store a Hive table in WD Fusion you specify a WD Fusion URI when creating a table. E.g. consider creating a table called log that will be stored in a replicated directory.

CREATE TABLE log(requestline string) stored as textfile location 'fusion:///repl1/hive/log'; Note: Replicating table storage without sharing the Hive metadata will create a logical discrepancy in the Hive catalog. For example, consider a case where a table is defined on one cluster and replicated on the HCFS to another cluster. A Hive user on the other cluster would need to define the table locally in order to make use of it.

5.1.3. Exceptions

Hive from CDH 5.3/5.4 does not work with WD Fusion, (because of HIVE-9991). To get it working with CDH 5.3 and 5.4. you need to modify the default Hive file system setting. In Cloudera Manager, add the following property to hive-site.xml:

<property>
    <name>fs.defaultFS</name>
    <value>fusion:///</value>
</property>

This property should be added in 3 areas:

  • Service Wide

  • GateWay Group

  • Hiveserver2 group

5.1.4. Replicated directories as store paths

It’s possible to configure Hive to use WD Fusion URIs as output paths for storing data, to do this you must specify a Fusion URI when writing data back to the underlying Hadoop-compatible file system (HCFS). For example, consider writing data out from a table called log to a file stored in a replicated directory:

INSERT OVERWRITE DIRECTORY 'fusion:///repl1/hive-out.csv' SELECT * FROM log;

5.1.5. Replicated directories as load paths

In this section we’ll describe how to configure Hive to use fusion URIs as input paths for loading data.

It is not common to load data into a Hive table from a file using the fusion URI. When loading data into Hive from files the core-site.xml setting fs.default.name must also be set to fusion, which may not be desirable. It is much more common to load data from a local file using the LOCAL keyword:

LOAD DATA LOCAL INPATH '/tmp/log.csv' INTO TABLE log;

If you do wish to use a fusion URI as a load path, you must change the fs.defaultFS setting to use WD Fusion, as noted in a previous section. Then you may run:

LOAD DATA INPATH 'fusion:///repl1/log.csv' INTO TABLE log;

5.1.6. Sharing the Hive metastore

Advanced configuration - please contact WANdisco before attempting
In this section we’ll describe how to share the Hive metastore between two clusters. Since WANdisco Fusion can replicate the file system that contains the Hive data storage, sharing the metadata presents a single logical view of Hive to users on both clusters.

When sharing the Hive metastore, note that Hive users on all clusters will know about all tables. If a table is not actually replicated, Hive users on other clusters will experience errors if they try to access that table.

There are two options available.

5.1.7. Hive metastore available read-only on other clusters

In this configuration, the Hive metastore is configured normally on one cluster. On other clusters, the metastore process points to a read-only copy of the metastore database. MySQL can be used in master-slave replication mode to provide the metastore.

5.1.8. Hive metastore writable on all clusters

In this configuration, the Hive metastore is writable on all clusters.

  • Configure the Hive metastore to support high availability.

  • Place the standby Hive metastore in the second data center.

  • Configure both Hive services to use the active Hive metastore.

Performance over WAN
Performance of Hive metastore updates may suffer if the writes are routed over the WAN. Hive metastore replication There are three strategies for replicating Hive metastore data with WD Fusion:

Standard

For Cloudera CDH: See Hive Metastore High Availability.

For Hortonworks/Ambari: High Availability for Hive Metastore.

Manual Replication

In order to manually replicate metastore data ensure that the DDLs are placed on two clusters, and perform a partitions rescan.

5.2. Impala

5.2.1. Prerequisites

  • Knowledge of Impala architecture.

  • Ability to modify Hadoop site configuration.

  • WD Fusion installed and operating.

5.2.2. Impala Parcel

If you plan to use WD Fusion’s own fusion:/// URI, then you will need to use the provided parcel (see the screenshot, below for link in the Client Download section of the Settings screen):

WD Fusion tree
Figure 11. Impala Parcel link.

Follow the same steps described for installing the WD Fusion client, downloading the parcel and SHA file, i.e.:

  1. Have cluster with CDH installed with parcels and Impala.

  2. Copy the FUSION_IMPALA parcel and SHA into the local parcels repository, on the same node where Cloudera Manager Services is installed, this need not be the same location where the Cloudera Manager Server is installed. The default location is at: /opt/cloudera/parcel-repo, but is configurable. In Cloudera Manager, you can go to the Parcels Management Page → Edit Settings to find the Local Parcel Repository Path. See Parcel Locations.

    FUSION_IMPALA should be available to distribute and activate on the Parcels Management Page, remember to click Check for New Parcels button.

  3. Once installed, restart the cluster.

  4. Impala reads on Fusion files should now be available.

5.2.3. Setting the CLASSPATH

In order for Impala to load the Fusion Client jars, the user needs to make a small configuration change in their Impala service, through Cloudera Manager. In Cloudera Manager, the user needs to add an environment variable in the section Impala Service Environment Advanced Configuration Snippet (Safety Valve).

AUX_CLASSPATH='colon-delimited list of all the Fusion client jars'
WD Fusion tree
Figure 12. Classpath configuration for WD Fusion.

5.3. Presto

5.3.1. Presto Interoperability

Presto is an open source distributed SQL query engine for running interactive analytic queries. It can query and interact with multiple data sources, and can be extended with plugins.

Presto requires the use of Java 8, and had internal dependencies on Java library versions that may conflict with those of the Hadoop distribution with which it communicates when using the “hive-hadoop2” plugin. For example, Presto makes use of guava-18.0.jar, while HDP 2.4 uses guava-11.0.2.jar.

5.3.2. Presto and Fusion

WANdisco Fusion leverages a replacement client library when overriding the hdfs:// scheme for access to the cluster file system in order to coordinate that access among multiple clusters. This replacement library is provided in a collection of jar files in the /opt/wandisco/fusion/client/lib directory for a standard installation. These jar files need to be available to any process that accesses the file system using the com.wandisco.fusion.fs.client.FusionHdfs implementation of the Apache Hadoop FileSystem API.

Because Presto requires these classes to be available to the hive-hadoop2 plugin, they must reside in the plugins/hive-hadoop2 directory of the Presto installation. Additionally, the additional JARs made available in that directory must not provide conflicting versions of classes already used by the hive-hadoop2 plugin.

As Fusion uses conflicting versions of some classes (e.g. guava), the Fusion client library used by Presto must be repackaged to avoid such conflicts.

5.3.3. Repackaging the Fusion Client Library

WANdisco have provided a repackaged version of the Fusion 2.9.3.1 client libraries to help demonstrate Fusion-Presto interoperability. Please take note that this is an early access release of the client library that is specifically for Presto DB deployment.

The repackaged client library consists of a single JAR file: fusion-client-bundle-2.9.3.1-hdp-2.4.0-SNAPSHOT-all.jar. This file consists of the classes otherwise made available through the JAR files in the /opt/wandisco/fusion/client/lib directory:

bcprov-jdk15on-1.54.jar
fusion-adk-client-2.9.3.1-hdp-2.4.0.jar
fusion-adk-common-2.9.3.1.jar
fusion-adk-netty-2.9.3.1.jar
fusion-adk-security-2.9.3.1.jar
fusion-client-common-2.9.3.1-hdp-2.4.0.jar
fusion-client-hdfs-2.9.3.1-hdp-2.4.0.jar
fusion-common-2.9.3.1-hdp-2.4.0.jar
guava-11.0.2.jar
netty-all-4.0.23.Final.jar

The three 3rd-party JARs have had their classes repackaged under "shadow" package names in order that they do not conflict with the alternative versions used by Presto. Additionally, the WANdisco Fusion client library has been adjusted to use those versions of the classes under their alternative package names.

WANdisco has made this repackaged client library available for Walmart on fd.wandisco.com.

5.3.4. Using the Repackaged Fusion Client Library with Presto

  1. Place the fusion-client-bundle-2.9.3.1-hdp-2.4.0-SNAPSHOT-all.jar file in the plugins/hive-hadoop2 directory of each Presto server.

  2. Restart the Presto coordinators

It is also important to confirm that the Presto configuration includes the necessary properties to function correctly with the hive-hadoop2 plugin. E.g. (the specific values below will need to be adjusted for the actual environment), but include reference to the WANdisco replicated metastore, the HDP cluster configuration that includes Fusion configuration, and Kerberos-specific information to allow Presto to interoperate with a secured cluster.

connector.name=hive-hadoop2
hive.metastore.uri=thrift://vwang02-vm1.bdfrem.wandisco.com:9084
hive.config.resources=/etc/hadoop/conf/core-site.xml,/etc/hadoop/conf/hdfs-site.xml
hive.metastore.authentication.type=KERBEROS
hive.metastore.service.principal=hive/vwang02-vm1.bdfrem.wandisco.com@WANDISCO.HADOOP
hive.metastore.client.principal=presto/vwang02-vm0.bdfrem.wandisco.com@WANDISCO.HADOOP
hive.metastore.client.keytab=/etc/security/keytabs/presto.keytab
hive.hdfs.authentication.type=KERBEROS
hive.hdfs.impersonation.enabled=true
hive.hdfs.presto.principal=hdfs-VWANG-02@WANDISCO.HADOOP
hive.hdfs.presto.keytab=/etc/security/keytabs/hdfs.headless.keytab

Keytabs and principals will need to be configured correctly, and as the hive-hadoop2 Presto plugin uses YARN for operation, the /user/yarn directory must exist and be writable by the yarn user in all clusters in which Fusion operates.

5.3.5. Presto Configuration

5.3.6. Known Issue

Presto embeds Hadoop configuration defaults into the hive-hadoop2 plugin, including a core-default.xml file that specifies the following property entry:

&lt;property>
  &lt;name>hadoop.security.authentication&lt;/name>
  &lt;value>simple&lt;/value>
  &lt;description>Possible values are simple (no authentication), and kerberos
  &lt;/description>
&lt;/property>

Although Presto allows the hive-hadoop2 plugin to use additional configuration properties (by specifying an entry like the following in a .properties file in the etc/catalog directory:

hive.config.resources=/etc/hadoop/conf/core-site.xml,/etc/hadoop/conf/hdfs-site.xml

This entry allows extra configuration properties to be loaded from a standard Hadoop configuration file, but those entries cannot override setting that are embedded in the core-default.xml that ships with the Presto hive-hadoop2 plugin.

In a kerberized implementation the Fusion client library relies on the ability to read the hadoop.security.authentication configuration property to determine if it should perform a secure handshake with the Fusion server. Without that property defined, the client and server will fail to perform their security handshake, and Presto queries will not succeed.

5.3.7. Workaround

The solution to this issue is to update the core-default.xml file contained in the hive-hadoop2 plugin:

$ mkdir ~/tmp
$ cd ~/tmp
$ jar -xvf <path to…>/presto-server-0.164/plugin/hive-hadoop2/hadoop-apache2-0.10.jar

Edit the core-default.xml file to update the hadoop.security.authentication property so that its value is “kerberos”

$ Jar -uf <path to...>/presto-server-0.164/plugin/hive-hadoop2/hadoop-apache2-0.10.jar core-default.xml

Distribute the hadoop-apache2-0.10.jar to all Presto nodes, and restart the Presto coordinator.

5.4. Oozie

The Oozie service can function with Fusion, running without problem with Cloudera CDH. Under Hortonworks HDP you need to apply the following procedure, after completing the WD Fusion installation:

  1. Open a terminal to the node with root privileges.

  2. Go into Oozie lib directory.

    cd /usr/hdp/current/oozie-server/oozie-server/webapps/oozie/WEB-INF/lib
  3. Create symlink for fusion client jars

    ln -s /opt/wandisco/fusion/client/lib/* /usr/hdp/{hdp_version}/oozie/libext
  4. Open a terminal session as oozie-user and run:

    $ /usr/hdp/current/oozie/bin/oozie-setup.sh prepare war
  5. Restart the oozie sevice and fusion services. Run shareliblist to verify shared library contents. E.g.

    oozie admin -oozie http://<node-ip>:11000/oozie -shareliblist

5.5. Oracle: Big Data Appliance

Each node in an Oracle:BDA deployment has multiple network interfaces, with at least one used for intra-rack communications and one used for external communications. WD Fusion requires external communications so configuration using the public IP address is required instead of using host names.

5.5.1. Prerequisites

  • Knowledge of Oracle:BDA architecture and configuration.

  • Ability to modify Hadoop site configuration.

5.5.2. Required steps

  • Configure WD Fusion to support Kerberos. See Setting up Kerberos

  • Configure WD Fusion to work with NameNode High Availability described in Oracle’s documentation

  • Restart the cluster, WD Fusion and IHC processes. See init.d management script

  • Test that replication between zones is working.

5.5.3. Operating in a multi-homed environment

Oracle:BDA is built on top of Cloudera’s Hadoop and requires some extra steps to support multi-homed network environment.

5.5.4. Running Fusion with Oracle BDA 4.2 / CDH 5.5.1

There’s a known issue concerning configuration and the Cloudera Navigator Metadata Server classpath.

Error message:

2016-04-19 08:50:31,434 ERROR com.cloudera.nav.hdfs.extractor.HdfsExtractorShim [CDHExecutor-0-CDHUrlClassLoader@3bd4729d]: Internal Error while extracting
java.lang.RuntimeException: java.lang.ClassNotFoundException: Class com.wandisco.fs.client.FusionHdfs not found
        at org.apache.hadoop.conf.Configuration.getClass(Configuration.java:2199)

There’s no clear way to override the fs.hdfs.impl setting just for the Navigator Metadata server, as is required for running with WD Fusion.

5.5.5. Fix Script

Use the following fix script to overcome the problem:

CLIENT_JARS=$(for i in $(ls -1 /opt/cloudera/parcels/CDH/lib/hadoop/client/*.jar  | grep -v jsr305 | awk '{print $NF}' ) ; do echo -n $i: ; done)
NAVIGATOR_EXTRA_CLASSPATH=/opt/wandisco/fusion/client/lib/*:/opt/cloudera/parcels/CDH/lib/hadoop/lib/jetty-*.jar:$CLIENT_JARS
echo "NAVIGATOR_EXTRA_CLASSPATH=$NAVIGATOR_EXTRA_CLASSPATH" > ~/navigator_env.txt

The environment variables are provided here - navigator_env.txt

You need to put this in the configuration for the Cloudera Management Service under "Navigator Metadata Server Environment Advanced Configuration Snippet (Safety Valve)". This modification currently needs to be applied whenever you upgrade or downgrade WD Fusion.

5.6. Apache Tez

Apache Tez is a YARN application framework that supports high performance data processing through DAGs. When set up, Tez uses its own tez.tar.gz containing the dependencies and libraries that it needs to run DAGs. For a DAG to access WD Fusion’s fusion:/// URI it needs our client jars:

Configure the tez.lib.uris property with the path to the WD Fusion client jar files.

&lt;property>
  &lt;name>tez.lib.uris&lt;/name>
# Location of the Tez jars and their dependencies.
# Tez applications download required jar files from this location, so it should be public accessible.
  &lt;value>${fs.default.name}/apps/tez/,${fs.default.name}/apps/tez/lib/&lt;/value>
&lt;/property>

5.6.1. Tez with Hive

In order to make Hive with Tez work, you need to append the Fusion jar files in tez.cluster.additional.classpath.prefix under the Advanced tez-site section:

tez.cluster.additional.classpath.prefix = /opt/wandisco/fusion/client/lib/*

e.g. WD Fusion tree

WD Fusion Text
Figure 13. Tez configuration

Running Hortonworks Data Platform, the tez.lib.uris parameter defaults to /hdp/apps/${hdp.version}/tez/tez.tar.gz. So, to add Fusion libs, there are two choices:

Option 1: Delete the above value, and instead have a list including the path where the above gz unpacks to, and the path where Fusion libs are. or Option 2: Unpack the above gz, repack with WD Fusion libs and re-upload to HDFS. Note that both changes are vulnerable to a platform (HDP) upgrade.

5.7. Apache Ranger

Apache Ranger is another centralized security console for Hadoop clusters, a preferred solution for Hortonworks HDP (whereas Cloudera prefers Apache Sentry). While Apache Sentry stores its policy file in HDFS, Ranger uses its own local MySQL database, which introduces concerns over non-replicated security policies.

Ranger also applies its policies to the ecosystem via java plugins into the ecosystem components - the namenode, hiveserver etc. In testing, the WD Fusion client has not experienced any problems communicating with Apache Ranger-enabled platforms (Ranger+HDFS).

Ensure that the Hadoop system user, typically HDFS, has permission to impersonate other users.

<property>
<name>hadoop.proxyuser.hdfs.users</name>
<value>*</value>
</property>
<property>
<name>hadoop.proxyuser.hdfs.groups</name>
<value>*</value>
</property>

5.8. Solr

Apache Solr is a scalable search engine that can be used with HDFS. In this section we cover what you need to do for Solr to work with a WD Fusion deployment.

5.8.1. Minimal deployment using the default hdfs:// URI

Getting set up with the default URI is simple, Solr just needs to be able to find the fusion client jar files that contain the FusionHdfs class.

  1. Copy the Fusion/Netty jars into the classpath. Please follow these steps on all deployed Solr servers. For CDH5.4 with parcels, use these two commands:

cp /opt/cloudera/parcels/FUSION/lib/fusion* /opt/cloudera/parcels/CDH/lib/solr/webapps/solr/WEB-INF/lib
cp /opt/cloudera/parcels/FUSION/lib/netty-all-*.Final.jar /opt/cloudera/parcels/CDH/lib/solr/webapps/solr/WEB-INF/lib
  1. Restart all Solr Servers.

  2. Solr is now successfully configured to work with WD Fusion.

5.8.2. Minimal deployment using the WANdisco "fusion://" URI

This is a minimal working solution with Solr on top of fusion.

Requirements

Solr will use a shared replicated directory.

  1. Symlink the WD Fusion jars into Solr webapp

cd /opt/cloudera/parcels/CDH/lib/solr/webapps/solr/WEB-INF/lib
ln -s /opt/cloudera/parcels/FUSION/lib/fusion* .
ln -s /opt/cloudera/parcels/FUSION/lib/netty-all-4* .
ln -s /opt/cloudera/parcels/FUSION/lib/bcprov-jdk15on-1.52 .
  1. Restart Solr.

  2. Create instance configuration.

$ solrctl instancedir --generate conf1
  1. Edit conf1/conf/solrconfig.xml and replace solr.hdfs.home in directoryFactory definition with actual fusion:/// uri, like fusion:///repl1/solr

  2. Create solr directory and set solr:solr permissions on it.

$ sudo -u hdfs hdfs dfs -mkdir fusion:///repl1/solr
$ sudo -u hdfs hdfs dfs -chown solr:solr fusion:///repl1/solr
  1. Upload configuration to zk.

vvvvvvv$ solrctl instancedir --create conf1 conf1
  1. Create collection on first cluster

$ solrctl collection --create col1 -c conf1 -s 3
Tip
For cloudera fusion.impl.disable.cache = true should be set for Solr servers. (don’t set this options cluster-wide, that will stall the WD Fusion server with an unbounded number of client connections).

5.9. Flume

This set of instructions will set up Flume to ingest data via the fusion:///` URI.

Edit the configuration, set "agent.sources.flumeSource.command" to the path of the source data. Set “agent.sinks.flumeHDFS.hdfs.path” to the replicated directory of one of the DCs. Make sure it begins with fusion:/// to push the files to Fusion and not hdfs.

5.9.1. Prerequisites

  • Create a user in both the clusters 'useradd -G hadoop <username>'

  • Create user directory in hadoop fs 'hadoop fs -mkdir /user/<username>'

  • Create replication directory in both DC’s 'hadoop fs -mkdir /fus-repl'

  • Set permission to replication directory 'hadoop fs -chown username:hadoop /fus-repl'

  • Install and configure WD Fusion.

5.9.2. Setting up Flume through Cloudera Manager

If you want to set up Flume through Cloudera Manager follow these steps:

  1. Download the client in the form of a parcel and the parcel.sha through the UI.

  2. Put the parcel and .sha into /opt/cloudera/parcel-repo on the Cloudera Managed node.

  3. Go to the UI on the Cloudera Manager node. On the main page, click the small button that looks like a gift wrapped box and the FUSION parcel should appear (if it doesn’t, try clicking Check for new parcels and wait a moment)

  4. Install, distribute, and activate the parcel.

  5. Repeat steps 1-4 for the second zone.

  6. Make sure membership and replicated directories are created for sharing between Zones.

  7. Go onto Cloudera Manager’s UI on one of the zones and click Add Service.

  8. Select the Flume Service. Install the service on any of the nodes.

  9. Once installed, go to Flume→Configurations.

  10. Set 'System User' to 'hdfs'

  11. Set 'Agent Name' to 'agent'

  12. Set 'Configuration File' to the contents of the flume.conf configuration.

  13. Restart Flume Service.

  14. Selected data should now be in Zone1 and replicated in Zone2 .To check data was replicated, open a terminal onto one of the DCs and become hdfs user, e.g. su hdfs, and run

hadoop fs -ls /repl1/flume_out"
  1. On both Zones, there should be the same FlumeData file with a long number. This file will contain the contents of the source(s) you chose in your configuration file.

5.10. Spark

It’s possible to deploy WD Fusion with Apache’s high-speed data processing engine. Note that prior to version 2.9.1 you needed to manually add the SPARK_CLASSPATH.

5.10.1. Spark with CDH

There is a known issue where Spark is not picking up Hive-Site.xml, See Hadoop configuration is not localised when submitting job in yarn-cluster mode (Fixed in version 1.4).

You need to manually add it in by either:

  • Copy /etc/hive/conf/hive-site.xml into /etc/spark/conf. or

  • Do one of the following, depending on which deployment mode you are running in:

    Client

    set HADOOP_CONF_DIR to /etc/hive/conf/ (or the directory where hive-site.xml is located).

    Cluster

    add --files=/etc/hive/conf/hive-site.xml (or the path for hive-site.xml) to the spark-submit script.

  • For CDH with parcels, the classpath containing the fusion client needs to be added to the following configuration in the Yarn service:

Gateway Client Environment Advanced Configuration Snippet (Safety Valve) for hadoop-env.sh = HADOOP_CLASSPATH=/opt/cloudera/parcels/$FUSION-PARCEL/lib/*:$HADOOP_CLASSPATH:
  • Deploy configs and restart services.

Using the FusionUri
The fusion:/// URI has a known issue where it complains about "Wrong fs". For now Spark is only verified with FusionHdfs going through the hdfs:/// URI.

5.11. Fusion Spark Interoperability

Spark applications are run on a cluster as independent sets of processes, coordinated by the SparkContext object in the driver program. To run on a cluster, the SparkContext can connect to several types of cluster managers (either Spark’s own standalone cluster manager, Mesos or YARN), which allocate resources across applications. Once connected, Spark acquires executors on nodes in the cluster, which are processes that run computations and store data for your application. Next, it sends your application code (defined by JAR or Python files passed to SparkContext) to the executors. Finally, SparkContext sends tasks to the executors to run.

Spark
Figure 14. Spark operation

With Spark 2.0, the SPARK_CLASSPATH environment variable is deprecated, and the mechanisms available for adding external classes to be available for Spark applications include the spark.driver.extraClassPath and spark.executor.extraClassPath configuration properties. When set, these provide a list of extra classpath entries that are available to code running within the driver program or the executor respectively.

Unlike SPARK_CLASSPATH, these properties do not affect the operation of the Spark history server process, or the code run by the executor when it accesses the cluster file system to obtain the packaged Spark application for execution.While both spark.driver.extraClassPath and spark.executor.extraClassPath can be set as Spark configuration properties on a cluster-wide basis, each can be overridden at the time of Spark job deployment. Additionally, if SPARK_CLASSPATH is set and the spark.executor.extraClassPath property is set, Spark applications will fail to run.

The Spark Context executed by the Spark driver will throw a SparkException, indicating the deprecation of that environment variable, and stating that only spark.executor.extraClassPath should be used. Spark 2.0+ therefore provides no complete, configurable mechanism for affecting the classes available to the Spark history server, the Spark Executor or the Spark Driver program.

5.11.1. Spark and Fusion

WANdisco Fusion uses a replacement client library when overriding the hdfs:// scheme for access to the cluster file system in order to coordinate that access among multiple clusters. This replacement library is provided in a collection of jar files in the /opt/wandisco/fusion/client/lib directory for a standard installation. These jar files need to be available to any process that accesses the file system using the com.wandisco.fusion.fs.client.FusionHdfs implementation of the Apache Hadoop File System API.

Because Spark does not provide a configurable mechanism for making the Fusion classes available to the Spark history server, the Spark Executor or Spark Driver programs, WANdisco Fusion client library classes need to be made available in the existing Spark assembly jar that holds the classes used by these Spark components. This requires updating that assembly jar to incorporate the Fusion client library classes.

5.11.2. Updating the Spark Assembly JAR

This is one of a number of methods that may be employed to provide Fusion-Spark integration. We hope to cover some alternate methods at a later date.

  1. First, make a backup of the original Spark assembly jar:

$ cp /usr/hdp/2.4.2.0-258/spark/lib/spark-assembly-1.6.1.2.4.2.0-258-hadoop2.7.1.2.4.2.0-258.jar /usr/hdp/2.4.2.0-258/spark/lib/spark-assembly-1.6.1.2.4.2.0-258-hadoop2.7.1.2.4.2.0-258.jar.original
$ mkdir /tmp/spark_assembly

Then follow this process to update the Spark assembly jar.

$ mkdir /tmp/spark_assembly
$ cd /tmp/spark_assembly
$ jar -xf /opt/wandisco/fusion/client/lib/bcprov-jdk15on-1.54.jar
$ jar -xf /opt/wandisco/fusion/client/lib/fusion-adk-client-2.9.3.1-hdp-2.4.0.jar
$ jar -xf /opt/wandisco/fusion/client/lib/fusion-adk-common-2.9.3.1.jar
$ jar -xf /opt/wandisco/fusion/client/lib/fusion-adk-netty-2.9.3.1.jar
$ jar -xf /opt/wandisco/fusion/client/lib/fusion-adk-security-2.9.3.1.jar
$ jar -xf /opt/wandisco/fusion/client/lib/fusion-client-common-2.9.3.1-hdp-2.4.0.jar
$ jar -xf /opt/wandisco/fusion/client/lib/fusion-client-hdfs-2.9.3.1-hdp-2.4.0.jar
$ jar -xf /opt/wandisco/fusion/client/lib/fusion-common-2.9.3.1-hdp-2.4.0.jar
$ jar -xf /opt/wandisco/fusion/client/lib/guava-11.0.2.jar
$ jar -xf /opt/wandisco/fusion/client/lib/netty-all-4.0.23.Final.jar

jar -uf \ /usr/hdp/2.4.2.0-258/spark/lib/spark-assembly-1.6.1.2.4.2.0-258-hadoop2.7.1.2.4.2.0-258.jar com/** io/** org/**
  1. You now have both the original Spark assembly jar (with the extension “.original”) and a version with the Fusion client libraries available in it. The updated version needs to be made available on each node in the cluster in the /usr/hdp/2.4.2.0-258/spark/lib directory.

  2. If you need to revert to the original Spark assembly jar, simply copy it back in place on each node in the cluster.

5.11.3. Spark Configuration

With the updated spark assembly jar, Fusion does not require any modification to the cluster SPARK_CLASSPATH environment variable, the spark.driver.extraClassPath and spark.executor.extraClassPath can also be left unset. This will require removing any modifications made to the spark-env.sh script by the WANdisco Fusion installer, leaving it in its original state, and removing any Ambari configuration properties created or modified for Fusion in the Custom spark-defaults section.

Spark
Figure 15. Custom Spark Defaults
  1. Once the custom spark-defaults and the spark-env.sh script have been restored to their original state, the Spark services should be restarted on the cluster, and you should validate that the Spark history server is running. A simple test to then validate Spark operation is to run a sample Spark job.

  2. As an appropriate user:

$ cd /usr/hdp/current/spark-client/
$ ./bin/spark-submit --master yarn-master --num-executors 3 --driver-memory 512m --executor-memory 512m --executor-cores 1 --deploy-mode cluster --class org.apache.spark.examples.SparkPilib/spark-examples*.jar 10

Other use of Spark should function as normal. Spark jobs have full access to the cluster file system via HDFS, mediated and coordinated by WANdisco Fusion.

5.12. HBase (Cold Back-up mode)

It’s possible to run HBase in a cold-back-up mode across multiple data centers using WD Fusion, so that in the event of the active HBase node going down, you can bring up the HBase cluster in another data centre, etc. However, there will be unavoidable and considerable inconsistency between the lost node and the awakened replica. The following procedure should make it possible to overcome corruption problems enough to start running HBase again, however, since the damage dealt to underlying filesystem might be arbitrary, it’s impossible to account for all possible corruptions.

5.12.1. Requirements

For HBase to run with WD Fusion, the following directories need to be created and permissioned, as shown below:

Table 1. Table of requirements

platform

path

permission

CDH5.x

/user/hbase

hbase:hbase

HDP2.x

/hbase /user/hbase
Known problem: permissions error blocks HBase repair.

Error example:

2016-09-22 17:14:43,617 WARN  [main] util.HBaseFsck: Got AccessControlException when preCheckPermission

org.apache.hadoop.security.AccessControlException: Permission denied: action=WRITE path=hdfs://supp16-vm0.supp:8020/apps/hbase/data/.fusion user=hbase

        at org.apache.hadoop.hbase.util.FSUtils.checkAccess(FSUtils.java:1685)
        at org.apache.hadoop.hbase.util.HBaseFsck.preCheckPermission(HBaseFsck.java:1606)
        at org.apache.hadoop.hbase.util.HBaseFsck.exec(HBaseFsck.java:4223)
        at org.apache.hadoop.hbase.util.HBaseFsck$HBaseFsckTool.run(HBaseFsck.java:4063)
        at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
        at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:84)

You can configure the root path for all .fusion directories associated with distributed state machines.

Customizable DSM token directories

Dsm Token Directory

Configuration Parameter

LocalFs (HCFS)

fusion.dsmToken.dir

S3

fs.fusion.s3.dsmTokenDir

Swift

fs.fusion.swift.dsmTokenDir

These can be set in the respective configurations to change the location of the .fusion directory. It is important to note that the configuration and same path must be added to all fusion servers in all zones if used.

5.12.2. Procedure

The steps below provide a method of handling a recovery using a cold back-up. Note that multiple HMaster/region servers restarts might be needed for certain steps, since hbck command generally requires master to be up, which may require fixing filesystem-level inconsistencies first.

  1. Delete all recovered.edits folder artifacts from possible log splitting for each table/region. This might not be strictly necessary, but could reduce the numbers of errors observed during startup.

hdfs dfs -rm /apps/hbase/data/data/default/TestTable/8fdee4924ac36e3f3fa430a68b403889/recovered.edits
  1. Detect and clean up (quarantine) all corrupted HFiles in all tables (including system tables - hbase:meta and hbase:namespace). Sideline option forces hbck to move corrupted HFiles to a special .corrupted folder, which could be examined/cleanup up by admins:

hbase hbck -checkCorruptHFiles -sidelineCorruptHFiles
  1. Attempt to rebuild corrupted table descriptors based on filesystem information:

hbase hbck -fixTableOrphans
  1. General recovery step - try to fix assignments, possible region overlaps and region holes in HDFS - just in case:

hbase hbck -repair
  1. Clean up ZK. This is particularly necessary if hbase:meta or hbase:namespace were messed up (note that exact name of ZK znode is set by cluster admin).

hbase zkcli rmr /hbase-unsecure

Final step to correct metadata-related errors

hbase hbck -metaonly
hbase hbck -fixMeta

5.13. Apache Phoenix

The Phoenix Query Server provides an alternative means for interaction with Phoenix and HBase. When WD Fusion is installed, the Phoenix query server may fail to start. The following workaround will get it running with Fusion.

  1. Open up phoenix_utils.py, comment out

#phoenix_class_path = os.getenv('PHOENIX_LIB_DIR','')

and set Wandisco Fusion’s classpath instead (using the client jar file as a colon separated string). e.g.

def setPath():
PHOENIX_CLIENT_JAR_PATTERN = "phoenix-*-client.jar"
PHOENIX_THIN_CLIENT_JAR_PATTERN = "phoenix-*-thin-client.jar"
PHOENIX_QUERYSERVER_JAR_PATTERN = "phoenix-server-*-runnable.jar"
PHOENIX_TESTS_JAR_PATTERN = "phoenix-core-*-tests*.jar"

# Backward support old env variable PHOENIX_LIB_DIR replaced by PHOENIX_CLASS_PATH
global phoenix_class_path
#phoenix_class_path = os.getenv('PHOENIX_LIB_DIR','')
phoenix_class_path = "/opt/wandisco/fusion/client/lib/fusion-client-hdfs-2.6.7-hdp-2.3.0.jar:/opt/wandisco/fusion/client/lib/fusion-client-common-2.6.7-hdp-2.3.0.jar:/opt/wandisco/fusion/client/lib/fusion-netty-2.6.7-hdp-2.3.0.jar:/opt/wandisco/fusion/client/lib/netty-all-4.0.23.Final.jar:/opt/wandisco/fusion/client/lib/guava-11.0.2.jar:/opt/wandisco/fusion/client/lib/fusion-common-2.6.7-hdp-2.3.0.jar"
if phoenix_class_path == "":
phoenix_class_path = os.getenv('PHOENIX_CLASS_PATH','')
  1. Edit queryserver.py, change the Java construction command to look like the one below by appending the phoenix_class_path to it within the "else" portion of java_home :

if java_home:
    java = os.path.join(java_home, 'bin', 'java')
else:
    java = 'java'

#    " -Xdebug -Xrunjdwp:transport=dt_socket,address=5005,server=y,suspend=n " + \
#    " -XX:+UnlockCommercialFeatures -XX:+FlightRecorder -XX:FlightRecorderOptions=defaultrecording=true,dumponexit=true" + \
java_cmd = '%(java)s -cp ' + hbase_config_path + os.pathsep + phoenix_utils.phoenix_queryserver_jar + os.pathsep + phoenix_utils.phoenix_class_path + \
    " -Dproc_phoenixserver" + \
    " -Dlog4j.configuration=file:" + os.path.join(phoenix_utils.current_dir, "log4j.properties") + \
    " -Dpsql.root.logger=%(root_logger)s" + \
    " -Dpsql.log.dir=%(log_dir)s" + \
    " -Dpsql.log.file=%(log_file)s" + \
    " " + opts + \

5.14. Deploying WD Fusion into a LocalFileSystem

5.14.1. Installer-based LocalFileSystem Deployment

The following procedure covers the installation and setup of WD Fusion deployed over the LocalFileSystem. This requires an administrator to enter details throughout the procedure. Once the initial settings are entered through the terminal session, the deployment to the LocalFileSystem is then completed through a browser.

  1. Open a terminal session on your first installation server. Copy the WD Fusion installer script into a suitable directory.

  2. Make the script executable, e.g.

    chmod +x fusion-ui-server-<version>_rpm_installer.sh
  3. Execute the file with root permissions, e.g.

    sudo ./fusion-ui-server-<version>_rpm_installer.sh
  4. The installer will now start. You will be asked if you wish to continue with the installation. Enter Y to continue.

    LocalFS figure 1.
    Figure 16. LocalFS Installer starts
  5. The installer performs some basic checks and lets you modify the Java heap settings. The heap settings apply only to the WD Fusion UI.

    INFO: Using the following Memory settings for the WANDISCO Fusion Admin UI process:
    
    INFO: -Xms128m -Xmx512m
  6. Do you want to use these settings for the installation? (Y/n) y

    The default values should be fine for evaluation, although you should review your system resource requirements for production. Enter Y to continue.

    WD Fusion tree
    Figure 17. LocalFS Settings confirmation

    Select the localfs platform and then enter a username and password that you will use to login to the WD Fusion web UI.

    Which port should the UI Server listen on [8083]:
     Please specify the appropriate platform from the list below:
    
     [0] localfs-2.7.0
    
     Which Fusion platform do you wish to use? 0
     You chose localfs-2.7.0:2.7.0
     Please provide an admin username for the Fusion web ui: admin
     Please provide an admin password for the Fusion web ui: ************
    WD Fusion tree
    Figure 18. LocalFS Platform
  7. Provide a system user account for running WD Fusion. Following the on-screen instructions, you should set up an account called 'fusion' when running the default LocalFS setup.

    We strongly advise against running Fusion as the root user.
    
    For default LOCALFS setups, the user should be set to 'fusion'. However, you should choose a user appropriate for running HDFS commands on your system.
    
    Which user should fusion run as? [fusion] *fusion*
  8. Click Enter to accept 'fusion' or enter another suitable system account.

  9. Now choose a suitable group, again 'fusion' is the default.

    Please choose an appropriate group for your system. By default LOCALFS uses the 'fusion' group.
    
    Which group should Fusion run as? [fusion] fusion
  10. You will get a summary of the all the configuration that you have so far entered. Give it a check before you continue.

    WD Fusion tree
    Figure 19. LocalFS Summary
  11. The installation process will complete. The final configuration steps will not be done over the web UI. Follow the on-screen instructions for where to point your browser, i.e. http://your-server-IP:8083/

    WD Fusion tree
    Figure 20. LocalFS Packages

    In the first "Welcome" screen you’re asked to choose between Create a new Zone and Add to an existing Zone. Make your selection as follows:

    Adding a new WD Fusion cluster

    Select Add Zone.

    Adding additional WD Fusion servers to an existing WD Fusion cluster

    Select Add to an existing Zone.

    WD Fusion
    Figure 21. LocalFS GUI installer
  12. Run through the installer’s detailed Environment checks. For more details about exactly what is checked in this stage, see Environmental Checks in the Deployment Appendix.

    WD Fusion
    Figure 22. LocalFS Environmental checks
  13. On clicking Validate, any element that fails the check should be addressed before you continue the installation.

    WD Fusion
    Figure 23. LocalFS Environmental checks validated

    Warnings may be ignored for the purposes of completing the installation, especially if the installation is only for evaluation purposes and not for production. However, when installing for production, you should also address all warnings, or at least take note of them and exercise due care if you continue the installation without resolving and revalidating. Click Next Step to continue.

  14. Click on Select file and then navigate to the license file provided by WANdisco.

    WD Fusion
    Figure 24. LocalFS installer - license
  15. Click on Upload to validate the license file.

    WD Fusion
    Figure 25. LocalFS installer - select / upload license
  16. Providing the license file is validated successfully, you will see a summary of what features are provided under the license.

    WD Fusion
    Figure 26. LocalFS installer - Agree

    Click on the I agree to the EULA to continue, then click Next Step.

  17. Enter settings for the WD Fusion server.

    WD Fusion
    Figure 27. LocalFS installer - server
    Fusion Server Max Memory (GB)

    Enter the maximum Java Heap value for the WD Fusion server. We recommend that for production you should top out with at least 16GB.

    Umask (currently 022)

    Set the default permissions applied to newly created files. The value 022 results in default directory permissions 755 and default file permissions 644. This ensures that the installation will be able to start up/restart.

Advanced options
Only apply these options if you fully understand what they do. The following advanced options provide a number of low level configuration settings that may be required for installation into certain environments. The incorrect application of some of these settings could cause serious problems, so for this reason we strongly recommend that you discuss their use with WANdisco’s support team before enabling them.
Custom UI hostname

Lets you set a custom hostname for the Fusion UI, distinct from the communication.hostname which is already set as part of the install and used by WD Fusion nodes to connect to the Fusion server.

Custom UI Port

Lets to change WD Fusion UI’s default port, in case it is assigned elsewhere, e.g. Cloudera’s headamp debug server also uses it.

5.14.2. IHC Server

WD Fusion
Figure 28. LocalFS installer - IHC Server
Maximum Java heap size (GB)

Enter the maximum Java Heap value for the WD Inter-Hadoop Communication server. We recommend that for production you should top out with at least 16GB.

IHC Network Interface

The address on which the IHC (Inter-Hadoop Connect) server will be located on. Once all settings have been entered, click Next step.

  1. Next, you will enter the settings for your new Zone.

WD Fusion
Figure 29. LocalFS installer - Zone information

5.14.3. Zone Properites

Entry fields for zone properties

Fully Qualified Domain Name

the full hostname for the server.

Node ID

A unique identifier that will be used by WD Fusion UI to identify the server.

DConE Port

TCP port used by WD Fusion for replicated traffic.

Zone Name

The name used to identify the zone in which the server operates.

Add an entry for the EC2 node in your host file
You need to ensure that the hostname of your EC2 machine has been added to the /etc/hosts file of your LocalFS server node. If you don’t do this then, currently you get an error when you start the node:
Could not resolve Kerberos principal name: java.net.UnknownHostException: ip-10-0-100-72: ip-10-0-100-72" exception

5.14.4. File System Information

Configuration for the local file system:

FSI
Figure 30. LocalFS installer - Security
Use Kerberos for file system access

Tick this check-box to enable Kerberos authentication on the local filesystem.

Kerberos Token Directory

This defines what the root token directory should be for the Kerberos Token field. This is only set if you are using LocalFileSystem with Kerberos and want to target the token creations within the NFS directory and not on just the actual LocalFileSystem. If left unset it will default to the original behavior; which is to create tokens in the /user/<username>/ directory.

The installer will validate that the directory given or that is set by default (if you leave the field blank), can be written to by WD Fusion. Configuration file path:: System path to the Kerberos configuration file, e.g. /etc/krb5.conf Keytab file path:: System path to your generated keytab file, e.g. /etc/krb5.keytab

Name and place the keytab where you like
These paths and file names can be anything you like, providing they are the consistent with your field entries.
  1. Review the summary. Click Validate to continue.

    FSI
    Figure 31. LocalFS installer - Summary
  2. In the next step you must complete the installation of the WD Fusion client package on all the existing HDFS client machines in the cluster. The WD Fusion client is required to support data WD Fusion’s replication across the Hadoop ecosystem.

    FSI
    Figure 32. LocalFS installer - Clients

    In this case, download the client RPM file. Leave your browser session running while you do this, we haven’t finished yet.

  3. For localFS deployments, download the client RPM manually onto each client system, in the screenshot we use wget to copy the file into place.

    FSI
    Figure 33. LocalFS installer - CLI download Clients

    Ensure that the client install file has suitable permissions to run. Then use your package manager to install the client.

    yum install -y fusion-localfs-2.7.0-client-localfs-2.6.4.1.e16-1510.noarch.rpm
    FSI
    Figure 34. LocalFS installer - Clients

    Once the client has successfully installed you will see a verification message.

    FSI
    Figure 35. LocalFS installer - Summary

    It’s now time to return to the browser session and startup WDFusion UI for the first time. Click Start WD Fusion.

    Once started we now complete the final step of installer’s configuration steps, Induction.WD Fusion tree.

    FSI
    Figure 36. Induction

    For the first node you will miss this step out. For all the following node installations you will provide the FQDN or IP address and port of this first node. (In fact you can complete induction by referring to any node that has itself completed induction.)

    "Could not resolved Kerberos principal" error
    You need to ensure that the hostname of your EC2 machine has been added to the /etc/hosts file of your LocalFS server.
  4. Login to WD Fusion UI using the admin username and password that you provided during the installation. See step 6.

    FSI
    Figure 37. Induction
  5. The installation of your first node is now complete. You can find more information about working with the WD Fusion UI in the Admin section of this guide.

5.15. Notes on user settings

When using LocalFileSystem, you can only support 1 single user. This means when you configure the WD Fusion Server’s process owner, that process owner should also be the process owner of the IHC server, the Fusion UI server, and the client user that will be used to perform any puts.

Fusion under LocalFileSystem only supports 1 user
Again, Fusion under LocalFileSystem only supports 1 user (on THAT side; you don’t have to worry about the other DCs). To assist administrators the LocalFS RPM comes with Fusion and Hadoop shell, so that it is possible to run suitable commands from either. E.g.
hadoop fs -ls /
fusion fs -ls /

Using the shell is required for replication.

5.16. Running with Apache HAWQ

In order to get Hawq to work with fusion HDFS client libs there needs to be an update made to the pxf classpath. This can be done in Ambari through the "Advanced pxf-public-classpath" setting adding an entry to the client lib path:

/opt/wandisco/fusion/client/lib/*

5.17. KMS / TDE Encryption and Fusion

TDE (Transparent Data Encryption) is available to enhance their data security. TDE uses Hadoop KMS (Key Management Server) and is typically done using Ranger KMS (in Hortonworks / Ambari installs) or Navigator Key Trustee (Cloudera installs).

In simple terms, a security / encryption key or EEK (encrypted encryption key) is used to encrypt the HDFS data that is physical stored to disk. This encryption occurs within the HDFS client, before the data is transported to the datanode.

The key management server (KMS) centrally holds these EEKs in an encrypted format. ACL (access control lists) defines what users/groups are permitted to do with these keys. This includes creating keys, deleting keys, rolling over (re-encrypting the EEK, not changing the EEK itself), obtaining the EEK, listing the key or keys and so on.

Data encrypted in HDFS is split into encrypted zones. This is the act of defining a path (e.g. /data/warehouse/encrypted1) and specifying which EEK is used to to protect this zone (i.e. the key used to encrypt / decrypt the data). A zone is configured with a single key, but different zones can have different keys. Not all of HDFS needs to be encrypted, only the specific zones (and all sub-directories of that zone) an admin defines are.

A user then needs to be granted appropriate ACL access to a get (specifically the "Get Metadata" and "Decrypt EEK" permissions) the EEK needed, to read / write from the zone.

Wandisco Fusion runs as a HDFS user just like any other user. As such, Fusion will need permissions in order to read / write to an encrypted zone.

Fusion may want to write metadata (consistency check, repair and other meta operations), tokens or other items for administrative reasons which may fall under an encrypted zone. Depending on configuration and requirements, repair itself will be writing data thus needs access.

Additionally, KMS provides its own Proxyuser implementation which is separate to the HDFS proxyusers. Although this works in the same, defining who is permitted to impersonate another user whilst working with EEKs.

To add complication. The "hdfs" user is typically blacklisted from performing the "Decrypt EEK" function by default. The fact "hdfs" is a superuser means they wield great power in the cluster. That does not mean they are superuser in KMS. As "hdfs" is commonly the default user of choice to use to fix things in HDFS (given the simple fact it overrides permissions), it seems wise to prevent such authority to access EEKs by default. Note: Cloudera also seems to blacklist the group "supergroup" which is the group defined as the superusergroup. That is, any users added to "supergroup" become superusers, however they then also automatically get blacklisted from being able to perform EEK operations.

5.17.1. Configuring Fusion

To configure Fusion for access to encrypted zones, two aspects need to be considered:

  1. The local user that Fusion runs as in HDFS (after kerberos auth_to_local mapping) must be able to access and decrypt EEKs.

  2. Although other users will be performing the requests themselves, the Fusion server will proxy that request. As such, a proxyuser within the KMS configs for the Fusion user must also be provided.

5.17.2. Step-by-step guide

The following items need to be considered within KMS configuration to ensure Fusion has access:

The kms-site configuration (such as Advanced kms-site in Ambari) contains its own auth_to_local type parameter called “hadoop.kms.authentication.kerberos.name.rules”

Ensure that any auth_to_local mapping used for the Fusion principal is also contained here. This can be most easily achieved via simple copy/paste from core-site.xml.

The kms-site configuration (such as Custom kms-site in Ambari) contains proxyuser paramaters such as

hadoop.kms.proxyuser.USERNAME.hosts
hadoop.kms.proxyuser.USERNAME.groups
hadoop.kms.proxyuser.USERNAME.users

Entries should be created for the local Fusion user (after auth_to_local translation) to allow Fusion to proxy / impersonate other users requests. This could be as simple as.

hadoop.kms.proxyuser.USERNAME.hosts=fusion.node1.hostname,fusion.node2.hostname
hadoop.kms.proxyuser.USERNAME.groups=*
hadoop.kms.proxyuser.USERNAME.users =*

In the dbks-site configuration, the parameter hadoop.kms.blacklist.DECRYPT_EEK exists. Ensure this does not contain the username that Fusion uses (after auth_to_local translation).

In the KMS ACLs, such as using Ranger KMS, ensure that the Fusion user (after auth_to_local translation) has "Get Metadata" and "Decrypt EEK" permissions to keys.

This could be granted access to all keys. This will avoid a need to review rules when new keys are added. However, Fusion will only need these permissions to keys that apply to zones that fall within a replicated path. Consideration is needed here based on the user that Fusion has been configured as - either "hdfs" will need access to EEKs, OR the fusion user will need access, OR the supergroup could be given access to EEKs (it is enabled by default on Ambari but disabled on CDH), and then make the Fusion user a member of the supergroup.

5.17.3. Troubleshooting

If you do not perform the correct configuration, both local operations (as performed by a client) and / or the replicated actions may fail when the Fusion client is invoked. This should only apply to replicated paths.

So to troubleshoot:

  1. Perform the same command without Fusion (use the -D "fs.hdfs.impl=org.apache.hadoop.hdfs.DistributedFileSystem" parameter if running basic HDFS CLI tests). If clients can read/write encrypted content without Fusion, this points to misconfiguration in the above.

  2. Test with an encrypted but non-replicated folder through Fusion client. If this works, but replicated folder does not, this suggests issues on the remote cluster.

  3. Look in client side application / service logs for permissions issues. (This may be mapreduce, Hive, HBase Region Server logs etc). This may require debug logging being enabled temporarily.

  4. Search for the path / file under investigation; you are looking for KMS ACL exceptions.

6. Deployment Appendix

The appendix section contains extra help and procedures that may be required when running through a WD Fusion deployment.

6.1. Environmental Checks

During the installation, your system’s environment is checked to ensure that it will support WANdisco Fusion, the Environment checks are intended to catch basic compatibility issues, especially those that may appear during an early evaluation phase. The checks are not intended to replace carefully running through the Deployment Checklist.

Operating System

The WD Fusion installer verifies that you are installing onto a system that is running on a compatible operating system.
See the Operating system section of the Deployment Checklist, although the current supported distributions of Linux are listed here:

Supported Operating Systems

  • RHEL 6 x86_64

  • RHEL 7 x86_64

  • Oracle Linux 6 x86_64

  • Oracle Linux 7 x86_64

  • CentOS 6 x86_64

  • CentOS 7 x86_64

  • Ubuntu 12.04LTS

  • Ubuntu 14.04LTS

  • SLES 11 x86_64

    Architecture
  • 64-bit only

Java:

The WD Fusion installer verifies that the necessary Java components are installed on the system.The installer checks:

  • Env variables: JRE_HOME, JAVA_HOME and runs the which java command.

  • Version: 1.7/1.8 recommended. Must be at least 1.7.

  • Architecture: JVM must be 64-bit.

  • Distribution: Must be from Oracle. See Oracle’s Java Download page.

For more information about JAVA requirements, see the Java section of the Deployment Checklist.

Kerberos Relogin Failure with Hadoop 2.6.0 and JDK7u80 or later

Hadoop Kerberos relogin fails silently due to HADOOP-10786. This impacts Hadoop 2.6.0 when JDK7u80 or later is used (including JDK8).

Users should downgrade to JDK7u79 or earlier, or upgrade to Hadoop 2.6.1 or later.

ulimit

The WD Fusion installer verifies that the system’s maximum user processes and maximum open files are set to 64000.
For more information about setting, see the File descriptor/Maximum number of processes limit on the Deployment Checklist.

System memory and storage

WD Fusion’s requirements for system resources are split between its component parts, WD Fusion server, Inter-Hadoop Communication servers (IHCs) and the WD Fusion UI, all of which can, in principle be either collocated on the same machine or hosted separately.
The installer will warn you if the system on which you are currently installing WD Fusion is falling below the requirement. For more details about the RAM and storage requirements, see the Memory and Storage sections of the Deployment Checklist.

Compatible Hadoop flavour

WD Fusion’s installer confirms that a compatible Hadoop platform is installed. Currently, it takes the Cluster Manager detail provided on the Zone screen and polls the Hadoop Manager (CM or Ambari) for details. The installation can only continue if the Hadoop Manager is running a compatible version of Hadoop.
See the Deployment Checklist for Supported Versions of Hadoop

HDFS service state

WD Fusion validates that the HDFS service is running. If it is unable to confirm the HDFS state a warning is given that will tell you to check the UI logs for possible errors.
See the Logs section for more information.

HDFS service health

WD Fusion validates the overall health of the HDFS service. If the installer is unable to communicate with the HDFS service then you’re told to check the WD Fusion UI logs for any clues.
See the Logs section for more information.

HDFS maintenance mode

WD Fusion looks to see if HDFS is currently in maintenance mode. Both Hortonworks and Ambari support this mode for when you need to make changes to your Hadoop configuration or hardware, it suppresses alerts for a host, service, role or, if required, the entire cluster.

WD Fusion node running as a client

We validate that the WD Fusion server is configured as a HDFS client.

HTTP Server Port

Validates whether the port number that you entered is free and can be bound.

HTTPS Server Port

Validates whether the port number that you entered is free and can be bound.

Fusion DConE Port Validation

Validates whether the port number is free and can be bound.

6.2. Client Installations

6.2.1. Client Installation with RPMs

The WD Fusion installer doesn’t currently handle the installation of the client to the rest of the nodes in the cluster. You need to go through the following procedure:

In the Client Installation section of the installer you will see line "Download a list of your client nodes" along with links to the client RPM packages.

membership
Figure 38. client list link

RPM package location
If you need to find the packages after leaving the installer page with the link, you can find them in your installation directory, here:

/opt/wandisco/fusion-ui-server/ui/client_packages

If you are installing the RPMs, download and install the package on each of the nodes that appear on the list from step 1.

Installing the client RPM is done in the usual way:

rpm -i <package-name>

6.2.2. Install checks

  • First, we check if we can run hadoop classpath, in order to complete the installation.

  • If we’re unable to run hadoop classpath then we check for HADOOP_HOME and run the Hadoop classpath from that location.

  • If the checks cause the installation to fail, you need to export HADOOP_HOME and set it so that the hadoop binary is available at $HADOOP_HOME/bin/hadoop, e.g.

    export HADOOP_HOME=/opt/hadoop/hadoop
    export HIVE_HOME=/opt/hadoop/hive
    export PATH=$HADOOP_HOME/bin:$HIVE_HOME/bin

HDP2.1/Ambari 1.6: Start services after installation
When installing clients via RPM into HDP2.1/Ambari 1.6., ensure that you restart services in Ambari before continuing to the next step.

6.2.3. Installation with DEB

Debian not supported
Although Ubuntu uses Debian’s packaging system, currently Debian itself is not supported. Note: Hortonworks HDP does not support Debian.

If you are running with an Ubuntu Linux distribution, you need to go through the following procedure for installing the clients using Debian’s DEB package:

  1. In the Client Installation section of the installer you will see the link to the list of nodes here and the link to the client DEB package.

    DEB package location
    If you need to find the packages after leaving the installer page with the link, you can find them in your installation directory, here:

/opt/wandisco/fusion-ui-server/ui/client_packages
  1. To install WANdisco Fusion client, download and install the package on each of the nodes that appear on the list from step 1.

  2. You can install it using

    sudo dpkg -i /path/to/deb/file

    followed by

    sudo apt-get install -f

    Alternatively, move the DEB file to /var/cache/apt/archives/ and then run

    apt-get install <fusion-client-filename.deb>

6.2.4. Client Installation with Parcels

For deployments into Cloudera clusters, clients can be installed using Cloudera’s own packaging format: Parcels.

Parcel Locations

By default local parcels are stored on the Cloudera Manager Server:/opt/cloudera/parcel-repo. To change this location, follow the instructions in Configuring Server Parcel Settings.

The location can be changed by setting the parcel_dir property in /etc/cloudera-scm-agent/config.ini file of the Cloudera Manager Agent and restart the Cloudera Manager Agent or by following the instructions in Configuring the Host Parcel Directory.

Don’t link to /usr/lib/
The path to the CDH libraries is /opt/cloudera/parcels/CDH/lib instead of the usual /usr/lib. We strongly recommend that you don’t link /usr/lib/ elements to parcel deployed paths, as some scripts distinguish between the two paths.
Installing the parcel
  1. Open a terminal session to the location of your parcels repository, it may be your Cloudera Manager server, although the location may have been customized. Ensure that you have suitable permissions for handling files.

  2. Download the appropriate parcel and sha for your deployment.

    wget "http://fusion.example.host.com:8083/ui/parcel_packages/FUSION-<version>-cdh5.<version>.parcel"
    wget "http://node01-example.host.com:8083/ui/parcel_packages/FUSION-<version>-cdh5.<version>.parcel.sha"
  3. Change the ownership of the parcel and .sha files so that they match the system account that runs Cloudera Manager:

    chown cloudera-scm:cloudera-scm FUSION-<version>-cdh5.<version>.parcel*
  4. Move the files into the server’s local repository, i.e.

    mv FUSION-<version>-cdh5.<version>.parcel* /opt/cloudera/parcel-repo/
  5. Open Cloudera Manager and navigate to the Parcels screen.
    WD Fusion tree

    New Parcels check.

  6. The WD Fusion client package is now ready to distribute.
    WD Fusion tree

  7. Click on the Distribute button to install WANdisco Fusion from the parcel.
    image::parcels04.png[WD Fusion tree,title="Distribute Parcels"]

  8. Click on the Activate button to activate WANdisco Fusion from the parcel.

    WD Fusion tree
    Figure 39. Distribute Parcels
  9. The configuration files need redeploying to ensure the WD Fusion elements are put in place correctly. You will need to check Cloudera Manager to see which processes will need to be restarted in order for the parcel to be deployed. Cloudera Manager provides a visual cue about which processes will need a restart.

    Important
    To be clear, you must restart the services, it is not sufficient to run the "Deploy client configuration" action.

    WD Fusion tree
    Figure 40. Restarts

    WD Fusion uses Hadoop configuration files associated with the Yarn Gateway service and not HDFS Gateway. WD Fusion uses config files under /etc/hadoop/conf and CDH deploys the Yarn Gateway files into this directory.

Replacing earlier parcels?

If you are replacing an existing package that was installed using a parcel, once the new package is activated you should remove the old package through Cloudera Manager. Use the Remove From Host button.

WD Fusion tree

Installing HttpFS with parcels

HttpFS is a server that provides a REST HTTP gateway supporting all HDFS File System operations (read and write). And it is interoperable with the webhdfs REST HTTP API.

While HttpFS runs fine with WD Fusion, there is an issue where it may be installed without the correct class paths being put in place, which can result in errors when running Mammoth test scripts.

Example errors
Running An HttpFS Server Test -- accessing hdfs directory info via curl requests
Start running httpfs test
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
WWW-Authenticate: Negotiate
Set-Cookie: hadoop.auth=; Path=/; Expires=Thu, 01-Jan-1970 00:00:00 GMT; HttpOnly
Content-Type: text/html;charset=utf-8
Content-Length: 997
Date: Thu, 04 Feb 2016 16:06:52 GMT

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Set-Cookie: hadoop.auth="u=oracle&p=oracle/bdatestuser@UATBDAKRB.COM&t=kerberos&e=1454638012050&s=7qupbmrZ5D0hhtBIuop2+pVrtmk="; Path=/; Expires=Fri, 05-Feb-2016 02:06:52 GMT; HttpOnly
Content-Type: application/json
Transfer-Encoding: chunked
Date: Thu, 04 Feb 2016 16:06:52 GMT
Connection: close

{"RemoteException":{"message":"java.lang.ClassNotFoundException: Class com.wandisco.fs.client.FusionHdfs not found","exception":"RuntimeException","javaClassName":"java.lang.RuntimeException"}}
Workaround

Once the parcel has been installed and HDFS has been restarted, the HttpFS service must also be restarted. Without this follow-on restart you will get missing class errors. This impacts only the HttpFS service, rather than the whole HDFS subsystem.

6.2.5. Fusion Client installation with HDP Stack / Pivotal HD / IBM BigInsights

For deployments into Hortonworks HDP/Ambari/IBM BigInsights cluster, version 1.7 or later. Clients can be installed using Hortonwork’s own packaging format: HDP Stack. This approach always works for Pivotal HD.

Ambari 1.6 and earlier
If you are deploying with Ambari 1.6 or earlier, don’t use the provided Stacks, instead use the generic RPMs.

Ambari 1.7
If you are deploying with Ambari 1.7, take note of the requirement to perform some necessary restarts on Ambari before completing an installation.

Ambari 2.0
When adding a stack to Ambari 2.0 (any stack, not just WD Fusion client) there is a bug which causes the YARN parameter yarn.nodemanager.resource.memory-mb to reset to a default value for the YARN stack. This may result in the Java heap dropping from a manually-defined value, back to a low default value (2Gb). Note that this issue is fixed from Ambari 2.1.

Upgrading Ambari
When running Ambari prior to 2.0.1, we recommend that you remove and then reinstall the WD Fusion stack if you perform an update of Ambari. Prior to version 2.0.1, an upgraded Ambari refuses to restart the WD Fusion stack because the upgrade may wipe out the added services folder on the stack.

If you perform an Ambari upgrade and the Ambari server fails to restart , the workaround is to copy the WD Fusion service directory from the old to the new directory, so that it is picked up by the new version of Ambari, e.g.:

cp -R /var/lib/ambari-server/resources/stacks_25_08_15_21_06.old/HDP/2.2/services/FUSION /var/lib/ambari-server/resources/stacks/HDP/2.2/services

Again, this issue doesn’t occur once Ambari 2.0.1 is installed.

HDP 2.3/Ambari 2.1.1 install
There’s currently a problem that can block the installation of the WD Fusion client stack. If the installation of the client service gets stuck at the "Customize Service" step, you may need to use a workaround:

  • If possible, restart the sequence again, if the option is not available, because the Next button is disabled, or it doesn’t work try the next workaround.

  • Try installing the client RPMs.

  • Install the WD Fusion client service manually, using the Ambari API.

6.2.6. Install & Start the service via Ambari’s API

Make sure the service components are created and the configurations attached by making a GET call, e.g.

http://<ambari-server-host>:8080/api/v1/clusters/<cluster-name>/services/<service-name>

1. Add the service

curl -u <username>:<password> -H "X-Requested-By: ambari" http://<ambari-server-host>:8080/api/v1/clusters/<cluster-name>/services -d '{"ServiceInfo":{"service_name":"FUSION"}}'

2. Add the component

curl -u <username>:<password> -H "X-Requested-By: ambari" http://<ambari-server-host>:8080/api/v1/clusters/<cluster-name>/services/FUSION/components/FUSION_CLIENT -X POST

3. Get a list of the hosts

curl -u <username>:<password> -H "X-Requested-By: ambari" http://<ambari-server-host>:8080/api/v1/clusters/<cluster-name>/hosts/

4. For each of the hosts in the list, add the FUSION_CLIENT component

curl -u <username>:<password> -H "X-Requested-By: ambari" http://<ambari-server-host>:8080/api/v1/clusters/<cluster-name>/hosts/<host-name>/host_components/FUSION_CLIENT -X POST

5. Install the FUSION_CLIENT component

curl -u <username>:<password> -H "X-Requested-By: ambari" http://<ambari-server-host>:8080/api/v1/clusters/<cluster-name>/services/FUSION/components/FUSION_CLIENT -X PUT -d '{"ServiceComponentInfo":{"state": "INSTALLED"}}'

6.2.7. Installing the WANdisco service into your HDP Stack

  1. Download the service from the installer client download panel, or after the installation is complete, from the client packages section on the Settings screen.

  2. The service is a gz file (e.g. fusion-hdp-2.2.0-2.4_SNAPSHOT.stack.tar.gz) that will expand to a folder called /FUSION.

  3. For HDP,
    Place this folder in /var/lib/ambari-server/resources/stacks/HDP/<version-of-stack>/services.
    Pivotal HD,
    In the case of a Pivotal HD deployment, place in one of the following or similar folders: /var/lib/ambari-server/resources/stacks/PHD/<version-of-stack>/services, or /var/lib/ambari-server/resources/stacks/<distribution>/<version-of-stack>/services.

  4. Restart the ambari-server

    service ambari-server restart
  5. After the server restarts, go to + Add Service.

    WD Fusion tree
    Figure 41. Ambari Service restart
  6. Choose Service, scroll to the bottom.

    WD Fusion tree
    Figure 42. Add service
  7. Tick the WANdisco Fusion service checkbox. Click Next.

    WD Fusion tree
    Figure 43. Checkbox
  8. Datanodes and node managers are automatically selected. You must ensure that all servers are ticked as "Client", by default only the local node is ticked. Then click Next.

    WD Fusion tree Assign Slaves and Clients. Add all the nodes as "Client"

  9. Deploy the changes.

    WD Fusion tree
    Figure 44. Deploy
  10. Install, Start and Test.
    WD Fusion tree

  11. Review Summary and click Complete.
    WD Fusion tree

    Known bug (AMBARI-9022) Installation of Services can remove Kerberos settings

    During the installation of services, via stacks, it is possible that Kerberos configuration can be lost. This has been seen to occur on Kerberized HDP2.2 clusters when installing Kafka or Oozie. Kerberos configuration in the core-site.xml file was removed during the installation which resulted in all HDFS / Yarn instances being unable to restart.

    You will need to re-apply your Kerberos settings in Ambari, etc. WD Fusion tree

    For more details, see AMBARI-9022.

6.3. Removing a WD Fusion client stack

When we use the "Deploy Stack" button it can on rare occasions fail. If it does you can recover the situation with the following procedure, which involves removing the stack, then adding it again using Ambari’s "Add New Service" wizard.

  1. Send these two curl calls to Ambari:

    curl -u admin:admin -X PUT -d '{"RequestInfo":{"context":"Stop Service"},"Body":{"ServiceInfo":{"state":"INSTALLED"}}}' http://<manager_hostname>:<manager_port>/api/v1/clusters/<cluster_name>/services/FUSION -H "X-Requested-By: admin"
    curl -u admin:admin -X DELETE http://<manager_hostname>:<manager_port>/api/v1/clusters/<cluster_name>//services/FUSION -H "X-Requested-By: admin"
  2. Now remove the client from each node:

    yum erase <the client>
    rm -rf /opt/wandisco/fusion/client/
  3. Restart ambari-server using the following command on the manager node:

    ambari-server restart
  4. Finally, add the service using Ambari’s Add Service Wizard.
    WD Fusion tree

6.3.1. MapR Client Configuration

On MapR clusters, you need to copy WD Fusion configuration onto all other nodes in the cluster:

  1. Open a terminal to your WD Fusion node.

  2. Navigate to /opt/mapr/hadoop/<hadoop-version>/etc/hadoop.

  3. Copy the core-site.xml and yarn-site.xml files to the same location on all other nodes in the cluster.

  4. Now restart HDFS, and any other service that indicates that a restart is required.

6.3.2. MapR Impersonation

Enable impersonation when cluster security is disabled

Follow these steps on the client to configure impersonation without enabling cluster security.

  1. Enable impersonation for all relevant components in your ecosystem. See the MapR documentation - Component Requirements for Impersonation.

  2. Enable impersonation for the MapR core components:
    The following steps will ensure that MapR will have the necessary permissions on your Hadoop cluster:

    • Open the core-site.xml file in a suitable editor.

    • Add the following *hadoop.proxyuser* properties:

      <property>
          <name>hadoop.proxyuser.mapr.hosts</name>
          <value>*</value>
      </property>
      <property>
          <name>hadoop.proxyuser.mapr.groups</name>
          <value>*</value>
      </property>

      Note: The wildcard asterisk * lets the "mapr" user connect from any host and impersonate any user in any group.

    • Check that your settings are correct, save and close the core-site.xml file.

  3. On each client system on which you need to run impersonation:

    • Set a MAPR_IMPERSONATION_ENABLED environment variable with the value, true. This value must be set in the environment of any process you start that does impersonation. E.g.

      export MAPR_IMPERSONATION_ENABLED=true
    • Create a file in /opt/mapr/conf/proxy/ that has the name of the mapr superuser. The default file name would be mapr. To verify the superuser name, check the mapr.daemon.user= line in the /opt/mapr/conf/daemon.conf file on a MapR cluster server.

6.4. Removing WANdisco Service

If you are removing WD Fusion, maybe as part of a reinstallation, you should remove the client packages as well. Ambari never deletes any services from the stack it only disables them. If you remove the WD Fusion service from your stack, remember to also delete fusion-client.repo.

[WANdisco-fusion-client]
name=WANdisco Fusion Client repo
baseurl=file:///opt/wandisco/fusion/client/packages
gpgcheck=0

For instructions for the cleanup of Stack, see Host Cleanup for Ambari and Stack

6.4.1. Cleanup WD Fusion HD

The following section is used when preparing to install WD Fusion on system that already has an earlier version of WD Fusion installed. Before you install an updated version of WD Fusion you need to ensure that components and configurartion for an earlier installation have been removed. Go through the following steps before installing a new version of WD Fusion:

  1. On the production cluster, run the following curl to remove the service:

    curl -su <user>:<password> -H "X-Requested-By: ambari" http://<ambari-server>:<ambari-port>/api/v1/clusters/<cluster>/services/FUSION -X DELETE
  2. On ALL nodes, run the corresponding package manager to remove the client package command, e.g.

    yum remove fusion-hdp-x.x.x-client
  3. Remove all remnant Fusion directories from services/. These left-over files can cause problems if you come to reinstall, so it is worth doing a check of places like /var/lib/ambari-agent/ and /opt/wandisco/fusion. Ensure the removal of /etc/yum.repos.d/fusion-client.repo, if it is left in place it will prevent the next installation of WD Fusion.

6.4.2. Uninstall WD Fusion

There’s currently no uninstall function for our installer, so the system will have to be cleaned up manually. If you used the unified installer then use the following steps:

To uninstall all of WD Fusion:
  1. Remove the packages on the WD Fusion node:

    yum remove -y "fusion-*"
  2. Remove the jars, logs, configs:

    rm -rf /opt/wandisco/ /etc/wandisco/ /var/run/fusion/ /var/log/fusion/
Cloudera Manager:
  1. Go to "Cluster-wide Advanced Configuration Snippet (Safety Valve) for core-site.xml"

  2. Delete all Fusion-related content

  3. Remove WD Fusion parcel

  4. Restart services

Ambari
  1. Got to HDFS → Configs → Advanced → Custom core-site

  2. Delete all WD Fusion-related elements

  3. Remove stack (See Removing WANdisco Service)

  4. Remove the package from all clients, e.g.

    yum remove -y fusion*client*.rpm
  5. Restart services

6.4.3. Core-site Properties to delete:

For a complete uninstallation, remove the following properties from the core-site.xml:

  • fs.fusion.server (If removing a single node from a zone, remove just that node from the property’s value, instead).

  • fs.hdfs.impl (its removal ensures that this native hadoop class is used, e.g. org.apache.hadoop.hdfs.DistributedFileSystem).

  • fs.fusion.impl

Reinstalling fusion server only
If you reinstall the fusion-server without also reinstalling the fusion-ui-server, then you should restart the fusion-ui-server service to ensure the correct function of some parts of the UI. If the service is not restarted then you may find that the dashboard graphs stop working properly, along with the UI’s Stop/start controls. e.g. run:

[root@redhat6 init.d]# service fusion-ui-server restart

7. Cloud Installation

The following section covers the installation of WANdisco Fusion into a cloud / hybrid-cloud environment.

7.1. Amazon Installation

7.1.1. Usage Instructions

Seamlessly move transactional data at petabyte scale to Amazon S3 with no downtime and no disruption.

This guide will run you through the first steps for deploying WANdisco’s Fusion S3 Active Migrator. First, select the deployment type:

7.1.2. WD Fusion S3 Active Migrator 50TB

Get started using WANdisco Fusion S3 Active Migrator in 3 easy steps:

Launch Fusion on AWS using the Cloud Formation Template.
Download WANdisco Cloud Formation Template (50TB)

Download the WD Fusion installer according to your requirements:

Fusion for LocalFileSystem:
Fusion for Cloudera and Hortonworks:
Fusion for Pivotal HD:

Connect WD Fusion to Amazon Web services, then set up replication between your on-premise cluster and AWS.
See Connect WD Fusion to Amazon Web Service.


7.1.3. WANdisco Fusion S3 Active Migrator - 200TB

Usage Instructions for WANdisco Fusion S3 Active Migrator - 200TB,
Version 1.2 on Amazon Linux 2015.03

Get started using WANdisco Fusion S3 Active Migrator in 3 easy steps:

Launch Fusion on AWS using the Cloud Formation Template.
Download WANdisco Cloud Formation Template (200TB)

Download the WD Fusion installer according to your requirements:

7.1.4. Fusion for LocalFileSystem:

Fusion for Cloudera and Hortonworks:
Fusion for MapR:
Fusion for Pivotal HD:

Connect WD Fusion to Amazon Web services, then set up replication between your on-premise cluster and AWS.
See Quickstart Guide - Connect WD Fusion to Amazon Web Service.


7.1.5. WANdisco Fusion S3 Active Migrator - BYOL

Usage Instructions for WANdisco Fusion S3 Active Migrator - BYOL,
Version 1.2 on Amazon Linux 2015.03

Get started using WANdisco Fusion S3 Active Migrator in 3 easy steps:

Launch Fusion on AWS using the Cloud Formation Template.

Login to the WANdisco Fusion user interface on your launched EC2 instance, port 8083, and follow the installation instructions:
Quickstart Guide - Replicating LocalFileSystem to Amazon S3.


7.1.6. AWS Metering

Amazon metering is a new pricing model available to AWS EC2 instances that charges for usage based, in our case, on "Data under replication", specifically, the amount of data replicated during an clock hour.

IAM Role

See Bare Bones EC2 deployments for the required IAM roles needed for setting up for metering when installing a basic EC2 instance, instead of the default CFT-based installation, through the Amazon market place.

Data under replication

This is defined as the total amount of data held in AWS in directories that are replicated, excluding those files that are excluded from replication through regex-based filtering. WD Fusion therefore measures the amount of replication each hour.

Pricing bands for data replication

0-25TB: $0.04/hour per TB under replication per instance

25-50TB: $0.03/hour per TB under replication per instance

50-100TB: $0.025/hour per TB under replication per instance

100-200TB: $0.022/hour per TB under replication per instance

>200TB: $0.02/hour per TB under replication per instance

Metering troubleshooting
Logging and persistence files

For the Fusion plugin to be able to recover its state upon restart we need to have persistence of meter data. This is split into 3 files; live meter readings, failed meter readings and audit data.

Unless specified in /etc/wandisco/fusion/plugins/aws-metering/metering.properties all of these files will be in /etc/wandisco/fusion/aws-metering

meterAudit.json

Contains a record of all reports made to Amazon Web Services and is read by the UI side of the plugin to display the graphs as well as being readable by the user and support.

meterFile.json

This is an encrypted file that holds the requests of this hour time period, once the hour is up it will work out the highest under replication and send that as the number for this period.

meterFail.json

An encrypted file that holds any failed requests to AWS.

How WD Fusion handles failed usage recording
  • Failed requests are retried every 5 minutes, for up to 3 hours.

  • Metering runs on clock hours, i.e. billing will apply on the hour, at 2pm for the hour between 1pm-2pm, rather than for an arbitrary 60-minute period.

  • After 3 hours, failed records are added to the next available request.

  • If the data doesn’t reach Amazon within 2 days, the service will become degraded.

License exception
If WD Fusion enters a license exception state due to failed metering records, you will need to restart Fusion on the metering node to recover operation.
Metering Graph

You can view a nodes metering activity on the Metering graph, located in the Settings section.

Metering Graph
Figure 45. Metering graph

Read more about the AWS Metering Graph

Log file

Logging for metering activity goes to the standard dcone.log file.
Exceptions and notifications received will be logged along with attempts to send to AWS.

7.1.7. Installing into Amazon S3/EMRFS

Pre-requisites

Before you begin an installation to an S3 cluster make sure that you have the following directories created and suitably permissioned. Examples:

${hadoop.tmp.dir}/s3

and

/tmp/hadoop-${user.name}

You can deploy to Amazon S3 using either the:

Known Issues using S3

Make sure that you read and understand the following known issues, taking action if they impact your deployment requirements

Replicating large files in S3
In the initial release supporting S3 there is a problem transferring very large files that will need to be worked around until the next major release (2.7). The problem only impacts users who are running clusters that include S3, either exclusively or in conjunction with other Hadoop data centers.

Workaround

Out of Memory issue in EMR 4.1.0
The WDDOutputStream can cause an out-of-memory error because its ByteArrayOutputStream can go beyond the memory limit.

Workaround

By default, EMR has a configuration in hadoop-env.sh that OnOutOfMemoryError it runs a "kill -9 <pid>" command. WDDOutputStream is supposed to handle this Error by flushing its buffer and clearing space for more writing. (Configurable via HADOOP_CLIENT_OPTS in hadoop-env.sh; which sets client-side heap and just needs to be commented out)

S3 Silent Installation

You can complete an Amazon S3/EMRFS installation using the Silent Installation procedure, putting the necessary configuration in the silent_installer.properties as described in the previous section.

S3 specific settings

Environment Variables Required for S3 deployments:

  • FUSIONUI_MANAGER_TYPE=UNMANAGED_EMR

  • FUSIONUI_INTERNALLY_MANAGED_USERNAME

  • FUSIONUI_INTERNALLY_MANAGED_PASSWORD

  • FUSIONUI_FUSION_BACKEND_CHOICE

  • FUSIONUI_USER

  • FUSIONUI_GROUP

  • SILENT_PROPERTIES_PATH

silent_installer.properties File additional settings or specific required values listed here:

s3.installation.mode=true
s3.bucket.name
kerberos.enabled=false (or unspecified)
Example Installation

As an example (as root), running on the installer moved to /tmp.

# If necessary download the latest installer and make the script executable
 chmod +x /tmp/installer.sh
# You can reference an original path to the license directly in the silent properties but note the requirement for being in a location that is (or can be made) readable for the $FUSIONUI_USER
# The following is partly for convenience in the rest of the script
cp /path/to/valid/license.key /tmp/license.key

# Create a file to encapsulate the required environmental variables (example is for emr-4.0.0):
cat <<EOF> /tmp/s3_env.sh
export FUSIONUI_MANAGER_TYPE=UNMANAGED_EMR
export FUSIONUI_INTERNALLY_MANAGED_USERNAME=admin
export FUSIONUI_FUSION_BACKEND_CHOICE=emr-4.0.0':'2.6.0-amzn-0
export FUSIONUI_USER=hdfs
export FUSIONUI_GROUP=hdfs
export SILENT_PROPERTIES_PATH=/tmp/s3_silent.properties
export FUSIONUI_INTERNALLY_MANAGED_PASSWORD=admin
EOF

 # Create a silent installer properties file - this must be in a location that is (or can be made) readable for the $FUSIONUI_USER:
cat <<EOF > /tmp/s3_silent.properties
existing.zone.domain=
existing.zone.port=
license.file.path=/tmp/license.key
server.java.heap.max=4
ihc.server.java.heap.max=4
fusion.domain=my.s3bucket.fusion.host.name
fusion.server.dcone.port=6444
fusion.server.zone.name=twilight
s3.installation.mode=true
s3.bucket.name=mybucket
induction.skip=false
induction.remote.node=my.other.fusion.host.name
induction.remote.port=8082
EOF

# If necessary, (when $FUSIONUI_GROUP is not the same as $FUSIONUI_USER and the group is not already created) create the $FUSIONUI_GROUP (the group that our various servers will be running as):
[[ "$FUSIONUI_GROUP" = "$FUSIONUI_USER" ]] || groupadd hadoop

#If necessary, create the $FUSIONUI_USER (the user that our various servers will be running as):
useradd hdfs

# if [[ "$FUSIONUI_GROUP" = "$FUSIONUI_USER" ]]; then
  useradd $FUSIONUI_USER
else
  useradd -g $FUSIONUI_GROUP $FUSIONUI_USER
fi

# silent properties and the license key *must* be accessible to the created user as the silent installer is run by that user
chown hdfs:hdfs $FUSIONUI_USER:$FUSIONUI_GROUP /tmp/s3_silent.properties /tmp/license.key

# Give s3_env.sh executable permissions and run the script to populate the environment
. /tmp/s3_env.sh

# If you want to make any final checks of the environment variables, the following command can help - sorted to make it easier to find variables!
env | sort

# Run installer:
/tmp/installer.sh
S3 Setup through the installer

You can set up WD Fusion on an S3-based cluster deployment, using the installer script.

Follow this section to complete the installation by configuring WD Fusion on an S3-based cluster deployment, using the browser-based graphical user installer.

Open a web browser and point it at the provided URL. e.g

http://<YOUR-SERVER-ADDRESS>.com:8083/
  1. In the first "Welcome" screen you’re asked to choose between Create a new Zone and Add to an existing Zone.
    Make your selection as follows:

    WD Fusion Deployment

    Adding a new WD Fusion cluster

    Select Add Zone.

    Adding additional WD Fusion servers to an existing WD Fusion cluster

    Select Add to an existing Zone.

  2. Run through the installer’s detailed Environment checks. For more details about exactly what is checked in this stage, see Environmental Checks in the Appendix.

    WD Fusion Deployment

    On clicking validate the installer will run through a series of checks of your system’s hardware and software setup and warn you if any of WD Fusion’s prerequisites are not going to be met.

    WD Fusion Deployment

    Address any failures before you continue the installation. Warnings may be ignored for the purposes of completing the installation, especially if the installation is only for evaluation purposes and not for production. However, when installing for production, you should address all warnings, or at least take note of them and exercise due care if you continue the installation without resolving and revalidating.

  3. Upload the license file.
    WD Fusion Deployment

  4. The conditions of your license agreement will be presented in the top panel, including License Type, Expiry data, Name Node Limit and Data Node Limit.
    WD Fusion Deployment

    Verify license and agree to subscription agreement.

    Click on the I agree to the EULA to continue, then click Next Step.

  5. Enter settings for the WD Fusion server. See WD Fusion Server for more information about what is entered during this step.
    WD Fusion Deployment

    Screen 4 - Server settings

  6. In step 5 the Node Details are added.
    WD Fusion Deployment

Node Information
Fully Qualified Domain Name

The full hostname for the server.

Node ID

A unique identifier that will be used by WD Fusion UI to identify the server.

DConE Port

TCP port used by WD Fusion for replicated traffic.

Zone Name

The name used to identify the zone in which the server operates.

S3 Bucket and core-site.xml Information
Bucket Name

The name of the S3 Bucket that will connect to WD Fusion.

Amazon S3 encryption

Tick to set your bucket to use AWS’s built in data protection.

Use access key and secret key

Additional details required if the S3 bucket is located in a different region. See Use access key and secret key.

Use KMS with Amazon S3

Use an established AWS Key Management Server See Use KMS with Amazon S3.

Use access key and secret key

Tick this checkbox if your S3 bucket is located in a different region. This option will reveal additional entry fields:

WD Fusion Deployment
Figure 46. keys and Bucket
Access Key Id

This is your AWS Access Key ID. Validation tests that there is a provided value, along with a valid secret key.

Secret Key

This is the secret key that is used in conjunction with your Access Key ID to sign programmatic requests that are sent to AWS. Validation checks that the credentials file is accessible.

Click Validate to verify that the access key and secret key are accessible.

More about WDS Access Key ID and Secret Access Key
If the node you are installing is set up with the correct IAM role, then you won’t need to use the Access Key ID and Secret Key, as the EC2 instance will have access to S3. However if IAM is not correctly set for the instance or the machine isn’t even in AWS then you need to provide both the Access Key ID and Secret Key.
Entered details are placed in core.site.xml.

Alternatively the AMI instance could be turned off. You could then create a new AMI based on it, then launch a new instance with the IAM based off of that AMI so that the key does not need to be entered.

"fs.s3.awsAccessKeyId"
"fs.s3.awsSecretAccessKey"

Read Amazon’s documentation about Getting your Access Key ID and Secret Access Key.

Setting up AWS profiles

IAM roles are the default method we use for S3 authentication, they are specific to the AWS/S3 platform. However there are a growing number of hardware devices that come with S3-API front ends work independent of AMI infrastructure.

For these, we use the Access Key and Secret Key credentials; these are configured by running "aws configure" on the command line. This creates a .aws directory with a "credentials" file with the relevant keys, under a [default] section.

However, there is also the concept of "profiles", and you can store multiple different credentials for different profiles using the CLI command:

CLI

"aws configure --profile <profilename>". e.g.

aws --endpoint-url=https://s3-api.us-example.domain.url.net --profile fusion s3 ls s3://vwbucket/repl1/

This creates a new section in the credentials file like so:

[newprofilename]
[nolan]
aws_access_key_id = A******XYZ123ABCRFOA
aws_secret_access_key = 77***********************XZ
Export

Use the following command to export the variable:

[hdfs@example01-vm1 .aws]$ export AWS_PROFILE=fusion
[hdfs@example01-vm1 .aws]$ aws --endpoint-url=https://s3-api.us-example.domain.url.net s3 ls s3://vwbucket/repl1/
Use KMS with Amazon S3

WD Fusion Deployment

KMS Key ID

This option must be selected if you are deploying your S3 bucket with AWS Key Management Service. Enter your KMS Key ID. This is a unique identifier of the key. This can be an ARN, an alias, or a globally unique identifier. The ID will be added to the JSON string used in the EMR cluster configuration.

WD Fusion Deployment

Core-Site.xml Information
fs.s3.buffer.dir

The full path to a directory or multiple directories, separated by comma without space, that S3 will use for temporary storage. The install will check that the directory exists and that it will accept writes.

hadoop.tmp.dir

The full path to a one or more directories that Hadoop will use for "housekeeping" data storage. The installer will check that the directories that you provide exists and is writable. You can enter multiple directories separate by comma without space.

S3 bucket validation

The following checks are made during installation to confirm that the zone has a working S3 bucket.

S3 Bucket Valid

The S3 Bucket is checked to ensure that it is available and that it is in the same Amazon region as the EC2 instance on which WD Fusion will run. If the test fails, ensure that you have the right bucket details and that the bucket is reachable from the installation server (in the same region for a start).

S3 Bucket Writable

The S3 Bucket is confirmed to be writable. If this is not the case then you should check for a permissions mismatch.

The following checks ensure that the cluster zone has the required temporary filespace:

S3 core-site.xml validation
fs.s3.buffer.dir

Determines where on the local filesystem the S3 filesystem should store files before sending them to S3 (or after retrieving them from S3). If the check fails you will need to make sure that the property is added manually.

hadoop.tmp.dir

Hadoop’s base for other temporary directory storage. If the check fails then you will need to add the property to the core-site.xml file and try to validate again.

These directories should already be set up on Amazon’s (ephemeral) EC2 Instance Store and be correctly permissioned.

  1. The summary screen will now confirm all the details that you have entered so far.

    WD Fusion Deployment
    Figure 47. S3 Install details in the summary

    Click Next Step if you are sure that everything has been entered correctly.

  2. You need to handle the WD Fusion client installations.

    WD Fusion Deployment
    Figure 48. S3/EMR Install

    This step first asks you to confirm whether the node that you are installing will participate in Active-Active replication.
    If you are running in Active-Passive mode there are no Clients to install…​

    In this deployment type the node will only ingest data so you don’t need to install the WD Fusion client and can click on Next Step.

    If you are running in Active:Active mode you must manually install a client on ALL EMR nodes * To install the client manually from RPM/DEV packages, see client-install. * The installation must be performed on all applicable nodes. For deployments where data will come back to the node through the EMR cluster then you should select This node will participate in active-active replication.

The installer covers two methods
  • Installing on a new Amazon Elastic MapReduce (EMR) cluster

  • Installing on an existing Amazon EMR Cluster Not recommended

Enpoint limitations on s3 installer for non-AWS based s3 backends

Currently an endpoint that is provided as a fully qualified hostname will be interpreted by the client as the hostname with the bucket name and a dot prepended like this:

http://bucket.hostname.com:8888/

The workaround for this is to make sure that the above address is mapped to wherever the s3 storage is located, either through the /etc/hosts file or some combination of iptable rules.
Note: Endpoints provided without a protocol will default to https, i.e. the client will attempt to connect over SSL (TLS).

Installing on a new Amazon Elastic MapReduce (EMR) cluster

These instructions apply during the set up of WD Fusion on a new AWS EMR cluster. This is the recommended approach, even if you already have an EMR cluster set up.

  1. Login to your EC2 console and select EMR Managed Hadoop Framework.

    WD Fusion Deployment

  2. Click Create cluster. Enter the properties according to your cluster requirements.
    WD Fusion Deployment

    S3 New EMR cluster

  3. Click Go to advanced options.

    WD Fusion Deployment

  4. Click on the Edit software settings (optional) dropdown. This opens up a Change settings entry field for entering your own block of configuration, in the form of a JSON string.

    WD Fusion Deployment

    Enter the JSON string provided in the installer screen.

    Copy the JSON string, provided by the installer. e.g.

    WD Fusion Deploymentl

    JSON string is stored in the settings screen
    You can get the JSON string after the installation has completed by going to the Settings screen.

Example JSON string
classification=core-site,properties=[fusion.underlyingFs=s3://example-s3/,fs.fusion.server=52.8.156.64:8023,fs.fusion.impl=com.wandisco.fs.client.FusionHcfs,fs.AbstractFileSystem.fusion.impl=com.wandisco.fs.client.FusionAbstractFs,dfs.client.read.prefetch.size=9223372036854775807]

The JSON String contains the necessary WD Fusion parameters that the client will need:

fusion.underlyingFs

The address of the underlying filesystem. In the case of ElasticMapReduce FS, the fs.defaultFS points to a local HDFS built on the instance storage which is temporary, with persistent data being stored in S3. Example: s3://wandisco.

fs.fusion.server

The hostname and request port of the Fusion server. Comma-separated list of hostname:port for multiple Fusion servers.

fs.fusion.impl

The Abstract FileSystem implementation to be used.

fs.AbstractFileSystem.fusion.impl

The abstract filesystem implementation to be used.

  1. Use the EMR Script tool on the Settings tab. Click Create script
    WD Fusion Deployment

  2. This will automatically generate a configuration script for your AWS cluster and place the script onto your Amazon storage.
    WD Fusion Deployment

  3. Run through the Amazon cluster setup screens. In most cases you will run with the same settings that would apply without WD Fusion in place.
    WD Fusion Deployment

  4. In the Step 3: General Cluster Settings screen there is a section for setting up Bootstrap Actions.
    WD Fusion Deployment

  5. In the next step, create a Bootstrap Action that will add the WD Fusion client to cluster creation. Click on the Select a bootstrap action dropdown.

  6. Choose Custom Action, then click Configure and add.

    WD Fusion Deployment

  7. Navigate to the EMR script, generated by WD Fusion in step 14. Enter the script’s location and leave the Optional arguments field empty.

    WD Fusion Deployment

  8. Click Next to complete the setup.
    WD Fusion Deployment

  9. Finally, click the Create cluster button to complete the AWS setup.
    WD Fusion Deployment

  10. Return to the WD Fusion setup, clicking on Start WD Fusion.
    WD Fusion Deployment

7.1.8. Installing on an existing Amazon Elastic MapReduce (EMR) cluster

We strongly recommend that you terminate your existing cluster and use the previous step for installing into a new cluster.

+ No autoscaling
This is because installing WD Fusion into an existing cluster will not benefit from AWS’s auto-scaling feature. The configuration changes that you make to the core-site.xml file will not be included in automatically generated cluster nodes, as the cluster automatically grows you’d have to follow up by manually distributing the client configuration changes.

Two manual steps

Install the fusion client (the one for EMR) on each node and after scaling, modify the core-site.xml file with the following:

<property>
  <name>fusion.underlyingFs</name>
  <value>s3://YOUR-S3-URL/</value>
</property>
<property>
  <name>fs.fusion.server</name>
  <value>IP-HOSTNAME:8023</value>
</property>
<property>
  <name>fs.fusion.impl</name>
  <value>com.wandisco.fs.client.FusionHcfs</value>
</property>
<property>
  <name>fs.AbstractFileSystem.fusion.impl</name>
  <value>com.wandisco.fs.client.FusionAbstractFs</value>
</property>
fusion.underlyingFs

The address of the underlying filesystem. In the case of Elastic MapReduce FS, the fs.defaultFS points to a local HDFS built on the instance storage which is temporary, with persistent data being stored in S3. Example: s3://wandisco

fs.fusion.server

The hostname and request port of the Fusion server. Comma-separated list of hostname:port for multiple Fusion servers.

fs.fusion.impl

The Abstract FileSystem implementation to be used.

fs.AbstractFileSystem.fusion.impl

The abstract filesystem implementation to be used.

7.1.9. Known Issue running with S3

In WD Fusion 2.6.2 or 2.6.3, the first release supporting S3, there was a problem transferring very large files that needed to be worked around. If you are using this release in conjunction with Amazon’s S3 storage then you need to make the following changes:

WD Fusion 2.6.2/2.6.3/AWS S3 Workaround
Use your management layer (Ambari/Cloudera Manager, etc) to update the core-site.xml with the following property:

<property>
    <name>dfs.client.read.prefetch.size</name>
    <value>9223372036854775807</value>
</property>
<property>
     <name>fs.fusion.push.threshold</name>
     <value>0</value>
</property>

This second parameter “fs.fusion.push.threshold” becomes optional from version 2.6.3, onwards. Although optional, we still recommend that you use the "0" Setting. This property sets the threshold for when a client sends a push request to the WD Fusion server. As the push feature is not supported for S3 storage disabling it (setting it to "0") may remove some performance cost.

7.1.10. Known Issue when replicating data to S3 while not using the S3 Plugin

Take note that the Amazon DynamoDB NoSQL database holds important metadata about the state of the content that would be managed by EMR and Fusion in S3. Deleting or modifying this content on any level except the EMR filesystem libraries (e.g. by manually deleting bucket content) will result in that metadata becoming out of sync with the S3 content.

This can be resolved by either using the EMRFS CLI tool "sync" command, or by deleting the DynamoDB table used by EMRFS. See AWS’s documentation about EMRFS CLI Reference.

+ This is a manual workaround that should only be used when strictly necessary. Ideally, when using the EMRFS variant of Fusion to replicate with S3, you should not modify S3 content unless doing so via an EMR cluster.

S3 AMI Launch

This section covers the launch of WANdisco Fusion for S3, using Amazon’s Cloud Formation Template. What this will do is automatically provision the Amazon cluster, attaching Fusion to an on-premises cluster.

IMPORTANT: Amazon cost considerations.

Please take note of the following costs, when running Fusion from Amazon’s cloud platform:

AWS EC2 instances are charged per hour or annually.

WD Fusion nodes provide continuous replication to S3 that will translate into 24/7 usage of EC2 and will accumulate charges that are in line with Amazon’s EC2 charges (noted above).

When you stop the Fusion EC2 instances, Fusion data on the EBS storage will remain on the root device and its continued storage will be charged for. However, temporary data in the instance stores will be flushed as they don’t need to persist.

If the WD Fusion servers are turned off then replication to the S3 bucket will stop.

Prerequisites

There are a few things that you need to already have before you start this procedure:

  • Amazon AWS account. If you don’t have an AWS account, sign up through Amazon’s Web Services.

  • Amazon Key Pair for security. If you don’t have a Key Pair defined. See Create a Key Pair.

  • Ensure that you have clicked the Accept Terms button on the CFT’s Amazon store page. E.g.

    WD Fusion

    You must accept the terms for your specific version of Fusion

If you try to start a CFT without first clicking the Accept Terms button you will get an error and the CFT will fail. If this happens, go to the Amazon Marketplace, search for the Fusion download screen that correspond with the version that you are deploying, run through the screen until you have clicked the Accept Terms button. You can then successfully run the CFT.

Required IAM Roles

Here are a list of Identify and Access Management (IAM) roles that are required to be setup for a user to install Fusion on AWS without having used our CFT.

Within our CFT we create rules for S3 for validation of S3 buckets and also rules to allow modification of dynamoDB. You can use AWS managed policies to quickly get the permissions you require, though these permissions are very broad and may provide more access than is desired.

The 3 you need are:

  • AmazonS3FullAccess

  • AmazonEC2ReadOnlyAccess

  • AmazonDynamoDBFullAccess

Example Creation

The following example procedure would let you install WD Fusion without using our Cloud Formation Template (CFT) and would support the use of Multi-Factor Authentication (MFA).

  1. Log onto the Amazon platform and create an IAM Policy.

    WD Fusion

    Services > IAM > Policies > Create Policy.

  2. Give your policy a name and description. For policy document use the following;

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Sid": "Stmt1474466892000",
          "Effect": "Allow",
          "Action": [
            "dynamodb:*"
          ],
          "Resource": [
            "arn:aws:dynamodb:*:*:table/EmrFSMetadata"
          ]
        },
        {
          "Sid": "Stmt1474467044000",
          "Effect": "Allow",
          "Action": [
            "ec2:CreateTags",
            "ec2:DescribeHosts",
            "ec2:DescribeInstances",
            "ec2:DescribeTags"
          ],
          "Resource": [
            "*"
          ]
        },
        {
          "Sid": "Stmt1474467091000",
          "Effect": "Allow",
          "Action": [
            "s3:ListAllMyBuckets"
          ],
          "Resource": [
            "*"
          ]
        },
        {
          "Sid": "Stmt1474467124000",
          "Effect": "Allow",
          "Action": [
            "s3:GetBucketLocation",
            "s3:ListBucket",
            "s3:ListBucketMultipartUploads"
          ],
          "Resource": [
            "arn:aws:s3:::<insert bucket name>"
          ]
        },
        {
          "Sid": "Stmt1474467159000",
          "Effect": "Allow",
          "Action": [
            "s3:DeleteObject",
            "s3:GetBucketLocation",
            "s3:GetObject",
            "s3:PutObject"
          ],
    
          "Resource": [
            "arn:aws:s3:::<insert bucket name>/*"
          ]
        }
      ]
    }

    Just be sure to replace the <insert bucket here> with the name of the bucket you will ultimately be working with, in both locations shown above. Click create policy.

  3. Create IAM Role
    Services > IAM > Roles > Create New IAM Role
    Give your role a name.

  4. Select Amazon EC2 when prompted, you will then have the list of IAM policies, you can filter it down to find the one that you created previously. Create the role.

  5. Deploying the EC2 instance. As normal BUT when you are on the "Configure Instance" page you need to select your IAM role.

Bare Bones EC2 deployments

While the expected method for installing WD Fusion will be the use of a Cloud Formation Template through the Amazon marketplace, it is also possible to run a "bare bones" EC2 instance, running Fusion. In this case you need to add the following IAM roles so that it will work:

{
 "Action": [
     "aws-marketplace:MeterUsage"
 ],
 "Effect": "Allow",
  "Resource": "*"
 },

7.2. Swift Installation

7.2.1. Installing into IBM Openstack/Swift storage

This section runs through the installation of WD Fusion into an IBM Openstack environment using Swift storage. Currently this deployment is limited to an active-passive configuration that would be used to ingest data from your on-premises cluster to your Swift storage.

7.2.2. Pre-requisites

Before you begin an installation to an Openstack Swift cluster make sure that you have the following directories created and suitably permissioned. Examples:

Important!
For installations to IBM Openstack/Swift storage, we currently only support Keystone 3.0.

7.2.3. Overview

The installation process runs through the following steps:

  1. On-premises installation - installing a WD Fusion node on your cluster

  2. Swift storage node installation - the second node can be installed onto a VM situated on OpenStack, or an

  3. Setting up replication - Configure the nodes to ingest data from the on-premises cluster to the OpenStack Swift storage.

  4. Silent Installation - Notes on automating the installation process.

  5. Parallel Repairs - Running initial repairs in parallel.

7.2.4. Install Node for Swift storage

Follow this section to complete the installation by configuring WD Fusion on a server that will place data that is replicated from your on-premises cluster to your OpenStack Swift storage. This second node can also be on-premises or co-located with your OpenStack platform.

Open a web browser and point it at the provided URL. e.g

http://<YOUR-SERVER-ADDRESS>.com:8083/
  1. In the first "Welcome" screen you’re asked to choose between Create a new Zone and Add to an existing Zone.
    Make your selection as follows:

    Adding a new WD Fusion cluster

    Select Add Zone.

    Adding additional WD Fusion servers to an existing WD Fusion cluster

    Select Add to an existing Zone.

    WD Fusion Deployment
    Figure 49. Welcome screen
  2. Run through the installer’s detailed Environment checks. For more details about exactly what is checked in this stage, see Environmental Checks in the Appendix.

    WD Fusion Deployment
    Figure 50. Environmental checks
  3. On clicking validate the installer will run through a series of checks of your system’s hardware and software setup and warn you if any of WD Fusion’s prerequisites are not going to be met.

    WD Fusion Deployment
    Figure 51. Example check results

    Address any failures before you continue the installation. Warnings may be ignored for the purposes of completing the installation, especially if the installation is only for evaluation purposes and not for production. However, when installing for production, you should address all warnings, or at least take note of them and exercise due care if you continue the installation without resolving and revalidating.

  4. Upload the license file.

    WD Fusion Deployment
    Figure 52. Upload your license file
  5. The conditions of your license agreement will be presented in the top panel, including License Type, Expiry data, Name Node Limit and Data Node Limit.

    WD Fusion Deployment
    Figure 53. Verify license and agree to subscription agreement

    Click on the I agree to the EULA to continue, then click Next Step.

  6. Enter settings for the WD Fusion server. See WD Fusion Server for more information about what is entered during this step.

    WD Fusion Deployment
  7. In step 5 the zone information is added.

    WD Fusion Deployment
    Figure 54. Swift Install 1

7.2.5. Zone Information

Fully Qualified Domain Name

The full hostname for the server.

Node ID

A unique identifier that will be used by WD Fusion UI to identify the server.

DConE Port

TCP port used by WD Fusion for replicated traffic.

Zone Name

The name used to identify the zone in which the server operates.

7.2.6. Swift Information

WD Fusion Deployment

Some of the required information can be gathered from the Bluemix UI, in the Service Credentials section:

WD Fusion Deployment

User ID

The unique ID for the Swift user

Password

The password for the Swift user

Swift password changes
During installation, the Swift password is encrypted for use with WD Fusion. This process doesn’t require any further interaction except for the case where the Swift password is changed. If you change your Swift password you need to do the following:

  1. Open a terminal to the WD Fusion node and navigate to /opt/wandisco/fusion/server.

  2. Run the following script:

    ./encrypt-password.sh
      Please enter the password to be encrypted
    +
    Enter your Swift password and press return:
    +
> password
eCefUDtgyYczh3wtX2DgKAvXOpWAQr5clfhXSm7lSMZOwLfhG9YdDflfkYIBb7psDg3SlHhY99QsHlmr+OBvNyzawROKTd/nbV5g+EdHtx/J3Ulyq3FPNs2xrulsbpvBb2gcRCeEt+A/4O9K3zb3LzBkiLeM17c4C7fcwcPAF0+6Aaoay3hug/P40tyIvfnVUkJryClkENRxgL6La8UooxaywaSTaac6g9TP9I8yH7vJLOeBv4UBpkm6/LdiwrCgKQ6mlwoXVU4WtxLgs4UKSgoNGnx5t8RbVwlrMLIHf/1MFbkOmsCdij0eLAN8qGRlLuo4B4Ehr0mIoFu3DWKuDw==
[ec2-user@ip-172-29-0-158 server]$
  1. Place the re-encrypted password in *core-site.xml* and *application.properties*.

    Auth URL

    The URL required for authenticating against Swift.

    Swift Container Name

    The name of the Swift storage container that Fusion will be connecting to.

    Project Id

    The Bluemix project ID.

    Domain Name

    The Swift Domain Name.

    Segment Container

    The name of the Segment container. The Segment container is used where large files break Swift’s 5GB limit for object size. Objects that exceed 5GB are broken into segments and get stored in here.

    Region

    The Swift Object Storage Region. Not to be confused with the Bluemix region.
    WD Fusion Deployment

7.2.7. Swift Validation

WD Fusion Deployment

Authorization URL reachable

Can you reach the keystone v3.0 authorization URL

Account valid

The installer checks that the Swift account details are valid. If the validation fails, you should recheck your Swift account credentials.

Container valid

The installer confirms that a container with the provided details exists. If the validation fails, check that you have provided the right container name.

Container readable

The container is checked to confirm that it can be read. If the validation fails, check the permissions on the container.

Container writable

The container is checked to confirm that the container can be written to. If the validation fails, check the permissions on the container.

WD Fusion Deployment
Figure 55. Swift Segment Container Validation

The installer checks that the Swift account details are valid for accessing the segment container. If the validation fails, you should recheck your Swift account credentials.

Segment Container valid

The installer confirms that a segment container with the provided details exists. If the validation fails, check that you have provided the right segment container name.

Segment Container readable

The container is checked to confirm that it can be read. If the validation fails, check the permissions on the segment container.

Segment Container writable

The container is checked to confirm that the container can be written to. If the validation fails, check the permissions on the segment container.

Segment Account writable

The Account is checked to confirm that it can be written to. If the validation fails, check the permissions on the segment account.

  1. Authentication credentials that will be used to access the WD Fusion UI. When deploying WD Fusion under a Hadoop management layer such as Cloudera Manager or Ambari, you would use the same credentials as the said manager. In this case we’re running without a separate manager, so we need to provide our own username and password.

    WD Fusion Deployment

Username

A username that will be used for accessing the WD Fusion

Password

The corresponding password for use with the username, when logging into the WD Fusion UI.

  1. The summary screen lists all the configuration that has been entered so far, during the installation. You can check your entries by clicking on each category on the left-side menu. Click Next Step.

    WD Fusion Deployment

  2. You can ignore the next step. Click Next Step. This step is reserved for deployments where hdfs clients need to be installed. These are not required when using WD Fusion to replicate data into a cloud storage solution.
    WD Fusion Deployment

  3. It’s now time to Start up the WD Fusion server. Click Start WD Fusion. WD Fusion Deployment The WD Fusion server will now start up.

  4. The final step is Induction. This will connect this second node to your existing "on-premises" node. When adding a node to an existing zone, users will be prompted for zone details at the start of the installer and induction will be handled automatically. Nodes added to a new zone will have the option of being inducted at the end of the install process where the user can add details of the remote node.

    WD Fusion Deployment

    Enter the following details then Click Start Induction.

Fully Qualified Domain Name

The full address of the existing on-premises node.

Fusion Server Port

The TCP Port on which the on-premises node is running. Default:8082

7.2.8. Setting up replication

It’s now time to demonstrate data replication between the on-premises cluster and the IBM OpenStack / Swift storage. First we need to perform a synchronization to ensure that the data stored in both zones is in exactly the same state.

7.2.9. Synchronization

You can synchronize data in both directions:

Synchronize from on-premises to the Swift node zone

Login to the on-premises WD Fusion UI.

The following guide covers the replication from on-premises to the OpenStack/Swift node.

  1. Login to the on-premises WD Fusion UI and click on the Replicated Folders tab.

    WD Fusion tree

  2. Click on the Create button to set up a folder on the local system.

    WD Fusion tree

    Navigate the HDFS File Tree (1), on the right-hand side of the New Rule panel to select your target folder, created in the previous step. The selected folder will appear in the Path entry field. You can, instead, type or copy in the full path to the folder in the Path directory.

    Next, select both zones from the Zones list (2). You can leave the default membership in place. This will replicate data between the two zones.

    More about Membership
    Read about Membership in the WD Fusion User Guide - Managing Replication.

    IMPORTANT: files not appearing in the Swift store file tree
    If you upload files to a Swift store using the Swift client, it is possible to exploit Swift’s pseudo-file structure, placing a file in a subdirectory that isn’t mapped to the file system. While this works internally, folders that exist in this state will not be visible to WD Fusion and so can’t be viewed in the WD Fusion Rule file tree or set for replication.

    workaround
    When uploading files using the Swift client, ensure that you add a trailing slash, e.g.

    swift upload [container name] [directory name]"/"

    Folders that are uploaded in this way will be visible in the File Tree.

    Recommendation: Use platforms like Openstack or Bluemix, instead.
    Click Create to continue.

  3. When you first create the folder you may notice status messages for the folder indicating that the system is preparing the folder for replication. Wait until all pending messages are cleared before moving to the next step.

    WD Fusion tree

  4. Now that the folder is set up it is likely that the file replicas between both zones will be in an inconsistent state, in that you will have files on the local (on-premises) zone that do not yet exist in the Swift store. Click on the Inconsistent link in the Fusion UI to address these.

    WD Fusion tree

    OpenStack/Swift storage - Fusion installation figure 12.

    The consistency report will show you the number of inconsistencies that need correction. We will use bulk resolve to do the first replication.

    See the Appendix for more information on improving performance of your first synch and resolving individual inconsistencies if you have a small number of files that might conflict between zones - Running initial repairs in parallel

  5. Click on the dropdown selector entitled Bulk resolve inconsistencies to display the options that determine synch direction. Choose the zone that will be used for the source files. Tick the check box Preserve extraneous file so that files are not deleted if they don’t exist in the source zone. The system will begin the file transfer process.

    WD Fusion tree

  6. We will now verify the file transfers. Login to the WD Fusion UI on the HDI instance. Click on the Replicated Folders tab. In the File Transfers column, click the View link.

    WD Fusion tree

    By checking off the boxes for each status type, you can report on files that are:
    * In progress
    * Incomplete
    * Complete

    No transfers in progress?
    You may not see files in progress if they are very small, as they tend to clear before the UI polls for in-flight transfers.

  7. Congratulations! You have successfully installed, configured, replicated and monitored data transfer with WANdisco Fusion.
    WD Fusion tree

7.2.10. Swift Silent Installation

You can complete an IBM Swift installation using the Silent Installation procedure, putting the necessary configuration in the swift_silent_installer.properties as described in the section that covers Silent Installation.

7.2.11. Swift-specific settings

Environment Variables Required for Swift deployments:

###############################
# Swift Configuration
###############################

#Swift installation mode
# REQUIRED for Swift Installations. Defaults to false
swift.installation.mode=true

#The Swift container name to use
# REQUIRED for Swift installations.
swift.containerName=

#The Swift username to use
# REQUIRED for Swift installations.
swift.username=

#The Swift password to use
# REQUIRED for Swift installations.
swift.password=

#The Swift auth URL to use for authenticating access to the storage
# REQUIRED for Swift installations.
swift.auth.url=

# The Swift tenant name to use
# Optional, for Swift installations.
swift.tenantName=

# The Swift tenant id to use
# Optional, for Swift installations.
swift.tenantId=
  • FUSIONUI_MANAGER_TYPE=UNMANAGED_SWIFT

  • FUSIONUI_INTERNALLY_MANAGED_USERNAME

  • FUSIONUI_INTERNALLY_MANAGED_PASSWORD

  • FUSIONUI_FUSION_BACKEND_CHOICE

  • FUSIONUI_USER

  • FUSIONUI_GROUP

  • SILENT_PROPERTIES_PATH

silent_installer.properties File additional settings or specific required values listed here:

swift.installation.mode=true
swift.containerName=container1etc
kerberos.enabled=false (or unspecified)

7.2.12. Example Installation

As an example (as root), running on the installer moved to /tmp.

# If necessary download the latest installer and make the script executable
 chmod +x /tmp/installer.sh
# You can reference an original path to the license directly in the silent properties but note the requirement for being in a location that is (or can be made) readable for the $FUSIONUI_USER
# The following is partly for convenience in the rest of the script
cp /path/to/valid/license.key /tmp/license.key

# Create a file to encapsulate the required environmental variables (example is for emr-4.0.0):
cat <<EOF> /tmp/swift_silent_installer_env.sh
export FUSIONUI_MANAGER_TYPE=UNMANAGED_SWIFT
export FUSIONUI_INTERNALLY_MANAGED_USERNAME=admin
export FUSIONUI_FUSION_BACKEND_CHOICE=
export FUSIONUI_USER=hdfs
export FUSIONUI_GROUP=hdfs
export SILENT_PROPERTIES_PATH=/tmp/swift_silent.properties
export FUSIONUI_INTERNALLY_MANAGED_PASSWORD=admin
EOF

 # Create a silent installer properties file - this must be in a location that is (or can be made) readable for the $FUSIONUI_USER:
cat <<EOF > /tmp/swift_silent_installer_env.sh
existing.zone.domain=
existing.zone.port=
license.file.path=/tmp/license.key
server.java.heap.max=4
ihc.server.java.heap.max=4
fusion.domain=my.s3bucket.fusion.host.name
fusion.server.dcone.port=6444
fusion.server.zone.name=twilight
swift.installation.modetrue
swift.container.name=container-name
induction.skip=false
induction.remote.node=my.other.fusion.host.name
induction.remote.port=8082
EOF

# If necessary, (when $FUSIONUI_GROUP is not the same as $FUSIONUI_USER and the group is not already created) create the $FUSIONUI_GROUP (the group that our various servers will be running as):
[[ "$FUSIONUI_GROUP" = "$FUSIONUI_USER" ]] || groupadd hadoop

#If necessary, create the $FUSIONUI_USER (the user that our various servers will be running as):
useradd hdfs

# if [[ "$FUSIONUI_GROUP" = "$FUSIONUI_USER" ]]; then
  useradd $FUSIONUI_USER
else
  useradd -g $FUSIONUI_GROUP $FUSIONUI_USER
fi

# silent properties and the license key *must* be accessible to the created user as the silent installer is run by that user
chown hdfs:hdfs $FUSIONUI_USER:$FUSIONUI_GROUP /tmp/s3_silent.properties /tmp/license.key

# Give s3_env.sh executable permissions and run the script to populate the environment
. /tmp/s3_env.sh

# If you want to make any final checks of the environment variables, the following command can help - sorted to make it easier to find variables!
env | sort

# Run installer:
/tmp/installer.sh

7.2.13. Running initial repairs in parallel

If you have a large folder you can parallelize the initial repair using the Fusion API. This can be accomplished on a single file or a whole directory. Choosing a directory will push all files from the source to the target regardless of existence at the target.

Consider the following directory structure for a fusion replicated folder /home

/home
/home/fileA
/home/fileB
/home/userDir1
/home/userDir2
/home/userDir3

We could run a bulk resolve in the UI against the /home directory, however, to provide parallelism of the repair operations we can use the Fusion API to issue repairs against each folder and the individual files in the /home folder.

REST API Call
"FUSION_NODE:PORT/fusion/fs/repair?path=SYSTEMPATH&recursive=true&src=ZONENAME"

7.2.14. Example - Multiple API Calls using curl

curl -X PUT "FUSION_NODE:8082/fusion/fs/repair?path=/home/userDir1&recursive=true&src=LocalFS"
curl -X PUT "FUSION_NODE:8082/fusion/fs/repair?path=/home/userDir2&recursive=true&src=LocalFS"
curl -X PUT "FUSION_NODE:8082/fusion/fs/repair?path=/home/userDir3&recursive=true&src=LocalFS"
curl -X PUT "FUSION_NODE:8082/fusion/fs/repair?path=/home/fileA&recursive=false&src=LocalFS"
curl -X PUT "FUSION_NODE:8082/fusion/fs/repair?path=/home/fileB&recursive=false&src=LocalFS"

This will spawn simultaneous repairs increasing the performance of the initial synchronization. This is especially helpful when you have small file sizes to better saturate the network.

For files, the recursive parameter is ignored
You can use the file transfers view in the Fusion UI on the OpenStack-replicating node to monitor the incoming files.

7.2.15. Repairing individual folders in the UI

You can use the Fusion Web UI to selectively choose which files to repair in the UI when you have a small number of files that exists on both sides and a decision needs to be made as to which one is the source of truth.

  1. In the UI on the Replicated Folders tab click the Inconsistent link in the Consistency column to get to the Consistency Report.
    WD Fusion tree

  2. If the list of files is small you’ll be presented with a list. If it is longer than 100 files you will need to click Show All Inconsistencies. Note that you can still bulk resolve these.
    WD Fusion tree

  3. For each file, you can choose the Zone that is the source and click resolve.
    WD Fusion tree

  4. You will be prompted with a confirmation button.
    WD Fusion tree

  5. After clicking resolve, you will see a message Fix Requested. You can check the UI in the target zone file transfers if you want to verify the repair.

    WD Fusion tree


7.3. Microsoft Azure Installation

This section will run you through an installation of WANdisco’s Fusion to enable you to replicate on-premises data over to a Microsoft Azure object (blob) store.

This procedure assumes that you have already created all the key components for a deployment using a Custom Azure template. You will first need to create a virtual network, create a storage account, then start completing a template for a HDInsight cluster:

7.3.1. Prerequisites

Before starting the installation you will need access your Azure service and set up the following elements:

7.3.2. Set up storage

  1. Login to the Azure platform. Click Storage Accounts on the side menu.

    WD Fusion

  2. Click Add.

  3. Provide details for the storage account; WD Fusion

    Name

    The name of your storage container.

    Deployment model

    Select Resource Manager
    Unlike the Classic mode, the Resource manager mode uses the concept of resource group which is a container for resources that share a common lifecycle. Read more about Resource Manager Deployment Model.

    Account Kind

    General purpose
    This kind of storage account provide storage for blobs, files, tables, queues and Azure virtual machine disks under a single account.

    Replication

    LRS
    Locally redundant storage.

    Access Tier

    Hot
    Hot storage is optimized for frequent access.

    Storage service encryption

    Disabled

    Subscription

    Master Azure Subscription

    Resource Group

    (Use existing) FusionRG-NEU

    Location

    North Europe, etc.

    Check your entries, then click Create.

  4. Once created select your storage account. Select Blobs.

  5. Select +Container.

    WD Fusion
    Figure 56. Container
  6. Fill in the details for your container;

    Name

    Enter a name for the container, e.g. "Container1"

    Access Type

    Container

Get the storage account key
  1. Go to your storage account.

  2. Select Access keys.

  3. Key1 and Key2 are available here, make a note of them.

WD Fusion
Figure 57. Access Keys

7.3.3. Deploy the template

The next two steps complete the template deployment:

Deploy from link

Click to open up the Azure portal with the template already downloaded and in place. Azure portal

Deploy from the repository

This template can be fetched from the cloud-templates repo on gerrit, link here: https://wandiscopubfiles.blob.core.windows.net/wandiscopubfiles/edgeNodeTemplate.json

  1. Go to New → Template Deployment button:

    WD Fusion
    Figure 58. Template Deployment
  2. Copy and paste over the default template. This will fill in the parameters section with the fields we require for a full install of Fusion onto the node.

WD Fusion
Figure 59. Install
LOCATION

The region your instance will ultimately belong to. example: East US

FUSIONVERSION

2.10

NODENAME

A name for the Node. example: Node1

EXISTINGVNETRESOURCEGROUPNAME

An existing VNETResourceGroup your cluster will be deployed to. MasterEastUS-RG

EXISTINGVNETNAME

The network your instance will be deployed to. Keep in mind to make this accessible to your on premise nodes you will need a specific network. EastUS-VNET

EXISTINGSUBNETCLIENTSNAME

The subnet your instance will be deployed to. Keep in mind to make this accessible to your on premise nodes you will need a specific subnet. Subnet1

SSHUSERNAME

The SSH details for your instance once deployed. CAN NOT BE ROOT OR ADMIN liamuser

SSHPASSWORD

The password for the instance once deployed. Has to be at least 10 characters and must contain at least one digit, one non-alphanumeric character, and one upper or lower case letter. Wandisco99!

EDGENODEVIRTUALMACHINESIZE

The size of the machine you want to use. Standard_A5

NODEVHDSTORAGEACCOUNTNAME

The storage account that will be created for your instance. Can’t be an existing one. Has to be lower case. nodeteststorage

AZURESTORAGEACCOUNTNAME

The name of the storage account you created, see above. mystorageaccount

AZURESTORAGECONTAINERNAME

The container inside your storage account mycontainer

AZURESTORAGEACCOUNTKEY

The storage key, Key1 for your storage account, see above. (A guid.)

FUSIONADMIN

The username for your Fusion instance. admin (Default)

FUSIONPASSWORD

The password for your Fusion instance admin (Default)

FUSIONLICENSE

The URL for the Fusion license, the default is, https://wandiscopubfiles.blob.core.windows.net/wandiscopubfiles/license.key This license is a trial license that’s periodically updated by a Jenkins job.

ZONENAME

The name of the Zone the Fusion instance is installed to. AzureCloud (Default)

SERVERLATITUDE

The latitude of the server. 0

SERVERLONGITUDE

The longitude of the server. 0

SERVERHEAPSIZE

The heap size of Fusion server. 4

IHCHEAPSIZE

The heap size for the IHC server. 4

INDUCTORNODEIP

The IP of the on premise node you want to induct to. (Optional)

Create a new resource group and accept legal terms

It is strongly recommended that you select the option to Create New for resource group. If you use existing it is harder to clean up unless you specifically made a resource group to which you will deploy.

Accept terms and conditions
WD Fusion
Figure 60. Terms and conditions
  1. Select "Review legal terms".

  2. Select Create.

  3. Press Create.

Getting the public IP

Once the machine comes up you will need to click on the vm in order to get its public IP address. Tip: It’s easier to copy if you click on the blue IP address and copy the IP from the screen that then appears.

WD Fusion
Figure 61. Public IP

7.3.4. WD Fusion Installation

The next step is to install your WD Fusion nodes. For instruction on installing to your local file system, follow the On Premises installation guide. Below we take note of the elements that are specific to an MS Azure deployment:

7.3.5. MS Azure information

The following information is required during step 5 of the installer.

Primary Access Key

When you create a storage account, Azure generates two 512-bit storage access keys, which are used for authentication when the storage account is accessed. By providing two storage access keys, Azure enables you to regenerate the keys with no interruption to your storage service or access to that service. The Primary Access Key is now referred to as Key1 in Microsoft’s documentation. You can get the KEY from the Microsoft Azure storage account: WD Fusion

WASB storage URI

This is the native URI used for accessing Azure Blob storage. E.g. wasb://

Validate (button)

The installer will make the following validation checks:

WASB storage URI

The URI will need to take the form:

wasb[s]://<containername>@<accountname>.blob.core.windows.net
URI readable

Confirms that it is possible for WD Fusion to read from the Blob store.

URI writable

Confirms that it is possible for WD Fusion to write data to the Blob store.

7.3.6. Fusion Clients installation under Azure

  1. In the next step you must complete the installation of the WD Fusion client package on all the existing HDFS client machines in the cluster. The WD Fusion client is required to support data WD Fusion’s replication across the Hadoop ecosystem. Download the client DEB file. Leave your browser session running while you do this, we’ve not finished with it yet.

    WD Fusion Azure
    Figure 62. Client install 1 / Azure
  2. Return to your console session. Download the client package "fusion-hdi-x.x.x-client-hdfs_x.x.x.deb".

    WD Fusion Azure
    Figure 63. Client install 2 / Azure
  3. Install the package on each client machine:

    WD Fusion Azure
    Figure 64. Client install 3 / Azure

    e.g.

dpkg -i fusion-hdi-x.x.x-client-hdfs.deb
Client install
Figure 65. "Client install 4 / Azure
  1. Once started we now complete the final step of installer’s configuration, Induction.

    For this first node you will miss this step out, choosing to Skip Induction. For all the following node installations you will provide the FQDN or IP address and port of this first node. (In fact, you can complete induction by referring to any node that has itself completed induction.) . .


Follow this guide to set up WANdisco Fusion with Google’s cloud platform.

7.4. Google Cloud Installation

7.4.1. Replicating LocalFileSystem to Google Cloud Service

Welcome!

This quickstart guide will run you through an installation of WANdisco’s Fusion to enable you to replicate on-premises data over to an Google Cloud BLOB storage.

The aim of this guide is to get you up-and-running as quickly and simply as possible so many details, such as the pre-requisites for running Fusion, and more advanced configurations are not provided here.

Install WD Fusion in your data center

Contact WANdisco for a download link and evaluation license for WANdisco Fusion. Once you receive the download link, copy the installer to the on-premises Linux machine that will be the Fusion Server.

On Premises "LocalFileSystem" installation

In the next step you will complete the installation of WD Fusion at your on-premises location. Follow the instructions provided in the On premises Installation section. Take not of the following changed which are specific to Google cloud deployments:

Zone Information
Google
Figure 66. Step 5 - Zone information (Google Cloud deployment)
Google Compute Information
Google Bucket Name

The name of the Google storage bucket that will be replicated.

Google Project ID

The Google Project associated with the deployment.

Validation

The following validation is completed against the settings:

  • The provided bucket matches with an actual bucket on the platform.

  • The provided bucket can be written to by WD Fusion.

  • The bucket can be read by WD Fusion.

What is induction?
Multiple instances of WD Fusion join together to form a replication network or ecosystem. Induction is the process used to connect each new node to an existing set of nodes.

  1. Login to WD Fusion UI using the admin username and password that you provided during the installation. WD Fusion tree

  2. The installation of your first node is now complete. You can find more information about working with the WD Fusion UI in the Admin section of this guide.

    WD Fusion tree

Connect WD Fusion with your Google Cloud BLOB storage
Launching WD Fusion from the Google Cloud Marketplace

This section will run you through an installation of WANdisco’s Fusion to enable you to replicate on-premises data over to Google’s Cloud platform.

  1. Log into the Google Cloud Platform. Under VM instances, click Create instance.

    WD Fusion

    Set up suitable specification for the VM.

    WD Fusion

    Machine type

    2vCPUs recommended for evaluation.

    Boot disk

    Click on the Change button and select Centos6.7.

    Firewall

    Enable publically available HTTP and HTTPS.

Management, disk, networking, access & security options

There are two options here:

Specify the start up script, you have two options:

Set up networking:

  • Click on Network.

  • Select fusion-gcw (our VPC).

Project Access, Tick the checkbox "Allow API access to all Google Cloud services in the same project". WD Fusion

Click on the Management tab.
WD Fusion

Under Metadata add the following key:
WD Fusion

Click Add item.

Click on the Networking tab.
WD Fusion

Network

Your Google network VPC, e.g. fusion-gce.

Click Create.
WD Fusion

There will be a brief delay while the instance is set up. You will see the VM instances panel that shows the VM system activity.
WD Fusion

When the instance is complete, click on it.
WD Fusion

You will see the management screen for the instance.
WD Fusion

Make a note of the internal IP address, it should look like 172.25.0.x.
WD Fusion

How to get the IP address of an existing WD Fusion Node:

  1. Log into the WD Fusion UI on your premises (set up in the first part of this guide).

  2. On the Fusion Nodes tab, click on the link to the existing WD Fusion Node.
    WD Fusion

  3. Get the IP address from the Node information screen.
    WD Fusion

Click Save.

Go to your browser and enter the IP address for the (on-premises) WD Fusion web UI. The URL will take the form

http://your-server-IP:8083/

Open the URL in your browser and you will see the login screen. Use the admin username and password that you specified during the setup of the WD Fusion node.
WD Fusion tree

Upon logging into the WD Fusion web UI, you will see the Dashboard. A map is displayed and you will see 2 nodes. If you didn’t specify a license during the CFT launch, you will see details for a trial license that will expire 14 days after you first launched the instance.

Demonstration
Setting up data replication

It’s now time to demonstrate data replication between the on-premises cluster and the Google bucket storage. First we need to perform a synchronization to ensure that the data stored in both zones is in exactly the same state.

Synchronization

You can synchronize data in both directions:

Synchronize from on-premises to Google’s zone

Login to the on-premises WD Fusion UI.

Synchronize from Google Cloud to the on-premises zone

Login to the WD Fusion server in the Google Cloud Console.

Synchronize in both directions (because the data already exists in locations)

Login to either Fusion UI.

The remaining guide covers the replication from on-premises to Google Cloud, although the procedure for synchronizing in the opposite direction is effectively the same.

  1. Login to the on-premises WD Fusion UI and click on the Replicated Folders tab.
    WD Fusion tree

    Google Cloud - Fusion installation figure 09.

  2. Click on the Create button to set up a folder on the local system.
    WD Fusion tree

    Google Cloud - Fusion installation figure 10.

    Navigate the HDFS File Tree (1), on the right-hand side of the New Rule panel to select your target folder, created in the previous step. The selected folder will appear in the Path entry field. You can, instead, type or copy in the full path to the folder in the Path directory.

    Next, select both zones from the Zones list (2). You can leave the default membership in place. This will replicate data between the two zones.

    More about Membership
    Read about Membership in the WD Fusion User Guide - Managing Replication.

    Click Create to continue.

  3. When you first create the folder you may notice status messages for the folder indicating that the system is preparing the folder for replication. Wait until all pending messages are cleared before moving to the next step.
    WD Fusion tree

  4. Now that the folder is set up it is likely that the file replicas between both zones will be in an inconsistent state, in that you will have files on the local (on-premises) zone that do not yet exist in the Google container. Click on the Inconsistent link in the Fusion UI to address these.
    WD Fusion tree

    The consistency report will show you the number of inconsistencies that need correction. We will use bulk resolve to do the first replication.

    See the Appendix for more information on improving performance of your first synch and resolving individual inconsistencies if you have a small number of files that might conflict between zones - Running initial repairs in parallel

  5. Click on the dropdown selector entitled Bulk resolve inconsistencies to display the options that determine synch direction. Choose the zone that will be used for the source files. Tick the check box Preserve extraneous file so that files are not deleted if they don’t exist in the source zone. The system will begin the file transfer process.
    WD Fusion tree

  6. We will now verify the file transfers. Login to the WD Fusion UI on the HDI instance. Click on the Replicated Folders tab. In the File Transfers column, click the View link.
    WD Fusion tree

    By checking off the boxes for each status type, you can report on files that are:
    - In progress
    - Incomplete
    - Complete

    No transfers in progress?
    You may not see files in progress if they are very small, as they tend to clear before the UI polls for in-flight transfers.

  7. Congratulations! You have successfully installed, configured, replicated and monitored data transfer with WANdisco Fusion.
    WD Fusion tree

Appendix
Networking Guide for WANdisco Fusion Google Cloud

Setting up suitable network connectivity between your WDFusion zones using your Google Cloud private network system can be difficult to understand and implement if you’re not very familiar with the networking part of the Google Cloud platform. This section of the appendix will give you all the information you need to make the best choices and right configuration for setting up network connectivity between your on-premises and Google Cloud environments.

WANdisco Fusion makes the replication of your on-premise data to Google cloud simple and efficient. It relies on network connectivity between the two environments, and because a typical on-premises data store will reside behind your firewall, you will need to plan the right approach for that connection.

This document includes information on the requirements that your solution will need to meet, along with options for establishing communication between the environments. You can choose among those options, and perform simple testing to ensure that the configured solution meets all your needs for data replication with WANdisco Fusion.

Networking in WANdisco Fusion

WANdisco Fusion is a distributed system, allowing multiple, separate storage systems to exchange data to replicate content. It includes a collection of services that communicate over the network, requiring the ability to establish and use TCP connections between one another.

The Google Cloud Active Migrator includes components that are created and launched in an Google Cloud Virtual Network (VNet). Your on-premises WD Fusion components will need to establish connections with these VNet-resident services, and will also need to accept incoming connections from them.

You have many choices for how to establish connectivity between your on-premises environment and the Google Cloud-based Fusion node.

Regardless of your choice, you will need to ensure that your network connectivity meets the requirements defined in this document. For information from VNet connectivity options, please refer to "https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-cross-premises-options/[About secure cross-premises connectivty for virtual networks]".

Ports

The diagram below shows the Fusion services and the ports they expose, that are used to replicate content between an on-premise local file system and Google Cloud.

WD Fusion tree

Appendix 2 - port allocation for Google Cloud Blob storage - WD Fusion deployments.

Take careful note of the need for TCP connections to be established in both directions between the hosts on which the Fusion and IHC servers execute. You need to allow incoming and outgoing TCP connections on ports:

6444

DCone port handles all co-ordination traffic that manages replication. It needs to be open between all WD Fusion nodes. Nodes that are situated in zones that are external to the data center’s network will require unidirectional access through the firewall.

8023

Port used by WD Fusion server to communicate with HCFS/HDFS clients. The port is generally only open to the local WD Fusion server, however you must make sure that it is open to edge nodes.

8082

REST port is used by the WD Fusion application for configuration and reporting, both internally and via REST API. The port needs to be open between all WD Fusion nodes and any systems or scripts that interface with WD Fusion through the REST API.

7000

7000 range, (exact port is determined at installation time based on what ports are available), used for data transfer between Fusion Server and IHC servers. Must be accessible from all WD Fusion nodes in the replicated system.

8083

Used to access the WD Fusion Administration UI by end users (requires authentication), also used for inter-UI communication. This port should be accessible from all Fusion servers in the replicated system as well as visible to any part of the network where administrators require UI access.

Running initial repairs in parallel

If you have a large folder you can parallelize the initial repair using the Fusion API. This can be accomplished on a single file or a whole directory. Choosing a directory will push all files from the source to the target regardless of existence at the target.

Consider the following directory structure for a fusion replicated folder /home

/home
/home/fileA
/home/fileB
/home/userDir1
/home/userDir2
/home/userDir3

We could run a bulk resolve in the UI against the /home directory, however, to provide parallelism of the repair operations we can use the Fusion API to issue repairs against each folder and the individual files in the /home folder.

REST API Call
"FUSION_NODE:PORT/fusion/fs/repair?path=SYSTEMPATH&recursive=true&src=ZONENAME"
Example - Multiple API Calls using curl
curl -X PUT "FUSION_NODE:8082/fusion/fs/repair?path=/home/userDir1&recursive=true&src=LocalFS"
curl -X PUT "FUSION_NODE:8082/fusion/fs/repair?path=/home/userDir2&recursive=true&src=LocalFS"
curl -X PUT "FUSION_NODE:8082/fusion/fs/repair?path=/home/userDir3&recursive=true&src=LocalFS"
curl -X PUT "FUSION_NODE:8082/fusion/fs/repair?path=/home/fileA&recursive=false&src=LocalFS"
curl -X PUT "FUSION_NODE:8082/fusion/fs/repair?path=/home/fileB&recursive=false&src=LocalFS"

This will spawn simultaneous repairs increasing the performance of the initial synchronization. This is especially helpful when you have small file sizes to better saturate the network.

For files, the recursive parameter is ignored
You can use the file transfers view in the Fusion UI on HDI to monitor the incoming files.

Repairing individual folders in the UI

You can use the Fusion Web UI to selectively choose which files to repair in the UI when you have a small number of files that exists on both sides and a decision needs to be made as to which one is the source of truth.

  1. In the UI on the Replicated Folders tab click the Inconsistent link in the Consistency column to get to the Consistency Report.
    WD Fusion tree

    Google Cloud - Fusion installation figure 15

  2. If the list of files is small you’ll be presented with a list. If it is longer than 100 files you will need to click Show All Inconsistencies. Note that you can still bulk resolve these.
    WD Fusion tree

    LocalFS figure 50.

  3. For each file, you can choose the Zone that is the source and click resolve.
    WD Fusion tree

  4. You will be prompted with a confirmation button.
    WD Fusion tree

  5. After clicking resolve, you will see a message Fix Requested. You can check the UI in the target zone file transfers if you want to verify the repair.
    WD Fusion tree


8. Administration Guide

This Admin Guide describes how to set up and use WANdisco’s WD Fusion.

8.1. Housekeeping

This section covers basic operations for running a WD Fusion deployment, including commands and tools that allow you to set up and maintain replicated directories.

8.1.1. Starting up

To start WD Fusion UI:

  1. Open a terminal window on the server and log in with suitable file permissions.

  2. Run the fusion-ui-server service from the /etc/init.d folder:

    rwxrwxrwx  1 root root    47 Apr 10 16:05 fusion-ui-server -> /opt/wandisco/fusion-ui-server/bin/fusion-ui-server
  3. Run the script with the start command:

    [root@localhost init.d]#  ./fusion-ui-server start
    
    Starting fusion-ui-server:.                         [  OK  ]

    WD Fusion starts. Read more about the fusion-ui-server init.d script.

  4. Also you can invoke the service directly. e.g.

    service fusion-ui-server stop/start

8.1.2. Shutting down

To shut down:

  1. Open a terminal window on the server and log in with suitable file permissions.

  2. Run the WD Fusion UI service, located in the init.d folder:

    rwxrwxrwx  1 root root    47 Dec 10 16:05 fusion-ui-server -> /opt/wandisco/fusion-ui-server/bin/fusion-ui-server
  3. Run the stop script:

    [root@redhat6 init.d]#  ./fusion-ui-server stop
    stopping fusion-ui-server:                                   [  OK  ]
    [root@redhat6 init.d]#

    The process shuts down.

Shutdowns take some time

The shutdown script attempts to stop processes in order before completing, as a result you may find that (from WD Fusion 2.1.3) shutdowns may take up to a minute to complete.

8.1.3. init.d management script

The start-up script for persistent running of WD Fusion is in the /etc/init.d folder. Run the script with the help command to list the available commands:

[root@redhat6 init.d]# service fusion-ui-server help
  usage: ./fusion-ui-server (start|stop|restart|force-reload|status|version)

start Start Fusion services
stop Stop Fusion services
restart Restart Fusion services
force-reload Restart Fusion services
status Show the status of Fusion services
version Show the version of Fusion

Check the running status (with current process ID):

[root@redhat6 init.d]# service fusion-ui-server status
Checking delegate:not running                              [  OK  ]
Checking ui:running with PID 17579                         [  OK  ]

Check the version:

[root@redhat6 init.d]# service fusion-ui-server  version
1.0.0-83

8.2. Managing cluster restarts

WD Fusion’s replication system is deeply tied to the cluster’s file system (HDFS). If HDFS is shut down, the WD Fusion server will no longer be able to write to HDFS, stopping replication even if the cluster is brought back up.

To avoid replication problems:

  • Where possible, avoid doing a full shutdown. Instead, restart services to trigger a rolling restart of datanodes.

  • If a full shutdown is done, you should do a rolling restart off all WD Fusion nodes in the corresponding zone. A rolling restart ensures that you will keep the existing quorum.

8.3. Managing services through the WD Fusion UI

Providing that the UI service is running, you can stop and start WD Fusion through the Fusion Nodes tab.

Dashboard
Figure 67. Stop Node via Fusion Node tab

8.4. WD Fusion UI login

The UI for managing WD Fusion can be accessed through a browser, providing you have network access and the port that the UI is listening on is not blocked.

http://<url-for-the-server>:<UI port>

e.g.

http://wdfusion-static-0.dev.organisation.com:8083/ui/

You should not need to add the /ui/ at the end, you should be redirected there automatically.

dashboard
Figure 68. Dashboard

Login using your Hadoop platform’s manager credentials.

8.4.1. Login credentials

Currently you need to use the same username and password that are required for your platform manager, e.g. Cloudera Manager or Ambari. In a future release we will separate WD Fusion UI from the manager and use a new set of credentials.

LDAP/Active Directory and WD Fusion login

If your Cloudera-based cluster uses LDAP/Active Directory to handle authentication then please note that a user that is added to an LDAP group will not automatically be assigned the corresponding Administrator role in the internal Cloudera Manager database. A new user is LDAP that is assigned an Admin role will, by default, not be able to login to WD Fusion. To be allowed to login, they must first be changed to an administrator role type from within Cloudera Manager.

No sync between CM and LDAP
There is no sync between Cloudera Manager and LDAP in either direction, so a user who loses their Admin privileges in LDAP will still be able to login to WD Fusion until their role is updated in Cloudera Manager. You must audit WD Fusion users in Cloudera Manager.

Administrators will need to change any user in the Cloudera Manager internal database (from the Cloudera Manager UI) to the required access level for WD Fusion. Please note the warning given above, that changing access levels in LDAP will not be enough to change the admin level in WD Fusion.

8.5. Authentication misalignment

There are four possible scenarios concerning how LDAP authentication can align and potentially misalign with the internal CM database:

User has full access in CM, denied access in WD Fusion UI
  • User is in the Full Administrator group in LDAP

  • User is left as the default read-only in the internal Cloudera Manager database

User has full access in CM, full access in WD fusion UI
  • User is in the Full Administrator group in LDAP

  • User is changed Full Administrator in the internal Cloudera Manager database

User has read-only access in CM, denied access to WD Fusion UI
  • User is removed from the Full Administrator group in LDAP and added to the read-only group

  • User is left as the default read-only in the internal Cloudera Manager database

User has read-only access to CM, Full access to WD Fusion UI
  • User is removed from the Full Administrator group in LDAP and added to the read-only group

  • User is set as Full Administrator in the internal Cloudera Manager database + Clearly this scenario represents a serious access control violation, administrators must audit WD Fusion users in Cloudera Manager.

8.5.1. Checking cluster status on the Dashboard

The WD Fusion UI dashboard provides a view of WD Fusion’s status. From the world map you can identify which data centers are experiencing problems, track replication between data centers or monitor the usage of system resources.

Dashboard
Figure 69. Dashboard

UI Dashboard will indicate if there are problems with WD Fusion on your cluster.

8.6. Server Logs Settings

The WD Fusion logs that we display in the WD Fusion UI are configured by properties in the ui.properties file.

Membership
Figure 70. Server logging

8.6.1. WD Fusion UI Logs viewer

Using WD Fusion UI’s log viewer (View Logs):

  1. Login to the WD Fusion UI and click on the Fusion Nodes tab button. Then click on the Node on which you wish to view logs.

    Membership
    Figure 71. Log viewer 1
  2. Click on the View Logs link, under Fusion Server Logs in the *Local WD Fusion Server table:

    Membership
    Figure 72. Log viewer 2
  3. The View Logs screen lets you select from either WD Fusion or UI Server logs.

    Membership
    Figure 73. Log viewer 3

8.6.2. Default log paths:

Unless configured differently, WD Fusion logs should be written to the following locations:

logs.directory.fusion /var/log/fusion/server/
logs.directory.ihc /var/log/fusion/ihc
logs.directory.uiserver /var/log/fusion/ui

8.6.3. Configure log directory

By default the log location properties are not exposed in the ui.properties file. If you need to update the UI server to look in different locations for the log files then you can add the following properties (in ui.properties). To be clear these entries do not set alternate locations for WD Fusion to write its logs, it only ensures that the UI server can still read the logs in the event that they are moved.:

logs.directory.fusion

sets the path to the WD Fusion server logs.

logs.directory.uiserver

sets the path to the UI server logs.

logs.directory.ihc

sets the path to the ihc server logs.

The file is read by the UI server on start up so you will need to restart the server for changes to take affect. The ui.properties file is not replicated between nodes so you must currently set it manually on each node.

8.6.4. Logging at startup

At startup the default log location is /dev/null. If there’s a problem before log4j has initialised this will result in important logs getting lost. You can set the log location to a filespace that preserve early logging.

Edit fusion_env.sh adding paths to the following properties:

SERVER_LOG_OUT_FILE

Path for WD Fusion server log output

IHC_LOG_OUT_FILE

Path for IHC server log output

More about logging
For more information about WD Fusion’s logging, see
Troubleshooting - 2. Read logs

8.7. Induction

Induction is the process used to incorporate new nodes into WANdisco’s replication system. The process is run at the end of a node installation, although it is also possible to delay the process, then use the + Induct link on the Fusion Nodes tab.

Use this procedure if you have installed a new node but did not complete its induction into your replication system at the end of the installation process.

  1. Login to one of the active nodes, clicking on the Fusion Nodes tab. Click the + Induct button.

    WD Fusion Deployment
  2. Enter the fully qualified domain name of the new node that you wish to induct into your replication system.

    WD Fusion Deployment
    Fully Qualified Domain Name

    The full domain name for the new node that you will induct into your replication system.

    Fusion Server Port

    The TCP port is used by the WD Fusion application for configuration and reporting, both internally and via REST API. The port needs to be open between all WD Fusion nodes and any systems or scripts that interface with WD Fusion through the REST API.

    Click Start Induction.

  3. When the induction process completes, the Fusion Node tab will refresh with the new node added to the list.

8.7.1. Induction Failure

The induction process performs some validation before running. If this validation failures you will quickly see a warning messages appear.

WD Fusion Deployment
Automatic Induction Failure

If the induction process can’t connect to the new node using the details provided, a failure will happen instantly. This could happen because of an error in the new node’s installation, however it could also be caused by the node being kerberized.

We also could not reach any of our standard ports

If connections can’t be made on specific Fusion ports, they will be listed here. If none of the standard ports are reachable then you will be warned that this is the case.

Fully Qualified Domain Name

The full hostname for the server.

Node ID

A unique identifier that will be used by WD Fusion UI to identify the server.

Location ID

This is the unique string (e.g. "db92a062-10ea-11e6-9df2-4ad1c6ce8e05") that appears on the Node screen (see below).

DConE Port

The TCP port used by the replication system. It needs to be open between all WD Fusion nodes. Nodes that are situated in zones that are external to the data center’s network will require unidirectional access through the firewall.

9. Troubleshooting

This section details with how to diagnose and fix problems that many occur in deployment. It’s important that you check the Release Notes for any Known issues in the release that you are using. See Release Notes.

9.2. Read the logs

There are a number of log files that provide information that will be necessary in finding the cause of many problems.

The log files for WD Fusion are spread over three locations. Some processes contain more than one log file for the service. All pertinent log files are captured by running the WANdisco talkback shell script that is covered in the next section.

9.2.1. WD Fusion Server Logs

The logs on the WD Fusion server record events that relate to the data replication system.

Log locations

/var/log/fusion/server

Primary log(s)

fusion-dcone.log.0

  • this is the live log file for the running WD Fusion server process.

Historical logs

The following logs are listed for completeness but are not generally useful for monitoring purposes.
fusion dcone.log.x

  • the log file is rotated once its file size reaches 200MB. By default, the last 100 log files are stored. The "x" represents an incrementing number, starting at 1.
    Filenames are appended with an incrementing number starting at 1.
    Rotation is presently defaulted at 200MB with a retention of 100 files, although this can be customised.
    fusion-server.log

  • a log of the application-level events, such as kerberos authentication, license validation.
    fusion-server.log.yyyy-mm-dd
    log_out.log

  • this is the output redirected from STDOUT and STDERR that invoked java. This is used to capture exceptions that occur before logging could start.

9.2.2. WD Fusion UI Server Logs

The WD Fusion user interface layer, responsible for handling interactions between the administrator, WD Fusion and the Hadoop Management layer.

Log locations

/var/log/fusion/ui/

Primary log(s)

fusion-ui.log

Historical logs

fusion-ui.log.x

The UI logs will contain errors such as failed access to the user interface, connectivity errors between the user interface and WD Fusion Server REST API and other syntax errors between the user interface and the WD Fusion server’s REST API and other syntax errors whilst performing administrative actions across the UI.

9.2.3. Inter-Hadoop Connect (IHC) Server Logs

Responsible for streaming files from the location of the client write to the WD Fusion server process in any remote cluster to which hadoop data is replicated.

Log location

/var/log/fusion/ihc
/var/log/fusion/ihc/server

Primary log(s)

server/fusion-ihc-ZZZ-X.X.X.log

  • The live IHC process log files. The components of the filename are as follows:
    ZZZ - Hadoop distribution marker (hdp, cdh, phd, etc). This will be "hdp" for a Hortonworks integrated cluster.
    X.X.X - A matching cluster version number. This will be "2.2.0" for a Hortonworks 2.2 cluster.

Historical logs

server/fusion-ihc-ZZZ-X.X.X.log.yyy-mm-dd
log_out.log
This log file contains details of any errors by the process when reading from HDFS in the local cluster, such as access control violations, or network write errors when streaming to the WD Fusion server in any remote cluster.

9.2.4. Log analysis

This is the standard format of the WANdisco log messages within Fusion. It includes an ISO8601 formatted timestamp of the entry, the log level / priority, followed by the log entry itself. Log levels we provide in order of severity (highest to lowest) that you may observe:

  • PANIC

  • SEVERE

  • ERROR

  • WARNING

  • INFO

For log analysis and reporting, logs with at the PANIC, SEVERE and ERROR levels should be investigated. The warning level messages indicate an unexpected result has been observed but one that hasn’t impacted the system’s continued operation. Additional levels may exist, but are used in cases when the logging level has been increased for specific debug purposes. At other times, other levels should be treated as informational (INFO).

9.2.5. Quickly picking out problems

One simple thing that can be done is to grep the log file for any instance of "exception" and/or "PANIC" - this will tell the administrator a great deal without much effort. Using something like:

cat /var/log/fusion/server/fusion-dcone.log.0 | egrep -i "exception|panic"

9.3. Talkback

Talkback is a bash script that is provided in your WD Fusion installation for gathering all the logs and replication system configuration that may be needed for troubleshooting problems. Should you need assistance from WANdisco’s support team, they will ask for an output from Talkback to begin their investigation.

9.3.1. Talkback location

You can find the talkback script located on the WD Fusion server’s installation directory:

$ cd /opt/wandisco/fusion/server/

You can run talkback as follows:

$ sudo talkback.sh

If a cluster has Kerberos security enabled (Talkback will detect this from WD Fusion’s configuration), you may be asked for Kerberos details needed to authenticate with the cluster.

You will be asked to complete the following details:

  • Location to store the talkback to. Suggest /tmp if acceptable disk space is available.

    Reserve plenty of storage
    Note, WD Fusion talkbacks can exceed 300MB compressed, but well over 10GB uncompressed (due to logs). /tmp may or may not be suitable.

  • Kerberos keytab location.

  • User to perform kinit with when obtaining kerberos ticket.

  • Whether you wish to perform a HDFS fsck, or not. Option 1 for yes, option 2 for no.

9.3.2. Running talkback

To run the talkback script, follow this procedure:

  1. Log into the Fusion server. If you’re not logged in as root, use sudo to run the talkback script, e.g.

    [vagrant@supp26-vm1 ~]$ sudo /opt/wandisco/fusion/server/talkback.sh
        #######################################################################
        # WANdisco talkback - Script for picking up system & replicator       #
        # information for support                                             #
        #######################################################################
    
        To run this script non-interactively please set following environment vars:
    
        ENV-VAR:
        FUSION_SUPPORT_TICKET          Set ticket number to give to WANdisco support team
        FUSION_TALKBACK_DIRECTORY      Set the absolute path directory where the tarball will be saved
        FUSION_KERBEROS_ENABLED        Set to "true" or "false"
        FUSION_PERFORM_FSCK            Set to "true" or "false" to perform a file system
                                       consistency check
    
    Which directory would you like the talkback tarball saved to? /tmp
    
          ===================== INFO ========================
          The talkback agent will capture relevant configuration
          and log files to help WANdisco diagnose the problem
          you may be encountering.
    
    Retrieving current system state information
    Kerberos is enabled
    Kerberos is enabled. Please provide the absolute path to the keytab you wish to use to obtain a ticket:
    /etc/security/keytabs/hdfs.headless.keytab
    Please provide the corresponding username for the keytab located /etc/security/keytabs/hdfs.headless.keytab:
    hdfs
    Performing kinit as user:  hdfs
    Gathering information from Fusion endpoints
    Protocol is:  http
    Hostname is:  supp26-vm1dddd
    Port is:  8082
    retrieving details for node "supp26-vm0_2"
    retrieving details for node "supp25-vm1_59"
    retrieving details for node "supp25-vm0_61"
    retrieving details for node "supp26-vm1_20"
    Copying Fusion server log files, this can take several minutes.
    Copying Fusion IHC log files, this can take several minutes.
    Would you like to include hadoop fsck? This can take some time to complete and may drastically increase the size of the tarball.
    1) Yes
    2) No
    #? 2
    Running sysinfo script to capture maximum hardware and software information...
    Gathering Summary info....
    Gathering Kernel info....
    Gathering Hardware info....
    Gathering File-Systems info....
    Gathering Network info....
    Gathering Services info....
    Gathering Software info....
    Gathering Stats info....
    Gathering Misc-Files info....
    THE FILE sysinfo/sysinfo_supp26-vm1-20160428-132245.tar.gz HAS BEEN CREATED BY sysinfo
    tar: Removing leading `/' from member names
    
    TALKBACK COMPLETE
    
    ---------------------------------------------------------------
     Please upload the file:
    
         /tmp/talkback-201604281321-supp26-vm1.lcx.tar.gz
    
     to WANdisco support with a description of the issue.
    
     Note: do not email the talkback files, only upload them
     via ftp or attach them via the web ticket user interface.
    --------------------------------------------------------------
  2. Follow the instructions for uploading the output on WANdisco’s support website.

9.4. Common problems

9.4.1. Moving objects between mismatched filesystems

If you move objects onto the distributed file system you must make sure that you use the same URI on both the originating and destination paths. Otherwise you’d see an error like this:

[admin@vmhost01-vm1 ~]$ hadoop fs -mv /repl2/rankoutput1 fusion:///repl2/rankoutput2/
15/05/13 21:22:40 INFO client.FusionFs: Initialized FusionFs with URI: fusion:///, and Fs: hdfs://vmhost01-vm1.cluster.domain.com:8020. FileSystem: DFS[DFSClient[clientName=DFSClient_NONMAPREDUCE_-721726966_1, ugi=admin@DOMAIN.EXAMPLE (auth:KERBEROS)]]
mv: `/repl2/rankoutput1': Does not match target filesystem

If you use the fusion:/// URI on both paths it will work, e.g.

[admin@vmhost01-vm1 ~]$ hadoop fs -mv fusion:///repl2/rankoutput1 fusion:///repl2/rankoutput1
15/05/13 21:23:27 INFO client.FusionFs: Initialized FusionFs with URI: fusion:///, and Fs: hdfs://vmhost01-vm1.cluster.domain.com:8020. FileSystem: DFS[DFSClient[clientName=DFSClient_NONMAPREDUCE_-1848371313_1, ugi=admin@DOMAIN.EXAMPLE (auth:KERBEROS)]]

Note that since the non-replicated directory doesn’t yet exist in ZONE2 it will get created without the files it contains on the originating zone. _When running WD Fusion using the fusion:///, moving non-replicated directory to replicated directory will not work unless you use of the fusion:/// URI.

You can’t move files between replicated directories
Currently you can’t perform a straight move operation between two separate replicated directories.

9.4.2. Handling file inconsistencies

WD Fusion’s replication technology ensures that changes to data are efficiently propagated to each zone. There are, however, a few cases where the consistency of objects in the distributed file system lose consistency. WD Fusion can be set to schedule periodic consistency checks, or an administrator can trigger a check from the Admin UI or via the REST API.

If an inconsistency is found then the administrator needs to use the repair functions available through the WDFusion UI or manually repair the issue using whatever system tools correspond with the Hadoop application. This may require that up-to-date files are manually copied over from one zone to overwrite the corrupted version of the files. In some cases files will need to be deleted/removed in order to restore consistency. You will need to follow the guidelines and documentation that correspond with your underlying applications, e.g. MapR, Hive etc.

Consistency Checks look at file size, not content
The current implementation of the Consistency Check tool compares the size of files between zones. We’re looking carefully at how we can implement a qualitative check that can specifically identify file corruption while not greatly impacting performance.

Repairs on large files
Please note that when very large files are repaired, it may appear that the process has stalled with different numbers of appends getting reported, post-completion. We recommend that you allow repair operations plenty of time to complete.

Username Translation
If any nodes that take part in a consistency check have the Username Translation feature enabled, then inconsistencies in the "user" field will be ignored.

9.4.3. Transfer reporting

When looking at the transfer reporting, note that there are situations in which HFlush/early file transfer where transfer logs will appear incorrect. For example, the push threshold may appear to be ignored. This could happen if an originating file is closed and renamed before pulls are triggered by the HFlush lookup. Note that although this results in confusing logs, those logs are in fact correct; you would see only two appends, rather than the number determined by your push threshold - one in the very beginning, and one from the rename, which pulls the remainder of the file. What is happening is optimal; all the data is available to be pulled at that instant, so we might as well pull all of it at once instead of in chunks.

9.4.4. Fine-tuning Replication

WANdisco’s patented replication engine, DConE, can be configured for different use cases, balancing between performance and resource costs. The following section looks at a number of tunable properties that can be used to optimize WD Fusion for your individual deployment.

Increasing thread limit

WD Fusion processes agreements using a set number of threads, 20 by default, which offers a good balance between performance and system demands.

It is possible, in cases where there are many Copy agreements arriving at the same time, that all available threads become occupied by the Copy commands. This will block the processing of any further agreements.

You can set WD Fusion to reserve more threads, to protect against this type of bottleneck situation:

9.4.5. Increase executor.threads property

  1. Make a backup copy of WD Fusion’s applications config file /opt/wandisco/fusion-server/applications.properties, then open the original in your preferred text editor.

  2. Modify the property executor.threads.

    Property

    Description

    Permitted Values

    Default

    Checked at…​

    executor.threads

    The number of threads executing agreements in parallel.

    1-Integer.MAX_VALUE

    20

    Startup

    WD Fusion Server snippet

    Don’t go alone
    Any upward adjustment will clearly increase the resourcing costs. Before you make any changes to DConE properties, you should open up discussions with WANdisco’s support team. Applying incorrect or inappropriate settings to the replication system may result in hard to diagnose problems.

  3. Save your edited applications.properties file, then restart WD Fusion.

9.4.6. Tuning Writer Re-election

Only one WD Fusion node per zone is allowed to write into a particular replicated directory. The node that is assigned to do the writing is called the writer. See more about the role of the writer.

Should the current writer suddenly become unavailable, then a re-election process begins for assigning the role to one of the remaining nodes. Although the re-election process is designed to balance speed against and system resource usage, there may be deployments where the processing speed is critical. For this reason, the reelection timing can be tuned with the following system:

9.5. Tunable properties

writerCheckPeriod

The period of time (in seconds) between writer check events. Default: 60.

writerCheckMultiple

The number of check events that will fail before initiating an election. Default: 3.

9.5.1. Setting the writer re-election period

Period of time between a writer going off-line and another writer is elected and starts picking up = writerCheckPeriod * writerCheckMultiple. i.e.

the default is 3 minutes ( writerCheckPeriod 60s x writerCheckMultiple 3)

If you feel these default settings create cause the system to wait too long before kicking off a re-election then you can update them using an API call:

curl -X POST http://.../fusion/fs/properties/global?path=<mapped path>&writerCheckPeriod=<new period>&writerCheckMultiple=<new multiple>

You can adjust these properties to be optimal for your deployment. However, consider the following pointers:

  • Setting the properties so that the period is very short will ensure that if a writer is lost, a new writer will be brought into action so quickly that there should be no impact on replication. However, very short periods are likely to result in a larger number of false alarms, where writer re-elections are triggered unnecessarily.

  • Setting the properties so that the period is very long will ensure that a re-election only takes place if the current writer is really "out for the count", however, a long delay between the loss of the writer and a new writer picking up could be very detrimental in some situations, such as where very large numbers of small files are being replicated between zones.

9.6. Handling Induction Failure

In the event that the induction of a new node fails, here is a possible approach for manually fixing the problem using the API.

Requirements: A minimum of two nodes with a fusion server installed and running, without having any prior knowledge about the other. This can be verified by querying <hostname>:8082/fusion/nodes

9.6.1. Steps:

Generate an xml file (we’ll call it induction.xml) containing an induction ticket with the inductors details (Generally the inductor port should not change but this is the port that all DConE traffic uses. You can find this in your application.properties file as application_port)

<inductionTicket>
  <inductorNodeId>${NODE1_NODEID}</inductorNodeId>
  <inductorLocationId>${NODE1_LOCATIONID}</inductorLocationId>
  <inductorHostName>${NODE1_HOSTNAME}</inductorHostName>
  <inductorPort>6789</inductorPort>
</inductionTicket>

Send the xml file to your inductee:

curl -v -s -X PUT -d@${INDUCTION.XML} -H "Content-Type: application/xml" http://${NODE2_HOSTNAME}:8082/fusion/node/${NODE2_IDENTITY}

9.6.2. MEMBERSHIP

Requirements: A minimum of two nodes that have been inducted.

Steps:

Generate an xml file (we’ll call it membership.xml) containing a membership object. DConE supports various configuration of node roles but for the time being the Fusion UI only supports <Acceptor, Proposer, Learner> and <Proposer, Learner>. If you choose to have an even number of <Acceptor, Proposer, Learner> nodes you must specify a tiebreaker.

<membership>
  <membershipIdentity>${MEANINGFUL_MEMBERSHIP_NAME}</membershipIdentity>
  <distinguishedNodeIdentity>${NODE1_NODEID}</distinguishedNodeIdentity>
  <acceptors>
    <node>
      <nodeIdentity>${NODE1_NODEID}</nodeIdentity>
      <nodeLocation>${NODE1_LOCATIONID}</nodeLocation>
    </node>
    <node>
      <nodeIdentity>${NODE2_NODEID}</nodeIdentity>
      <nodeLocation>${NODE2_LOCATIONID}</nodeLocation>
    </node>
  </acceptors>
  <proposers>
    <node>
      <nodeIdentity>${NODE1_NODEID}</nodeIdentity>
      <nodeLocation>${NODE1_LOCATIONID}</nodeLocation>
    </node>
    <node>
      <nodeIdentity>${NODE2_NODEID}</nodeIdentity>
      <nodeLocation>${NODE2_LOCATIONID}</nodeLocation>
    </node>
  </proposers>
  <learners>
    <node>
      <nodeIdentity>${NODE1_NODEID}</nodeIdentity>
      <nodeLocation>${NODE1_LOCATIONID}</nodeLocation>
    </node>
    <node>
      <nodeIdentity>${NODE2_NODEID}</nodeIdentity>
      <nodeLocation>${NODE2_LOCATIONID}</nodeLocation>
    </node>
  </learners>
</membership>

Send the xml file to one of your nodes:

curl -v -s -X POST -d@${MEMBERSHIP.XML} -H "Content-Type: application/xml" http://${NODE_HOSTNAME}:8082/fusion/node/${NODE_IDENTITY}/membership

9.6.3. STATEMACHINE

Requirements: A minimum of two nodes inducted together and a membership created that contains them (you’ll want to make a note of the membership id of your chosen membership).

Steps:
Generate an xml file (we’ll call it statemachine.xml) containing a fsMapping object.

<replicatedDirectory>
  <uri>${URI_TO_BE_REPLICATED}</uri>
  <membershipId>${MEMBERSHIP_ID}</membershipId>
  <familyRepresentativeId>
    <nodeId>$NODE1_ID</nodeId>
  </familyRepresentativeId>
</replicatedDirectory>

Send the xml file to one of your nodes:

curl -v -s -X POST -d@${STATEMACHINE.XML} -H "Content-Type: application/xml" http://${NODE1_HOSTNAME}:8082/fusion/fs

9.7. Emergency bypass to allow writes to proceed

If WD Fusion is down and clients use the HDFS URI, then further writes will be blocked. The emergency bypass feature gives the administrator an option to bypass WD Fusion and write to the underlying file system, which will introduce inconsistencies between zones. This is suitable for when short-term inconsistency is seen as a lesser evil compared to blocked progress.

The inconsistencies can then be fixed later using the Consistency and Repair process(es). A client that is allowed to bypass to the underlying filesystem will continue to bypass for the duration of the retry interval. Long-running clients will automatically reload configurations at a hardcoded 60 second interval. Thus it is possible to disable and enable the bypass on-the-fly.

Don’t enable the Emergency bypass
We strongly recommend that you currently don’t use the bypass option. We’re investigating a possible issue where enabling the Emergency bypass may cause application instability during periods of high activity.

/[FUS-2392]

9.8. Enable/disable emergency bypass via the UI

  1. Log in to the Fusion UI and go to the Settings tab. Click Client Bypass Settings.

    Enable Client Bypass
    Figure 74. Client Bypass - step1
  2. Tick the Enable fusion bypass checkbox. This will enable two entry fields for configuration:

    Enable Client Bypass
    Figure 75. Client Bypass - step2
    Bypass response time

    The time (in seconds) that will pass before the client will bypass WD Fusion. Default: 14.

    Bypass retry interval

    The time (in seconds) before the client attempts to use WD Fusion, again. Default: 60.

  3. Click Update to save your changes.

9.9. Enable/disable emergency bypass via manual configuration change

In core-site.xml add the following properties:

<property>
<name>fusion.client.can.bypass</name>
<value>true or false; default is false</value>
</property>
<property>
<name>fusion.client.bypass.response.secs</name>
<value>integer number representing seconds; default is 14</value>
</property>
<property>
<name>fusion.client.bypass.retry.interval.secs</name>
<value>integer number representing seconds; default is 60</value>
</property>

The properties are also listed in the Reference Section.

*Known Issue: Failed to install metastore service during fusion installation in HDP 2.4, 2.5
Example failure, during an Ambari-based installation. The error is caused by the stack not being available via ambari-server. example failure

Workaround
To fix this you need to ensure that only a single Ambari-server process is running before doing the service ambari-server restart. To find the ambari-server processes that are running you can use.

ps -aux | grep ambari-server

Then kill all the ambari-server processes by using

kill -9 [pid of process]

then restart the ambari-server by using

service ambari-server restart

Also rerun the check to ensure you only have a single process running:

ps -aux | grep ambari-server

You can then check in the Ambari UI if the WD Hive Metastore and WD Hiveserver2 Template services are available. If they are present then you will be ok to proceed with retrying to install the service via the installer.

9.10. Kerberos Troubleshooting

This section covers some recommended fixes for potential Kerberos problems.

9.10.1. Kerberos Error with MIT Kerberos 1.8.1 and JDK6 prior to update 27

Prior to JDK6 Update 27, Java fails to load the Kerberos ticket cache correctly when using MIT Kerberos 1.8.1 or later, even after a kinit.

The following exception will occur when attempting to access the Hadoop cluster.

WARN ipc.Client: Exception encountered while connecting to the server : javax.security.sasl.SaslException:
GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]

The workaround is:

10. Uninstall WD Fusion

In cases where you need to remove WD Fusion from a system, use the following script:

/opt/wandisco/fusion-ui-server/scripts/uninstall.sh

  • The script is placed on the node during the installation process.

  • You must run the script as root or invoke sudo.

  • Running the script without using an additional option performs the following actions:

    Default uninstall

  • Stops all WD Fusion related services

  • Uninstalls the WD Fusion. IHC and UI servers

  • Uninstalls any Fusion-related plugins (See Plugins)

  • Uninstalls itself. You’ll need to handle backups manually from this point

10.1. Usage

10.1.1. Example

sudo CONFIG_BACKUP_DIR=/data/my_config_backup LOG_BACKUP_DIR=/data/my_log_backup /opt/wandisco/fusion-ui-server/scripts/uninstall.sh -c -l -p

See below for a full explanation of each option:

10.2. Uninstall with config purge

Running the script with -p will also include the removal of any configuration changes that were made during the WD Fusion installation.

Reinstallation
Use the purge (-p) option in the event that you need to complete a fresh installation.

As the purge option will completely wipe your installation, there’s a backup option that can be run to back up your config files, which gives you an easier method for recovering your installation:

10.3. Backup config/log files

Run the script with the -c option to back up your config and -l to back up WD Fusion logs. The files will be backed up to the following location:

/tmp/fusion_config_backup/fusion_configs-YYYYMMDD-HHmmss.tar.gz

Change the default save directory
You can change the locations that the script uses for these backups by adding the following environmental variables:

CONFIG_BACKUP_DIR=/path/to/config/backup/dir
LOG_BACKUP_DIR=/path/to/log/backup/dir

10.3.1. Dry run

Use the -d option to test an uninstallation. This option lets you test the effects of an installation, without any actual file changes being made. Use this option to be sure that your uninstallation will do what you expect.

10.4. Help

Running the script with -h outputs a list of options for the script.

[sysadmin@localhost ~]$ sudo /opt/wandisco/fusion-ui-server/scripts/uninstall.sh -h
Usage: /opt/wandisco/fusion-ui-server/scripts/uninstall.sh [-c] [-l] [-p] [-d]
 -c: Backup config to '$CONFIG_BACKUP_DIR' (default: /tmp/fusion_config_backup).
 -d: Dry run mode. Demonstrates the effect of the uninstall without performing the requested actions.
 -h: This help message.
 -l: Backup logs to '$LOG_BACKUP_DIR' (default: /tmp/fusion_log_backup).
 -p: Purge config, log, data files, etc to leave a cleaned up system.

11. Managing Replication

WD Fusion is built on WANdisco’s patented DConE active-active replication technology. DConE sets a requirement that all replicating nodes that synchronize data with each other are joined in a "membership". Memberships are coordinated groups of nodes where each node takes on a particular role in the replication system.

For more information about DConE and its different roles see the reference section’s chapter called A Paxos Primer.

11.1. Create a membership

Log in to the WD Fusion UI. Click on the Membership tab. Click on the Create New tab. The "New Membership" window will open that will display the WD Fusion nodes organized by zone.

membership
Figure 76. Example membership1

Configure the membership by selecting which nodes should be acceptors. Acceptors vote on the ordering of changes.

membership
Figure 77. Example membership2

Note how a two-node membership requires that one of the nodes be upgraded to a Distinguished Node.

For some guidance on the best way to configure a membership read Create Resilient Memberships in the reference section.

membership
Figure 78. Example membership2

Click Create to complete the operation. Click Cancel to discard the changes.

Identical memberships are not allowed
You will be prevented from creating more than 1 membership with a particular configuration.
image::wdf2.10_wdfusion_createmembership_reject.png[membership,title="Rejected membership"]

11.2. Guide to node types

APL

Acceptor - the node will vote on the order in which replicated changes will play out.
Proposer - the node will create proposals for changes that can be applied to the other nodes.
Learner - the node will receive replication traffic that will synchronize its data with other nodes.

PL

Proposer - the node will create proposals for changes that can be applied to the other nodes.
Learner - the node will receive replication traffic that will synchronize its data with other nodes.

Distinguished Node

Acceptor + - the distinguished node is used in situations where there is an even number of nodes, a configuration that introduces the risk of a tied vote. The Distinguished Node’s bigger vote ensures that it is not possible for a vote to become tied.

11.3. Replicated Folders

WD Fusion allows selected folders within your hdfs file system to replicated to other data centers in your cluster. This section covers the set up and management of replicated folders.

11.3.1. Create a replicated folder

The first step in setting up a replicated folder is the creation of a target folder:

  1. In each zone, create a directory in the hdfs file space. To avoid permission problems, ensure that the owning user/group are identical across the zones. Use Hadoop’s filesystem command to complete the tasks:

    hadoop fs -mkdir /user/hiver
    hadoop fs -chown -R hiver:groupname /user/hiver
  2. As user hdfs, run the following commands on each data center:

    hadoop fs -mkdir /user/hiver/warehouse-replicated
    hadoop fs -chown hiver:hiver /user/hiver/warehouse-replicated

    This ensures that the a universal system user has read/write access to the hdfs directory warehouse-replicated that will be replicated through WD Fusion.

11.4. Create Rule

  1. Once the folder is in place on all nodes, login to WD Fusion’s UI on one of the WD Fusion nodes and click on the Replicated Folders tab.

  2. Click on the + Create button.

    membership
    Figure 79. Create rule 1
  3. The replicated folder entry form screen will appear.

    membership
    Figure 80. Create rule 2

    Navigate the HDFS File Tree (1), on the right-hand side of the New Rule panel to select your target folder, created in the previous section. The selected folder will appear in the Path entry field. You can, instead, enter the full path to the folder in the Path directory.

    Next, select two or more zones from the Zones list (2). You then select a Membership from the dropdown selector. If there’s no existing membership with the combination of Zones that you selected, then you will see the message:

    There are no memberships available matching your criteria.

    In this case you can create a new membership, see Create a membership and restart the Create Replicated Folder process.

  4. You can now complete the creation of the Replicated folder by clicking on the Create button. However, there are some additional options available on the Advanced Options panel. Consider if you need to apply any Advanced Options for the folder.

    Note that the allocated writer for this zone is listed under the a Advanced Options panel. This can be useful information in case you need to troubleshoot replication problems.

membership
Figure 81. Advanced Options

These include Preserve Origin Block Size, which is used for columnar storage formats such as parquet, Preserve Replication Factor which is used when want replica data to continue to use the replication factor that is set on its originating cluster, rather than the use the factor that applies on the new cluster.

Exclude from replication? lets you set an "exclude pattern" to indicate files and folders in your replicated folder that you don’t want to be replicated. If you apply any Advanced Options you need to click the Update button to make sure that they are applied.

The option Override Consistency Check Interval allows administrators to set a consistency check interval that is specific to the replicated folder space and different from the default value that is set in the Consistency Check section of the Settings tab.

11.4.1. Path interpretation

If the path contains a leading slash "/", we assume it is an absolute path, if it contains no leading slash then we assume it is a relative path and the root directory will be added to the beginning of the exclusion.

  1. If you didn’t complete a consistency check on the selected folder, you may do so now.

    membership
    Figure 82. Replicate to Zones
  2. After the completion of a consistency check, the Consistency column will report the consistency status.

    membership
    Figure 83. Replicated folder status

11.4.2. Edit/ View Replicated Folder

If you click on the View link for a Replicated Folder, then you enter a tabbed UI:

11.5. View/Edit

membership
Figure 84. Replicated folder Details

The View/Edit tab lets you make changes to selected properties of the Replicated Folder:

Writer for this zone

Indicates which node is set to handle writes for this zone.

Path

The file path for the replicated folder in question.

Zones

The zones that are replicated between, for the corresponding folder.

Membership

The membership used to define the replication.

Advanced Options

Various advanced options that can be set for a replicated folder. See Advanced Options.

11.6. Consistency Check

The Consistency Check tab offers access to the consistency repair tool.

membership
Figure 85. Consistency Check
Path

The path to the replicated folder currently being viewed for consistency.

Properties

The system properties for the folder, including the following properties:

  • Length: - byte length of the file (in kilobytes)

  • Is a directory: - distinguishes files from directories (true or false)

  • Owner: - Owning system account

  • Group: - Associated system account group

  • Permissions: - File permissions applied to the element

  • ACLs: - Associated Access Control Lists for the element

Source of truth

From the available zones, you must choose the one that represents the most up-to-date state.

Resolve

Once you have selected from the available zones, click the Resolve button.

membership
Figure 86. Replicated folder - Preserve extraneous files

You will see a confirmation message concerning your choice of repair. There is a checkbox that lets you choose to Preserve extraneous files, Click Confirm to complete the repair.

membership
Figure 87. Replicated folder - Fixed requested

After clicking Confirm, you will get a rundown of the state of each zone, after the repair has been completed.

11.7. Custom Consistency Check

Use the Custom Consistency Check to select a sub directory of the Replicated Directory and check that it is in a consistent state across all nodes.

membership
Figure 88. Custom Consistency Check
Path

Shows the path to be checked

HDSF File Tree

Use the HDFS File Tree to select the directory to be checked.

Outcome

Note: When running a custom consistency check, there may be a delay before results are shown. Stay on this page to see the results.

Please select a path and click "Check Now".

membership
Figure 89. Outcome
Outcome

The Outcome panel will now report on the number of inconsistencies. You will be invited to "Click for a full report".

11.8. File Transfers

The File Transfer panel shows the movement of data coming into the zone.

membership
Figure 90. File Transfer

11.9. Repair

The repair tab provides a tool for repairing file inconsistencies between available zones. The repair tool provides three different types of repair operation, based on the option you select from the Repair Type dropdown.

dropdown
Figure 91. Repair Type Dropdown
HCFS Repair

this is a consistency repair on the live Hadoop Compatible File System. This method is the most direct for making repairs, although running a repair will stop writes to the replicated folder in the local zone. The block is removed once the repair operation completes.

Checkpoint Repair

this option uses the fsimage checkpoints created by Hadoop’s admin tool. The use of a snapshot from the nameode ensures that the local filesystem does not get locked during the repair.

SnapDiff (NetApp)

The Snapdiff implementation of repair allows a repair to be driven by the use of the Netapp snapdiff API. The process for use of the snapdiff implementation of snapshot repair is detailed below. See Repair type SnapDiff (NetApp)

11.9.1. Repair type HCFS

HCFS breakdown
Figure 92. repair

Run through the following procedure to perform a repair:

  1. Select the Source of truth from the drop-down. This will flag one of the available zones as most up-to-date / most correct in terms of stored data.

  2. Select from one of two Resolution types, Recursive or Preserve

    Recursive

    If checkbox is ticked, this option will cause the path and all files under it to be made consistent. The default is true, but is ignored if the path represents a file.

    Preserve

    If checkbox is ticked, when the repair is executed in a zone that is not the source zone, any data that exists in that zone but not the source zone will be retained and not removed. The default is false, i.e., to make all replicas of the path consistent by removing all data in the no-source zone(s) that does not exist in the source.

    path

    The path for which the list of repairs should be returned. The default value is the root path, "/".

    recursive

    If true, also get repairs done on descendants of path. This option is false by default.

    showAll

    Whether or not to include past repairs for the same file. The options are "true" to show all repairs on the given path, and "false" to show only the last repair.

    sortField

    The field by which the entries in the RepairListDTO should be sorted. The options are to sort by the "startTime" or "path" property. The default value is "path".

    sortOrder

    The order in which the entries should be sorted according to the sort field. The options are to sort in ASC (ascending) or DESC (descending) order.

    return

    A RepairListDTO representing a list of repairs under path.

    Command-line only
    The Repair status tool is currently only available through the command-line. In the next release the functionality will be added to the Fusion UI.

11.9.2. Repair type Checkpoint

HCFS repair
Figure 93. Checkpoint type repair

11.9.3. Repair type SnapDiff (NetApp)

SnapDiff is an internal Data ONTAP engine that quickly identifies the file and directory differences between two Snapshot copies. See What SnapDiff is.

SnapDiff Repair
Figure 94. Snapdiff type repair
Type

The type of repair that you wish to start. hdfs or ontap

Path

The replicated system path.

Netapp filter URI

The URI used for Natapp API traffic.

Virtual Filter Name

A name provided for the virtual filter.

Volume Name

Storage volume name.

Mountpoint

Path where the volume is mounted on the underlying filesystem.

Base Snapshot

Name of the base snapshot. Diffs are calculated as deltas between a base and diff snapshot

Diff Snapshot

Name of the diff snapshot

Maximum number of diffs per request

Max diffs returned per request. See MaxDiffs.

Source of truth

The node on which the most correct/update data is stored.

Resolution of truth

Mechanism that determines how the latest/most correct data is copied into place.

Paths

Paths to replicated files.

HDFS File Tree

Rendered view of the current file tree.

  1. A user initiates a snapshot of the NFS content (externally to WD Fusion). This will be called the “base snapshot”.

  2. Time passes, changes occur in that NFS file system.

  3. The user initiates another snapshot of that content (externally to Fusion) - this will be called the “diff snapshot”.

  4. The user invokes the snapshot repair API, including this information:

Required parameters:

HTTP authentication (user/password) in the header of the request. Ontap requires this to invoke their API.

snapshotType

The type of repair that you wish to start. hdfs or ontap.

path

Replicated path.

endpoint

URI of the Netapp Filer serving Ontap requests.

vfiler

Name of the virtual filer.

volume

The exported volume.

mountpoint

Path where the volume is mounted on the underlying filesystem.

baseSnapshot

Name of the base snapshot. Diffs are calculated as deltas between a base and diff snapshot.

diffSnapshot

Name of diff snapshot.

Optional parameters:
recursive

Indicates whether subdirectories should be considered.

Non-Recursive requests in 2.10
In Fusion 2.10, if the recursive parameter is set to "false", the parameter is ignored. NetApp snapshots are ALWAYS recursive over a directory hierarchy. From 2.10.2 and beyond, an error code will be returned instead — it’s not a valid request for this API call.
replace

Replace files/dirs of the same name on the receiving zone.

preserve

If preserve == true, do not remove any files on the receiving zone that don’t exist on the source zone.

maxDiffs

Max diffs returned per request. There is a hard limit of 256, unless an admin goes to the admin server and changes the registry keys:

To change maxDiff limit on the Netapp Filer:
Use the following steps.
system node run -node "nameofvserver"
priv set advanced
registry walk
registry set options.replication.zapi.snapdiff.max_diffs SOMENUMBER

Example to invoke via curl:

curl --user admin:Ontap4Testing -v -X PUT 'http://172.30.1.179:8082/fusion/fs/repair/snapshot?snapshotPath=/tmp/snapshot1&snapshotType=ontap&path=/tmp/repl1/vol1&endpoint=https://172.30.1.200:443/servlets/netapp.servlets.admin.XMLrequest_filer&vfiler=svm_taoenv&volume=vol1&maxDiffs=256&mountpoint=/tmp/repl1/vol1&preserve=true&baseSnapshot=snap1&diffSnapshot=snap2'
  1. The snapshot repair then executes as per the standard repair mechanism to update zones, but will only consider the information that has changed between the base and diff snapshots. The intention is for the base snapshot to reflect the known state of all zones at a prior point in time, and to use the difference between it and the diff snapshot for reconciliation. Non-source zones for snapshot repair with this mechanism trust that the difference between the base and diff snapshots is a true representation of the changes required.

    The user interaction with Fusion should be similar to that offered for HDFS-based snapshot repair, with the addition of extra parameters for initiation of the snapshot repair. She should be presented with the option to select the type of the snapshot repair to be performed, and required input fields should adjust based on that indication. Validation of information provided is helpful, but not required for a first UI implementation. In particular, Fusion should not be responsible for storing or providing selection from a list of snapshot names (as these are generated externally).

11.10. Configure Hadoop

Once WD Fusion has been installed and set up, you will need to modify your Hadoop applications so that when appropriate, they write to your replicated folder.

configurehadoop
Figure 95. Example membership

Configure Hadoop applications to write to the replicated file space.

11.11. Configure for High Availability Hadoop

If you are running Hadoop in a High Availability (HA) configuration then you should run through the following steps for WD Fusion:

  1. Enable High Availability on your Hadoop clusters. See the documentation provided by your Hadoop vendor, i.e. - Cloudera or Hortonworks.

    The HA wizard does not set the HDFS dependency on ZooKeeper
    Workaround:

    • Create and start a ZooKeeper service if one doesn’t exist.

    • Go to the HDFS service.

    • Click the Configuration tab.

    • In the Service-Wide category, set the ZooKeeper Service property to the ZooKeeper service.

  2. Edit WD Fusion configuration element ‘fusion.underlyingFs’ to match the new nameservice ID in the cluster-wide core-site.xml in your Hadoop manager.
    E.g, change:

    <property>
            <name>fusion.underlyingFs</name>
            <value>hdfs://vmhost08-vm0.cfe.domain.com:8020</value>
    </property>

    To:

    <property>
            <name>fusion.underlyingFs</name>
            <value>hdfs://myCluster</value>
    </property>
  3. Click Save Changes to commit the changes.

  4. If Kerberos security is installed make sure the configurations are there as well: Setting up Kerberos with WD Fusion.

  5. You’ll need to restart all Fusion and IHC servers once the client configurations have been deployed.

11.12. Known issue on failover

Where High Availability is enabled for the NameNode and WD Fusion, when the client attempts to failover to the Standby NameNode it generates a stack trace that outputs to the console. As the WD Fusion client can only delegate the method calls to the underlying FileSystem object, it isn’t possible to properly report that the connection has been reestablished. Take care not to assume that a client has hung, it may, in fact, be in the middle of a transfer.

11.13. Reporting

The following section details with the reporting tools that WD Fusion currently provides.

11.13.1. Consistency Check

The consistency check mechanism lets you verify that replicated HDFS data is consistent between sites. Read about Handling file inconsistencies.

11.13.2. Consistency Checks through WD Fusion UI

Username Translation
If any nodes that take part in a consistency check have the Username Translation feature enabled, then inconsistencies in the "user" field will be ignored.
NameNodeSettings
Figure 96. Replication Rules table - indicates if inconsistencies are detected.

11.13.3. Consistency

Consistency Status

A status which links to the consistency check report. It can report Check Pending, Inconsistent, Consistent or Unknown.

Last Check

Shows the time and date of the check that produced the current status. By default, Consistency checks are automatically started every 24 hours.

Next Check

Shows the time and date of the next automatically scheduled Consistency Check. Remember, you don’t need to wait for this automatic check, you can trigger a consistency check at any time through the Consistency Check tool.

Click on the report link to get more information about the current consistency check results.

11.13.4. Fix inconsistencies with the Consistency Check tool

WD Fusion’s Consistency Check tool includes a feature for resolving any inconsistencies that are detected across the distributed file system. Use the following procedure to resolve any such inconsistencies:

  1. Start by completing a fresh Consistency Check. Select the inconsistent object using the corresponding check box, then click on the Consistency Check button. After a few moments you’ll get an up-to-date report on inconsistency.

    NameNodeSettings
    Figure 97. Consistency Check
  2. To fix an inconsistency, click on the Inconsistent link in the Consistency column.

    NameNodeSettings
    Figure 98. Inconsistent
  3. The inconsistency is shown in terms of object properties.

    NameNodeSettings
    Figure 99. Consistency Check
    Path

    The absolute path for the object.

    Length

    The size of the object.

    Is a directory

    Identifies if the object is a directory (true) or a file (false).

    Owner

    System account that owns the object.

    Group

    System group associated with the object(s)

    Permission

    File permissions for the object.

  4. Compare the various states of the inconsistent element across your cluster. You need to decide which zone(s) have a correct/up-to-date copy of the element, then select the zone under the Source of truth column. Click Resolve.

    NameNodeSettings
    Figure 100. Confirm Consistency Check
  5. You’ll get a confirmation prompt that will confirm which copies will be overwritten and which zone will source the file. Click Confirm to complete the fix or click Cancel to stop the process. d

    NameNodeSettings
    Figure 101. NameNode Settings
  6. If you clicked Confirm then the fix operation will begin. The UI will indicate Fix requested.

    NameNodeSettings
    Figure 102. Consistency Check
  7. Rechecking the Consistency will now confirm that the object is now consistent across all zones.

    NameNodeSettings
    Figure 103. Consistency Check

11.14. 4.3.2 File Transfer Report

As a file is being pulled into the local zone, the transfer is recorded in the WD Fusion server and can be monitored for progress.

Use the REST API filter by the replicated path and sort by ascending or descending "complete time" or "start time":

GET /fusion/fs/transfers?path=[path]&sortField=[startTime|completeTime]&order=[ascending|descending]

11.15. File transfer Report Output

Example output showing an in-progress and completed transfer:

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<fileTransfers>
    <fileTransfer>
        <startTime>1426020372314</startTime>
        <elapsedTime>4235</elapsedTime>
        <completeTime>1426020372434</completeTime>
        <username>wandisco</username>
        <familyRepresentativeId>
            <nodeId>dconefs5-1</nodeId>
            <dsmId>93452fe3-c755-11e4-911e-5254001ba4b1</dsmId>
        </familyRepresentativeId>
        <file>/tmp/repl/isoDEF._COPYING_<;/file>
        <remoteFs>hdfs://vmhost5-vm4.frem.wandisco.com:8020</remoteFs>
        <origin>dc1<;/origin>
        <size>4148166656</size>
        <remaining>4014477312</remaining>
        <bytesSec>3.3422336E7</bytesSec>
        <percentRemaining>96.77714626516683</percentRemaining>
        <state>in progress</state>
    </fileTransfer>

    <fileTransfer>
        <startTime>1426019512082</startTime>
        <elapsedTime>291678</elapsedTime>
        <completeTime>1426019803760</completeTime>
        <username>wandisco</username>
        <familyRepresentativeId>
            <nodeId>dconefs5-1</nodeId>
            <dsmId>93452fe3-c755-11e4-911e-5254001ba4b1</dsmId>
        </familyRepresentativeId>
        <file>/tmp/repl/isoABC</file>
        <remoteFs>hdfs://vmhost5-vm4.frem.wandisco.com:8020</remoteFs>
        <origin>dc1</origin>
        <size>4148166656</size>
        <remaining>0</remaining>
        <bytesSec>1.4221733E7</bytesSec>
        <percentRemaining>0.0</percentRemaining>
        <state>complete</state>
    </fileTransfer>
</fileTransfers>

11.16. Output key with data type

Username

System user performing the transfer. (String)

File name

Name of the file being transferred. (String)

Remote FS

The file of the originating node. (URI)

Origin

The file’s originating Zone. (String)

Size

The cumulative size of data transferred. (Long)

Appends

The number of appends that have been made to the file being transferred. (Long)

AppendSize

The size of the latest append.

Remaining

Remaining bytes still to be transferred for the latest append. (Long)

Percent remaining

Percentage of the file still to be transferred. (Double)

Bytes/Sec

The current rate of data transfer, i.e. Amount of file downloaded so far / elapsed download time. (Long)

State

One of "in progress", "incomplete", "completed", "appending", "append complete", "deleted" or "failed". (TransferState)
In progress: means we are performing an initial pull of the file.
Appending: means data is currently being pulled and appended to the local file.
Append completed: means all available data has been pulled and appended to the local file, although more data could be requested later.

Note: files can be renamed, moved or deleted while we pull the data, in which case the state will become "incomplete".
When the remote file is closed and all of its data has been pulled, the state will then change to "Complete".
If a file is deleted while we are trying to pull the end state will be "deleted".
If the transfer fails the state will be "failed".

Start Time

The time when the transfer started. (Long)

Elapsed Time

Time that has so far elapsed during the transfer. Once the transfer completes it is then a measure of the time between starting the transfer and completing. (Long)

Complete Time

During the transfer this is an estimate for the complete time based on rate of through-put so far. Once the transfer completes this will be the actual time at completion. (Long)

Delete Time

If the file is deleted then this is the time the file was deleted from the underlying filesystem. (Long)

11.16.1. Record retention

Records are not persisted and are cleared up on a restart. The log records are truncated to stop an unbounded use of memory, and the current implementation is as follows:
For each state machine, if there are more than 1,000 entries in its list of transfers we remove the oldest transfers ,sorted by complete time, which are in a terminal state ("completed", "failed" or "deleted") until the size of the list is equal to 1,000. The check on the number of records in the list is performed every hour.

11.16.2. Deleting memberships

It is currently not possible to delete memberships that are no longer required. Currently, removing memberships would potentially break the replication system.

11.16.3. Bandwidth management

For deployments that are run under an enterprise license, additional tools are available for monitoring and managing the amount of data transferred between zones.

Enterprise License only The Bandwidth Management tools are only enabled on clusters that are running on an Enterprise license. See the Deployment Checklist for details about License Types.

11.16.4. Overview

The bandwidth management tools provide two additional areas of functionality to support Enterprise deployments.

  • Limit the rate of outgoing traffic to each other zone.

  • Limit the rate of incoming traffic from each other zone.

Any applicable bandwidth limits are replicated across your nodes and applied on a per-zone basis.

Fusion11

Fusion Nodes - when Enterprise license is in use.

The Fusion Nodes screen will display current incoming traffic for the local zone. You will need to log in to the WD Fusion UI on a node within each Zone to see all incoming traffic levels.

11.16.5. Setting up bandwidth limits

Use this procedure to set up bandwidth limits between your zones

Click on the Set bandwidth limit button for each corresponding zone.

Fusion11

The Maximum bandwidth dialog will open. For each remote zone you can set a maximum Outgoing to and Incoming from values. Entered values are in Megabits per second. These are converted into Gigabytes per hour and displayed in brackets after each entry field.

Fusion11

Maximum bandwidth entry dialog.

Outgoing to

The provided value will be used as the bandwidth limit for data coming from the target zone.

Incoming from

As it is only possible to actually limit traffic at source, the Incoming from value is applied at the target zone as the Outgoing to limit for data being sent to the present zone.

When you have set your bandwidth values, click Update to apply these settings to your deployment.

Fusion11

Maximum bandwidth entry dialog.

12. Settings

12.1. Change the UI Settings

You can change how you interact with WD Fusion UI through the browser:

Change UI Settings1
Figure 104. Settings - Change UI Settings

12.1.1. Change UI ports

  1. Log into the WD Fusion UI. Click on the Settings tab.

  2. Click on UI Settings link on the side menu.

  3. Enter a new HTTP Port or HTTP SSL.

    Change UI ports
    Figure 105. Settings - Fusion UI host and port
  4. Click Update. You may need to update the URL in your browser to account for the change you just made.

12.1.2. Use HTTPS Port

You can enable SSL encryption between the WD Fusion UI and your browser.

  1. Before you enable use of HTTPS, ensure that all WD Fusion nodes/zones have been installed and configured (without using HTTPS for browser access). However, it is not necessary to have inducted the nodes or memberships.

Enable HTTPS on all nodes
If you don’t enable HTTPS on some nodes, some information, such as graph data will not be displayed.
  1. Create a Key Store file using keytool, then save the file to a location on each node where the WD Fusion server can read it.

  2. Log in to the WD Fusion UI. Click on the Settings tab.

  3. Click on UI Settings link on the side menu.

  4. Tick the Use HTTPS checkbox, then enter the following properties:

    HTTPS Port

    The TCP port that will be used for the SSL traffic.

    Key Store

    The security certificate repository.

    Key Store Password

    Password that is set to protect the Key Store.

    Key Alias

    An identifying name for the Key.

Important:
Check that you are using the correct Key Alias. Currently, if you use an alias that doesn’t exist in the keystore then the Fusion UI server will fail to start without warning. Improved error handling will be added in a later release.
Trust Store

Is used to store certificates from trusted Certificate Authorities.

Trust Store Password

The password that protects the Trust Store. Restart the node for the setting changes to take effect.

12.1.3. Changing the WD Fusion server settings

The server settings give you control over traffic encryption between WD Fusion and IHC servers.

Server Settings

12.2. Enable SSL for WD Fusion

The following procedure is used for setting up SSL encryption for WD Fusion. The encryption will be applied between all components: Fusion servers, IHC servers and clients.

The procedure must be followed for each WD Fusion server in your replication system, in turn.

  1. Login to WD Fusion UI, click on the Settings tab.

  2. Click the Enable SSL for WD Fusion checkbox.

    Server Settings
  3. Enter the details for the following properties:

    Server Settings
    KeyStore Path

    Path to the keystore.
    e.g. /opt/wandisco/ssl/keystore.ks

    KeyStore Password

    Encrypted password for the KeyStore.
    e.g. *

    Key Alias

    The Alias of the private key.
    e.g. WANdisco

    Key Password

    Private key encrypted password.
    e.g. *

    TrustStore Path

    path to the TrustStore.
    /opt/wandisco/ssl/keystore.ks

    TrustStore Password

    Encrypted password for the TrustStore.
    e.g. *

  4. Ensure that the HTTP Policy for the WD Fusion Core Server API is changed to match your SSL selection. Having enabled SSL, you need to change the HTTP Policy to Only HTTPS or Both HTTP and HTTPS.

    Server Settings
  5. If applicable, edit the Fusion HTTP Server Port, default is 8082.

  6. Click Update to save the settings. Repeat the steps for all WD Fusion servers.

12.3. Changing SSL Settings

If you disable SSL, you must also update the HTTP Policy for the WD Fusion Core Server API so that it is set to HTTP only.

Any changes that you make to the SSL settings must be applied, manually in the UI of every other WD Fusion node. Adding an update to the SSL settings will apply changes in the core-site file via the management endpoint (Cloudera Manager, Ambari, etc). You may be required to make manual changes to configuration files and restart some services.

Known Issue
Currently, the HTTP policy and SSL settings both independently alter how WD Fusion uses SSL, when they should be linked. You need to make sure that your HTTP policy selection and the use of SSL (enabled in the next section of the Installer) are in sync. If you choose either to the policies that use HTTPS, then you must enable SSL. If you stick with "Only HTTP" then you must ensure that you do not enable SSL. In a future release these two settings will be linked so it will not be possible to have contradictory settings.

12.3.1. Setting up SSL

What follows is a manual procedure for setting up SSL. In most cases it has been superseded by the above Fusion UI-driven method. If you make changed using the following method, you will need to restart the WD Fusion server in order for the changed to appear in on the Settings tab.

Create the keystores / truststores. Every Fusion Server and IHC server should have a KeyStore with a private key entry / certificate chain for encrypting and signing. Every Fusion Server and Fusion Client must also have a truststore for validating certificates in the path specific in “fusion.ssl.truststore”. The keystores and truststores can be the same file and may be shared amongst the processes.

Fusion Server configuration for SSL

To configure Server-Server or Server-Client SSL, enter the following configurations to the application.properties file. e.g.

ssl.enabled=true
ssl.key.alias=socketbox
ssl.key.password=***********
ssl.keystore=/etc/ssl/key.store
ssl.keystore.password=**************
Server-Server or Server-Client

Configure the keystore for each server:

Key Value Default File

ssl.key.alias

alias of private key/certificate chain in KeyStore.

NA

application.properties

ssl.key.password

encrypted password to key

NA

application.properties

ssl.keystore

path to Keystore

NA

application.properties

ssl.keystore.password

encrypted password to KeyStore.

NA

application.properties

Server-to-Server or Server-to-IHC

Configure the truststore for each server:

Key Value Default File

ssl.truststore

Path to truststore

Default

application.properties

ssl.truststore.password

encrypted password to trust store

Default

application.properties

Fusion client configuration Server-Client only

Configure the truststore for each client:

Key Value Default File

fusion.ssl.truststore

path to truststore

NA

core-site.xml

fusion.ssl.truststore.password

encrypted password for truststore

NA

core-site.xml

fusion.ssl.truststore.type

JKS, PCKS12

JKS

core-site.xml

IHC Server configuration (Server-IHC SSL only)

Configure the keystore for each IHC server:

Key Value Default File

ihc.ssl.key.alias

alias of private key/certificate chain in keystore

NA

.ihc

ihc.ssl.key.password

encrypted password to key

NA

.ihc

ihc.ssl.keystore

path to keystore

NA

.ihc

ihc.ssl.keystore.password

encrypted password to keystore

NA

.ihc

ihc.ssl.keystore.type

JKS, PCKS12

JKS

.ihc

Enable SSL:

The following configuration is used to turn on each type of SSL encryption:

Type Key Value Default File

Fusion Server - Fusion Server

ssl.enabled

true

false

application.properties

Fusion Server - Fusion Client

fusion.ssl.enabled

true

false

core-site.xml

Fusion Server - Fusion IHC Server

fusion.ihc.ssl.enabled

true

false

.ihc

12.4. Enable SSL (HTTPS) for the WD Fusion Server

The manual steps (if you prefer not to use the UI settings server settings) for getting WD Fusion Server to support HTTPS connections:

You need to add the following property to application.properties.

Type Key Value Default File

Enable HTTPS support for Fusion core

fusion.http.policy

HTTP_ONLY, HTTPS_ONLY, BOTH_HTTP_HTTPS. If you enable HTTPS_ONLY, you need to make some matching changes to the WD Fusion UI server so that it is able to communicate with the core Fusion server.

HTTP_ONLY

application.properties

12.4.1. Enable HTTPS for Fusion UI

Note that if you enable the Fusion Server to communicate over HTTPS-only, then you must also make the following changes so that the Fusion UI matches up:

target.ssl true
target.port 443 (This is the port that Fusion Server uses for accepting REST requests, over HTTPS).
Advanced Options
Only apply these options if you fully understand what they do.
The following Advanced Options provide a number of low level configuration settings that may be required for installation into certain environments. The incorrect application of some of these settings could cause serious problems, so for this reason we strongly recommend that you discuss their use with WANdisco’s support team before enabling them.
URI Selection

The default behaviour for WD Fusion is to fix all replication to the Hadoop Distributed File System / hdfs:/// URI. Setting the hdfs-scheme provides the widest support for Hadoop client applications, so some applications can’t support the available "fusion:///" URI or they can only run on HDFS. instead of the more lenient HCFS. Each option is explained below:

Use HDFS URI with HDFS file system

The element appears in a radio button selector:

URI Option A

This option is available for deployments where the Hadoop applications support neither the WD Fusion URI nor the HCFS standards. WD Fusion operates entirely within HDFS.

This configuration will not allow paths with the fusion:/// uri to be used; only paths starting with hdfs:/// or no scheme that correspond to a mapped path will be replicated. The underlying file system will be an instance of the HDFS DistributedFileSystem, which will support applications that aren’t written to the HCFS specification.

Use WD Fusion URI with HCFS file system
URI Option B

This is the default option that applies if you don’t enable Advanced Options, and was the only option in WD Fusion prior to version 2.6. When selected, you need to use fusion:// for all data that must be replicated over an instance of the Hadoop Compatible File System. If your deployment includes Hadoop applications that are either unable to support the Fusion URI or are not written to the HCFS specification, this option will not work.

Use Fusion URI with HDFS file system
URI option C

This differs from the default in that while the WD Fusion URI is used to identify data to be replicated, the replication is performed using HDFS itself. This option should be used if you are deploying applications that can support the WD Fusion URI but not the Hadoop Compatible File System.

Benefits of HDFS.
The following advanced options provide a number of low level configuration settings that may be required for installation into certain environments. The incorrect application of some of these settings could cause serious problems, so for this reason we strongly recommend that you discuss their use with WANdisco’s support team before enabling them.

Use Fusion URI and HDFS URI with HDFS file system

This "mixed mode" supports all the replication schemes (fusion://, hdfs:// and no scheme) and uses HDFS for the underlying file system, to support applications that aren’t written to the HCFS specification.

URI Option D

12.4.2. Setting up Node Location

WD Fusion is designed to fit into deployments that have far-flung data centers. The Node Location setting is used to identify where in the world the data center is situated, using standard global positioning system coordinates. These coordinates will be used by any connected WD Fusion nodes to correctly place the node’s location on the world map.

location
Figure 106. WD Fusion setting server location.

12.4.3. Set up email notifications

This section describes how to set up notification emails that will be triggered if one of the tracked system resources reaches a defined threshold.

Email notification is disabled by default.
You must complete the following steps before any messages will be sent.
EmailSettings
Figure 107. Email Settings

Email Notification Settings are located in the Zone section of the settings.

Complete the following steps to enable email notification:

  1. Enter your SMTP properties in the Server configuration tab.

  2. Enter recipient addresses in the Recipients tab.

  3. Tick the Enable check-box for each trigger-event for which you want an email notification sent out.

  4. [Optionally] You can customize the messaging that will be included in the notification email message by adding your own text in the Templates tab.

12.5. Notification emails

The following triggers support email notification. See the Templates section for more information.

Consistency Check Failing

Email sent if a consistency check fails.

CPU Load Threshold Hit

Dashboard graph for CPU Load has reached. See Dashboard Graphs Settings.

HDFS Usage Threshold Hit

Dashboard graph for Database partition disk usage has been reached. See Dashboard Graphs Settings.

Java Heap Usage Threshold Hit

The system’s available Java Heap Threshold has been reached. See Dashboard Graphs Settings.

License Expiring

The deployment’s WANdisco license is going to expire.

Node Down

One of the Nodes in your deploy is down.

Quorum Lost

One of the active replication groups is unable to continue replication due to the loss of one or more nodes.

12.5.1. Server config

The server config tab contains the settings for the SMTP email server that you will use for relaying your notification emails. You need to complete and check the provided details are correct first, before your notification emails can be enabled.

SMTPSettings
Figure 108. SMTP settings

Email Notification Settings are located in the Zone section of the settings

SMTP Host

The hostname or IP address for your email relay server.

SMTP Port

The port used by your email relay service. SMTP default port is 25.

Connection Encryption

Drop-down for choosing the type of encryption that the mail server uses, None, SSL or TLS are supported. If SSL or TLS are selected you should make sure that you adjust the SMTP port value, if required.

Authentication

Checkbox for indicating that a username and password are required for connecting to the mail server. If you tick the checkbox additional entry fields will appear.

SMTP Username

A username for connecting to the email server.

SMTP Password

A password for connecting to the email server.

From

Optional field for adding the sender email address that will be seen by to the recipient.

To

Optional field for entering an email address that can be used for testing that the email setup will work.

Update Settings

Button, click to store your email notification entries.

Reset Changes

Reloads the saved settings, undoing any changes that you have made in the template that have not been saved.

Send Test Email

Reloads the saved settings, undoing any changes that you have made in the template that have not been saved.

12.5.2. Recipients

The recipients tab is used to store one or more email addresses that can be used when sending out notification emails. You can enter any number of addresses, although you will still need to associate an entered address with a specific notification before it will be used. See Adding recipients

Email Notification Settings
Figure 109. Adding recipients

12.5.3. Adding recipients

  1. Enter a valid email address for a recipient who should receive a notification email from WD Fusion.

  2. Click the Add button.

    You can repeat the procedure as many times as you like, you can send each different notification to a different recipient (by associating that recipient’s address with the particular trigger), or you can send a single notification email to multiple recipients (by associating multiple addresses with the notification email.

12.5.4. Enable Notification Emails

Once you have working server settings valid recipient email addresses you can start to enable notification emails from the Alerts tab.

  1. Go to the Alerts tab and select a notification trigger for which you would like to send emails. For example Consistency Check Failing. Tick the Enabled checkbox.

    If a trigger is not enabled, no email notification will ever be sent. Likewise, an enabled trigger will not send out notification emails unless recipients are added.
    Email Notification
    Figure 110. Email Notification Enabled
  2. From the Add More Recipients window, click on one or more of the recipients that you entered into the Recipients tab. Once you have finished selecting recipients, click Add.

    Email Notification
    Figure 111. Email Notification Selected
  3. The email notification is now set up. You can choose to change/add additional recipients, review or customize the messaging by clicking on the Edit Template link.

    Email Notification
    Figure 112. Email Notification - Add

12.5.5. Templates

The Templates tab gives you access to the email default text, allowing you to review and customize with additional messaging.

EmailSettings
Figure 113. Email Settings

Email templates

Consistency Check Failing

This is the trigger system event for which the notification email will be sent.

Subject

The email’s subject line. A default value is set for each of the triggers, however, you can reword these by changing the text in the template.

Custom Message

This entry box lets you add your own messaging to the notification. This could be anything that might be useful to an on-duty administrator such as links to related documentation or contact details for the next level of support, etc.

Message Body

The message body contains the fixed payload of the notification email; you can’t edit this element and it may contain specific error messaging taken from logs.

12.5.6. Example Notification Email

This is what an email notification looks like:

From: cluster-admin@organization.com>
Date: Mon, Jan 4, 2016 at 3:49 PM
Subject: WANdisco Fusion UI - Consistency Check Failing
To: admin@organization.com

Here is a custom message.
 - Custom messaging entered in the Template

Consistency Check Failing triggered a watch event, any relevant error message will appear below.
 - Default Message

The following directory failed consistency check:

  /repl1
- Specific error message

==================== NODE DETAILS =====================
Host Name     : xwstest-01.your.organization.com
IP address    : 10.0.0.146
IP port       : 6444
-------------------------------------------------------
Node Id       : wdfs1
Node Name     : wdfs1
Node status   : LOCAL
Node's zone   : zone1
Node location : location1
-------------------------------------------------------
Memory usage  : 0.0%
Disk usage    : 0.0%
Last update   : 2016.Jan.04 at 15:49:28 GMT
Time Now      : 2016.Jan.04 at 15:49:48 GMT
=======================================================
 - Standard footer

12.6. Setting up Kerberos

If the Hadoop deployment is secured using Kerberos you need to enable Kerberos in the WD Fusion UI. Use the following procedure:

Look to the security procedures of your particular form of Hadoop:

Running with unified or per-service principle:

Unified
Some Hadoop platforms are Kerberized under a single hdfs user, this is common in Cloudera deployments. For simplicity, this is what we recommend.

  • Generate a keytab for each of your WD Fusion nodes using the hdfs service, for clarification the steps below present a manual setup:

    ktadd -k fusion.keytab -norandkey hdfs/${hostname}@${krb_realm}

    Per-service

  • If your deployment uses separate principals for each HDFS service then you will need to set up a principal for WD Fusion.

  • On the KDC, using kadmin.local, create new principals for WD Fusion user and generate keytab file, e.g.:

    > addprinc -randkey hdfs/${hostname}@${krb_realm}
    > ktadd -k fusion.keytab -norandkey hdfs/${hostname}@${krb_realm}

Copy the generated keytab to a suitable filesystem location, e.g. /etc/wandisco/security/ on the WD Fusion server that will be accessible to your controlling system user, "hdfs" by default.

*Note:* We don’t recommend storing the keytab in Hadoop’s own Kerberos /etc/hadoop/conf, given that this is overwritten by the cluster manager.

12.6.1. Setting up handshake tokens

By default, handshake tokens are created in the user’s working directories, e.g. /user/jdoe. It is recommended that you create them elsewhere, using the following procedure:

  1. Open the core-site.xml file and add the following property:

    <property>
          <name>fusion.handshakeToken.dir</name>
          <value>/some/token/dir</value>
      </property>

    fusion.handshakeToken.dir

    This is the location where you want handshake tokens to be created for the cluster. E.G., If for DC1 you configure the "handshakeToken.dir" to be "/repl1/tokens/", then handshake tokens will be written in "/repl1/tokens/.fusion/.token_$USERNAME_$UUID" where $USERNAME is the username of the user connecting and $UUID will be a random UUID.

    Important requirement: All WD Fusion system users must have read and write permissions for the location.

Important: Known issue running Teragen and Terasort
There are known problems running Teragen and Terasort with FusionHdfs or FusionHcfs configurations. Some required directories are currently missing and will cause Terasort to hang. You can work around the problem by creating the following directories, then making sure that Yarn and MapR users are added and that they have access to the directories. E.g.,

sudo -u hdfs hadoop fs -mkdir /user/yarn
sudo -u hdfs hadoop fs -chown yarn /user/yarn
sudo -u hdfs hadoop fs -mkdir /user/mapred
sudo -u hdfs hadoop fs -chown mapred /user/mapred

12.6.2. Set up Kerberos single KDC with Ambari

The following procedures illustrate how to installing Kerberos, running with a single Key Distribution Center, under Ambari.

When to use kadmin.local and kadmin?
When performing the Kerberos commands in this procedure you can use kadmin.local or kadmin depending on your access and account:

  • IF you can log onto the KDC host directly, and have root access or a Kerberos admin account: use the kadmin.local command.

  • When accessing the KDC from a remove host, use the kadmin from any host, run one of the following:

    $ sudo kadmin.local

    or

    $ kadmin

12.6.3. Setup Procedure

Before you start, download and install the Java Cryptographic Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7.

unzip UnlimitedJCEPolicyJDK7.zip -d  /usr/jdk64/jdk1.7.0_67/jre/lib/security/

Install the Kerberos server:

yum install -y krb5-server krb5-libs krb5-auth-dialog krb5-workstation

Edit /etc/krb5.conf and replace "EXAMPLE.COM" with your realm. E.g.

sed -i "s/EXAMPLE.COM/g" /etc/krb5.conf /var/kerberos/krb5kdc/kdc.conf /var/kerberos/krb5kdc/kadm5.acl
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = DOMAIN.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 DOMAIN.COM = {
  kdc = host15-vm0.cfe.domain.com
  admin_server = host15-vm0.cfe.domain.com
 }

[domain_realm]
 .wandisco.com = DOMAIN.COM
 wandisco.com = DOMAIN.COM

Edit /var/kerberos/krb5kdc/kdc.conf:

[kdcdefaults]
 kdc_ports = 88
 kdc_tcp_ports = 88

[realms]
 DOMAIN.COM = {
  #master_key_type = aes256-cts
  acl_file = /var/kerberos/krb5kdc/kadm5.acl
  dict_file = /usr/share/dict/words
  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
  max_life = 24h 0m 0s
  max_renewable_life = 7d
 supported_enctypes = aes256-cts:normal aes128-cts:normal
des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal
des-cbc-md5:normal des-cbc-crc:normal
 }

Edit the /var/kerberos/krb5kdc/kadm5.acl and replace EXAMPLE.COM with your principle.

To create a database, run

/usr/sbin/kdb5_util create -s

Start Kerberos service:

/sbin/service krb5kdc start
/sbin/service kadmin start

Prepare your kerberos clients. Run

yum install -y  krb5-libs krb5-workstation

Repeat this on all other machines in the cluster to make them kerberos workstations connecting to the KDC. E.g.

for i in {1..4}; do ssh root@vmhost17-nfs$i.cfe.domain.com 'yum install -y  krb5-libs krb5-workstation';done

Copy the /etc/krb5.conf file from the kerberos server node to all kerberos client nodes

for i in {1..5}; do scp /etc/krb5.conf root@vmhost17-vm$i.cfe.domain.com:/etc/;done

Create a user on all nodes: useradd -u 1050 testuser

for i in {0..4}; do ssh root@vmhost17-nfs$i.cfe.domain.com 'useradd -u 1050 testuser';done

Create principal and password for user (testuser):

[root@vmhost17-vm0 ~]# kadmin.local
Authenticating as principal root/admin@DOMAIN.COM with password.
kadmin.local:  addprinc testuser/admin
WARNING: no policy specified for testuser/admin@DOMAIN.COM; defaulting to no policy
Enter password for principal "testuser/admin@DOMAIN.COM":
Re-enter password for principal "testuser/admin@DOMAIN.COM":
Principal "testuser/admin@DOMAIN.COM" created.
kadmin.local:  exit
[root@vmhost01-vm1 ~]# su - testuser
[testuser@vmhost01-vm1 ~]$ kinit
Password for testuser/admin@DOMAIN.COM:
[testuser@vmhost01-vm1 ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_519
Default principal: testuser/admin@DOMAIN.COM
Valid starting     Expires            Service principal
04/29/15 18:17:15  04/30/15 18:17:15  krbtgt/DOMAIN.COM@DOMAIN.COM renew until 04/29/15 18:17:15

12.6.4. WD Fusion installation step

During the WD Fusion Installation’s Kerberos step, set the configuration for an existing Kerberos setup.

12.6.5. Set up Kerberos single KDC on CDH cluster

The following procedures illustrate how to installing Kerberos, running with a single Key Distribution Center, under CDH.

12.6.6. Set up a KDC and Default Domain

When to use kadmin.local and kadmin?
When performing the Kerberos commands in this procedure you can use kadmin.local or kadmin depending on your access and account:

  • IF you can log onto the KDC host directly, and have root access or a Kerberos admin account: use the kadmin.local command.

  • When accessing the KDC from a remove host, use the kadmin from any host, run one of the following:

    $ sudo kadmin.local

    or

    $ kadmin

12.6.7. Setup Procedure

  1. Before you start, download and install the Java Cryptographic Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7.

    unzip UnlimitedJCEPolicyJDK7.zip -d  /usr/jdk64/jdk1.7.0_67/jre/lib/security/
  2. Install the Kerberos server:

    yum install -y krb5-server krb5-libs krb5-auth-dialog krb5-workstation
  3. Edit /etc/krb5.conf and replace "EXAMPLE.COM" with your realm. E.g.

    sed -i "s/EXAMPLE.COM/g" /etc/krb5.conf /var/kerberos/krb5kdc/kdc.conf /var/kerberos/krb5kdc/kadm5.acl
    [logging]
     default = FILE:/var/log/krb5libs.log
     kdc = FILE:/var/log/krb5kdc.log
     admin_server = FILE:/var/log/kadmind.log
    
    [libdefaults]
     default_realm = DOMAIN.COM
     dns_lookup_realm = false
     dns_lookup_kdc = false
     ticket_lifetime = 24h
     renew_lifetime = 7d
     forwardable = true
    
    [realms]
     DOMAIN.COM = {
      kdc = host15-vm0.cfe.domain.com
      admin_server = host15-vm0.cfe.domain.com
     }
    
    [domain_realm]
     .wandisco.com = DOMAIN.COM
     wandisco.com = DOMAIN.COM
  4. Edit /var/kerberos/krb5kdc/kdc.conf:

    [kdcdefaults]
     kdc_ports = 88
     kdc_tcp_ports = 88
    
    [realms]
     DOMAIN.COM = {
      #master_key_type = aes256-cts
      acl_file = /var/kerberos/krb5kdc/kadm5.acl
      dict_file = /usr/share/dict/words
      admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
      max_life = 24h 0m 0s
      max_renewable_life = 7d
     supported_enctypes = aes256-cts:normal aes128-cts:normal
    des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal
    des-cbc-md5:normal des-cbc-crc:normal
     }
  5. Edit the /var/kerberos/krb5kdc/kadm5.acl and replace EXAMPLE.COM with your principle.

  6. To create a database, run

    /usr/sbin/kdb5_util create -s
  7. Start Kerberos service:

    /sbin/service krb5kdc start
    /sbin/service kadmin start
  8. Prepare your kerberos clients. Run

    yum install -y  krb5-libs krb5-workstation

    Repeat this on all other machines in the cluster to make them kerberos workstations connecting to the KDC. E.g.

    for i in {1..4}; do ssh root@vmhost17-nfs$i.cfe.domain.com 'yum install -y  krb5-libs krb5-workstation';done
  9. Copy the /etc/krb5.conf file from the kerberos server node to all kerberos client nodes

    for i in {1..5}; do scp /etc/krb5.conf root@vmhost17-vm$i.cfe.domain.com:/etc/;done
  10. Create a user on all nodes: useradd -u 1050 testuser

    for i in {0..4}; do ssh root@vmhost17-nfs$i.cfe.domain.com 'useradd -u 1050 testuser';done
  11. Create principal and password for user (testuser):

    [root@vmhost17-vm0 ~]# kadmin.local
    Authenticating as principal root/admin@DOMAIN.COM with password.
    kadmin.local:  addprinc testuser/admin
    WARNING: no policy specified for testuser/admin@DOMAIN.COM; defaulting to no policy
    Enter password for principal "testuser/admin@DOMAIN.COM":
    Re-enter password for principal "testuser/admin@DOMAIN.COM":
    Principal "testuser/admin@DOMAIN.COM" created.
    kadmin.local:  exit
    [root@vmhost01-vm1 ~]# su - testuser
    [testuser@vmhost01-vm1 ~]$ kinit
    Password for testuser/admin@DOMAIN.COM:
    [testuser@vmhost01-vm1 ~]$ klist
    Ticket cache: FILE:/tmp/krb5cc_519
    Default principal: testuser/admin@DOMAIN.COM
    Valid starting     Expires            Service principal
    04/29/15 18:17:15  04/30/15 18:17:15  krbtgt/DOMAIN.COM@DOMAIN.COM renew until 04/29/15 18:17:15
  12. Then add:

Kadmin.local: addprinc hdfs@DOMAIN.COM

Create hdfs.keytab and move hdfs.keytab file in the /etc/cloudera-scm-server/ directory on the host where you are running the Cloudera Manager Server. Make sure that the hdfs.keytab file has readable permissions for all users:

kadmin: xst -k hdfs.keytab hdfs@DOMAIN.COM
mv hdfs.keytab /etc/cloudera-scm-server/
chmod +r /etc/cloudera-scm-server/ hdfs.keytab

12.6.8. Create a Kerberos Principal and Keytab File for the Cloudera Manager Server

The following sequence is an example procedure for creating the Cloudera Manager Server principal and keytab file for MIT Kerberos.

  1. In the kadmin.local or kadmin shell, type in the following command to create the Cloudera Manager Service principal:

    kadmin: addprinc -randkey cloudera-scm/admin@WANDISCO.COM
  2. Create the Cloudera Manager Server cmf.keytab file:

    kadmin: xst -k cmf.keytab cloudera-scm/admin@DOMAIN.COM
    Important:
    The Cloudera Manager Server keytab file must be named cmf.keytab because that name is hard-coded in Cloudera Manager.

12.6.9. Deploying the Cloudera Manager Server Keytab

After obtaining or creating the Cloudera Manager Server principal and keytab, follow these instructions to deploy them:

Move the cmf.keytab file to the /etc/cloudera-scm-server/. This is the directory on the host where you are running the Cloudera Manager Server.

$ mv cmf.keytab /etc/cloudera-scm-server/

Ensure that the cmf.keytab file is only readable by the Cloudera Manager Server user account cloudera-scm.

sudo chown cloudera-scm:cloudera-scm /etc/cloudera-scm-server/cmf.keytab

sudo chmod 600 /etc/cloudera-scm-server/cmf.keytab

Add the Cloudera Manager Server principal (cloudera-scm/admin@DOMAIN.COM) to a text file named cmf.principal and store the cmf.principal file in the /etc/cloudera-scm-server/ directory on the host where you are running the Cloudera Manager Server.

Make sure that the cmf.principal file is only readable by the Cloudera Manager Server user account cloudera-scm.

sudo chown cloudera-scm:cloudera-scm /etc/cloudera-scm-server/cmf.principal

sudo chmod 600 /etc/cloudera-scm-server/cmf.principal

Note: For Single KDC copy cmf.keytab and cmf.principal to another CM node:

scp /etc/cloudera-scm-server/cmf* vmhost17-vm0.bdfrem.wandisco.com:/etc/cloudera-scm-server/

12.7. Configure the Kerberos Default Realm in the Cloudera Manager Admin Console

  1. In the Cloudera Manager Admin Console, select Administration > Settings.

  2. Click the Security category, and enter the Kerberos realm for the cluster in the Kerberos Security Realm field that you configured in the krb5.conf file.

  3. Click Save Changes.

12.8. Adding Gateway roles to all YARN hosts.

  1. From the Services tab, select your YARN service.

  2. Click the Instances tab.

  3. Click Add Roles and choose Gateway role.

  4. Select all hosts and click Install.

12.9. Enable Hadoop Security

You can do this by hand, see CM Enable Security.

12.10. Cloudera Manager Kerberos Wizard

After configuring kerberos, you now have a working Kerberos server and can secure the Hadoop cluster. The wizard will do most of the heavy lifting; you just have to fill in a few values.

  1. To start, log into Cloudera Manager by going to http://your_hostname:7180 in your browser. The user ID and Password are the same as those used for accessing your Management Endpoint (Ambari or Cloudera Manager, etc.) or if you’re running without an manager, such as with a Cloud deployment, then they will be set in a properties file.

  2. There are lots of productivity tools here for managing the cluster but ignore them for now and head straight for the Administration > Kerberos wizard.

  3. Click on the "Enable Kerberos" button.

  4. Check each KRB5 Configuration item and select Continue.

    kerberos CM configuration screen
    Figure 114. Kerberos config
  5. The Kerberos Wizard needs to know the details of what the script configured. Fill in the entries as follows:

    • KDC Server Host KDC_hostname

    • Kerberos Security Realm: DOMAIN.COM

    • Kerberos Encryption Types: aes256-cts-hmac-sha1-96

      Click Continue.

  6. You want Cloudera Manager to manage the krb5.conf files in your cluster so, please check "Yes" and then select "Continue."

  7. Enter the credentials for the account that has permissions to create other listeners.

    User: testuser@WANDISCO.COM
    Password: password for testuser@WANDISCO.COM
  8. The next screen provides good news. It lets you know that the wizard was able to successfully authenticate.

  9. On this step setup wizard will create Kerberos principals for each service in the cluster.

  10. You’re ready to let the Kerberos Wizard do its work. You should select I’m ready to restart the cluster now and then click Continue.

  11. Successfully enabled Kerberos. You now running a Hadoop cluster secured with Kerberos.

12.11. WD Fusion installation step

You should enter paths to /etc/krb5.conf file and to hdfs.keytab file and then select principal hdfs.

12.11.1. Kerberos and HDP’s Transparent Data Encryption

There are some extra steps required to overcome a class loading error that occurs when WD Fusion is used with at-rest encrypted folders. Specifically, cluster config changes described as follows:

<property>
<name>hadoop.kms.proxyuser.fusion.users</name>
<value>*</value>
</property>

<property>
<name>hadoop.kms.proxyuser.fusion.groups</name>
<value>*</value>
</property>

<property>
<name>hadoop.kms.proxyuser.fusion.hosts</name>
<value>*</value>
</property>

12.12. Setting up SSL encryption for DConE traffic

WD Fusion supports the use of Secure Socket Layer encryption (SSL) for securing its replication traffic. To enable this encryption you need to generate a keypair that must be put into place on each of your WD Fusion nodes. You then need to add some variables to the application.properties file.

  1. Open a terminal and navigate to <INSTALL_DIR>/etc/wandisco/config.

  2. Within /config make a new directory called ssl.

    mkdir ssl
  3. Navigate into the new directory.

    cd ssl
  4. Copy your private key into the directory. If you don’t already have keys set up you can use JAVA’s keygen utility, using the command:

    keytool -genkey -keyalg RSA -keystore wandisco.ks -alias server -validity 3650 -storepass <YOUR PASSWORD>

    Read more about the Java keystore generation tool in the KB article - Using Java Keytool to manage keystores

    Ensure that the system account that runs the WD Fusion server process has sufficient privileges to read the keystore files.

    Java keytool options

    Variable Name Description

    -genkey

    Switch for generating a key pair (a public key and associated private key). Wraps the public key into an X.509 v1 self-signed certificate, which is stored as a single-element certificate chain. This certificate chain and the private key are stored in a new keystore entry identified by alias.

    -keyalg RSA

    The key algorithm, in this case RSA is specified.

    wandisco.ks

    This is file name for your private key file that will be stored in the current directory.

    - alias server

    Assigns an alias "server" to the key pair. Aliases are case-insensitive.

    -validity 3650

    Validates the keypair for 3650 days (10 years). The default would be 3 months.

    - storepass <YOUR PASSWORD>

    This provides the keystore with a password.

    If no password is specified on the command, you’ll be prompted for it. Your entry will not be masked so you (and anyone else looking at your screen) will be able to see what you type.

    Most commands that interrogate or change the keystore will need to use the store password. Some commands may need to use the private key password. Passwords can be specified on the command line (using the -storepass and -keypass options).
    However, a password should not be specified on a command line or in a script unless it is for testing purposes, or you are on a secure system.

    The utility will prompt you for the following information

    What is your first and last name?  [Unknown]:
    What is the name of your organizational unit?  [Unknown]:
    What is the name of your organization?  [Unknown]:
    What is the name of your City or Locality?  [Unknown]:
    What is the name of your State or Province?  [Unknown]:
    What is the two-letter country code for this unit?  [Unknown]:
    Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?  [no]:  yes
    
    Enter key password for <mykey>
    (RETURN if same as keystore password):
  5. With the keystore now in place, you’ll now need to add variables to the application.properties

12.13. SSL DConE Encryption Variables for application.properties

Variable Name Example Description

ssl.enabled

true

Requires a "true" or "false" value. Clearly when the value is set to false, none of the other variables will be used.

ssl.debug

true

Requires a "true" or "false" value. When set to true debugging mode is enabled.

ssl.keystore

./properties/wandisco.ks

The path to the SSL private Keystore file that is stored in the node. By default this is called "wandisco.ks".

ssl.key.alias

wandisco

The assigned alias for the key pair. Aliases are case-insensitive.

ssl.keystore.password

<a password>

The SSL Key password. This is described in more detail in Setting a password for SSL encryption.

ssl.truststore

./properties/wandisco.ks

The path to the SSL private truststore file that is stored in the node. By default this is called "wandisco.ks" because, by default the keystore and truststore are one and the same file, although it doesn’t have to be.

ssl.truststore.password

"bP0L7SY7f/4GWSdLLZ3e+

The truststore password. The password should be encrypted.

Changes in any of these values require a restart of the DConE service. Any invalid value will restart the replicator and no DConE traffic will flow.

12.13.1. Setting the server key

In the keystore, the server certificate is associate with a key. By default, we look for a key named server to validate the certificate. If you use a key for the server with a different name, enter this in the SSL settings.

12.13.2. SSL Troubleshooting

A complete debug of the SSL logging will be required to diagnose the problems. To capture the debugging, ensure that the variable debugSsl is set to "true".

To enable the logging of SSL implemented layer, turn the logging to FINEST for 'com.wandisco.platform.net' package.

12.14. Enable SSL for Hadoop Services

This section shows you how to enable SSL encryption for Hadoop’s native services such as HDFS, Yarn or MapReduce.

  1. On ALL nodes create key directories:

    /etc/security/serverKeys and /etc/security/clientKeys
  2. On all nodes, create keystore files:

    cd /etc/security/serverKeys
    keytool -genkeypair -alias $HOSTNAME -keyalg RSA -keysize 2048 -dname CN=$HOSTNAME,OU=Dev,O=BigData,L=SanRamon,ST=ca,C=us -keypass $PASSWORD -keystore $HOSTNAME.ks -storepass $PASSWORD

    There’s further explanation of what these options do, see the key Java keytool options

  3. On all nodes export the certificate public key to a certificate file:

    cd /etc/security/serverKeys
    keytool -exportcert -alias $HOSTNAME -keystore $HOSTNAME.ks -rfc -file $HOSTNAME.crt -storepass $PASSWORD
  4. On all nodes, import the certificate into truststore file:

    cd /etc/security/serverKeys
    keytool -importcert -noprompt -alias $HOSTNAME -file $HOSTNAME.crt -keystore $HOSTNAME.trust -storepass $PASSWORD
  5. Create a single truststore file containing the public key from all certificates (this will be for clients) start on node1:

    cd /etc/security/serverKeys

    Copy trust store file from current node to next one and redo all steps above.

  6. From last node copy trust store, which has all certificates to all servers under /etc/security/clientKeys/all.jks

  7. On all nodes, copy keystore to “service”.ks (e.g. hdfs.ks)

12.15. Keystores are used in two ways:

  • The keystore contains private keys and certificates used by SSL servers to authenticate themselves to SSL clients. By convention, such files are referred to as keystores.

  • When used as a truststore, the file contains certificates of trusted SSL servers, or of Certificate Authorities trusted to identify servers. There are no private keys in the truststore.

Most commonly, cert-based authentication is only done in one direction server→client. When a client also authenticates with a certificate this is called mutual authentication.

While all SSL clients must have access to a truststore, it is not always necessary to create and deploy truststores across a cluster. The standard JDK distribution includes a default truststore which is pre-provisioned with the root certificates of a number of well-known Certificate Authorities. If you do not provide a custom truststore, the Hadoop daemons load this default truststore. Therefore, if you are using certificates issued by a CA in the default truststore, you do not need to provide custom truststores. However, you must consider the following before you decide to use the default truststore:

If you choose to use the default truststore, it is your responsibility to maintain it. You may need to remove the certificates of CAs you do not deem trustworthy, or add or update the certificates of CAs you trust. Use the keytool utility to perform these actions.

12.15.1. Security Considerations

Keystores contain private keys. truststores do not. Therefore, security requirements for keystores are more stringent:

  • Hadoop SSL requires that truststores and the truststore password be stored, in plaintext, in a configuration file that- is readable by all.

  • Keystore and key passwords are stored, in plaintext, in a file that is readable only by members of the appropriate group.

These considerations should guide your decisions about which keys and certificates you will store in the keystores and truststores that you will deploy across your cluster.

Keystores should contain a minimal set of keys and certificates. Ideally you should create a unique keystore for each host, which would contain only the keys and certificates needed by the Hadoop SSL services running on the host. Usually the keystore would contain a single key/certificate entry. However, because truststores do not contain sensitive information you can safely create a single truststore for an entire cluster. On a production cluster, such a truststore would often contain a single CA certificate (or certificate chain), since you would typically choose to have all certificates issued by a single CA.

Important: Do not use the same password for truststores and keystores/keys. Since truststore passwords are stored in the clear in files readable by all, doing so would compromise the security of the private keys in the keystore.

12.15.2. SSL roles for Hadoop Services

Service SSL Role

HDFS

server and client

MapReduce

server and client

YARN

server and client

HBase

server

Oozie

server

Hue

client

SSL servers load the keystores when starting up. Clients then take a copy of the truststore and uses it to validate the server’s certificate.

12.16. Configure SSL for HDFS, YARN and MapReduce

12.17. Before you begin

Ensure keystores/certificates are accessible on all hosts running HDFS, MapReduce or YARN. As these services also run as clients they also need access to the truststore. (As mentioned, it’s okay to put the truststores on all nodes as you can’t always determine which hosts will be running the relevant services.)

keystores must be owned by the hadoop group and have permissions 0440 (readable by owner and group). truststores must have permission 0444 (readable by all).

You’ll need to specify the absolute paths to keystore and truststore files - these paths need to be valid for all hosts - this translates into a requirement for all keystore file names for a given service to be the same on all hosts.

Multiple daemons running on a host can share a certificate. For example, in case there is a DataNode and an Oozie server running on the same host, they can use the same certificate.

12.18. Configuring SSL for HDFS

  1. In Ambari, navigate to the HDFS service edit the configuration.

  2. Type SSL into the search field to show the SSL properties.

  3. Make edits to the following properties:

    Property Description

    SSL Server Keystore File Location

    Path to the keystore file containing the server certificate and private key.

    SSL Server Keystore File Password

    Password for the server keystore file.

    SSL Server Keystore Key Password

    Password that protects the private key contained in the server keystore.

  4. If you don’t plan to use the default truststore, configure SSL client truststore properties:

    Property Description

    Cluster-Wide Default SSL Client Truststore Location

    Path to the client truststore file. This truststore contains certificates of trusted servers, or of Certificate Authorities trusted to identify servers.

    Cluster-Wide Default SSL Client Truststore Password

    Password for the client truststore file.

  5. We recommend that you also enable web UI authentication for the HDFS service, providing that you have already secured the HDFS service. Enter web consoles in the search field to bring up Enable Authentication for HTTP Web-Consoles property. Tick the check box to enable web UI authentication.

    Property Description

    Enable Authentication for HTTP Web-Consoles

    Enables authentication for hadoop HTTP web-consoles for all roles of this service.

  6. Now the necessary edits are complete, click Save Changes.

  7. Follow the next section for setting up SSL for YARN/MapReduce.

12.19. Configuring SSL for YARN / MapReduce

Follow these steps to configure SSL for YARN or MapReduce services.

Navigate to the YARN or MapReduce service and click Configuration.

In the search field, type SSL to show the SSL properties.

Edit the following properties according to your cluster configuration:

Property Description

SSL Server Keystore File Location

Path to the keystore file containing the server certificate and private key.

Enable Authentication for HTTP Web-Consoles

Password for the server keystore file.

SSL Server Keystore Key Password

Password for the client truststore file.

We recommend that you also enable web UI authentication for the HDFS service, providing that you have already secured the HDFS service. Enter web consoles in the search field to bring up Enable Authentication for HTTP Web-Consoles property. Tick the check box to enable web UI authentication.

Property Description

Enable Authentication for HTTP Web-Consoles

Enables authentication for hadoop HTTP web-consoles for all roles of this service.

Click Save Changes.

Navigate to the HDFS service and in the search field, type Hadoop SSL Enabled. Click the value for the Hadoop SSL Enabled property and select the checkbox to enable SSL communication for HDFS, MapReduce, and YARN.

Property Description

Hadoop SSL Enabled

Enable SSL encryption for HDFS, MapReduce, and YARN web UIs, as well as encrypted shuffle for MapReduce and YARN.

Restart all affected services (HDFS, MapReduce and/or YARN), as well as their dependent services.


13. WD Fusion Plugin: Hive Metastore

13.1. Introduction

The Hive Metastore plugin enables WD Fusion to replicate Hive’s metastore, allowing WD Fusion to maintain a replicated instance of Hive’s metadata and, in future, support Hive deployments that are distributed between data centers.

Hive Plugin Architecture
Figure 115. Hive Metastore Plugin Architecture

13.1.1. Release Notes

Check out the Hive Metastore Plugin Release Notes for the latest information. See Hive Metastore Plugin Release Notes.

13.1.2. Pre-requisites

Along with the default requirements that you can find on the WD Fusion Deployment Checklist, you also need to ensure that the Hive service is already running on your server. Installation will fail if the WD Fusion Plugin can’t detect that Hive is already running.

Limitation: Hive must be running at all zones
All zones within a membership must be running Hive in order to support replication. We’re aware that this currently prevents the popular use case for replicating between on-premises clusters and s3/cloud storage, where Hive is not running. We intend to remove the limitation in a future release.

13.1.3. Known Issues

Known Issue:
ON HDP2.5, Metastore fails to start when using DBTokenStore

This problem has been fixed in HDP 2.5.3

The issue in question doesn’t actually stop the metastore from starting - however, the null-pointer/IOException that happens because of the missing token does take the current instance of the metastore down, but it does so when shutdown is called (and subsequently cancel_token). This prevents beeline connections from closing properly outside of the service level timeout. This causes the service to appear red as the standard heartbeat for the vanilla metastore is a beeline connection.

Using beeline connections will not close immediately in the usual manner (i.e. through the !quit command), they will only close once the !quit command has timed out. (users may also choose to ctrl-c out of the beeline shell if they choose)

To lessen the pain of this issue, customers may choose to modify the beeline timeout to be more snappy (hive.server2.idle.operation.timeout appears to be the most suitable timeout for this)

In order to get the service "healthy" again, the customer can also modify the heartbeat timeout to be greater than the beeline timeout (check.command.timeout is the property for this).

Known Issue:
bigsql-sync.jar must be included in the wd-hive-metastore classpath or the server will not start properly.
There are 2 options available for meeting this requirement:
  • If the jar is available on the wd-hive-metastore node, create a symlink via:

cd /opt/wandisco/wd-hive-metastore
ln -s /usr/ibmpacks/current/bigsql/bigsql/lib/java/bigsql-sync.jar bigsql-sync.jar
  • If the jar is not available then copy the jar from a node that has it to:

 /opt/wandisco/wd-hive-metastore
Known Issue: WD Fusion Hive Metastore plugin not installed locally to Hive Metastore
If WD Fusion Hive Metastore is not installed to the same server as the Hive metastore, then you need to complete the following workaround:
  1. Login to kadmin.local or kadmin on the host machine running wd-hive-metastore.

  2. In kadmin use

    addprinc -randkey hive/<WD-hive-metstore-hostname>@<REALM>
    addprinc -randkey HTTP/<WD-hive-metstore-hostname>@<REALM>
    xst -norandkey -k hive.keytab hive/<WD-hive-metstore-hostname>@<REALM> HTTP/<WD-hive-metstore-hostname>@<REALM>
  3. Exit kadmin

  4. Check the keytab has the correct entries by using

    klist -e -k -t hive.keytab

    Move the keytab into place:

    sudo mv hive.keytab /etc/wandisco/hive/
  5. Make sure the keytab is readable by the hive user by using:

    sudo chown hive:hive /etc/wandisco/hive/hive.keytab
    chmod +r /etc/wandisco/hive/hive.keytab
  6. Now restart Fusion server using:

    service fusion-server restart
  7. Now restart the Hive Metastore:

    restart the Wd-hive-metastore service using your Hadoop manager
  8. Now restart the HiveServer2 service via using your Hadoop manager (i.e. Ambari)

  9. Connect to beeline again.

Known Issue: HDP deployments and Hive Metastore port
Currently, you can’t run the standard Hive Metastore service on the same host as the wd-hive-metastore service, because HDP uses the hive.metastore.uris parameter to set the port for the standard Hive Metastore service.

See Hortonworks Documentation about
Hive Service Ports

HDP uses the hive.metastore.uris parameter to set the Hive Metastore port. Without the WD Hive Template installed, the HiveServer2 service would use an embedded metastore service and not the separate Hive Metastore service. When this is the case we can’t support running standard Hive Metastore and the wd-hive-metastore on the same host when using a HDP distribution. We recommend that you stop Hive Metastore when using WD Hive on HDP, and to be clear, even if the wd-hive-metastore service is deployed onto another host then the standard Hive Metastore service port will be changed by our configuration of hive.metastore.uris.

Known Issue: Cloudera/WD Hive Metastore deployments: manual copy of hive-site.xml required
If WD Hive Metastore is installed onto a Cloudera-based cluster and the WD Hive Metastore is being installed on a host other than the WD Fusion server then after the install is complete the admin must complete these steps:

Copy the config file from

/etc/wandisco/hive/hive-site.xml

to the same location on the target host.

Restart the WD-HIVE service using Cloudera Manager.

Known Issue: Failed to install metastore service during fusion installation in IOP4.1 and IOP4.2
Example failure, during IBM BigInsights installation. The error is caused by the stack not being available via ambari-server. The error has also been seen in Ambari-based installations.

example failure

Workaround
To fix this you need to ensure that only a single Ambari-server process is running before doing the service ambari-server restart. To find the ambari-server processes that are running you can use.

ps -aux | grep ambari-server

Then kill all the ambari-server processes by using

kill -9 [pid of process]

then restart the ambari-server by using

service ambari-server restart

Also rerun the check to ensure you only have a single process running:

ps -aux | grep ambari-server

You can then check in the Ambari UI if the WD Hive Metastore and WD Hiveserver2 Template services are available. If they are present then you will be ok to proceed with retrying to install the service via the installer.

13.2. Installation procedure

The following sections cover how to install WD Fusion with the Hive Plugin, the first covers the Ambari platform, followed by the procedure for installing to a Cloudera platform.

13.2.1. Ambari-based Installation

  1. Download the installer script fusion-ui-server-hdp-hive_deb_installer.sh, etc., from WANdisco’s FD website.

    In this early version of Hive Metastore, the Hive Metastore plugin is provided as a full blown installer that installs WD Fusion with Hive Metastore replication plugin already built-in.

  2. Navigate to the extracted files.

  3. Run through the installer:

    Saving to: `fusion-ui-server-hdp-hive_deb_installer.sh'
    
    100%[===============================================================================================================>] 1,635,783,053 8.76M/s   in 8m 18s
    
    2016-06-15 10:53:47 (3.13 MB/s) - `fusion-ui-server-hdp-hive_deb_installer.sh' saved [1635783053/1635783053]
    
    root@dc01-vm1:~# bash fusion-ui-server-hdp-hive_deb_installer.sh
  4. The installer will first perform a check for the system’s JAVA_HOME variable.

    Installing WD Fusion
    Verifying archive integrity... All good.
    Uncompressing WANdisco Fusion........................
    
        ::   ::  ::     #     #   ##    ####  ######   #   #####   #####   #####
       :::: :::: :::    #     #  #  #  ##  ## #     #  #  #     # #     # #     #
      ::::::::::: :::   #  #  # #    # #    # #     #  #  #       #       #     #
     ::::::::::::: :::  # # # # #    # #    # #     #  #   #####  #       #     #
      ::::::::::: :::   # # # # #    # #    # #     #  #        # #       #     #
       :::: :::: :::    ##   ##  #  ## #    # #     #  #  #     # #     # #     #
        ::   ::  ::     #     #   ## # #    # ######   #   #####   #####   #####
    
    Welcome to the WANdisco Fusion installation
    
    You are about to install WANdisco Fusion version 2.8-19
    
    Do you want to continue with the installation? (Y/n)

    Enter "Y" to continue.

  5. The installer checks that both Perl and Java are installed on the system.

    Checking prerequisites:
    
    Checking for perl: OK
    Checking for java: OK
    
    No packages found matching fusion-*.
    
    INFO: Using the following Memory settings for the WANdisco Fusion Admin UI process:
    
    INFO: -Xms128m -Xmx512m
    
    Do you want to use these settings for the installation? (Y/n)

    Enter "Y" or "N" if you wish to set different Java heap settings.

  6. The installer asks you to confirm which TCP port will be used for accessing the WD Fusion web UI, the default is "8083".

    Which port should the UI Server listen on?  [8083]:
    Please specify the appropriate platform from the list below:
    
    [0] hdp-2.1.0
    [1] hdp-2.2.0
    [2] hdp-2.3.0
    [3] hdp-2.4.0
    
    Which fusion platform do you wish to use? 1
    You chose hdp-2.2.0:2.6.0.2.2.0.0-2041

    Select from the available Hadoop packages.

  7. Next, you set the system user, group for running the application.

    We strongly advise against running Fusion as the root user.
    
    For default CDH setups, the user should be set to 'hdfs'. However, you should choose a user appropriate for running HDFS commands on your system.
    
    Which user should Fusion run as? [hdfs]
    Checking 'hdfs' ...
     ... 'hdfs' found.
    
    Please choose an appropriate group for your system. By default CDH uses the 'hdfs' group.
    
    Which group should Fusion run as? [hdfs]
    Checking 'hdfs' ...
     ... 'hdfs' found.

    You should press enter to go with the default "hdfs".

  8. You will now be shown a summary of the settings that you have provided so far:

    Installing with the following settings:
    
    User and Group:                     hdfs:hadoop
    Hostname:                           dc01-vm1.bdva.wandisco.com
    Fusion Admin UI Listening on:       0.0.0.0:8083
    Fusion Admin UI Minimum Memory:     128
    Fusion Admin UI Maximum memory:     512
    Platform:                           hdp-2.2.0 (2.6.0.2.2.0.0-2041)
    Fusion Server Hostname and Port:    dc01-vm1.bdva.wandisco.com:8082
    
    Do you want to continue with the installation? (Y/n)

    Enter "Y" unless you need to make changes to any of the settings.

  9. The installation will now complete:

    Adding the user hdfs to the hive group if the hive group is present.
    Installing hdp-2.2.0 packages:
      fusion-hcfs-hdp-2.2.0-server_2.8-SNAPSHOT-1854_all.deb ... Done
      fusion-hcfs-hdp-2.2.0-ihc-server_2.8-SNAPSHOT-1854_all.deb ... Done
    Installing plugin packages:
      wd-hive-plugin-hdp-2.2.0_1.0-SNAPSHOT-480_all.deb ... Done
    Installing fusion-ui-server package:
      fusion-ui-server_2.8-19_all.deb ...Selecting previously unselected package fusion-ui-server.
    (Reading database ... 56307 files and directories currently installed.)
    Unpacking fusion-ui-server (from .../fusion-ui-server_2.8-19_all.deb) ...
    Setting up fusion-ui-server (2.8-19) ...
     Done
  10. Once the installation has completed, you need to configure the WD Fusion server using the browser based UI.

    Starting fusion-ui-server:                                 [  OK  ]
    Checking if the GUI is listening on port 8083: .....Done
    
    Please visit http://node.hostname.com:8083/ to complete installation of WANdisco Fusion
    
    If 'your.hostname.server.com' is internal or not available from your browser, replace
    this with an externally available address to access it.
    
    Stopping fusion-ui-server:.                                [  OK  ]
    Starting fusion-ui-server:                                 [  OK  ]

    Open a browser and enter the provided URL, or IP address.

  11. Follow this section to complete the installation by configuring WD Fusion using a browser-based graphical user interface.

    Silent Installation
    For large deployments it may be worth using Silent Installation option.

    Open a web browser and point it at the provided URL. e.g

    http://<YOUR-SERVER-ADDRESS>.com:8083/
  12. In the first "Welcome" screen you’re asked to choose between Create a new Zone and Add to an existing Zone.
    Make your selection as follows:

    Install 1
    Figure 116. Welcome
    Adding a new WD Fusion cluster

    Select Add Zone.

    Adding additional WD Fusion servers to an existing WD Fusion cluster

    Select Add to an existing Zone.

    High Availability for WD Fusion / IHC Servers

    It’s possible to enable High Availability in your WD Fusion cluster by adding additional WD Fusion/IHC servers to a zone. These additional nodes ensure that in the event of a system outage, there will remain sufficient WD Fusion/IHC servers running to maintain replication.

    Add HA nodes to the cluster using the installer and choosing to Add to an existing Zone, using a new node name.

    Configuration for High Availability
    When setting up the configuration for a High Availability cluster, ensure that fs.defaultFS, located in the core-site.xml is not duplicated between zones. This property is used to determine if an operation is being executed locally or remotely, if two separate zones have the same default file system address, then problems will occur. WD Fusion should never see the same URI (Scheme + authority) for two different clusters.

  13. Run through the installer’s detailed Environment checks. For more details about exactly what is checked in this stage, see Environmental Checks in the Appendix.

    WD Fusion Deployment
    Figure 117. Environmental checks
  14. On clicking validate the installer will run through a series of checks of your system’s hardware and software setup and warn you if any of WD Fusion’s prerequisites are missing.

    WD Fusion Deployment
    Figure 118. Example check results

    Any element that fails the check should be addressed before you continue the installation. Warnings may be ignored for the purposes of completing the installation, especially if the installation is only for evaluation purposes and not for production. However, when installing for production, you should also address all warnings, or at least take note of them and exercise due care if you continue the installation without resolving and revalidating.

  15. Upload the license file.

    WD Fusion Deployment
    Figure 119. Upload your license file
  16. The conditions of your license agreement will be presented in the top panel, including License Type, Expiry data, Name Node Limit and Data Node Limit.

    WD Fusion Deployment
    Figure 120. Verify license and agree to subscription agreement.

    Click on the I agree to the EULA to continue, then click Next Step.

  17. Enter settings for the WD Fusion server.

    screen 4 - Server settings
WD Fusion Server
Maximum Java heap size (GB)

Enter the maximum Java Heap value for the WD Fusion server.

Umask (currently 022)

Set the default permissions applied to newly created files. The value 022 results in default directory permissions 755 and default file permissions 644. This ensures that the installation will be able to start up/restart.

Advanced options
Only apply these options if you fully understand what they do.
The following advanced options provide a number of low level configuration settings that may be required for installation into certain environments. The incorrect application of some of these settings could cause serious problems, so for this reason we strongly recommend that you discuss their use with WANdisco’s support team before enabling them.
Custom UI hostname

Lets you set a custom hostname for the Fusion UI, distinct from the communication.hostname which is already set as part of the install and used by WD Fusion nodes to connect to the Fusion server.

Custom UI Port

Lets you change WD Fusion UI’s default port, in case it is assigned elsewhere, e.g. Cloudera’s headamp debug server also uses it.

Strict Recovery

See explanation of the Strict Recovery Advanced Options.

Enable SSL for WD Fusion

Tick the checkbox to enable SSL. WD Fusion Deployment

KeyStore Path

System file path to the keystore file.
e.g. /opt/wandisco/ssl/keystore.ks

KeyStore Password

Encrypted password for the KeyStore.
e.g. ***********

Key Alias

The Alias of the private key.
e.g. WANdisco

Key Password

Private key encrypted password.
e.g. ***********

TrustStore Path

System file path to the TrustStore file.
/opt/wandisco/ssl/keystore.ks

TrustStore Password

Encrypted password for the TrustStore.
e.g. ***********

IHC Server
WD Fusion
Figure 121. IHC Settings
Maximum Java heap size (GB)

Enter the maximum Java Heap value for the WD Inter-Hadoop Communication server.

IHC network interface

The hostname for the IHC server.

Advanced Options (optional)
IHC server binding address

In the advanced settings you can decide which address the IHC server will bind to. The address is optional, by default the IHC server binds to all interfaces (0.0.0.0), using the port specified in the ihc.server field. In all cases the port should be identical to the port used in the ihc.server address. i.e.

  /etc/wandisco/fusion/ihc/server/cdh-5.4.0/2.6.0-cdh5.4.0.ihc

or

  /etc/wandisco/fusion/ihc/server/localfs-2.7.0/2.7.0.ihc

Once all settings have been entered, click Next step.

  1. Next, you will enter the settings for your new Zone.

    WD Fusion Deployment
    Figure 122. New Zone
Zone Information
Fully Qualified Domain Name

The full hostname for the server.

Node ID

A unique identifier that will be used by WD Fusion UI to identify the server.

Location Name (optional)

A location name that can quickly identify where the server is located.

Induction failure
If induction fails, attempting a fresh installation may be the most straight forward cure, however, it is possible to push through an induction manually, using the REST API. See Handling Induction Failure.

Known issue with Location names
You must use different Location names /Node IDs for each zone. If you use the same name for multiple zones then you will not be able to complete the induction between those nodes.

DConE Port

TCP port used by WD Fusion for replicated traffic.

Zone Name

The name used to identify the zone in which the server operates.

Management Endpoint

Select the Hadoop manager that you are using, i.e. Cloudera Manager, Ambari or Pivotal HD. The selection will trigger the entry fields for your selected manager:

Advanced Options
Only apply these options if you fully understand what they do. The following advanced options provide a number of low level configuration settings that may be required for installation into certain environments. The incorrect application of some of these settings could cause serious problems, so for this reason we strongly recommend that you discuss their use with WANdisco’s support team before enabling them.
URI Selection

The default behaviour for WD Fusion is to fix all replication to the Hadoop Distributed File System / hdfs:/// URI. Setting the hdfs-scheme provides the widest support for Hadoop client applications, since some applications can’t support the available "fusion:///" URI they can only use the HDFS protocol. Each option is explained below:

Use HDFS URI with HDFS file system
URI Option A

This option is available for deployments where the Hadoop applications support neither the WD Fusion URI or the HCFS standards. WD Fusion operates entirely within HDFS.

This configuration will not allow paths with the fusion:// URI to be used; only paths starting with hdfs:// or no scheme that correspond to a mapped path will be replicated. The underlying file system will be an instance of the HDFS DistributedFileSystem, which will support applications that aren’t written to the HCFS specification.

Use WD Fusion URI with HCFS file system
URI Option B

When selected, you need to use fusion:// for all data that must be replicated over an instance of the Hadoop Compatible File System. If your deployment includes Hadoop applications that are either unable to support the Fusion URI or are not written to the HCFS specfication, this option will not work.

MapR deployments
Use this URI selection if you are installing into a MapR cluster.

Use Fusion URI with HDFS file system

URI option C
This differs from the default in that while the WD Fusion URI is used to identify data to be replicated, the replication is performed using HDFS itself. This option should be used if you are deploying applications that can support the WD Fusion URI but not the Hadoop Compatible File System.

Use Fusion URI and HDFS URI with HDFS file system

URI Option D
This "mixed mode" supports all the replication schemes (fusion://, hdfs:// and no scheme) and uses HDFS for the underlying file system, to support applications that aren’t written to the HCFS specification.

Fusion Server API Port

This option lets you select the TCP port that is used for WD Fusion’s API.

Strict Recovery

Two advanced options are provided to change the way that WD Fusion responds to a system shutdown where WD Fusion was not shutdown cleanly. Currently the default setting is to not enforce a panic event in the logs, if during startup we detect that WD Fusion wasn’t shutdown. This is suitable for using the product as part of an evaluation effort. However, when operating in a production environment, you may prefer to enforce the panic event which will stop any attempted restarts to prevent possible corruption to the database.

DConE panic if dirty (checkbox)

This option lets you enable the strict recovery option for WANdisco’s replication engine, to ensure that any corruption to its prevayler database doesn’t lead to further problems. When the checkbox is ticked, WD Fusion will log a panic message whenever WD Fusion is not properly shutdown, either due to a system or application problem.

App Integration panic of dirty (checkbox)

This option lets you enable the strict recovery option for WD Fusion’s database, to ensure that any corruption to its internal database doesn’t lead to further problems. When the checkbox is ticked, WD Fusion will log a panic message whenever WD Fusion is not properly shutdown, either due to a system or application problem.

Ambari Configuration

This section configures WD Fusion to interact with the management layer, which could be Ambari or Cloudera Manager, etc.

Manager Host Name /IP

The full hostname or IP address for the working server that hosts the Hadoop manager.

Port

TCP port on which the Hadoop manager is running.

Username

The username of the account that runs the Hadoop manager.

Password

The password that corresponds with the above username.

SSL

(Checkbox) Tick the SSL checkbox to use https in your Manager Host Name and Port. You may be prompted to update the port if you enable SSL but don’t update from the default http port.

Ambari Configuration Validation
ambari
Figure 123. validation steps
Cluster manager type

Validates connectivity with the cluster manager.

HDFS service state

Validates the state of the HDFS service.

HDFS service health

Validates the overall health of the HDFS service.

HDFS service health

Validates HDFS service’s maintenance mode.

Fusion node as HDFS client

Validates that this Fusion node is a HDFS client.

Authentication without a management layer
WD Fusion normally uses the authentication built into your cluster’s management layer, i.e. the Cloudera Manager username and password are required to login to WD Fusion. However, in Cloud-based deployments, such as Amazon’s S3, there is no management layer. In this situation, WD Fusion adds a local user to WD Fusion’s ui.properties file, either during the silent installation or through the command-line during an installation.
  1. Enter security details, if applicable to your deployment.

Kerberos

13.2.2. Cloudera-based installation

This section covers the installation of WD Fusion with WANdisco’s Hive Plugin, on a Cloudera CDH platform.

  1. Download the installer script fusion-ui-server-cdh-hive_deb_installer.sh, etc., from WANdisco’s FD website.

    In this early version of Hive Metastore, the Hive Metastore plugin is provided as a full blown installer that installs WD Fusion with Hive Metastore replication plugin already built-in.

  2. Navigate to the extracted files.

  3. Run through the installer:

    Saving to: `fusion-ui-server-cdh-hive_deb_installer.sh'
    
    100%[===============================================================================>] 1,635,783,053 8.76M/s   in 8m 18s
    
    2016-06-15 10:53:47 (3.13 MB/s) - `fusion-ui-server-cdh-hive_deb_installer.sh' saved [1635783053/1635783053]
    
    root@dc01-vm1:~# bash fusion-ui-server-cdh-hive_deb_installer.sh
  4. The installer will first perform a check for the system’s JAVA_HOME variable.

    Installing WD Fusion
    Verifying archive integrity... All good.
    Uncompressing WANdisco Fusion........................
    
        ::   ::  ::     #     #   ##    ####  ######   #   #####   #####   #####
       :::: :::: :::    #     #  #  #  ##  ## #     #  #  #     # #     # #     #
      ::::::::::: :::   #  #  # #    # #    # #     #  #  #       #       #     #
     ::::::::::::: :::  # # # # #    # #    # #     #  #   #####  #       #     #
      ::::::::::: :::   # # # # #    # #    # #     #  #        # #       #     #
       :::: :::: :::    ##   ##  #  ## #    # #     #  #  #     # #     # #     #
        ::   ::  ::     #     #   ## # #    # ######   #   #####   #####   #####
    
    Welcome to the WANdisco Fusion installation
    
    You are about to install WANdisco Fusion version 2.8-19
    
    Do you want to continue with the installation? (Y/n)

    Enter "Y" to continue.

  5. The installer checks that both Perl and Java are installed on the system.

    Checking prerequisites:
    
    Checking for perl: OK
    Checking for java: OK
    
    No packages found matching fusion-*.
    
    INFO: Using the following Memory settings for the WANdisco Fusion Admin UI process:
    
    INFO: -Xms128m -Xmx512m
    
    Do you want to use these settings for the installation? (Y/n)

    Enter "Y" or "N" if you wish to set different Java heap settings.

  6. The installer asks you to confirm which TCP port will be used for accessing the WD Fusion web UI, the default is "8083".

    Which port should the UI Server listen on?  [8083]:
    Please specify the appropriate platform from the list below:
    
    [0] cdh-5.2.0
    [1] cdh-5.3.0
    [2] cdh-5.4.0
    [3] cdh-5.5.0
    [4] cdh-5.6.0
    [5] cdh-5.7.0
    [6] cdh-5.8.0
    
    Which fusion platform do you wish to use? 1
    You chose cdh-2.5.0

    Select from the available Hadoop packages.

  7. Next, you set the system user, group for running the application.

    We strongly advise against running Fusion as the root user.
    
    For default CDH setups, the user should be set to 'hdfs'. However, you should choose a user appropriate for running HDFS commands on your system.
    
    Which user should Fusion run as? [hdfs]
    Checking 'hdfs' ...
     ... 'hdfs' found.
    
    Please choose an appropriate group for your system. By default CDH uses the 'hdfs' group.
    
    Which group should Fusion run as? [hdfs]
    Checking 'hdfs' ...
     ... 'hdfs' found.

    You should press enter to go with the default "hdfs".

  8. You will now be shown a summary of the settings that you have provided so far:

    Installing with the following settings:
    
    User and Group:                     hdfs:hadoop
    Hostname:                           dc01-vm1.bdva.wandisco.com
    Fusion Admin UI Listening on:       0.0.0.0:8083
    Fusion Admin UI Minimum Memory:     128
    Fusion Admin UI Maximum memory:     512
    Platform:                           cdh-2.5.0 (2.6.0.2.2.0.0-2041)
    Fusion Server Hostname and Port:    dc01-vm1.bdva.wandisco.com:8082
    
    Do you want to continue with the installation? (Y/n)

    Enter "Y" unless you need to make changes to any of the settings.

  9. The installation will now complete:

    Adding the user hdfs to the hive group if the hive group is present.
    Installing cdh-5.8.0 packages:
      fusion-hcfs-cdh-5.8.0-server_2.8-SNAPSHOT-1854_all.deb ... Done
      fusion-hcfs-cdh-5.8.0-ihc-server_2.8-SNAPSHOT-1854_all.deb ... Done
    Installing plugin packages:
      wd-hive-plugin-cdh-5.8.0-SNAPSHOT_all.deb ... Done
    Installing fusion-ui-server package:
      fusion-ui-server_2.8-19_all.deb ...Selecting previously unselected package fusion-ui-server.
    (Reading database ... 56307 files and directories currently installed.)
    Unpacking fusion-ui-server (from .../fusion-ui-server_2.8-19_all.deb) ...
    Setting up fusion-ui-server (2.8-19) ...
     Done
  10. Once the installation has completed, you need to configure the WD Fusion server using the browser based UI.

    Starting fusion-ui-server:                                 [  OK  ]
    Checking if the GUI is listening on port 8083: .....Done
    
    Please visit http://node.hostname.com:8083/ to complete installation of WANdisco Fusion
    
    If 'your.hostname.server.com' is internal or not available from your browser, replace
    this with an externally available address to access it.
    
    Stopping fusion-ui-server:.                                [  OK  ]
    Starting fusion-ui-server:                                 [  OK  ]

    Open a browser and enter the provided URL, or IP address.

  11. Follow this section to complete the installation by configuring WD Fusion using a browser-based graphical user interface.

    Silent Installation
    For large deployments it may be worth using Silent Installation option.

    Open a web browser and point it at the provided URL. e.g

    http://<YOUR-SERVER-ADDRESS>.com:8083/
  12. In the first "Welcome" screen you’re asked to choose between Create a new Zone and Add to an existing Zone.
    Make your selection as follows:

    Install 1
    Figure 124. Welcome
    Adding a new WD Fusion cluster

    Select Add Zone.

    Adding additional WD Fusion servers to an existing WD Fusion cluster

    Select Add to an existing Zone.

    High Availability for WD Fusion / IHC Servers

    It’s possible to enable High Availability in your WD Fusion cluster by adding additional WD Fusion/IHC servers to a zone. These additional nodes ensure that in the event of a system outage, there will remain sufficient WD Fusion/IHC servers running to maintain replication.

    Add HA nodes to the cluster using the installer and choosing to Add to an existing Zone, using a new node name.

    Configuration for High Availability
    When setting up the configuration for a High Availability cluster, ensure that fs.defaultFS, located in the core-site.xml is not duplicated between zones. This property is used to determine if an operation is being executed locally or remotely, if two separate zones have the same default file system address, then problems will occur. WD Fusion should never see the same URI (Scheme + authority) for two different clusters.

  13. Run through the installer’s detailed Environment checks. For more details about exactly what is checked in this stage, see Environmental Checks in the Appendix.

    WD Fusion Deployment
    Figure 125. Environmental checks
  14. On clicking validate the installer will run through a series of checks of your system’s hardware and software setup and warn you if any of WD Fusion’s prerequisites are missing.

    WD Fusion Deployment
    Figure 126. Example check results

    Any element that fails the check should be addressed before you continue the installation. Warnings may be ignored for the purposes of completing the installation, especially if the installation is only for evaluation purposes and not for production. However, when installing for production, you should also address all warnings, or at least take note of them and exercise due care if you continue the installation without resolving and revalidating.

  15. Upload the license file.

    WD Fusion Deployment
    Figure 127. Upload your license file
  16. The conditions of your license agreement will be presented in the top panel, including License Type, Expiry data, Name Node Limit and Data Node Limit.

    WD Fusion Deployment
    Figure 128. Verify license and agree to subscription agreement.

    Click on the I agree to the EULA to continue, then click Next Step.

  17. Enter settings for the WD Fusion server.

    screen 4 - Server settings
WD Fusion Server
Maximum Java heap size (GB)

Enter the maximum Java Heap value for the WD Fusion server.

Umask (currently 022)

Set the default permissions applied to newly created files. The value 022 results in default directory permissions 755 and default file permissions 644. This ensures that the installation will be able to start up/restart.

Advanced options
Only apply these options if you fully understand what they do.
The following advanced options provide a number of low level configuration settings that may be required for installation into certain environments. The incorrect application of some of these settings could cause serious problems, so for this reason we strongly recommend that you discuss their use with WANdisco’s support team before enabling them.
Custom UI hostname

Lets you set a custom hostname for the Fusion UI, distinct from the communication.hostname which is already set as part of the install and used by WD Fusion nodes to connect to the Fusion server.

Custom UI Port

Lets you change WD Fusion UI’s default port, in case it is assigned elsewhere, e.g. Cloudera’s headamp debug server also uses it.

Strict Recovery

See explanation of the Strict Recovery Advanced Options.

Enable SSL for WD Fusion

Tick the checkbox to enable SSL. WD Fusion Deployment

KeyStore Path

System file path to the keystore file.
e.g. /opt/wandisco/ssl/keystore.ks

KeyStore Password

Encrypted password for the KeyStore.
e.g. ***********

Key Alias

The Alias of the private key.
e.g. WANdisco

Key Password

Private key encrypted password.
e.g. ***********

TrustStore Path

System file path to the TrustStore file.
/opt/wandisco/ssl/keystore.ks

TrustStore Password

Encrypted password for the TrustStore.
e.g. ***********

IHC Server
WD Fusion
Figure 129. IHC Settings
Maximum Java heap size (GB)

Enter the maximum Java Heap value for the WD Inter-Hadoop Communication server.

IHC network interface

The hostname for the IHC server.

Advanced Options (optional)
IHC server binding address

In the advanced settings you can decide which address the IHC server will bind to. The address is optional, by default the IHC server binds to all interfaces (0.0.0.0), using the port specified in the ihc.server field. In all cases the port should be identical to the port used in the ihc.server address. i.e.

  /etc/wandisco/fusion/ihc/server/cdh-5.4.0/2.6.0-cdh5.4.0.ihc

or

  /etc/wandisco/fusion/ihc/server/localfs-2.7.0/2.7.0.ihc

Once all settings have been entered, click Next step.

  1. Next, you will enter the settings for your new Zone.

    WD Fusion Deployment

    ===== Zone Information Entry fields for zone properties.

    Fully Qualified Domain Name

    The full hostname for the server.

    Node ID

    A unique identifier that will be used by WD Fusion UI to identify the server.

    Location Name (optional)

    A location name that can quickly identify where the server is located.

    Induction failure
    If induction fails, attempting a fresh installation may be the most straight forward cure, however, it is possible to push through an induction manually, using the REST API. See Handling Induction Failure.

    Known issue with Location names
    You must use different Location names /Node IDs for each zone. If you use the same name for multiple zones then you will not be able to complete the induction between those nodes.

    DConE Port

    TCP port used by WD Fusion for replicated traffic.

    Zone Name

    The name used to identify the zone in which the server operates.

    Management Endpoint

    Select the Hadoop manager that you are using, i.e. Cloudera Manager. The selection will trigger the entry fields for your selected manager:

Advanced Options

Only apply these options if you fully understand what they do.
The following advanced options provide a number of low level configuration settings that may be required for installation into certain environments. The incorrect application of some of these settings could cause serious problems, so for this reason we strongly recommend that you discuss their use with WANdisco’s support team before enabling them.

URI Selection

The default behaviour for WD Fusion is to fix all replication to the Hadoop Distributed File System / hdfs:/// URI. Setting the hdfs-scheme provides the widest support for Hadoop client applications, since some applications can’t support the available "fusion:///" URI they can only use the HDFS protocol. Each option is explained below:

Use HDFS URI with HDFS file system
URI Option A

This option is available for deployments where the Hadoop applications support neither the WD Fusion URI or the HCFS standards. WD Fusion operates entirely within HDFS.

This configuration will not allow paths with the fusion:// URI to be used; only paths starting with hdfs:// or no scheme that correspond to a mapped path will be replicated. The underlying file system will be an instance of the HDFS DistributedFileSystem, which will support applications that aren’t written to the HCFS specification.

Use WD Fusion URI with HCFS file system
URI Option B

When selected, you need to use fusion:// for all data that must be replicated over an instance of the Hadoop Compatible File System. If your deployment includes Hadoop applications that are either unable to support the Fusion URI or are not written to the HCFS specfication, this option will not work.

MapR deployments
Use this URI selection if you are installing into a MapR cluster.

Use Fusion URI with HDFS file system

URI option C
This differs from the default in that while the WD Fusion URI is used to identify data to be replicated, the replication is performed using HDFS itself. This option should be used if you are deploying applications that can support the WD Fusion URI but not the Hadoop Compatible File System.

Use Fusion URI and HDFS URI with HDFS file system

URI Option D
This "mixed mode" supports all the replication schemes (fusion://, hdfs:// and no scheme) and uses HDFS for the underlying file system, to support applications that aren’t written to the HCFS specification.

WD Fusion Server API Port

This option lets you select the TCP port that is used for WD Fusion’s API.

Strict Recovery

Two advanced options are provided to change the way that WD Fusion responds to a system shutdown where WD Fusion was not shutdown cleanly. Currently the default setting is to not enforce a panic event in the logs, if during startup we detect that WD Fusion wasn’t shutdown. This is suitable for using the product as part of an evaluation effort. However, when operating in a production environment, you may prefer to enforce the panic event which will stop any attempted restarts to prevent possible corruption to the database.

DConE panic if dirty (checkbox)

This option lets you enable the strict recovery option for WANdisco’s replication engine, to ensure that any corruption to its prevayler database doesn’t lead to further problems. When the checkbox is ticked, WD Fusion will log a panic message whenever WD Fusion is not properly shutdown, either due to a system or application problem.

App Integration panic of dirty (checkbox)

This option lets you enable the strict recovery option for WD Fusion’s database, to ensure that any corruption to its internal database doesn’t lead to further problems. When the checkbox is ticked, WD Fusion will log a panic message whenever WD Fusion is not properly shutdown, either due to a system or application problem.

Cloudera Manager Configuration

This section configures WD Fusion to interact with the management layer, which could be Ambari or Cloudera Manager, etc.

Manager Host Name /IP

The full hostname or IP address for the working server that hosts the Hadoop manager.

Port

TCP port on which the Hadoop manager is running.

Username

The username of the account that runs the Hadoop manager.

Password

The password that corresponds with the above username.

SSL

(Checkbox) Tick the SSL checkbox to use https in your Manager Host Name and Port. You may be prompted to update the port if you enable SSL but don’t update from the default http port.

Authentication without a management layer
WD Fusion normally uses the authentication built into your cluster’s management layer, i.e. the Cloudera Manager username and password are required to login to WD Fusion. However, in Cloud-based deployments, such as Amazon’s S3, there is no management layer. In this situation, WD Fusion adds a local user to WD Fusion’s ui.properties file, either during the silent installation or through the command-line during an installation.
  1. Enter security details, if applicable to your deployment.

Kerberos
Kerberos Configuration

In this step you also set the configuration for an existing Kerberos setup. If you are installing into a Kerberized cluster, include the following configuration.

Enabling Kerberos authentication on WD Fusion’s REST API
When a user has enabled Kerberos-authentication on their REST API, they must kinit before making REST calls, and enable GSS-Negotiate authentication. To do this with curl, the user must include the "-negotiate" and "-u:" options, like so:

curl --negotiate -u: -X GET "http://${HOSTNAME}:8082/fusion/fs/transfers"

See Setting up Kerberos for more information about Kerberos setup.

  1. Click Validate to confirm that your settings are valid. Once validated, click Next step.

    Zone information.
  2. The remaining panels in step 6 detail all of the installation settings. All your license, WD Fusion server, IHC server and zone settings are shown. If you spot anything that needs to be changed you can click on the go back link.

    WD Fusion Deployment
    Figure 130. Summary

    Once you are happy with the settings and all your WD Fusion clients are installed, click Deploy Fusion Server.

  3. In the next step you must complete the installation of the WD Fusion client package on all the existing HDFS client machines in the cluster. The WD Fusion client is required to support the ingestion of data to WD Fusion nodes.

    WD Fusion Deployment
    Figure 131. Client installations

    Follow the on-screen instructions for downloading the Client Parcel.

    client package location
    You can find all supported package types, here:

    /opt/wandisco/fusion-ui-server/ui/client_packages
    /opt/wandisco/fusion-ui-server/ui/stack_packages
    /opt/wandisco/fusion-ui-server/ui/parcel_packages
  4. We now handle the configuration of the Hive Metastore Plugin, which will be integrated into WD Fusion now, rather than in a separate post-installation step.

    WD Fusion Deployment
    Figure 132. Hive plugin - substep 1.

    The installer performs some basic validation, checking the following criteria:

Manager Validation

Checks that the system is being configured with valid distribution manager support. In this example, "AMBARI" should be detected. Should this validation check fail, you would need to check that you have entered the right Manager details in Step 5.

Hive Service installed Validation

The installer will check that Hive is running on the server. Should the validation check fail, you should check that Hive is running.

Hive Configuration (CDH)

During the installation you need to enter the following properties:

Hive Metastore host

The hostname for the Hive Metastore service.

Known Issue:
You must provide a hostname, not an IP address. Currently, an IP address is not enough to verify the presence of the service. We will add support for IP addresses once we have identified a workable method for validating it with the manager.
Hive Metastore port

The TCP port that will be used by the Hive Metastore service. Default:9084

  1. In this step you need to copy over and unpack the Hive services to the service directory of your Cloudera Manager installation.
    WD Fusion Deployment

  2. If you check Cloudera Manager, providing the new parcel is in place, you will see it listed.

    WD Fusion Deployment

    Important:
    You should see that the package for WD Hive Metastore is now listed through Ambari. Do NOT enable the package at this time. WD Hive Metastore needs to be installed through steps that appear later.
  3. At the end of this step, we address a possible problem that you may have in connecting WD Fusion to a remote Hive Metastore database. Please note that the following MySQL query is only applicable to Ambari installations.

    GRANT ALL PRIVILEGES ON <hive-metastore-database-name>.* TO 'hive'@'<HOSTNAME-FOR-HIVE-METASTORE-SERVICE-NODE>'
    IDENTIFIED BY PASSWORD '<obfuscated hive database password>';
  4. The next step handles the plugin’s installation:

    WD Fusion Deployment

    When you have confirmed that the stack files are in place, on the installer screen, click Next.

Summary

The summary confirms the values of the entries you provided in the first sub-step of the WANdisco Hive Metastore installation section.

To begin the installation of the Plugin, click Start Install.

Installation Steps (Cloudera)

The following notes explain what is happening during each phase of the installation into a CDH-based cluster:

Fusion Hive parcel distribution and activation

Distribute and activate Fusion Hive parcels.

Hive-site Setup

Retrieve and setup hive-site.xml for use with Wd-Fusion.

Fusion Hive service descriptor

Install Fusion Hive service descriptor.

Known Issue: Cloudera-based deployments only
When installing the Hive Metastore plugin, you must create the folder /etc/wandisco/hive on the Metastore host you specified above. This folder must have owner hive:hive and the Hive user must be able to access and write to this location.
Fusion Hive service setup

Install Fusion Hive service.

Cloudera metastore configuration

Configuring Cloudera to use Fusion Hive metastore.

Recursive

Repair selected context and all its children.

Add Missing

Add missing data to the destination zone that exists at the "source of truth" zone.

Remove Extra

Remove data from the destination zone that do not exist at the "source of truth" zone.

Update Different

Update existing data at the destination zone to match the "source of truth" zone.

After clicking on the Repair button, the repair process will start.
WD Hive Metastore Example

Known Issue with failed consistency repairs (FUI-3272)
There is a known issue that may appear if Hive contains two indexes that have the same name that then apply to a column of the same name (even though the indexes apply to different tables in different databases). In this scenario, repairs will fail. The cause of the issue is related to the ordering of actions. You can work around the issue using the following procedure.

If you need to repair a database that contains Index tables then you will need to repair them in stages as follows:

  • Repair the database with recursive unset.

  • Repair the Index tables.

  • Repair the parent tables with recursive enabled to repair any partitions and indexes.

13.3. Installing on a Kerberized cluster

The Installer lets you configure WD Fusion to use your platform’s Kerberos implementation. You can find supporting information about how WD Fusion handles Kerberos in the Admin Guide, see Setting up Kerberos.

13.3.1. Configuring Kerberos principals for Hive Metastore plugin

You need to configure kerberos principals for the wd-hive-metastore and hive fusion plugin to use. All these steps need to be carried out with reference to the host where the wd-hive-metastore and fusion services are running.

For reference
See Cloudera’s documentation on Create and Deploy the Kerberos Principals and Keytab Files.

13.4. Impala configuration change

When running Impala/Hive with Fusion, you must make the following configuration changed. If you don’t make these changes, the wrong host and port information will be associated with our replacement front-end service.

You must add the hive.metastore.uris property to the following Hive Advanced snippets (one for catalog server, one for Daemons) in Impala in order to override the uris setting incorrectly pushed by Ambari from the metastore.port parameter.

Catalog Server Hive Advanced Configuration Snippet (Safety Valve)

The Hive Metastore uris hostname and port (9084 is our default)

e.g.

<property>
  <name>hive.metastore.uris</name>
  <value>an-example-host.supp:9084</value>
</property>
Impala Daemon Hive Advanced Configuration Snippet (Safety Valve)

The Hive Metastore uris hostname and port (9084 is our default).

e.g.

<property>
  <name>hive.metastore.uris</name>
  <value>an-example-host.supp:9084</value>
</property>
WD Fusion Impala
Figure 133. Advanced snippet changes

13.4.1. Procedure

  1. Replace fusion-server.wandisco.com with the actual FQDN name for your wd-hive-metastore host.

  2. Login to kadmin.local or kadmin on the host machine running wd-hive-metastore.

  3. In kadmin use:

    addprinc -randkey hive/fusion-server.wandisco.com@WANDISCO.HADOOP
  4. In kadmin use:

    addprinc -randkey HTTP/fusion-server.wandisco.com@WANDISCO.HADOOP
  5. In kadmin use:

    xst -k hive.service.keytab hive/fusion-server.wandisco.com@WANDISCO.HADOOP
    HTTP/fusion-server.wandisco.com@WANDISCO.HADOOP
  6. Exit kadmin

  7. Check the keytab has the correct entries by using

    klist -e -k -t hive.service.keytab
  8. Use:

    sudo mv hive.service.keytab /etc/security/keytabs/
  9. Make sure the keytab is readable by the hive user by using

    sudo chown hive:hadoop /etc/wandisco/hive.service.keytab
    sudo chmod +r /etc/wandisco/hive.service.keytab
  10. And then add:

    <property>
        <name>hive.metastore.kerberos.keytab.file</name>
        <value>/etc/security/keytabs/hive.service.keytab</value>
    </property>
  11. Now restart Fusion server using service fusion-server restart.

  12. Restart the wd-hive-metastore service via CM.

  13. Restart the hiveServer2 service via CM.

  14. Reconnect to beeline again. Remember you need to perform a kinit before starting beeline using that nodes keytab and hive principal. You may also need to make a change to the hive-site.xml:

    <property>
        <name>hive.metastore.kerberos.keytab.file</name>
        <value>hive.service.keytab</value>
    </property>

    to

    <property>
        <name>hive.metastore.kerberos.keytab.file</name>
        <value>/etc/wandisco/hive/hive.servce.keytab</value>
    </property>

    All connections using beeline should use the same connection string regardless of the node that is being used - always use your hiveserver2 host’s FQDN, e.g.:

    !connect jdbc:hive2://your.server.url:10000/default;principal=hive/principle.server.com@WANDISCO.HADOOP

    even if connecting on the principle server itself.

13.4.2. Secure Impersonation

Normally the Hive user has superuser permissions on the hiveserver2 and hive metastore nodes. If you are installing into a different nodes, corresponding proxyuser parameters should also be updated in core-site.xml and kms-site.xml

Set up a proxy user on the NameNode, adding the following properties to core-site.xml on the applicable NameNode(s).

<property>
        <name>hadoop.proxyuser.$USERNAME.hosts</name>
        <value>*</value>
    </property>
    <property>
        <name>hadoop.proxyuser.$USERNAME.groups</name>
        <value>*</value>
</property>
hadoop.proxyuser.$USERNAME.hosts

Defines hosts from which client can be impersonated. $USERNAME, the superuser who wants to act as a proxy to the other users, is usually set as system user “hdfs”. These values are captured by the installer, which can apply these values automatically.

hadoop.proxyuser.$USERNAME.groups

A list of groups whose users the superuser is allowed to act as proxy. Including a wildcard (*), which will mean that proxies of any users are allowed. For example, for the superuser to act as proxy to another user, the proxy actions must be completed on one of the hosts that are listed, and the user must be included in the list of groups. Note that this can be a comma separated list or the noted wildcard (*).

13.4.3. High Availability with Hive

It’s possible to set up High Availability by enabling multiple WD Fusion nodes to connect to the Hive Metastore. For a basic setup, use the following procedure:

Install on your first node

Follow the instructions for a regular Fusion-Hive installation provided in the installation guide - 2. Installation

Install on your second node:
  1. Select Add to existing zone (give the address of the first WD Fusion node).

  2. Continue with the installation as you did on your first WD Fusion node until you reach the Hive setup screens.

  3. On the first Hive screen, add the address of the Metastore server associated with your first Fusion node (this will require changing the default) and clicking update.

  4. Proceed to the next screen.

  5. Skip the next screen as the Fusion-Hive stacks / parcels are already installed.

  6. Transfer /etc/wandisco/fusion/server/hive-site.xml from your first Fusion node to /etc/wandisco/fusion/server/hive-site.xml on this node.

  7. Click the Install button to launch the installation process.

  8. When prompted, proceed to the end of the UI installer.

13.5. Hive Plugin Technical Glossary

13.5.1. Hive

Hive is a Hadoop-specific data warehouse component. It provides facilities to abstract a structured representation of data in Hadoop’s file system. This structure is presented as databases containing tables that are split into partitions. Hive can prescribe structure onto existing Hadoop data, or it can be used to create and manage that data.

It uses an architecture that includes a "metastore", which provides the interface for accessing all metadata for Hive tables and partitions. The metastore is the component that persists the structure information of the various tables and partitions in the warehouse, including column and column type information, the serializers and deserializers necessary to read and write data and the location of any corresponding Hadoop files where the data is stored.

Hive offers a range of options for the deployment of a metastore:

As a metastore database:

  1. Local/embedded metastore database (Derby)

  2. Remote metastore database

As a metastore server:

  1. Local/embedded metastore server

  2. Remote metastore server

In remote mode, the metastore server is a Thrift service. In embedded mode, the Hive client connects directly to the underlying database using JDBC. Embedded mode supports only a single client session, so is not used normally for multi-user product environments.

WANdisco’s implementation of a replicated Hive metastore supports deployments that use a remote metastore server. As tools exist that use interfaces to the metastore other than the thrift interface, the implementation does not just proxy that interface.

13.5.2. WANdisco Hive Metastore

The WANdisco Hive Metastore can act as a replacement or complement for the standard Hive Metastore, and provides two components:

  1. A plugin for Fusion that allows for the coordination of Hive Metastore activities, and a replacement Hive Metastore implementation that delegates the coordination of activities to the plugin in order that they can be performed in a consistent manner across multiple deployments of the Metastore.

  2. A replacement Hive Metastore implementation that delegates the coordination of activities to the plugin in order that they can be performed in a consistent manner across multiple deployments of the Metastore.

The resulting system ensures that Hive metadata can be made consistent across multiple Hadoop clusters, and by performing that coordination in conjunction with actions performed against the Hadoop file system, also ensures that this consistency applies to Hive-resident metadata and any corresponding files where Hive table/partition data is stored.

The following diagram provides a simplified view of how WANdisco’s Hive Metastore plugin interfaces between your Hive deployment and WD Fusion.

WD Hive Metastore Example

The WANdisco Hive Metastore (NsHive Metastore in the diagram above) can replace the standard Hive Metastore from the Hadoop distribution, or run alongside that Metastore. It provides all the functionality of the standard Hive Metastore, but adds interaction with WANdisco Fusion when coordination and replication is required (i.e. for activities that result in writes against the metadata database used by Hive). Different versions of the Hive Metastore are supported.

Hive Metastore replication in a nutshell
  • WANdisco runs its own Metastore server instance that replaces the default server.

  • WANdisco only replicates write operation against the metastore database.

  • The WD Hive Metastore Plugin sends proposals into the WD Fusion core.

  • WD Fusion uses the Hive Metastore plugin to communicate, directly with the metastore database.

13.5.3. Overview of Release

The WANdisco Hive Metastore provides functionality for the replication of Hive metadata and underlying table data as a plugin.

This section of the user guide describes the plugin’s functionality, behaviour and user experience.

Core Use Case

The functionality will address the core use case of interacting with Hive as a data warehouse technology in environments where active-active replication of Hive information is required, including underlying table data. Changes made to Hive metadata and data are replicated between multiple participating Hadoop clusters.

Restrictions

All files that hold the data for a given Hive table need to exist under a single root directory that can be replicated using Fusion. This is because there is a need for a single distributed state machine (DSM) to coordinate the activities of metadata changes with underlying table/partition content.

This limitation may be removed if/when Fusion adds the ability to coordinate multiple otherwise independent DSMs.

Replacement of Metastore implementation

In order to coordinate all actions across multiple Metastore servers, the current solution replaces each standard Metastore server with a minimally-modified version of it, as provided by WANdisco. If selected portions of Hive metadata require replication, the WANdisco Hive Metastore can operate in addition to the standard Metastore server.

13.5.4. Metastore Version

The Hive Metastore differs in implementation across versions. The WANdisco Hive Metastore provides versions to match Hive 0.13, 0.14, 1.1.0 and 1.2.1.

The Metastore version used by all participating replicated instances must match. Future versions of the Replicated Hive Metastore may allow replication between different versions of Hive.

Functionality Not Addressed

The following functionality does not exist in the 1.0 release of the WANdisco Hive Metastore:

  • Hive transactions are not supported.

  • Hive SQL Standard Based Authorization (which provides column-level access control granularity) is not supported, because this mode requires that HiveServer2 runs an embedded metastore.

  • Replication between different versions of Hive not supported (some combinations might work, but will need to be specifically tested).

  • Table directories have to be under the database directory (or at least in the same replicated directory as the database).

  • Limitations related to known Hive issues:

    • HIVE-2573: Create Function is not replicated

    • HIVE-10719: Alter rename table does not rename the table

13.5.5. Core Functionality Provided

13.5.6. Metadata Replication

Changes made to Hive metadata are replicated between multiple participating Hadoop clusters, by coordinating all write operations that will affect the metastore database, and ensuring that these operations are performed in a consistent manner across all WANdisco Hive Metastore instances within a Fusion membership.

13.6. Consistency Check and Repair

The functionality of consistency check and repair provides the means to:

  • Determine if there are any inconsistencies between the hive metastore data across all zones for any given replicated folder/location that maps to a database or table within the hive metastore.

  • Identify which metastore data is inconsistent i.e which tables are missing from a database or which columns are different/missing in a table.

  • Allow the user to select a zone as the source of truth and then repair the metastore data based on that version of the metastore data.

Assumptions made for the operation of this feature include:

  • This feature will only cover checking and repairing the hive metastore data and not any inconsistencies in the data within the replicated folder. This will be the responsibility of the Fusion Server.

Key facilities of this feature are:

  • Provide the ability to request and return the current version of the database metadata for a particular location/replicated folder from each node within the membership of the supplied replicated folder / location.

  • Provide the ability to compare the current database metadata of all the nodes/zones and to create a list of inconsistencies, if any. This list of inconsistencies will need to be displayed to the user in the same way as inconsistencies in the files / sub folders of a replicated folder are currently displayed.

  • Provide the ability to accept a "source of truth" for each inconsistency and the ability to propose to change the data on all other nodes to match this "source of truth". Provide support for "bulk" proposals so that all inconsistencies can be repair via a single proposal if they share the same "source of truth".

    Provide the ability to manage the CC&R process. This could be replaced by functionality in the Fusion Plugin ADK at a future date.

13.6.1. Testing

Here are some examples for testing basic functionality of the WAN Hive Metastore. They cover connection, creation of a replicated database, population of temporary table data, populating partitions of a table, creating inconsistent data to test consistency check and repair functionality.

13.6.2. How to start beeline and connect to Hive

You can use the hdfs user to prevent any permission issues:

  1. As the hdfs user start beeline on the master node -

    beeline
  2. Connect to the hive metastore using the following command -

    !connect jdbc:hive2://hiveserver2_host:10000 hdfs
  3. You don’t need a password here, so press enter.

13.6.3. How to create a replicated database within Hive

  1. Using the hdfs user create a new hdfs folder on both clusters as a home for your test databases

hdfs dfs -mkdir -p /hive/databases
  1. Within the Fusion UI create a new replicated folder for /hive/databases.

  2. Start beeline and connect as above.

  3. To create your new test database enter the following command.

    CREATE DATABASE test_01 LOCATION '/hive/databases/test_01';

    where test_01 is the database name you want to use.

  4. To check the database has been created and replicated you will need to connect to beeline on the master node of the other cluster using the instructions above, making sure to use the correct hiveserver2_host for that cluster. Then on both clusters use: SHOW DATABASES; This should display the default database and the new database you just created.

13.6.4. How to create and populate the temporary table

  1. This example assumes that you have a test data file containing a single string per line, placed in

    /usr/local/share/installers/Batting.csv.
  2. Start beeline and connect as above if you are not already connected.

  3. Set the test database you want to use for this test data.

    USE test_01;
  4. Create the temporary table for the batting data

    create table temp_batting (col_value STRING);
  5. Now load the test data into the temp_batting table:

    LOAD DATA LOCAL INPATH '/usr/local/share/installers/Batting.csv' OVERWRITE INTO TABLE temp_batting;

    This should replicate to the data to the second cluster for you. You need to replace the location of the uploaded Batting.csv file.

  6. To see the loaded data you can use

    SELECT * FROM temp_batting LIMIT 100;

13.7. How to create and populate a table with partitions with data from the

above temp_batting table

  1. Start beeline and connect as above if you are not already connected.

  2. Set the test database you want to use for this test table using

    USE test_01;
  3. Create the new empty table partitioned by year

    create table batting (player_id STRING,runs INT) PARTITIONED BY(year INT);
  4. Now load the new table with data from the temp_batting table by

    insert overwrite table batting PARTITION(year) SELECT regexp_extract(col_value, '^(?:([^,]*),?){1}', 1) player_id, regexp_extract(col_value, '^(?:([^,]*),?){9}', 1) run, regexp_extract(col_value, '^(?:([^,]*),?){2}', 1) year from temp_batting;
  5. The above step may take a little while because it has to create a mapreduce job to process the data.

  6. To see that the table has been populated with data run

    SELECT * FROM batting WHERE year='2000' LIMIT 100;

13.7.1. How to create inconsistent or missing data for testing CC and repair

  1. Create a new folder in HDFS for the location of your database on both clusters.

    hdfs dfs -mkdir /testing

    Warning
    Do not add this folder to Fusion as a replicated folder.

  2. On one of the clusters connect to beeline and create your test database.

    CREATE DATABASE testing_01 LOCATION '/testing/testing_01';
  3. Select this new database

    USE testing_01;
  4. Create a table within this database

    create table temp_batting (col_value STRING);
  5. Now load the test data into the temp_batting table

    LOAD DATA LOCAL INPATH '/usr/local/share/installers/Batting.csv' OVERWRITE INTO TABLE temp_batting;

    You need to replace the location of the Batting.csv file.

  6. Create the new empty table

    create table batting (player_id STRING,runs INT, year INT);
  7. Now load the new table with data from the temp_batting table

    insert overwrite table batting SELECT regexp_extract(col_value, '^(?:([^,]*),?){1}', 1) player_id, regexp_extract(col_value, '^(?:([^,]*),?){9}', 1) run, regexp_extract(col_value, '^(?:([^,]*),?){2}', 1) year from temp_batting;
  8. Now add the '/testing' folder to Fusion as a replicated folder with the same membership of the two zones you created earlier.

  9. Both the hdfs and the hive metastore data will be inconsistent so you will be able to test consistency check and repair functionality.

  10. To create inconsistent data you will need to create the database and tables with whatever changes you want to make them inconsistent before adding the location of the database to Fusion.

13.8. Removing the Hive Plugin from deployment

The following procedure shows how you can remove the Hive plugin from your cluster.

  1. Configuration in Ambari must be updated in the Hive service as follows:

    • Section Advanced hive-site, Property fs.file.impl.disable.cache, ensure value is "true".

    • Section Advanced hive-site, Property fs.hdfs.impl.disable.cache, ensure value is "true".

    • Section Advanced hive-site, Property hive.metastore.uris, return this to be the URI of the original metastore hosts - Consult prior configuration version to obtain the values.

      Do not revert configuration
      If you revert the config you will lose any other configuration changes post deployment, not just those listed.
    • Look in all other sections of the Hive service for instances of hive.metastore.uris. Remove the property for all sections other than Advanced hive-site (which must remain).

    • Within the Custom hiveserver2-site add a property named wd.hiveserver2.template.revert and put any value in it. The word true will be as good as anything.

  2. Save the above configuration changes.

  3. Stop the base Hive Metastore if it is located on the same node as the WD Fusion Hive metastore.

  4. Deploy the configuration changes in Ambari, restarting services in Hive.

  5. Restart the WD Hiveserver2 Template service in Ambari. Note, the service will show offline after restarting and may mark itself as having failed the restart. This is normal. original metastore hosts - Consult prior configuration version to obtain the values.

    Required
    This step is required, but the outcome may now differ due to changes in the stack.
    • Restart all Hiveserver2 processes. This is needed so they start again using the Embedded metastore (step 5 is what triggers this).

    • WD Hive components will now be stopped, removal can occur from the Ambari API

      Do not remove Hiveserver2 template
      Note: You should not remove the Hiveserver2 template if Hiveserver2 is still using the external metastore.
      # Stop the WD Metastore
      curl -u admin:admin -H "X-Requested-By: ambari" -X PUT -d '{"RequestInfo":{"context":"Stop Service"},"Body":{"ServiceInfo":{"state":"INSTALLED"}}}' http://AMBARI_SERVER_HOST:8080/api/v1/clusters/c1/services/WD-HIVE-METASTORE_MASTER
      
      # Stop the Hiveserver2 template
      curl -u admin:admin -H "X-Requested-By: ambari" -X PUT -d '{"RequestInfo":{"context":"Stop Service"},"Body":{"ServiceInfo":{"state":"INSTALLED"}}}' http://AMBARI_SERVER_HOST:8080/api/v1/clusters/c1/services/WD-HIVESERVER2_MASTER
      
      # Remove the WD Metastore - MUST BE REMOVED HERE - HIVESERVER2 Template depends on the metastore
      curl -u admin:admin -H "X-Requested-By: ambari" -X DELETE  http://AMBARI_SERVER_HOST:8080/api/v1/clusters/c1/services/WD-HIVE-METASTORE_MASTER
      
      # Remove the Hiveserver2 template
      curl -u admin:admin -H "X-Requested-By: ambari" -X DELETE  http://AMBARI_SERVER_HOST:8080/api/v1/clusters/c1/services/WD-HIVESERVER2_MASTER
  6. Remove the WD Metastore from the host it was on.

    rpm -e wd-hive-metastore-ibm-4.1-2.9.3-595.noarch

    Use correct package name. you can find this from rpm -qa | grep wd-hive-metastore

  7. Remove the Metastore plugin from the Fusion nodes.

    rpm -e wd-hive-plugin-ibm-4.1-2.9.3-595.noarch

    Use correct package name. you can find this from rpm -qa | grep wd-hive-plugin

  8. All other Fusion server, IHC, UI and Client removal steps are now valid.


14. Reference

The reference guide walks through WD Fusion’s various screens, providing a basic explanation of what everything does. For specific instruction on how to perform a particular task, you should view the Admin Guide

14.1. Fusion Architecture

14.1.1. WD Fusion Example Workflow

The following diagram presents a simplified workflow for WD Fusion, which illustrates a basic use case and points to how WANdisco’s distributed coordination engine (DConE) is implemented to overcome the challenges of coordination.

Example Workflow
  1. User makes a request to create or change a file on the cluster.

  2. WD Fusion coordinates File Open to the external cluster.

  3. File is added to underlying storage.

  4. WD Fusion coordinates at configurable write increments and File Close with other clusters (see membership).

  5. WD Fusion server at remote cluster pulls data from IHC server on source cluster.

  6. WD Fusion server at remote site writes data to its local cluster.

14.2. What is WANdisco Fusion

WANdisco Fusion (WD Fusion) shares data between two or more clusters. Shared data is replicated between clusters using DConE, WANdisco’s proprietary coordination engine. This isn’t a spin on mirroring data, every cluster can write into the shared data directories and the resulting changes are coordinated in real-time between clusters.

14.3. 100% Reliability

Paxos-based algorithms enable DConE to continue to replicate even after brief networks outages, data changes will automatically catch up once connectivity between clusters is restored.

Below the coordination stream, actual data transfer is done as an asynchronous background process and doesn’t consume MapReduce resources.

14.4. Replication where and when you need

WD Fusion supports Selective replication, where you control which data is replicated to particular clusters, based on your security or data management policies. Data can be replicated globally if data is available to every cluster or just one cluster.

Fusion example
Figure 134. Simplified Replication diagram

14.5. The Benefits of WANdisco Fusion

  • Ingest data to any cluster, sharing it quickly and reliably with other clusters. Removing fragile data transfer bottlenecks, and letting you process data at multiple places improving performance and getting you more utilization from backup clusters.

  • Support a bimodal or multimodal architecture to enable innovation without jeopardizing SLAs. Perform different stages of the processing pipeline on the best cluster. Need a dedicated high-memory cluster for in-memory analytics? Or want to take advantage of an elastic scale-out on a cheaper cloud environment? Got a legacy application that’s locked to a specific version of Hadoop? WANdisco Fusion has the connections to make it happen. And unlike batch data transfer tools, WANdisco Fusion provides fully consistent data that can be read and written from any site.

  • Put away the emergency pager. If you lose data on one cluster, or even an entire cluster, WANdisco Fusion has made sure that you have consistent copies of the data at other locations.

  • Set up security tiers to isolate sensitive data on secure clusters, or keep data local to its country of origin.

  • Perform risk-free migrations. Stand up a new cluster and seamlessly share data using WANdisco Fusion. Then migrate applications and users at your leisure, and retire the old cluster whenever you’re ready.

14.6. A Primer on Paxos

Replication networks are composed of a number of nodes, each node takes on one of a number of roles:

14.6.1. Acceptors (A)

The Acceptors act as the gatekeepers for state change and are collected into groups called Quorums. For any proposal to be accepted, it must be sent to a Quorum of Acceptors. Any proposal received from an Acceptor node will be ignored unless it is received from each Acceptor in the Quorum.

14.6.2. Proposers (P)

Proposer nodes are responsible for proposing changes, via client requests, and aims to receive agreement from a majority of Acceptors.

14.6.3. Learners (L)

Learners handle the actual work of replication. Once a Client request has been agreed on by a Quorum the Learner may take the action, such as executing a request and sending a response to the client. Adding more learner nodes will improve availability for the processing.

14.6.4. Distinguished Node

It’s common for a Quorum to be a majority of participating Acceptors. However, if there’s an even number of nodes within a Quorum this introduces a problem: the possibility that a vote may tie. To handle this scenario a special type of Acceptor is available, called a Distinguished Node. This machine gets a slightly larger vote so that it can break 50/50 ties.

14.7. Paxos Node Roles in DConE

When setting up your WD Fusion servers they’ll all be Acceptors, Proposers and Learners. In a future version of the product you’ll then be able to modify each WD Fusion server’s role to balance between resilience and performance, or to remove any risk of a tied vote.

14.8. Creating resilient Memberships

WD Fusion is able to maintain HDFS replication even after the loss of WD Fusion nodes from a cluster. However, there are some configuration rules that are worth considering:

14.8.1. Rule 1: Understand Learners and Acceptors

The unique Active-Active replication technology used by WD Fusion is an evolution of the Paxos algorithm, as such we use some Paxos concepts which are useful to understand:

  • Learners:
    Learners are the WD Fusion nodes that are involved in the actual replication of Namespace data. When changes are made to HDFS metadata these nodes raise a proposal for the changes to be made on all the other copies of the filesystem space on the other data centers running WD Fusion within the membership.

Learner nodes are required for the actual storage and replication of hdfs data. You need a learner node where ever you need to store a copy of the shared hdfs data.

  • Acceptors:
    All changes being made in the replicated space at each data center must be made in exactly the same order. This is a crucial requirement for maintaining synchronization. Acceptors are nodes that take part in the vote for the order in which proposals are played out.

Acceptor Nodes are required for keeping replication going. You need enough Acceptors to ensure that agreement over proposal ordering can always be met, even after accounting for possible node loss. For configurations where there are a an even number of Acceptors it is possible that voting could become tied. For this reason it is possible to make an Acceptor node into a tie-breaker which has slightly more voting power so that it can outvote another single Acceptor node.

14.8.2. Rule 2: Replication groups should have a minimum membership of three learner nodes

Two-node clusters (running two WD Fusion servers) are not fault tolerant, you should strive to replicate according to the following guideline:

  • The number of learner nodes required to survive population loss of N nodes = 2N+1
    where N is your number of nodes.

    So in order to survive the loss of a single WD Fusion server equipped datacenter you need to have a minimum of 2x1+1= 3 nodes
    In order to keep on replicating after losing a second node you need 5 nodes.

14.8.3. Rule 3: Learner Population - resilience vs rightness

  • During the installation of each of your nodes you may configure the Content Node Count number, this is the number of other learner nodes in the replication group that need to receive the content for a proposal before the proposal can be submitted for agreement.

    Setting this number to 1 ensures that replication won’t halt if some nodes are behind and have not received replicated content yet. This strategy reduces the chance that a temporary outage or heavily loaded node will stop replication, however, it also increases the risk that namenode data will go out of sync (requiring admin-intervention) in the event of an outage.

14.8.4. Rule 4: 2 nodes per site provides resilience and performance benefits

Running with two nodes per site provides two important advantages.

  • Firstly it provides every site with a local hot-backup of the namenode data.

  • Enables a site to load-balance namenode access between the nodes which can improve performance during times of heavy usage.

  • Providing the nodes are Acceptors, it increases the population of nodes that can form agreement and improves resilience for replication.

14.9. Replication Frequently Asked Questions

14.9.1. What stops a file replication between zones from failing if an operation

such as a file name change is done on a file that is still transferring to another zone?

Operations, such as a rename only affects metadata, so long as the file’s underlying data isn’t changed, the operation to transfer the file will complete. Only then will the rename operation play out. When you start reading a file for the first time you acquire all the block locations necessary to fulfil the read, at this point metadata changes won’t halt the transfer of the file to another zone.

14.10. Agreement recovery in WD Fusion

This section explains why when monitoring replication recovery, it may be possible to see a brief delay and seemingly out-of-order delivery of proposals at the catching-up node.

In the event that the WAN link between clusters is temporarily dropped, it may be noticed that when the link returns, there’s a brief delay before the reconnected zones are back in sync and it may appear that recovery is happening with agreements being made out of order, in terms of the global sequence numbers (GSNs) associated with each agreement.

This behaviour can be explained as follows:

  1. The "non-writer" nodes review the GSNs to determine which agreements the current writer has processed and which agreements they can remove from their own store, where they are kept in case the writer node fails and they have to take over.

  2. When a new writer is elected, the presence/absence of a particular GSN tells the new writer which agreements can be skipped. There may be gaps in this sequence as not all proposals are filesystem operations. For example, writer and leader election proposals are not filesystem operations, therefore their GSNs are not written to the underlying filesystem.

14.10.1. Why are proposals seemingly being delivered out-of-order?

This is related and why you will see gsn’s written "out-of-order" in the filesystem. Internally within Fusion "non-interfering" agreements are processed in parallel so we can increase throughout and the global sequence is not blocked on operations that may take a long time, such as a large file copy.

14.10.2. Example

Consider the following global sequence, where /repl1 is the replicated directory:

1. Copy 10TB file to /repl1/dir1/file1
2. Copy 10TB file to /repl1/dir2/file1
3. Chown /repl/dir1

Agreements 1. and 2. may be executed in parallel since they do not interfere with one-another. However, agreement 3. must wait for agreement 1 to complete before it can be applied to the filesystem. If agreement 2 completes before 1 then its gsn will be recorded before the preceding agreement and look on the surface like out-of-order delivery of GSNs.

14.10.3. Under the hood

DConE’s Output Proposal Sequence (OPS) delivers agreed values in strict sequence, one-at-a-time, to an application. Applying these values to the application state in the sequence delivered by the OPS ensures the state is consistent with other replicas at that point in the sequence. However, an optimization can be made: if two or more values do not interfere with one another (see below for definition of 'interfere') they may be applied in parallel without adverse effects. This parallelization has several benefits, for example:

  1. It may increase the rate of agreed values applied to the application state if there are many non-interfering agreements;

  2. It avoids an agreement that takes a long time to complete (such as a large file transfer) from blocking later agreements that aren’t dependent on that agreement having completed.

15. WD Fusion Configuration

This section lists the available configuration for WD Fusion’s component applications. You should take care when making any configuration changes on your clusters.

15.1. WD Fusion Server

WD Fusion server configuration is stored in two files:

/etc/wandisco/fusion/server/application.properties
Table 2. Table of WD Fusion Server properties in application.properties
Property Description Permitted Values Default Checked at…​

node.name

Sets the name of the node.

Valid node name

NA

Startup

application.hostname

This is the hostname used in reporting the address

valid hostname

NA

Startup

application.port

The port DConE uses for communication

1 – 65535

6444

Startup

dcone.system.db.panic.if.dirty

If set to true and the DConE system database was not shut down 'cleanly' (i.e., the prevaylers weren’t closed) then on restart the server will not start.

true or false

true

Startup

application.integration.db.panic.if.dirty

If set to true and the application integration database was not shut down 'cleanly' (i.e., the prevaylers weren’t closed) then on restart the server will not start.

true or false

true

Startup

communication.hostname

Hostname used for binding opened ports for DConE, the requests and REST. While DConE has logic which will default the value to 0.0.0.0, WD Fusion does not set a default, so the property must be specified.

A valid hostname or IP

None - must be specified

Startup

data.center

The zone where the Fusion server is located

Any String

None - must be present

Startup

database.location

The directory DConE will use for persistence

Any existing path

None - must be present

Startup

executor.threads

The number of threads executing agreements in parallel (since 2.10+ where repair.threads were introduced, this is total number of repair and agreement execution threads)

1 – reasonable max number of threads as allowed per platform (taking into account other threads)

20 (2.10+ - 25)

Startup

repair.threads
(2.10+, 2.9.1.2, 2.9.3.1)

Number of executor threads dedicated for repair only. These are the ones which will do the work for repairing and nothing else.

1 - less then executor.threads

5

Startup

repair.thread.limit
(2.10+, 2.9.1.2, 2.9.3.1)

(slightly misleading name) Maximum number of outstanding files that a single repair will have scheduled for execution at any given time. If this limit is reached, it will wait for some to complete, before scheduling mode. This is a mechanism to allow multiple parallel repairs to zip together. E.g. if repair with 1000 files arrives and then another with 10, if the one with 1000 scheduled them all, the short 10file repair would have to wait. With this limit, only first 10 of 1000 are scheduled on rolling basis. So when the other repair arrives, it can schedule it’s 10 and they will start sharing the executors evenly. This should be set to value equal or a bit larger then repair.threads.

1 - MAX_INTEGER

10

Startup

fusion.decoupler

The decoupler the Fusion server will use

dcone, disruptor, simple

disruptor

Startup

fusion.http.policy

Determines the transfer protocol(s) to be supported by Fusion Server.

HTTP_ONLY, HTTPS_ONLY, BOTH_HTTP_HTTPS

HTTP_ONLY

Startup

disruptor.wait.strategy

The wait strategy to use when the disruptor is selected for fusion.decoupler

blocking, busy.spin, lite.blocking, sleeping, yielding

yielding

Startup

jetty.http.port

The port the Fusion HTTP server will use

1 – 65535

8082

Startup

request.port

The port Fusion clients will use

1 – 65535

8023

Startup

transport

The transport the Fusion server should use

EPOLL, NIO, OIO

NIO

Startup

transfer.chunk.size

The size of the "chunks" used in a file transfer. Used as input to Netty’s ChunkedStream.

1 – Integer.MAX_VALUE

4096kb

When each pull is initiated

dcone.use.boxcar

Whether boxcars should be used

true or false

false

Startup

license.file

The path to the license file

A valid path to a license key

/etc/wandisco/server/license.key

On each periodic license check

max.retry.attempts

The maximum number of times to retry an agreed request.

1 – Integer.MAX_VALUE

180 When executing an agreed request

remote.ihc.port

The port remote ihc servers should connect to when the zone is Inbound.

1 – Integer.MAX_VALUE

8024

Startup

retry.sleep.time

The sleep time (milliseconds) in between retries of an agreed request.

1 – Long.MAX_VALUE (notice the capital L, make sure to put this in)

1000L

When executing an agreed request

ssl.enabled

Whether Fusion Server - Fusion Server, Fusion Server - IHC Server, and Fusion Server - Fusion Client communications should all use SSL. (In 2.8 and beyond, this property ONLY enables Fusion Server - Fusion Server SSL.)

true or false

false

Startup

ssl.key.alias

Alias of private key / certificate chain used to encrypt communications by server.

alias of a keystore entry

None - required if server-server or server-client SSL is enabled

Startup

ssl.key.password

Encrypted password of key entry

Password encrypted using password-encryptor.sh

None

Startup

ssl.keystore

Location of key store containing key entry

Absolute path to key store

None - required if server-server or server-client SSL is enabled

Startup

ssl.keystore.password

Encrypted password of key store

Password encrypted using password-encryptor.sh

None

Startup

ssl.truststore

Location of trust store used to validate certificates sent by other Fusion Servers or IHC servers

Absolute path to trust store

None - required if server-server or server-IHC SSL is enabled

Startup

ssl.truststore.password

Encrypted password of trust store

Password encrypted using password-encryptor.sh

None

Startup

ihc.ssl.enabled (2.10+)

If Fusion Server - IHC communications should use SSL (the Fusion-server part of config).

true/false

false

Startup

cooperative.limit

15000

fusion.replicated.dir.exchange
(2.9.3+, 2.10+)

Location of a directory in the replicated filesystem to which Fusion server will write information about replicated directories for clients to read. It should be non-replicated location, readable by all users and writable by Fusion user. + For it to work, there needs to be the same thing configured for client’s in their core-site.xml

/etc/hadoop/conf/core-site.xml
fs. prefix removal
Please take note that in WD Fusion 2.8 many of the properties in the following table have had the fs. prefix removed. The fs. is now used exclusively for filesystem specific properties.
Table 3. Table of WD Fusion Server properties in core-site.xml
Property Description Permitted Values (default value in bold)

fusion.http.authentication.enabled
(2.8 - fusion.http.authentication.enabled)

Enables authentication on the REST API

true or false

fusion.http.authentication.type
(2.8 - fusion.http.authentication.type)

Type of authentication used.

"simple" (for simple authentication) or "kerberos" (for kerberos authentatication)

fusion.http.authentication.simple.anonymous.allowed
(2.8 - fusion.http.authentication. simple.anonymous.allowed)

If type is "simple", whether anonymous API calls are allowed. If set to false, users must append a query parameter at the end of their URL "user.name=$USER_NAME"

true or false

fusion.http.authentication.kerberos.principal

If type is "kerberos", the principal the fusion server will use to login with. The name of the principal must be "HTTP".

'*' (Putting simply an asterisk will cause the filter to pick up any principal found in the keytab that is of the form
"HTTP/*" and log in with all of them)
"HTTP/${HOSTNAME_OF_FUSION_SERVER}@${KERBEROS_REALM}"
"HTTP/_HOST@${KERBEROS_REALM}" ("_HOST" will auto-resolve to the hostname of the fusion server)

fusion.http.authentication.kerberos.keytab

If type is "kerberos", the path to a keytab that contains the principal specified.

Any String

fusion.http.authentication.signature.secret.file

Path to a readable secret file. File is used to authenticate cookies.

Any String

fusion.enable.early.pulls

A property targeted at FileSystems that do not support appends (e.g. S3, Azure). When set to the default "false" the Fusion server will ignore incoming HFlushRequests. The "fs." prefix has been removed as the property may not be specific to FileSystems in future.

true or false

fusion.http.authorization.enabled

Property that sets the state of authorization.

true or false.

fusion.http.authorization.authorized.read.writers

The read-writers config dictates which user is allowed to make write REST calls (e.g. DELETE, PATCH, POST, and PUT). Read-writers have both RW-permissions.

A comma-delimited list of authorized users.

fusion.http.authorization.authorized.readers

Users who have read-only permission. They are unable to do all of the calls noted in the read.writers entry, above.

A comma-delimited list of authorized users.

fusion.http.authorization.authorized.proxies

The core filter reads a new local property which specifies proxy principals - this is the remote user principal that the UI will authenticate as. The value for the property should be set to the user part of the UI kerberos credential, e.g. hdfs

A comma-delimited list of authorized users.

fusion.client.can.bypass

Enables or disables the ability for the client to bypass to underlying filesystem without waiting for a response from WD Fusion.

true or false

fusion.client.coordinate.read (2.10 only)

If true, the Fusion client will coordinate open() operations (which is used when an application opens a file for read). See Fusion Client OpenRequests coordination

true or false

fusion.client.bypass.response.secs (2.8 only)

Sets how long the client will wait for a response from Fusion for before bypassing to underlying.

integer (seconds)

fusion.client.bypass.retry.interval.secs (2.8 only)

Sets how long to keep bypassing for once a client has been forced to bypass for the first time.

integer (seconds)

fusion.backup.dir (2.8 only)

The directory path where backups will reside. Unless intended to replicate, ensure that this is a non-replicated directory so backup files only exist on this datacenter.

path

fusion.client.repl.dir.cache.dispose.interval.secs

The period of time that a client maintains the cache of Replicated Directories. After the period, the client will clear its cache, connect to a fusion-server, and build a new cache of Replicated Directories.

time in seconds

fusion.username.translations

This property enables administrators to handle user-mapping between replicated folders. This consists off a comma-separated list of regex rules. Each rule consists of a username (from an incoming request) separated from a translated pattern by a "/". See further explanation
Important: Take note that the username translation feature only translates the usernames on operations from remote zones.

null by default. pattern-string/translate-to-string

fusion.replicated.dir.exchange + (2.9.3+, 2.10+)

Location from which clients should try to read information about replicated directories, before contacting Fusion server. (FUS-3121) It’s necessary to configure the same in server’s application.properties, so that it generates the necessary data.

hdfs://nn/shared/fusionDirExchange

15.2. Username Translations

15.2.1. Example

<property>
     <name>fusion.username.translations</name>
    <value>hdp-(.*)/cdh-$1,([A-Z]*)-([0-9]*)-user/usa-$2-$1</value>
</property>

In the data center where the fusion.username.translations property is set, when a request comes in, it will check the username of the request against each listed pattern, and if the username matches that pattern, an attempt is made to translate using the listed value. If, during a check, none of the rules are found to match, we default to the username of the request, with no attempt to translate it.

Furthermore, the user translation will iterate over the list of translations and use the first match. Once a match is made, no further translation is attempted.

Looking at the example translation rules:

hdp-(.*)/cdh-$1,([A-Z]*)-([0-9]*)-user/usa-$2-$1

Notice here that we have two rules:

  1. hdp-(.*)/cdh-$1

  2. ()-([0-9])-user/usa-$2-$1

To reiterate, we expect the following in the property:

  • Rules are comma separated.

  • Patterns and translations are separated by "/".

  • Patterns and translations don’t contain "/".

  • White spaces should be accounted for in code, but are discouraged.

"user" field inconsistencies are ignored
If any nodes that take part in a consistency check have the Username Translation feature enabled, then inconsistencies in the "user" field will be ignored.

For the above config example, assume a createRequest comes in with the following usernames:

Username: ROOT-1991-user

  1. We will check against the first pattern, hdp-(.*), and notice it doesn’t match.

  2. We will check against the second pattern, ()-([0-9])-user, and notice it matches.

  3. Attempt to translate the username using usa-$2-$1.

  4. Username is translated to usa-1991-ROOT.

  5. Create is done on the underlying filesystem using username, usa-1991-ROOT.

Username: hdp-KPac

We will check against the first pattern, hdp-(.*), and notice it matches.

  1. Attempt to translate the username using cdh-$1.

  2. Username is translated to cdh-KPac.

Create is done on the underlying filesystem using username, cdh-KPac.

Username: hdfs

  1. We will check against the first pattern, hdp-(.*), and notice it doesn’t match.

  2. We will check against the second pattern, ()-([0-9])-user, and notice it doesn’t match.

  3. Username is left as hdfs. Create is done on the underlying filesystem using username, hdfs.

Because these are config properties, any data center can have any set of rules. They must be identical across fusion-servers that occupy the same zone but do not have to be identical across data centers.

15.3. Kerberos Settings

When Kerberos is enabled on the underlying cluster, Fusion Server and IHC need to have the following defined in their /etc/hadoop/conf/core-site.xml files.

Property

Description

Permitted Values

Default

Checked at…​

fs.fusion.keytab
(2.8 - fusion.keytab)

The absolute location of the readable keytab file.

/etc/security/keytabs/fusion.service.keytab
(common case is to just use the hdfs service keytab)

None - must be present if FileSystem cluster configured for Kerberos.

Startup

fs.fusion.principal
(2.8 - fusion.principal)

The name of the fusion principal found in the keytab file. Used for Kerberos login purposes since a keytab can contain multiple principals.

"fusion/_HOST@${KERBEROS_REALM}"
(hdfs can be subsituted for fusion here if you are using the hdfs keytab)

None - must be present if "fs.fusion.keytab" is defined.

Startup

fs.fusion.principal
(2.8 - fusion.principal)

The name of the fusion principal found in the keytab file. Used for Kerberos login purposes since a keytab can contain multiple principals.

"fusion/_HOST@${KERBEROS_REALM}"
(hdfs can be subsituted for fusion here if you are using the hdfs keytab)

None - must be present if "fs.fusion.keytab" is defined.

Startup

fusion.handshakeToken.dir

Path to the handshake directory. Fusion will attempt to write to this directory to verify that the user has the proper Kerberos credentials to write to the underlying file system.

/user/hdfs/

Varies per file system. For HDFS, it is the user’s home directory.

On processing a client request.

15.4. IHC Server

The Inter-Hadoop Communication Server is configured from a single file located at:

/etc/wandisco/fusion/ihc/server/{distro}/{version string}.ihc.

Property

Description

Permitted Values

Default

Checked at…​

ihc.server

The hostname and port the IHC server will listen on.

String:[1 - 65535]

None - must be present

Startup

ihc.transport

The transport the IHC server should use.

OIO, NIO, EPOLL

NIO

Startup

ihc.server.bind (2.8 only)

The address the ihc server will bind to. Equivalent of DConE’s communication.hostname. May not be specified. If not specified, will be "0.0.0.0:port". In all cases the port should be identical to the port used in the ihc.server address (above).

String:[1 - 65535]

0.0.0.0:port

Startup

ihc.ssl.enabled

Signifies that WD Fusion server - IHC communications should use SSL encryption.

true, false

false

Startup

ihc.ssl.truststore.password

Encrypted password of trust store

Password encrypted using password-encryptor.sh

None

Startup

ihc.ssl.key.alias

Alias of private key / certificate chain used to encrypt communications by IHC Server.

alias of a keystore entry

None - required if Server-IHC SSL is enabled

Startup

ihc.ssl.key.password

Encrypted password of key entry

Password encrypted using password-encryptor.sh

None

Startup

ihc.ssl.keystore

Location of key store containing key entry

Absolute path to key store

None - required if Server-IHC SSL is enabled

Startup

ihc.ssl.truststore.type

Format of trust store

JKS, PCKS12, etc.

JKS

Startup

http.server

The host and port for the web server, used when the fusion.ihc.http.policy is equal to HTTP_ONLY or BOTH_HTTP_HTTPS.

String:[1 - 65535]

0.0.0.0:9001

Startup

https.server

The host and port for the web server, used when the fusion.ihc.http.policy is equal to HTTPS_ONLY or BOTH_HTTP_HTTPS.

String:[1 - 65535]

0.0.0.0:8001

Startup

15.5. IHC Network configuration

The following is a description of how IHC servers are added to the replication system from WD Fusion 2.9:

  1. The IHC servers are configured with the addresses of the WD Fusion servers that inhabit the same zone.

  2. Periodically, the IHC servers ping the WD Fusion servers using these stored addresses.

  3. The WD Fusion servers will announce the IHC servers that have pinged them.

IHC servers in standard configuration should have the address of all WD Fusion servers, since the core-sites.xml property fusion.server lists them all. This is important because only the Writer node in each zone will confirm the existence of IHCs that have pinged it. Other Fusion Servers don’t. Therefore the IHC has to talk to all Fusion servers in the zone in order to be flagged as available.

The same method used in Hadoop to handle namenode and datanode connections. The datanode is configured with the namenode’s address and uses the address to contact the namenode and indicate its availability. If the namenode doesn’t hear from the datanode within a set period, the namenode assumes that the datanode is offline.

Note:
If the property was missing from the file during initialization then it is possible that the IHC server will fail to make a connection to the WD Fusion server, causing replication to stall. If a restart of the cluster fixes the problem this may indicate that a necessary restart isn’t happening which may result in IHC servers running with outdated configuration.

15.6. WD Fusion Client

Client configuration is handled in

/etc/hadoop/conf/core-site.xml
Property Description Permitted Values Default Checked at…​

fs.AbstractFileSystem.fusion.impl

The Abstract FileSystem implementation to be used

See comment 1 below

None

Startup

pre 2.8 - fs.fusion.client.retry.max.attempts
2.8 - fusion.client.retry.max.attempts

Max number of times to attempt to connect to a Fusion server before failing over (in the case of multiple Fusion servers)

Any integer

3

Startup

fs.fusion.impl

The FileSystem implementation to be used

See comment 1 below

None

Startup

fs.fusion.push.threshold

The number of bytes the client will write before sending a push request to the Fusion server indicating bytes are available for transfer.

0 - Long.MAX_VALUE. (If the threshold is 0, pushes are disabled)

The block size of the underlying filesystem

Startup

pre 2.8 - fs.fusion.server
2.8 - fusion.server

The hostname and request port of the Fusion server. Comma-separated list of hostname:port for multiple Fusion servers.

String:[1 – 65535] (Comma-separated list of Fusion servers)

None - must be present

Startup

pre 2.8- fs.fusion.transport + 2.8 - fusion.transport

The transport the FsClient should use

EPOLL, NIO, OIO

NIO

Startup

pre 2.8 - fusion.underlyingFs 2.8 - fs.fusion.underlyingFs

The address of the underlying filesystem

Often this is the same as the fs.defaultFS property of the underlying hadoop. However, in cases like EMRFS, the fs.defaultFS points to a local HDFS built on the instance storage which is temporary, with persistent data being stored in S3. Our customers are likely to use the S3 storage as the fs.fusion.underlyingFs.

None - must be present

Startup

fs.fusion.underlyingFsClass

The name of the implementation class for the underlying file system specified with fs.fusion.underlyingFs

Fusion expects particular implementation classes to be associated with common URI schemes used by Hadoop clients when accessing the file system (e.g. s3://, file://, hdfs://, etc.) If your cluster is configured to use alternative implementations classes for the scheme configured in fs.fusion.underlyingFs, you need to specify the name of the implementation for the underlying file system with this item. You also need to specify the implementation if using a URI scheme that is not one of those known to the defaults here.

There is a default per scheme:
file: org.apache.hadoop.fs.LocalFileSystem
gs: com.google.cloud.hadoop.fs.gcs.GoogleHadoopFileSystem
hdfs: org.apache.hadoop.hdfs.DistributedFileSystem
maprfs: com.mapr.fs.MapRFileSystem
s3: com.amazon.ws.emr.hadoop.fs.EmrFileSystem
s3n: com.amazon.ws.emr.hadoop.fs.EmrFileSystem
wasb: org.apache.hadoop.fs.azure.NativeAzureFileSystem
wasbs: org.apache.hadoop.fa.azure.Secure

Startup

fs.hdfs.impl

The DistributedFileSystem implementation to be used

See comment 1 below

None

Startup

pre 2.8 - fs.fusion.ssl.enabled 2.8 - fusion.ssl.enabled + 2.10 - fusion.client.ssl.enabled

If Fusion Server - Fusion Client communications should use SSL

true, false

false

pre 2.8 - fs.fusion.ssl.truststore + 2.8 - fusion.ssl.truststore

Location of trust store used to validate certificates sent by Fusion Servers

Absolute path to trust store file

None - must be present if server-client SSL enabled

Startup

pre 2.8 - fs.fusion.ssl.truststore.password 2.8 - fusion.ssl.truststore.password

Encrypted password of trust store

Password encrypted using password-encryptor.sh

None

Startup

pre 2.8 - fs.fusion.ssl.truststore.type 2.8 - fusion.ssl.truststore.type

Format of trust store

JKS, PCKS12, etc.

JKS

Startup

fusion.client.can.bypass (2.8 only)

If true, bypasses the request to the underlying filesystem after retrying.

true/false

false

Everytime a request is submitted.

fusion.client.coordinate.read (2.10 only)

If true, the Fusion client will coordinate open() operations (which is used when an application opens a file for read).

true or false

false

Every time open() is called.

fusion.client.bypass.response.secs (2.8 only)

Determines, in seconds, how long the client will wait for a fusion server to handle the request

Time in seconds.

14

Startup

fusion.client.bypass.retry.interval.secs (2.8 only)

Rather than just have the client try over and over this could cause some extreme slowness during a down fusion server, so instead, after client switched to a fusionless operation, all operations that follow would be fusionless until this time passed and which time the client would use fusion again.

Time in seconds

60

Everytime a fusion client attempts to connect to a fusion server.r

fusion.backup.dir (2.8 only)

The directory path where backups will reside. Unless intended to replicate, ensure that this is a non-replicated directory so backup files only exist on this datacenter.

Path

/fusion/backup/

Startup

fusion.backup.enabled (2.8 only)

If true, enables backup on this datacenter. On every delete, rather than the file being removed, it will be moved to a timestamped directory within fusion.backup.dir.

true/false

false

Startup

fusion.backup.strategy

A class that implements BackupStrategy that is the strategy of how backups are handled.

class that implements BackupStrategy (i.e com.wandisco.fusion.plugin.hcfs.server.backup.HcfsBackupStrategy.class)

NoBackupStrategy.class

Startup

fusion.enable.early.pulls

If true, the Fusion server will pull data when it receives an HFlush request from another zone.

true/false

true

When an HFlushRequest is received

fusion.username.translations

A list of username translations that dictate what username is used for operations coming from other datacenters. Example: fusion.username.translations= "datacenterA/datacenterB,dcA/dcB" If datacenterA did a create with "datacenterA" as a user, datacenterB would translate to "datacenterB" before applying the create. If there are multiple translations, they need to be comma-separated.

Comma separated strings of the format <expected>/<translated>.

None

Requests from other datacenters.

fusion.replicated.dir.exchange (2.9.3+, 2.10+)

Location from which clients should try to read information about replicated directories, before contacting Fusion server. (FUS-3121) It’s necessary to configure the same in server’s application.properties, so that it generates the necessary data.

hdfs://nn/shared/fusionDirExchange

none

startup

15.6.1. Usage Guide

There’s a fixed relationship between the type of deployment and some of the Fusion Client parameters. The following table describes this relationship:

Configuration fs.fusion.impl fs.AbstractFileSystem.fusion.impl fs.hdfs.impl

Use of fusion:/// with HCFS

com.wandisco.fs.client.FusionHcfs

com.wandisco.fs.client.FusionAbstractFs

Blank

Use of fusion:/// with HDFS

com.wandisco.fs.client.FusionHdfs

com.wandisco.fs.client.FusionAbstractFs

Blank

Use of hdfs:/// with HDFS

Blank

Blank

com.wandisco.fs.client.FusionHdfs

Use of fusion:/// and hdfs:/// with HDF

com.wandisco.fs.client.FusionHdfs

com.wandisco.fs.client.FusionAbstractFs

com.wandisco.fs.client.FusionHdfs

15.7. LocalFileSystems

We’ve introduced FusionLocalFs for LocalFileSystems using WD Fusion. This is necessary because there are a couple of places where the system expects to use a Local File System.

Configuration

fs.fusion.impl

fs.AbstractFileSystem.fusion.impl

fs.hdfs.impl

LocalFileSystems (See below)

com.wandisco.fs.client.FusionLocalFs

com.wandisco.fs.client.FusionLocalFs

com.wandisco.fs.client.FusionLocalFs

Therefore, for LocalFileSystems, users should set their fs.<parameter>.impl configuration to *com.wandisco.fs.client.FusionLocalFs*.

15.8. Usage

  • Set fs.file.impl to FusionLocalFs, (then any file:/// command will go through FusionLocalFs)

  • Set fs.fusion.impl to FusionLocalFs, (then any fusion:/// command will go through FusionLocalFs).

    Further more, a user can now set any scheme to any Fusion*Fs and when running a command with that scheme, it will go through that Fusion*Fs. e.g.,

  • Set fs.orange.impl to FusionLocalFs, (then any oranges:/// command will go through FusionLocalFs).

  • Set fs.lemon.impl to FusionHdfs, (then any lemon:/// command will go through FusionHdfs).

15.9. Fusion Client OpenRequests coordination

In WD Fusion 2.10, OpenRequests from clients are no longer coordinated operations, since OpenRequests are read-only their coordination adds unnecessary traffic.

15.9.1. Failsafe

If the operation of any applications is affected by this change, it is possible to make OpenRequests coordinated again by changing the WD Fusion Client property fusion.client.coordinate.read to "true".

15.10. System Usage Graphs

The dashboard provides running monitors for key system resources.

Fusion03

On nodes that have data limits on their product license, there’s a graph that displays the volume of replicated data, as a percentage of the license limit.

Fusion03

This graph tracks the percentage of configured Java Heap space that is currently in use across the cluster.

Fusion03

This graph measures the percentage of available storage in the partition that hosts the WD Fusion installation.

Fusion03

This graph tracks the current percentage load on the cluster’s processors.

15.11. CPU Graph clarification

We display CPU load averages. Low values indicate that the system’s processor(s) have unused capacity. Above the warning threshold (80% by default) available capacity starts to run out. Note that the number that drives the graph is between 0 and 1, and so already takes multi-core systems into consideration.

15.12. Replicated Rules

The Replicated Folders screen lists those folders in the cluster’s hdfs space that are set for replication between WD Fusion nodes.

Fusion01
Figure 135. Replicated Rules screen
Replication Rules

Lists all active replicated folders, currently running on the node.

Pending Rules

Replicated folders that have been added but have not yet been established across all nodes. In most situations, pending rules will eventually move up to the Replication Rules table.

Failed Rules

In rare situations, a replicated folder creation will be rejected because of a file inconsistency between nodes. In such cases, the Failure will be reported in the Failed Rules table.

15.13. Filtering

Fusion01
Figure 136. Filter field.

In deployments that use large numbers of rules, You can use the filter tool to focus on specific sets of rules. Filtering by Path, Membership or Consistency.

15.14. Create Rule

Click on Create Rule to set up a new replicated folder.

Fusion05
Figure 137. Create Rule.

15.15. Advanced Options

Fusion_excluder
Figure 138. Writer For This Zone.

The Advanced Options provide additional control for replicated folders.

This identifies which node is assigned as the writer for this node. See the glossary for an explanation of The role of the writer.

Check consistency (Your rule will not be created if there are inconsistencies)

Use this option to perform a consistency check before creating the replicated folder space. The check must succeed in order for the rule to be applied. If you want to perform the check but not enforce consistency see the next checkbox.

Create rule even if folder is inconsistent

The replication space is added, even if it has been found to be inconsistent between nodes. This option lets you create new replicated folders and then remedy consistencies.

Shared Encrypted KMS

In deployments where multiple zones share a command KMS server, then enable this parameter to specify a virtual prefix path.

Preserve Origin Block Size

The option to preserve the block size from the originating file system is required when Hadoop has been set up to use a columnar storage solution such as Apache Parquet. If you are using a columnar storage format in any of your applications then you should enable this option to ensure that each file sits within the same HDFS block.

Preserve Replication Factor

By default, data that is shared between clusters will follow the local cluster’s replication rules rather than preserve the replication rules of the originating cluster. When this option is enabled, the replication factor of the originating cluster is preserved.

Example
Data in Zone A which has a replication factor of 3 is replicated to Zone B, which has a replication factor of 5. When Preserve Replication Factor is enabled this replica of the data in Zone B will continue to use a replication factor of 3 rather than use Zone B’s native replication factor of 5.

15.15.1. Exclude from replication?

You can select files or file system locations that will be excluded from replication across your clusters and will not show up as inconsistent when a consistency check is run on the file system.

This feature is used to remove housekeeping and temporary system files that you don’t want clogging up the replication traffic. The entry field will accept specific paths and files or a glob pattern (sets of filenames with wildcard characters) for paths or files.

15.15.2. Default Exclusions

The following glob patterns are automatically excluded from replication:

/**/.fusion, /**/.fusion/**
  • Fusion directories store WD Fusion’s housekeeping files, it should always be excluded in the global zone properties (even after update)

/**/.Trash, /**/.Trash/**
  • Trash directories are excluded by default but it can be removed if required.

Example
Requirement: exclude all files in the replicated directory with the "norep_" prefix from replication.
Folder structure:

/repl1/rep_a
/repl1/norep_b
/repl1/subfolder/rep_c
/repl1/subfolder1/norep_d
/repl1/subfolder2/rep_e
/repl1/subfolder2/norep_e

Required rule:

**/norep_*
  • Pattern does not need to be an absolute path, e.g. /repl1/subfolder2/no_rep_3, patterns are automatically treated as relative to the replicated folder, e.g. /subfolder/no_rep_3

  • Take care when adding exclusion rules as there is currently no validation on the field.

16. Web UI Reference Guide

The following section takes a look at each screen that is available in the WD Fusion UI.

16.2. Node

16.2.1. About

Settings that apply to the current node.

16.2.2. About This Node

Fusion13

The About This Node panel shows the version information for the underlying Hadoop deployment as well as the WD Fusion server and UI components:

Fusion UI Version

The current version of the WD Fusion UI.

Fusion Build Number

The specific build for this version of the WD Fusion UI.

Hadoop Version

The version of the underlying Hadoop deployment.

WD Fusion Version

The version of the WD Fusion replicator component.

WD Fusion Uptime

The time elapsed system the WD Fusion system last booted up.

Cluster Manager

The management application used with the underlying Hadoop.

16.2.3. Client Bypass Settings

Fusion Client Bypass

The emergency bypass feature gives the administrator an option to bypass WD Fusion and write to the underlying file system, which will introduce inconsistencies between zones. This is suitable for when short-term inconsistency is seen as a lesser evil compared to blocked progress.

For an explanation about how to use this feature, see Emergency bypass to allow writes to proceed.

16.2.4. Graph Settings

The graphs that are displayed on the WD Fusion dashboard can be modified so that they use different thresholds for their "Warning" and "Critical" levels. By default, warn triggers at 80% usage and critical triggers at 90% or 95%.

Warning

At the warn level, the need for administrator intervention is likely, although the state should have no current impact on operation. On a breach, there is the option for WD Fusion to send out an alerting email, providing that you have configured the email notification system. See Set up email notifications.

Critical

At the critical level, the need for administrator intervention may be urgent, especially if the breach concerns partition usage where reaching 100% will cause the system to fail and potentially result in data corruption. On a breach, there is the option for WD Fusion to send out an alerting email, providing that you have configured the email notification system. See Set up email notifications.

graph settings

License Data Limit

This corresponds with the dashboard graph "License Limit: Volume of Replicated Data". The graph tracks the percentage of replicated data permitted by the current license. Enter your own values for the "Warn" trigger and "Critical" trigger. Defaults: Warn 80%, Critical 90%.

CPU

This corresponds with the dashboard graph "System CPU Load", it tracks usage in terms of percentage of available cycles. Defaults: Warn 80%, Critical 95%.

Memory

This corresponds with the dashboard graph "Java Heap Consumption" which tracks the ammount of JAVA heap currently in use, based on the Maximum Heap Settings that were applied during the installation. Defaults: Warn 80%, Critical 95%.

Disk

This corresponds with the dashboard graph "Fusion Database Partition Disk Usage". This graph measures the percentage of the available partition specifically being used by WD Fusion. The monitor is important because exhausting the available storage will cause WD Fusion to fail and potentially could result in corruption to the internal prevayler database. Defaults: Warn 80%, Critical 95%.

16.2.5. Support

The support tab contains links and details that may help you if you run into problems using WD Fusion.

WD Fusion tree
Figure 139. Support tab

16.2.6. License Settings

The License Settings panel gives you a summary of the server’s license status.

Server Settings
Figure 140. License
License

Type of license employed. (Evaluation or Production)

Expiry

Date on which the license will expire — at which point a new license will be required.

Fusion Server Limit

Maximum number of WD Fusion server (Nodes) across all zones included under the license.

Data Transfer Limit

The maximum amount of replicated data (TB) permitted by the license.

Source

The origin of the license. Provided or Downloaded.

Licensed IPs

Machine IP addresses that are covered under the license.

Zone Limit

The maximum number of zones supported under the license.

License Location

Location of the license key on the server’s file system.

16.2.7. Plugins

The Plugins screen lists the versions of all installed Plugins in the deployment.

Server Settings
Figure 141. Plugins
Fusion Core

Lists plugins that modify WD Fusion’s core. Currently Fusion’s Hadoop Compatible File System is registered as a plugin. Note that this is built into the product and doesn’t need to be installed.

UI Server

Lists plugins that modify the UI Server. There are currently no UI Server plugins available.

UI Client

Lists UI Client plugins.

16.2.8. Server Settings

The server settings give you control over traffic encryption between WD Fusion and IHC servers.

Server Settings
Enable SSL for WD Fusion (checkbox)

Tick to enable the WD Fusion server to encrypt traffic using SSL. See below for additional settings that appear if you enable SSL.

Server Settings
KeyStore Path

Path to the keystore.

KeyStore Password

Encrypted password for the KeyStore.

Key Alias

The Alias of the private key.

Key Password

Private key encrypted password.

TrustStore Path

path to the TrustStore.

TrustStore Password

Encrypted password for the TrustStore.

Changes must be applied to all servers
Changes to SSL settings require the same changes to be made manually in the UI of every other WD Fusion node. Updating will also make changes in core-site file via the management endpoint. You will need to push out configs and restart some services.

DConE panic if dirty (checkbox)

This option lets you enable the strict recovery option for WANdisco’s replication engine, to ensure that any corruption to its prevayler database doesn’t lead to further problems. When the checkbox is ticked, WD Fusion will log a panic message whenever WD Fusion is not properly shutdown, either due to a system or application problem.

App Integration panic of dirty (checkbox)

This option lets you enable the strict recovery option for WD Fusion’s database, to ensure that any corruption to its internal database doesn’t lead to further problems. When the checkbox is ticked, WD Fusion will log a panic message whenever WD Fusion is not properly shutdown, either due to a system or application problem.

Configuration changes

These options set the following properties in /etc/hadoop/conf/core-site.xml

fusion.ssl.enabled=true
fusion.ihc.ssl.enabled=true

This ensures that both WD Fusion server and the IHC server traffic is secured using SSL. The properties, as defined in the WD Fusion Configuration are repeated below:

Property

Description

Permitted Values

Default

Checked at…​

fs.fusion.ssl.enabled
(2.8 - fusion.ssl.enabled)

If Client-WD Fusion server communications use SSL encryption.

true, false

false

Startup

ihc.ssl.enabled

Signifies that WD Fusion server - IHC communications should use SSL encryption.

true, false

false

Startup

Setting a password for SSL encryption

Use our provided bash script for generating a password. Run the script at the command line, enter a plaintext password, the script then generates and outputs the encrypted version of the entry:

[root@vmhost01-vm3 fusion-server]# ./encrypt-password.sh
Please enter the password to be encrypted
> ********
btQoDMuub7F47LivT3k1TFAjWSoAgM7DM+uMnZUA0GUet01zwZl7M8zixVZDT+7l0sUuw6IqGse9kK0TiDuZi0eSWreeW8ZC59o4R15CCz0CtohER7O3uUzYdHaW6hmT+21RaFkUF5STXXHcwdflwq4Zgm+KdUXKF/8TrgEVqT854gci1KQyk+2TKSGtGbANg12LplEre3DEGoMFOpy2wXbwO5kGOQM07bZPjsDkJmAyNwERg0F3k2sebbuGmz4VSAY1NTq4djX1bVwMWoPwcuiQXLwWLgfrGZDHaT+Cm88vRUsYaK2CDlZI4C7r+Lkkm/U4F/M6TFLGT6ZFlB+xRQ==
URI Selection

The default behaviour for WD Fusion is to handle all replication using the Hadoop Distributed File System via the hdfs:/// URI. Selecting the HDFS-scheme provides the widest support for Hadoop client applications, since some applications can’t support the available fusion:/// URI or they can only run on HDFS instead of the less strict HCFS. Each option is explained below:

Use HDFS URI with HDFS file system

URI Option A
This option is available for deployments where the Hadoop applications support neither the WD Fusion URI or the HCFS standards. WD Fusion operates entirely within HDFS. This configuration will not allow paths with the fusion:// URI to be used; only paths starting with hdfs:// or no scheme that correspond to a mapped path will be replicated. The underlying file system will be an instance of the HDFS DistributedFileSystem, which will support applications that aren’t written to the HCFS specification.

Use WD Fusion URI with HCFS file system

URI Option B
This is the default option that applies if you don’t enable Advanced Options, and was the only option in WD Fusion prior to version 2.6. When selected, you need to use fusion:// for all data that must be replicated over an instance of the Hadoop Compatible File System. If your deployment includes Hadoop applications that are neither able to support the Fusion URI, nor are written to the HCFS specfication, then this option will not work.

Use Fusion URI with HDFS file system

URI option C
This differs from the default in that while the WD Fusion URI is used to identify data to be replicated, the replication is performed using HDFS itself. This option should be used if you are deploying applications that can support the WD Fusion URI but not the Hadoop Compatible File System.

Use Fusion URI and HDFS URI with HDFS file system

URI Option D
This "mixed mode" supports all the replication schemes (fusion://, hdfs:// and no scheme) and uses HDFS for the underlying file system, to support applications that aren’t written to the HCFS specification.

Set Push Threshold Manually

Fusion PushThreshold

The feature exposes the configuration property fs.fusion.push.threshold, stored in the core-site.xml file. It provides administrators with a means of making a small performance improvement, useful in a small number of cases. When enabled in the UI the entry displays as "Required".

You cean enter your own value (in bytes) and click the Update button.

Amazon cloud deployments
For cloud deployments, ensure the property is disabled (unticked) or set to zero "0". This will disable HFLUSH which is suitable because appends are not supported for S3 storage.

16.2.9. UI Settings

Settings that control the TPC Port and hostname used by the WD Fusion server.

UI Settings

HTTP Port

Port used to access WD Fusion UI.

HTTP Host

Hostname of the WD Fusion UI.

Restart required
Any change that you make will require a restart of the WD Fusion server in order for it to be applied.

16.3. AWS Settings

This section covers the Amazon Web Services settings that are available through WD Fusion’s UI. Note that the AWS section will only appear in deployments that connect to a suitable S3 storage bucket.

AWS
Figure 142. AWS Settings

16.3.1. AWS About

AWS
Figure 143. AWS Settings
S3 Bucket Name

The name of your S3 storage bucket that you are connecting to.

Amazon S3 Encryption

Indicates if you are using Amazon’s own encryption, showing as "true" or "false"

If you run with the S3 Plugin, the following Properties will display instead:

AWS
Figure 144. AWS Settings
S3 Bucket Name

The name of your S3 storage bucket that you are connecting to.

S3 Buffer dir

The local directory used to handle S3 buffered data.

S3 Segment Size

The size of the S3 segment.

S3 Endpoint

The endpoint used to connect to your S3 Bucket.

16.3.2. Credentials

AWS
Figure 145. AWS Settings

If the node you are installing is set up with the correct IAM role, then you won’t need to use the following AWS Credentials, as the EC2 instance will have access to S3.

However if IAM is not correctly set for the instance or the machine isn’t even in AWS then you need to provide AWS Credentials:

Access Key ID

This is your AWS Access Key ID. Validation tests that there is a provided value, along with a valid secret key.

Secret Key

This is the secret key that is used in conjunction with your Access Key ID to sign programmatic requests that are sent to AWS. Validation checks that the credentials file is accessible.

Read more on how to Use access key and secret key.

16.3.3. EMR Client

AWS
Figure 146. AWS Settings - EMR Client

The EMR client panel provides a copy of the configuration instructions that are provided during the WD Fusion installation, in case you need to complete account for changes to your EMR cluster.

Configure EMR for Fusion

For detailed steps please see: Deploying Fusion Client to a new EMR cluster.

When setting up a new AWS Elastic Map Reduce Cluster, to incorporate Fusion into the auto-scaling feature and propagate core-site.xml changes, you must perform the steps below. If you do not perform these steps anything your EMR nodes write to your S3 bucket will not be replicated to other instances of Fusion. The steps are as follows;

  1. Click the "Place files" button below to copy an install script, a client RPM and a JSON configuration file to your S3 bucket.

  2. Supply the JSON file to "Edit software settings".

  3. Select the install script as a "Bootstrap Action".

16.3.4. Metering

AWS
Figure 147. AWS Settings

The Metering panel is available for deployments that use the Metering payment option. See AWS Metering.

The provides a guide to the following data:

Metered time

The billing increment, e.g. 1pm-2pm. Indicated as a timestamp (UTC) for when we attempted to send the bill to AWS.

Billed data under replication

This is the highest transfer in the hour, which is used so as to account for possible data deletion which would reduce the apparent billable transferred data.

Status

Indicates whether the metering event has been successfully billed or not. Displays "success" or "failed".

Detail

Shows you the submission history, e.g. if a metering report was submitted twice and then succeeded on a third attempt, the detail will show _2 failed then 1 successful attempt to send the bill.

16.4. Hadoop

16.4.1. Client Downloads

Client Downloads

The client applications required to talk to WD Fusion are provided here. The client packages are provided during installation, they’re listed in the Settings section in case they are required again, after installation is complete.

List of client nodes

This link goes to a list of nodes on the platform.

Client RPMs

This is a link to the RPMs.

Client DEBs

Link to Debian Package files, for use with Ubuntu deployments.

Client Parcels

(Available on a Cloudera platform) Link to the client in Cloudera’s parcel package format.

WARNING

Please take note that, on some very rare occasions, the distribution of Cloudera’s parcel files may fail. We continue to investigate the cause of the problem, which appears to accur if the client parcel installation is not completed during the installation of WD Fusion, but has been left until after the installation, instead. We always recommend getting your client files installed during step 8 of the installer journey. Workaround:
If you encounter the problem, you can fix it by restarting the cloudera-scm-agent on the affected nodes.

Client Stacks

(Available on a Hortonworks platform) Link to the client in Hortonworks Stack format.

16.4.2. Consistency Check

The consistency check options provide administrators with additional tunable properties concerning the tool for validating that all replica data is synchronized.

Default Check Interval

consistency-check-setting
Figure 148. Consistency Check tool

This lets you set the default amount of time that is allowed to pass before a new replicated folder is checked for consistency between replicas. The default value is 24 hours. It’s possible to set a different value for each specific replicated folder, using the Advanced Options available when setting up or editing a Replicated Folder.

Default Check Interval

The entered value must be an integer between 1 and 24, representing number of hours before a consistency check will automatically take place.

Save

Click the save button to store the entered value and use it for all replicated folders that don’t have their own set interval, using the Override the Consistency Check interval Advanced Option.

Apply to All

This button lets you for a new default value onto all replicated folders, even those that have specified an override (noted above).

16.4.3. Kerberos

WD Fusion supports Kerberized environments, supporting the use of an established Kerberos Key Distribution Center (KDC) and realms.

Kerberos Settings
Cluster Kerberos Configuration
Kerberos enabled

The Hadoop manager is poled to confirm that Kerberos is enabled and active,

Handshake Token Directory

This is an optional entry. It defines what the root token directory should be for the Kerberos Token field. This is set if you want to target the token creations within the NFS directory and not on just the actual LocalFileSystem. If left unset it will default to the original behaviour; which is to create tokens in the /user/<username>/ directory.

Configuration file path

Path to the current configuration file.

Keytab file path

Path to the Keytab file.

Click the Validate button to have your entries checked by the installer.

Fusion Kerberos Configuration

Tick the Enable HTTP Authentication check-box to use Kerberos authentication for communication with the WD Fusion server.

Click Next step to continue or go back to return to the previous screen.

The remaining panels in step 6 detail all of the installation settings. All your license, WD Fusion server, IHC server and zone settings are shown. If you spot anything that needs to be changed you can click on the go back link.

WD Fusion Deployment
Figure 149. Summary

16.5. Zone

Settings that apply between different zones. See Zones.

16.5.1. Email Notifications

The Email Notification let you set up system emails that can be triggered is a particular system event occurs.

Email Notification
Figure 150. Alerts

Email notification lets you set up notification emails that can be sent from the WD Fusion server if there’s a system event that requires administrator attention. For more information about setting up email notifications, see Set up email notifications

16.5.2. Networking

Networking
Figure 151. Network Settings
Networking direction between Fusion Server and IHC server

Defines whether or not the WD Fusion server proactively creates outbound connections to remote IHC servers during data transfer, It will otherwise tell the server to wait for and re-use inbound connections. Important: When set to inbound, the WD Fusion server must have a publicly visible hostname.

Select:

Outbound connection

The default value, meaning when the Fusion server transfers data it will create an outbound connection to the IHC server.

Inbound connection

The Fusion server will transfer data over an inbound connection from a remote IHC server. This is the option to be used in AWS since the on-premises Fusion servers cannot accept incoming connections.

16.5.3. Replication

Kerberos
Figure 152. Replicated ACLs
ACL Replication

If ACL replication is enabled, then changes from both local and remote zones are executed, Otherwise, only locally originated ACL modification commands are executed.

Enable ACL replication

Checkbox (ticked by default)

Replication Exchange Directory

Location of a directory in the replicated filesystem to which WD Fusion Server will write information about replicated directories for clients to read. It Should be a non-replicated location, readable by all users and writable by the WD Fusion user.

Use replication exchange directory

Checkbox (unticked by default)

16.6. Cluster Kerberos Configuration

16.7. KMS

The status of the KMS (Key Management Service) is presented here. KMS is an encryption keystore, providing network users with keys required to decrypt data-at-rest. To be clear, KMS is not a function of Kerberos, and is functional without Kerberos, however, Kerberos is employed to provide HTTP SPNEGO authentication to the REST API.

Read about Hadoop Key Management System
See Hadoop Key Management System
Configuration file path

Path to the Kerberos configuration file, e.g. krb5.conf.

Keytab file path

Path to the generated keytab.

Principle

Principle for the keytab file.

16.8. Fusion Kerberos Configuration

Selecting the option below will enable Kerberos authentication for communication with the WD Fusion Server.

Enable Kerberos on WD Fusion

Check-box to enable Kerberos authentication

Keytab file path

Path to the generated keytab.

Principle

Principle for the keytab file.

Enable Authorization

The check-box is used to enable support for Authorization, within WD Fusion, which enables administrators to allow two levels of access; full user access and read-only access, where a user does not have authorization to make changes to data. This checkbox is only visible if Kerberos core authentication has been enabled and configured.
For auditing purposes, every time an unauthorized request is made, the WD Fusion server will log the user and attempted request.

Manually distribute client configuration.
You will need to redistribute the client configurations after making this change because the core-site.xml config file will be modified. The WD Fusion server will then need to be restarted for these settings to take effect.
Enabling Authorization sets up some default values, the UI will add the "fusionUISystem" user automatically when Authorization is enabled as well as adding the correct proxy principal. All other users need to be configured manually. but you will still need to ensure that configuration is applied manually, to match your deployment’s specific needs.
See the authorization properties, as written to the core-site.xml file.
Now whenever the Fusion UI wants to make a REST call on behalf of another user, they’ll include a header (tentatively called proxy.user.name) with the real user. Example curl call:

curl --negotiate -u: -H "proxy.user.name: bob" hostname:8082/fusion/fs
File system path

Enter the full path of the system directory that will be monitored for disk usage.

Severity level

Select a system log severity level (Severe, Warning, Info or Debug) that will correspond with the Disk Capacity Threshold.

Assigning a monitor with Severe level will impact operation should its trigger Disk Capacity Threshold be met. The affected WD Fusion will immediately shut down to protect its file system from corruption. Ensure that Severe level monitors are set up with a threshold that corresponds with serious risk. Set the threshold too low and you may find WD Fusion nodes are shutdown needlessly.
Disk Capacity Threshold (bytes)

The maximum amount of data that can be consumed by the selected system path before the monitor sends an alert message to the log file.

Message

A human-readable message that will be sent to the log at the point that the Disk Capacity Threshold is reached.

17. REST API Guide

17.1. API Overview

WD Fusion offers increased control and flexibility through a RESTful (REpresentational State Transfer) API.

Below are listed some example calls that you can use to guide the construction of your own scripts and API driven interactions.

API documentation is still in development:
Note that the API documentation is incomplete and requires clarification of available endpoints.

Note the following:

  • All calls use the base URI:

    http(s)://<server-host>:8082/fusion/<resource>
  • The internet media type of the data supported by the web service is application/xml.

  • The API is hypertext driven, using the following HTTP methods:

Type

Action

POST

Create a resource on the server

GET

Retrieve a resource from the server

PUT

Modify the state of a resource

DELETE

Remove a resource

17.2. Examples

The following examples illustrate some simple use cases, most are direct calls through a web browser, although for deeper or interactive examples, a curl client may be used.

17.2.1. Mount point information

http://<WDFUSION.URL.COM>:8082/fusion/

Calling the mount point output:

Output

<application>
        <applicationLocation>.</applicationLocation>
        <beaconPeriod>1000</beaconPeriod>
        <DConePort>6789</DConePort>
        <databaseLocation>/opt/fusion-server/dcone/db</databaseLocation>
        <httpPort>8082</httpPort>
        <httpsPort>0</httpsPort>
        <sslEnabled>false</sslEnabled>
</application>

17.2.2. List all replicated paths

http://<WDFUSION.URL.COM>:8082/fusion/fs

Output

<fsMap>
        <replicatedDirectory>
        <uri>/repl1</uri>
        <membershipId>simpleMembership</membershipId>
        <familyRepresentativeId>
        <nodeId>wdfs1</nodeId>
        <dsmId>9bc8170e-e70d-11e4-95f9-ae4369cdbb06</dsmId>
        </familyRepresentativeId>
        <consistency>
        <state>UNKNOWN</state>
        <lastCheck>0</lastCheck>
        <nextCheck>1429587297002</nextCheck>
        </consistency>
        <isLeader>true</isLeader>
        <isWriter>true</isWriter>
        <gsn>407</gsn>
        </replicatedDirectory>
</fsMap>

17.2.3. Return a specific replicated path

 http://fdbtest-01-vm1.qauk.wandisco.com:8082/fusion/fs?path=<[PATH NAME]

Output

<replicatedDirectory>
<uri>/foo1/bar1/baz4</uri>
<membershipId>bf0bf386-a878-4205-a16e-8b7f258ab1b0</membershipId>
<familyRepresentativeId>
<nodeId>f5255a0b-bcfc-40c0-b2a7-64546f571f2a</nodeId>
<dsmId>b911c0a9-24ad-11e7-9ba2-fea140f240c9</dsmId>
 </familyRepresentativeId>
<consistencyReport>
<state>INCONSISTENT</state>
<lastCheckResult>INCONSISTENT</lastCheckResult>
<taskId>0c77a086-24e0-11e7-b2f3-fea140f240c9</taskId>
<lastCheckTaskId>0c77a086-24e0-11e7-b2f3-fea140f240c9</lastCheckTaskId>
<lastCheck>1492593040812</lastCheck>
<nextCheck>1492614640812</nextCheck>
 </consistencyReport>
<leader>
<nodeId>f5255a0b-bcfc-40c0-b2a7-64546f571f2a</nodeId>
<dsmId>b911c0a9-24ad-11e7-9ba2-fea140f240c9</dsmId>
 </leader>
<isLeaderElected>true</isLeaderElected>
<isLeader>true</isLeader>
<writer>
<nodeId>f5255a0b-bcfc-40c0-b2a7-64546f571f2a</nodeId>
<dsmId>b911c0a9-24ad-11e7-9ba2-fea140f240c9</dsmId>
 </writer>
<isWriterElected>true</isWriterElected>
<isWriter>true</isWriter>
<gsn>1174</gsn>
<transfersInProgress>0</transfersInProgress>
 </replicatedDirectory>

17.2.4. Show inbound transfers

http://<WDFUSION.URL.COM>:8082/fusion/fs/transfers

17.2.5. Show tasks

http://wdfusion8.ec2.wandisco.com:8082/fusion/tasks

Output

<tasks>
<task xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="membershipProposalTaskDTO">
        <taskId>8391e4c7-e803-11e4-b2f1-c62bbea4984d</taskId>
        <timeCreated>1429606251844</timeCreated>
        <creatorNodeId>wdfs1</creatorNodeId>
        <timeUpdated>1429606252381</timeUpdated>
        <isDone>true</isDone>
        <aborted>false</aborted>
        <properties>
                <entry>
                <key>TASK_TYPE</key>
                <value>MEMBERSHIP_PROPOSAL_TASK_TYPE</value>
                </entry>
        </properties>
        <previousTask xsi:nil="true"/>
        <message>
        DeployFsStateMachineProposal. taskId: 8391e4c7-e803-11e4-b2f1-c62bbea4984d, creatorNodeId: wdfs1, membershipId: simpleMembership, dsmId: 8391e4c8-e803-11e4-b2f1-c62bbea4984d, uri: /repl1
        </message>
</task>
<task xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="beaconTaskDTO">
        <taskId>6ea76f8d-e803-11e4-b2f1-c62bbea4984d</taskId>
        <timeCreated>1429606216697</timeCreated>
        <creatorNodeId>wdfs1</creatorNodeId>
        <timeUpdated>1429606216804</timeUpdated>
        <isDone>true</isDone>
        <aborted>false</aborted>
        <properties>
                <entry>
                <key>TASK_TYPE</key>
                <value>CREATE_MEMBERSHIP_TASK_TYPE</value>
                </entry>
        </properties>
        <previousTask xsi:nil="true"/>
        <message>
        CreateDistributedMembershipRequest New memberships:[Identity: simpleMembership Distinguished node: wdfs1@location1 Role: acceptor Node: wdfs1@location1 Node: wdfs2@location2 Role: learner Node: wdfs1@location1 Node: wdfs2@location2 Role: proposer Node: wdfs1@location1 Node: wdfs2@location2] TaskId 6ea76f8d-e803-11e4-b2f1-c62bbea4984d sent by Node wdfs1@location1
        </message>
        </task>
        <task xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ecosystemCommittedTaskDTO">
        <taskId>59ae52ca-e803-11e4-88e6-c228c4f805ee</taskId>
        <timeCreated>1429606182362</timeCreated>
        <creatorNodeId>wdfs1</creatorNodeId>
        <timeUpdated>1429606184504</timeUpdated>
        <isDone>true</isDone>
        <aborted>false</aborted>
        <properties>
                <entry>
                <key>induction.final.task.id</key>
                <value>59ae52c9-e803-11e4-88e6-c228c4f805ee</value>
                </entry>
                <entry>
                <key>TASK_TYPE</key>
                <value>induction.commit.task</value>
                </entry>
                <entry>
                <key>induction.identity</key>
                <value>59ae52c1-e803-11e4-88e6-c228c4f805ee</value>
                </entry>
        </properties>
        <previousTask>5a305481-e803-11e4-b2f1-c62bbea4984d</previousTask>
</task>
<task xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="membershipProposalTaskDTO">
        <taskId>5a7d3c05-e803-11e4-b2f1-c62bbea4984d</taskId>
        <timeCreated>1429606182867</timeCreated>
        <creatorNodeId>wdfs1</creatorNodeId>
        <timeUpdated>1429606183518</timeUpdated>
        <isDone>true</isDone>
        <aborted>false</aborted>
        <properties>
                <entry>
                <key>induction.commit.task.id</key>
                <value>59ae52ca-e803-11e4-88e6-c228c4f805ee</value>
                </entry>
                <entry>
                <key>inductor.start.task.id</key>
                <value>59ae52c7-e803-11e4-88e6-c228c4f805ee</value>
                </entry>
                <entry>
                <key>TASK_TYPE</key>
                <value>induction.new.learner.task</value>
                </entry>
        </properties>
        <previousTask>5a305481-e803-11e4-b2f1-c62bbea4984d</previousTask>
        <message>
        AddNewNodesToEcosystem. taskId: 5a7d3c05-e803-11e4-b2f1-c62bbea4984d, creatorNodeId: wdfs1, newMembershipId: ECO-MEMBERSHIP-59addd8f-e803-11e4-88e6-c228c4f805ee, dsmId: ECO-DSM-24f8d34b-e803-11e4-b2f1-c62bbea4984d, newLearnerNodeIds: [wdfs2]
        </message>
</task>
<task xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="beaconTaskDTO">
        <taskId>5a305481-e803-11e4-b2f1-c62bbea4984d</taskId>
        <timeCreated>1429606182362</timeCreated>
        <creatorNodeId>wdfs1</creatorNodeId>
        <timeUpdated>1429606182888</timeUpdated>
        <isDone>true</isDone>
        <aborted>false</aborted>
        <properties>
                <entry>
                <key>induction.commit.task.id</key>
                <value>59ae52ca-e803-11e4-88e6-c228c4f805ee</value>
                </entry>
                <entry>
                <key>inductor.start.task.id</key>
                <value>59ae52c7-e803-11e4-88e6-c228c4f805ee</value>
                </entry>
                <entry>
                <key>TASK_TYPE</key>
                <value>induction.create.new.membership</value>
                </entry>
        </properties>
        <previousTask>59ae52c7-e803-11e4-88e6-c228c4f805ee</previousTask>
        <nextTasks>59ae52ca-e803-11e4-88e6-c228c4f805ee</nextTasks>
        <nextTasks>5a7d3c05-e803-11e4-b2f1-c62bbea4984d</nextTasks>
        <message>
        CreateEcosystemMembership. taskId: 5a305481-e803-11e4-b2f1-c62bbea4984d, inductionIdentity: 59ae52c1-e803-11e4-88e6-c228c4f805ee, inductorIdentity: wdfs1, membership: Identity: ECO-MEMBERSHIP-59addd8f-e803-11e4-88e6-c228c4f805ee Distinguished node: wdfs1@location1 Role: acceptor Node: wdfs1@location1 Node: wdfs2@location2 Role: learner Node: wdfs1@location1 Node: wdfs2@location2 Role: proposer Node: wdfs1@location1 Node: wdfs2@location2, nodesInfo: [NodeInfo. nodeIdentity: wdfs1, nodeName: wdfs1, location: [Location: Identity:location1], ecosystemDsmId: ECO-DSM-24f8d34b-e803-11e4-b2f1-c62bbea4984d, ecosystemMembershipId: ECO-MEMBERSHIP-wdfs1, eventRoutes: [EventRoute:fusion-daily-01-vm1.qauk.wandisco.com:6789], NodeInfo. nodeIdentity: wdfs2, nodeName: wdfs2, location: [Location: Identity:location2], ecosystemDsmId: ECO-DSM-48b2c9fd-e803-11e4-88e6-c228c4f805ee, ecosystemMembershipId: ECO-MEMBERSHIP-wdfs2, eventRoutes: [EventRoute:fusion-daily-02-vm1.qauk.wandisco.com:6789]], inductionConfiguration: InductionConfiguration{inductorConfig={}, inducteeConfig={}, mergedConfig={}, new seed=59b9019c-e803-11e4-b2f1-c62bbea4984d}, commitTaskId: 59ae52ca-e803-11e4-88e6-c228c4f805ee
        </message>
</task>
<task xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="dsmProposalTaskDTO">
        <taskId>59ae52c7-e803-11e4-88e6-c228c4f805ee</taskId>
        <timeCreated>1429606182053</timeCreated>
        <creatorNodeId>wdfs1</creatorNodeId>
        <timeUpdated>1429606182433</timeUpdated>
        <isDone>true</isDone>
        <aborted>false</aborted>
        <properties>
                <entry>
                <key>induction.inductee.nodes.info</key>
                <value>
                [NodeInfo. nodeIdentity: wdfs2, nodeName: wdfs2, location: [Location: Identity:location2], ecosystemDsmId: ECO-DSM-48b2c9fd-e803-11e4-88e6-c228c4f805ee, ecosystemMembershipId: ECO-MEMBERSHIP-wdfs2, eventRoutes: [EventRoute:fusion-daily-02-vm1.qauk.wandisco.com:6789]]
                </value>
                </entry>
                <entry>
                <key>induction.final.task.id</key>
                <value>59ae52c9-e803-11e4-88e6-c228c4f805ee</value>
                </entry>
                <entry>
                <key>induction.commit.task.id</key>
                <value>59ae52ca-e803-11e4-88e6-c228c4f805ee</value>
                </entry>
                <entry>
                <key>inductor.membership.id</key>
                <value>ECO-MEMBERSHIP-wdfs1</value>
                </entry>
                <entry>
                <key>inductor.identity</key>
                <value>wdfs1</value>
                </entry>
                <entry>
                <key>induction.eco.system.membership.id</key>
                <value>
                ECO-MEMBERSHIP-59addd8f-e803-11e4-88e6-c228c4f805ee
                </value>
                </entry>
                <entry>
                <key>inductee.membership.id</key>
                <value>ECO-MEMBERSHIP-wdfs2</value>
                </entry>
                <entry>
                <key>inductee.identity</key>
                <value>wdfs2</value>
                </entry>
                <entry>
                <key>remote.inductor.baton.beacon.task.id</key>
                <value>59ae52c5-e803-11e4-88e6-c228c4f805ee</value>
                </entry>
                <entry>
                <key>TASK_TYPE</key>
                <value>INDUCTION_TASK</value>
                </entry>
                <entry>
                <key>inductor.prepare.asm.id</key>
                <value>59ae52c6-e803-11e4-88e6-c228c4f805ee</value>
                </entry>
                <entry>
                <key>inductee.location.id</key>
                <value>location2</value>
                </entry>
                <entry>
                <key>induction.start.task.id</key>
                <value>59ad1a3e-e803-11e4-88e6-c228c4f805ee</value>
                </entry>
                <entry>
                <key>induction.identity</key>
                <value>59ae52c1-e803-11e4-88e6-c228c4f805ee</value>
                </entry>
        </properties>
        <previousTask xsi:nil="true"/>
        <nextTasks>5a305481-e803-11e4-b2f1-c62bbea4984d</nextTasks>
        <message>
        PrepareInductorBaton[InductionBaton{taskId=59ae52c7-e803-11e4-88e6-c228c4f805ee, inductionIdentity=59ae52c1-e803-11e4-88e6-c228c4f805ee, dsmId=ECO-DSM-24f8d34b-e803-11e4-b2f1-c62bbea4984d, nodesInfo=[NodeInfo. nodeIdentity: wdfs2, nodeName: wdfs2, location: [Location: Identity:location2], ecosystemDsmId: ECO-DSM-48b2c9fd-e803-11e4-88e6-c228c4f805ee, ecosystemMembershipId: ECO-MEMBERSHIP-wdfs2, eventRoutes: [EventRoute:fusion-daily-02-vm1.qauk.wandisco.com:6789]], asmIdentity=59ae52c6-e803-11e4-88e6-c228c4f805ee}]
        </message>
        <dsmId>ECO-DSM-24f8d34b-e803-11e4-b2f1-c62bbea4984d</dsmId>
</task>
</tasks>

17.2.6. Show memberships

http://<WDFUSION.URL.COM>:8082/fusion/memberships

17.2.7. Show Nodes

http://<WDFUSION.URL.COM>:8082/fusion/nodes

Output

<nodes>
    <node>
        <nodeIdentity>wdfs1</nodeIdentity>
        <locationIdentity>location1</locationIdentity>
        <isLocal>true</isLocal>
        <isUp>true</isUp>
        <isStopped>false</isStopped>
        <lastStatusChange>1429606531682</lastStatusChange>
        <attributes>
        <attribute>
        <key>eco.system.dsm.identity</key>
        <value>ECO-DSM-24f8d34b-e803-11e4-b2f1-c62bbea4984d</value>
        </attribute>
        <attribute>
        <key>node.name</key>
        <value>wdfs1</value>
        </attribute>
        <attribute>
        <key>eco.system.membership</key>
        <value>
        ECO-MEMBERSHIP-59addd8f-e803-11e4-88e6-c228c4f805ee
        </value>
        </attribute>
        </attributes>
    </node>
    <node>
        <nodeIdentity>wdfs2</nodeIdentity>
        <locationIdentity>location2</locationIdentity>
        <isLocal>false</isLocal>
        <isUp>true</isUp>
        <isStopped>false</isStopped>
        <lastStatusChange>1429606531699</lastStatusChange>
        <attributes>
        <attribute>
        <key>eco.system.dsm.identity</key>
        <value>ECO-DSM-24f8d34b-e803-11e4-b2f1-c62bbea4984d</value>
        </attribute>
        <attribute>
        <key>node.name</key>
        <value>wdfs2</value>
        </attribute>
        <attribute>
        <key>eco.system.membership</key>
        <value>
        ECO-MEMBERSHIP-59addd8f-e803-11e4-88e6-c228c4f805ee
        </value>
        </attribute>
        </attributes>
    </node>
</nodes>

17.2.8. Show replicated directories

http://<WDFUSION.URL.COM>:8082/fusion/fs
Show a specific replicated directory
http://<WDFUSION.URL.COM>:8082/dcone/fs?path=/repl1
Add another replicated directory

Create a file called stateMachine.xml for use as payload in the REST API call. Note: membershipId should point to an existing membership:

stateMachine.xml

<replicatedDirectory>
     <uri>/repl1</uri>
     <membershipId>simpleMembership</membershipId>
     <familyRepresentativeId>
          <nodeId>ohs1</nodeId>
     </familyRepresentativeId>
</replicatedDirectory>

curl call to Add It:

curl -v -X POST -d@./stateMachine.xml -H "Content-Type: application/xml" http://<WDFUSION.URL.COM>:8082/fusion/fs

17.2.9. Remove a directory from replication

curl -X DELETE http://<WDFUSION.URL.COM>:8082/fusion/fs?path=/repl1

17.2.10. Remove a node from WD Fusion

The following procedure uses the REST API to remove a node from your WD Fusion enabled cluster.

  1. Create an XML file called removal.xml for use as a payload to be delivered to the replicated system using a curl command. The file should contain the following snippet:

    <nodes>
      <node>
      <nodeIdentity>${NODE_ID}</nodeIdentity>
      <locationIdentity>${LOCATION_ID}</locationIdentity>
      </node>
    </nodes>
    NODE_ID

    The node ID of the node that you are going to remove from the replicated ecosystem. E.g. "host292-fus_44".

    LOCATION_ID

    The location ID of the node that you want to remove from the ecosystem.

    You can view these properties by pointing your browser at the node that you want to remove, using the following port and path:

    http://<WDFUSION.URL.COM>:8082/fusion/nodes

    The curl should be constructed as follows:

    curl -u <username>: <password> -X PUT -d @"$removal.xml" --header 'Content-Type: application/xml' http://<WDFUSION.URL.COM>:8082/fusion/node/${LOCAL_NODE_ID}/removenodes

17.2.11. Consistency Check

You can trigger consistency checks through:

curl -v -X POST http://<WDFUSION.URL.COM>:8082/fusion/fs/check?path=/folder_name

Take the taskId returned in the content-location header and view the report with (e.g.)

http://wdfusion2.com:8082/fusion/fs/check/b911241f-c430-11e4-9486-0ebe9eaaf785

The task can also be viewed as usual:

http://<WDFUSION.URL.COM>:8082/dcone/task/b911241f-c430-11e4-9486-0ebe9eaaf785

17.2.12. Writers and Leaders

  • The writer is the "elected leader" for the state machine replicas in a zone, and the leader is the "elected leader" for the entire set of state machine replicas.

  • There are as many writers as there are zones, but only one leader — like a local leader vs global leader.

17.2.13. Repair Status

Gets a list of repairs done or being on done on this zone. Its important to note that this information exists in the node that is or was doing the repair, not the "source-of-truth" or proposing zone.

<host>:8082/fusion/fs/repairs
Status Description Default Value

path

The path for which the list of repairs should be returned. If null, we will get all repairs.

null

showAll

Whether or not to include past repairs for the same file. The options are true to show all repairs on the given path, and false to show only the last repair.

false

sortField

The field by which the repairs should be sorted. The options are to sort by the startTime, completeTime or path.

startTime

sortOrder

The order in which the entries should be sorted according to the sort field. The options are to sort in ascending (ASC) or descending (DESC) order.

DESC

18. Glossary

Technical guide and glossary for Hadoop and WD Fusion terms.

18.1. Introducing WD Fusion

WD Fusion provides consistent, continuous data replication between file systems in Hadoop clusters. Client applications that use WD Fusion interact with a virtual file system that integrates the underlying storage across multiple clusters. When changes are made to files in one cluster, they are replicated immediately and consistently to the other clusters that WD Fusion spans.

schematic

  • Applications in all clusters can read and write to the file system through WD Fusion at any time, and be guaranteed that the file systems will remain consistent across all the participating clusters.

  • WD Fusion can span different versions and distributions of Hadoop, including CDH, HDP, EMC Isilon, Amazon S3/EMRFS and MapR, and presents the standard Hadoop-Compatible File System interface to applications, which do not need to be modified.

  • Similarly, WD Fusion does not require any changes to the underlying Hadoop clusters or their file systems. It operates as a proxy that client applications use when working with replicated file system content. === WD Fusion Terms To help you understand how WD Fusion operates, this documentation uses the terms Zone, Membership and Replication Rule. They each play a critical role in your configuration and use of WD Fusion. You should understand this terminology before installing WD Fusion.

    Zones

    A Zone represents the file system used in a standalone Hadoop cluster. Multiple Zones could be from separate clusters in the same data center, or could be from distinct clusters operating in geographically-separate data centers that span the globe. WD Fusion operates as a distributed collection of servers. While each WD Fusion server always belongs to only one Zone, a Zone can have multiple WD Fusion servers (for load balancing and high availability). When you install WD Fusion, you should create a Zone for each cluster’s file system.

    Edge Nodes

    Edge nodes (AKA gateway nodes) are servers that interface between the Hadoop cluster and systems that are outside the network. Most commonly, edge nodes are used to run client applications and cluster administration tools. Read more.

18.2. DConE Terms

Memberships

A Membership is a defined group of WD Fusion servers that replicate data between their Zones. You can have as many WD Fusion servers in a Membership as you like, and each WD Fusion server can participate in multiple Memberships. WD Fusion allows you to define multiple Memberships, and WD Fusion servers can fulfill different roles in each Membership they participate in. This allows you to control exactly how your WD Fusion environment operates normally, and how it behaves when faced with network failures, host failures and other types of issues.

Replication Rules

File system content is replicated selectively by defining Replication Rules, which specify: the directory in the file system that will be replicated, the Zones that will participate in that replication, and the Membership associated with those Zones. Without any Replication Rules defined, each Zone’s file system operates independently of the others. With the combination of Zones, Memberships and Replication Rules, WD Fusion gives you complete control over how data are replicated between the file systems of your Hadoop clusters.

Induction

The process of forming a membership between a number of WD Fusion nodes is called Induction.

Apache Kafka

A fast, scalable, fault-tolerant messaging system

Kafka is a fast, scalable, durable, and fault-tolerant publish-subscribe messaging system. Kafka is often used in place of traditional message brokers like JMS and AMQP because of its higher throughput, reliability and replication.

Kafka works in combination with Apache Storm, Apache HBase and Apache Spark for real-time analysis and rendering of streaming data.

Writer

In the WD Fusion’s architecture, only one process (node/fusion server) per zone is allowed to write into a replicated filespace - this node is the "Writer" for that replicated folder. Therefore, if there is one replicated folder and two zones, there will be two writers for the replicated folder, one in each zone. If there are two replicated folders and two zones there will be four writers, two in each zone.

The writer for a replicated folder does not have to be the same node as the writer for another replicated folder, e.g., node1 may be the writer for /dir1/dir2 and /dir1/dir3 and node2 may be the writer for /dir1/dir4, which allows for some degree of load-balancing across fusion servers within a zone. If a writer fails, the election process will ensure a new writer for that folder is elected within a given period (set through the process for Tuning Writer Re-election.

Currently, the writer for a replicated folder is elected at random - it may be any node in a zone. In a future release, WD Fusion will let administrators specify a particular node to be the writer, using the REST API. However, if the specified node fails another will be elected at random.

HDInsight

HDInsight deploys and creates Apache Hadoop clusters in the cloud, providing a software framework designed to manage, analyze, and report on big data with high reliability and availability. HDInsight uses the Hortonworks Data Platform (HDP) Hadoop distribution. Hadoop often refers to the entire Hadoop ecosystem of components, which includes Apache Hadoop, Apache Storm and Apache HBase clusters, as well as other technologies under the Hadoop umbrella.

Microsoft Azure

Azure is Microsoft’s cloud computing platform, a growing collection of integrated services-analytics, computing, database, mobile, networking, storage, and web-for moving faster, achieving more, and saving money. Azure provides an Azure Preview Portal for monitoring and managing the cluster. For more information, see What is Microsoft Azure? and Microsoft Azure infographics.

Azure resource group

Applications are typically made up of many components, for example a web app, database, database server, storage, and 3rd party services. Azure Resource Manager (ARM) enables you to work with the resources in your application as a group, referred to as an Azure Resource Group. You can deploy, update, monitor or delete all of the resources for your application in a single, coordinated operation. You use a template for deployment and that template can work for different environments such as testing, staging and production. You can clarify billing for your organization by viewing the rolled-up costs for the entire group. For more information, see Azure Resource Manager Overview.

Azure Blob storage

Azure Blob storage is a robust, general-purpose storage solution that integrates seamlessly with HDInsight. Through the WASB driver and the WebWasb (WebHDFS over WASB) interface, the full set of components in HDInsight can operate directly via standard Hadoop DFS tools (command line, File System Java API) on structured or unstructured data in Blob storage.

There are several benefits associated with using Azure Blob Storage as the native file system:

  • Storing data in Blob storage enables users to safely delete the HDInsight clusters that are used for computation without losing user data.

  • Data reuse and sharing

  • Data storage cost

Although there an implied performance cost of not co-locating computer clusters and storage resources, this is mitigated by the way the compute clusters are created close to the storage account resources inside the Azure datacenter, where the high-speed network makes it very efficient for the compute nodes to access the data inside Azure Blob storage.

Address files in Blob storage

HDInsight uses Azure Storage Blob through the WASB(S) (A.K.A Windows Azure Storage - Blob) driver. Azure Blob storage is transparent to users and developers.

To access the files on the default storage account, you can use one of the following syntax:

/example/jars/hadoop-mapreduce-examples.jar
wasb:///example/jars/hadoop-mapreduce-examples.jar
wasb://mycontainer@myaccount.blob.core.windows.net/example/jars/hadoop-mapreduce-examples.jar

If the data is store outside the default storage account, you must link to the storage account at the creation time. The URI scheme for accessing files in Blob storage from HDInsight is:

wasb[s]://<BlobStorageContainerName>@<StorageAccountName>.blob.core.windows.net/<path>
wasb[s]: The URI scheme provides unencrypted access (with the wasb: prefix) and SSL encrypted access (with wasbs). We recommend using
  • wasbs wherever possible, even when accessing data that lives inside the same datacenter in Azure.

  • <BlobStorageContainerName>: Identifies the name of the container in Azure Blob storage.

  • <StorageAccountName>: Identifies the Azure Storage account name. A fully qualified domain name (FQDN) is required.

  • <path>: is the file or directory HDFS path name. Because containers in Azure Blob storage are simply key-value stores, there is no true hierarchical file system. A slash character ( / ) inside a blob key is interpreted as a directory separator. For example, the blob name for hadoop-mapreduce-examples.jar is:

example/jars/hadoop-mapreduce-examples.jar

When working with blobs outside of HDInsight, most utilities do not recognize the WASB format and instead expect a basic path format, such as example/jars/hadoop-mapreduce-examples.jar. Best Practices for using blob storage with HDInsight

  • Don’t share a default container between two live clusters. This is not a supported scenario.

  • Re-use the default container to reuse the same root path on a different cluster.

  • Use additional linked storage account for user data.

18.3. WebWasb

WebHDFS is the implementation of HTTP Rest API for HDFS compatible file systems. WebWasb is simply WebHDFS for the WASB file system.

WebWasb can be installed on the edge node where the ISV applications live. From the edge node, WebWasb can be accessed by referring to localhost and the port 50073.

WebWasb works off of the default file system for the cluster (a specified default container in the default storage account) specified in /etc/hadoop/conf/core-site.xml under the property fs.defaultFS. As an example, if your default storage account is named storage1 and your default container is named container1, you could create a new directory called dir1 within that container by the following WebHDFS command:

curl -i -X PUT http://localhost:50073/WebWasb/webhdfs/v1/dir1?op=MKDIRS

WebWasb commands are case sensitive, so pay specific attention to the casing of "WebWasb" and the operations should all be uppercase.

Azure virtual network

With virtual network integration, Hadoop clusters can be deployed to the same virtual network as your applications so that applications can communicate with Hadoop directly. The benefits include:

  • Direct connectivity of web applications or ISV applications to the nodes of the Hadoop cluster, which enables communication to all ports via various protocols, such as HTTP or Java RPC.

  • Improved performance by not having your traffic go over multiple gateways and load-balancers.

  • Virtual network gives you the ability to process info more securely, and only provide specific endpoints to be accessed publicly.