Configure Kerberos

If Kerberos is enabled on your Hadoop cluster, you must configure LiveData Migrator's Kerberos settings to enable the service to authenticate with your Hadoop cluster.

For data migrations, you will need a valid keytab containing a suitable principal for the HDFS superuser on the HDFS edge node.

If you want to migrate Hive metadata from your Hadoop cluster, the edge node must also have a keytab containing a suitable principal for the Hive service.

Configure Kerberos for data migrations

Configure Kerberos (Azure Portal)

1. In the Azure Portal, navigate to the LiveData Migrator resource page.
2. Access the Overview page.
3. Select Select Livedata Migrator Kerberos Settings.
4. Select Enabled.
5. Enter the following information:
   • Principal: Enter a principal that will map to the HDFS superuser using auth_to_local rules.
   • Keytab Path: Enter the path to the Kerberos keytab containing the Kerberos Principal. This must be accessible to the local system user running the LiveData Migrator service (default is hdfs).
6. Select Submit to confirm your changes.
7. Select Refresh and verify the Install State under the Properties tab is now InstalledAndOperational.

Configure Kerberos (CLI)

Run the following command to set up your Kerberos configuration for data migration:

Configure Kerberos for data migration

az livedata migrator set-kerberos -g <resource_group> --migrator-name <migrator_name> --principal hdfs@REALM --keytab /etc/security/keytabs/hdfs.keytab

See the Azure CLI LiveData Extension - Configure Kerberos page for help with these parameters.

Configure Kerberos for metadata migrations

note

You must configure Kerberos for general LiveData Migrator use before configuring Kerberos for metadata.

Configure Kerberos for metadata (Azure Portal)

1. In the Azure Portal, navigate to the LiveData Migrator resource page.
2. Access the Overview page.
3. Select Select Hive Migrator Kerberos Settings.
4. Select Enabled.
5. Enter the following information:
   • Principal: Enter a principal that will map to the Hive user using auth_to_local rules.
   • Keytab Path: Enter the path to the Kerberos keytab containing the Kerberos principal. This must be accessible to the local system user running the Hive service (default is hive).
6. Select Submit to confirm your changes.
7. Select Refresh and verify the Meta Install State under the Properties tab is now InstalledAndOperational.

Configure Kerberos for metadata (CLI)

Run the following command to set up your Kerberos configuration for metadata migration:

Configure Kerberos for metadata migration

az livedata migrator set-meta-kerberos -g <resource_group> --migrator-name <migrator_name> --principal hive/myhostname@REALM.COM --keytab /etc/security/keytabs/hive.keytab

See the Azure CLI LiveData Extension - Configure Kerberos for Metadata page for help with these parameters.

Next steps

Once you've configured Kerberos, you're ready to create a target for your data migrations and/or create a metadata target for metadata migrations.