Help Center> MapReduce Service> Developer Guide (LTS)> IoTDB Development Guide (Security Mode)> Environment Preparations> Preparing the Configuration Files for Connecting to the Cluster
Updated on 2024-04-02 GMT+08:00
View PDF

Preparing the Configuration Files for Connecting to the Cluster

Preparing for User Authentication

For an MRS cluster with Kerberos authentication enabled, you need to prepare a user who has the operation permission on related components for program authentication.

The following IoTDB permission configuration example is for reference only. You can modify the configuration as you need.

  1. Log in to FusionInsight Manager.
  2. Choose System > Permission > Role. On the displayed page, click Create Role.

    1. Enter the role name, for example, developrole.
    2. In the Configure Resource Permission table, choose Name of the desired cluster > IoTDB > Common User Permission, and select Set Database for the root directory.
    3. Click root, select the desired storage group, select Create, Modify, Write, Read, and Delete, and click OK.

  3. Choose User in the navigation pane and click Create on the displayed page. Create a machine-machine user, for example, developuser.

    • Add the iotdbgroup user group to User Group.
    • Add the new role created in 2 to Role.

  4. Log in to FusionInsight Manager as user admin and choose System > Permission > User. In the Operation column of developuser, choose More > Download Authentication Credential. Save the file and decompress it to obtain the user.keytab and krb5.conf files of the user.

Generating an SSL Certificate for the IoTDB Client

If SSL encrypted transmission is enabled for the cluster and this is your first time running IoTDB sample code in the local Windows or Linux environment, perform the following operations to generate a client SSL certificate:

  1. Log in to the node where the client is installed as the client installation user.
  2. Switch to the IoTDB client installation directory, for example, /opt/client.

    cd /opt/client

  3. Configure environment variables.

    source bigdata_env

  4. Generate the client SSL certificate truststore.jks.

    keytool -noprompt -import -alias myservercert -file ca.crt -keystore truststore.jks

    You are required to set a password.

  5. To run the sample code in the Linux environment, copy the generated truststore.jks file to the Client installation directory/IoTDB/iotdb/conf directory.

    cp truststore.jks Client installation directory/IoTDB/iotdb/conf

Preparing the Configuration Files of the Running Environment

During the development or a test run of the program, you need to use cluster configuration files to connect to an MRS cluster. The configuration files usually contain the cluster component information file and user files used for security authentication. You can obtain the required information from the created MRS cluster.

Nodes used for program debugging or running must be able to communicate with nodes within the MRS cluster, and the hosts domain name must be configured.

  • Scenario 1: Preparing the configuration files required for debugging in the local Windows development environment
    1. Download and decompress the client software package.
      • Versions earlier than MRS 3.3.0, log in to FusionInsight Manager and choose Cluster > Dashboard > More > Download Client. Set Select Client Type to Configuration Files Only, and click OK. After the client files are packaged and generated, download the client to the local PC as prompted and decompress it.
      • MRS 3.3.0 or later, log in to FusionInsight Manager, and click Download Client in the upper right corner of Homepage. Set Select Client Type to Configuration Files Only, and click OK. After the client file package is generated, download it to the local PC as prompted and decompress it.

      For example, if the client configuration file package is FusionInsight_Cluster_1_Services_Client.tar, decompress it to obtain

      FusionInsight_Cluster_1_Services_ClientConfig_ConfigFiles.tar. Then, decompress FusionInsight_Cluster_1_Services_ClientConfig_ConfigFiles.tar Decompress the package to the D:\FusionInsight_Cluster_1_Services_ClientConfig_ConfigFiles directory on the local PC.

    2. Copy all items from the hosts file in the decompression directory to the hosts file on the node where the client is installed. Ensure that the network communication between the local PC and hosts listed in the hosts file is normal.
      • If the client host is outside the cluster, configure network connections to the client to prevent errors when you run commands on the client.
      • The local hosts file in a Windows environment is stored, for example, in C:\WINDOWS\system32\drivers\etc\hosts.
  • Scenario 2: Preparing the configuration files required for running the program in a Linux environment
    1. Install the client. For example, install the client in the /opt/client directory.

      Ensure that the difference between the client time and the cluster time is less than 5 minutes.

    2. Download the client configuration file to the active OMS node of the cluster.
      • Versions earlier than MRS 3.3.0, log in to FusionInsight Manager and choose Cluster > Dashboard > More > Download Client. Set Select Client Type to Configuration Files Only, select Save to Path, and click OK to download the client configuration file to the active OMS node of the cluster.
      • MRS 3.3.0 or later, log in to FusionInsight Manager, and click Download Client in the upper right corner of Homepage. Set Select Client Type to Configuration Files Only, select Save to Path, and click OK to download the client configuration file to the active OMS node of the cluster.
    3. Log in to the active OMS node as user root, go to the directory where the client configuration files are stored (/tmp/FusionInsight-Client by default), decompress the software package, and obtain all configuration files in the IoTDB/config directory. Place the files in the conf directory where the compiled JAR package is stored on the client node, for example, /opt/client/conf.

      For example, if the client software package is FusionInsight_Cluster_1_Services_Client.tar and it is downloaded to the /tmp/FusionInsight-Client directory on the active management node, run the following commands:

      cd /tmp/FusionInsight-Client

      tar -xvf FusionInsight_Cluster_1_Services_Client.tar

      tar -xvf FusionInsight_Cluster_1_Services_ClientConfig.tar

      cd FusionInsight_Cluster_1_Services_ClientConfig

      scp IoTDB/config/* root@IP address of the client node:/opt/client/conf

    4. Check the network connection of the client node.

      During the client installation, the system automatically configures the hosts file on the client node. You are advised to check whether the /etc/hosts file contains the host names of the nodes in the cluster. If there is no required information, copy the content of the hosts file in the decompression directory to the hosts file on the node where the client is deployed, to ensure that the local host can communicate with each host in the cluster.

Parent topic: Environment Preparations