MRS Hetu Connection Parameters
Parameter |
Mandatory |
Description |
---|---|---|
Data Connection Type |
Yes |
MRS Hetu is selected by default and cannot be changed. |
Name |
Yes |
Name of the data connection to create. Data connection names can contain a maximum of 100 characters. They can contain only letters, digits, underscores (_), and hyphens (-). |
Tag |
No |
Attribute of the data connection to create. Tags make management easier.
NOTE:
The tag name can contain only letters, digits, and underscores (_) and cannot start with an underscore (_) or contain more than 100 characters. |
Applicable Modules |
Yes |
Select the modules for which this connection is available. |
Basic and Network Connectivity Configuration |
||
Manual |
Yes |
Select the connection mode. If you do not need to access MRS clusters in other projects or enterprise projects, select Cluster Name Mode.
|
Manager IP |
Yes |
This parameter is mandatory when Connection String Mode is selected for Manual.
Set this parameter to the floating IP address of MRS Manager. Only MRS clusters are supported. A Hadoop cluster can be connected only after it is managed by MRS.
NOTE:
DataArts Studio does not support MRS clusters whose Kerberos encryption type is aes256-sha2,aes128-sha2, and only supports MRS clusters whose Kerberos encryption type is aes256-sha1,aes128-sha1.
NOTE:
You can click Select next to the text box and select an MRS cluster in the same project and enterprise project. If you want to access an MRS cluster in another project or enterprise project, obtain and enter the floating IP address of MRS Manager and ensure that the connection's agent (CDM cluster) can communicate with the tenant-plane MRS cluster. To obtain the floating IP address of MRS Manager, log in to the active master node of the MRS cluster and run the ifconfig command. In the command output, the IP address of eth0:wsom is the floating IP address of MRS Manager. For details about how to log in to the master node of the MRS cluster, see Logging In to an ECS.
Enter multiple IP addresses based on the scenario in sequence and separate them with commas (,), for example, 127.0.0.1 or 127.0.0.1,127.0.0.2,127.0.0.3.
|
MRS Cluster Name |
Yes |
This parameter is mandatory when Cluster Name Mode is selected for Manual.
The name of the MRS cluster. Select an MRS cluster that Hive belongs to. Only MRS clusters are supported. A Hadoop cluster can be selected only after it is managed by MRS. All the MRS clusters with the same project ID and enterprise project are displayed.
NOTE:
DataArts Studio does not support MRS clusters whose Kerberos encryption type is aes256-sha2,aes128-sha2, and only supports MRS clusters whose Kerberos encryption type is aes256-sha1,aes128-sha1.
NOTE:
If the connection fails after you select a cluster, check whether the MRS cluster can communicate with the CDM instance which functions as the agent. They can communicate with each other in the following scenarios:
NOTE:
If an agent is connected to multiple MRS clusters and one of the MRS clusters is deleted or abnormal, connections to the other MRS clusters will be affected. Therefore, you are advised to connect an agent to only one MRS cluster. |
KMS Key |
Yes |
KMS key used to encrypt and decrypt data source authentication information. Select a default or custom key.
NOTE:
When you use KMS for encryption through DataArts Studio or KPS for the first time, the default key dlf/default or kps/default is automatically generated. For more information about default keys, see What Is a Default Master Key?. |
Agent |
Yes |
MRS is not a fully managed service and cannot be directly connected to DataArts Studio. A CDM cluster can provide an agent for DataArts Studio to communicate with non-fully-managed services. Therefore, you need to select a CDM cluster when creating an MRS data connection. If no CDM cluster is available, create one first. As a network proxy, the CDM cluster must be able to communicate with the MRS cluster. To ensure network connectivity, the CDM cluster must be in the same region and AZ and use the same VPC and subnet as the MRS cluster. The security group rule must also allow the CDM cluster to communicate with the MRS cluster.
NOTE:
|
hsbroker IP Address List |
Yes |
IP addresses of the hsbroker nodes of the MRS Hetu component. Use commas (,) to separate multiple IP addresses. To obtain the port number, perform the following operations:
|
hsbroker Port |
Yes |
Port number of the hsbroker node of the MRS Hetu component. To obtain the port number, perform the following operations:
|
Data Source Authentication and Other Function Configuration |
||
Authentication Method |
Yes |
This parameter is mandatory when Connection String Mode is selected for Manual.
It specifies the authentication method used for accessing the MRS cluster. The following options are available:
|
Username |
Yes |
Username of the MRS cluster. The user must have permissions of HetuEngine.
To create a data connection for an MRS security cluster, do not use user admin. The admin user is the default management page user and cannot be used as the authentication user of the security cluster. You can create an MRS user whose password never expires by referring to Creating a Kerberos Authentication User for an MRS Security Cluster. When creating an MRS data connection, set Username and Password to the new MRS username and password.
NOTE:
NOTICE:
After creating the HetuEngine user, you need to complete the configurations in Using HetuEngine from Scratch. |
Password |
Yes |
Password for accessing the MRS cluster. |
Creating a Kerberos Authentication User for an MRS Security Cluster
To create a data connection for an MRS security cluster, do not use user admin. The admin user is the default management page user and cannot be used as the authentication user of the security cluster. To create an MRS user, perform the following steps:
For clusters of MRS 3.x:
- Log in to MRS Manager as user admin.
- Choose System > Permission > Security Policy > Password Policy. Click Add Password Policy and add a policy under which the password never expires.
- Set Password Policy Name to neverexp.
- Set Password Validity Period (Days) to 0, indicating that the password never expires.
- Set Password Expiration Notification (Days) to 0.
- Retain the default values for other parameters.
- Choose Create to add a dedicated user as the Kerberos authentication user and set the password policy to neverexp. Select the user group superGroup for the user, and assign all roles to the user.
- For clusters of MRS 3.1.0 or later, the user must at least have permissions of the Manager_viewer role to create data connections in Management Center. To perform database, table, and data operations on components, the user must also have user group permissions of the components.
- For clusters earlier than MRS 3.1.0, the user must have permissions of the Manager_administrator or System_administrator role to create data connections in Management Center.
- A user with only the Manager_tenant or Manager_auditor permission cannot create connections.
. On the page displayed, click - Log in to Manager as the new user and change the initial password. Otherwise, the connection fails to be created.
- Synchronize IAM users.
- Log in to the MRS console.
- Choose Clusters > Active Clusters, select a running cluster, and click its name to go to its details page.
- In the Basic Information area of the Dashboard page, click Synchronize on the right side of IAM User Sync to synchronize IAM users.
- When the policy of the user group to which the IAM user belongs changes from MRS ReadOnlyAccess to MRS CommonOperations, MRS FullAccess, or MRS Administrator, wait for 5 minutes until the new policy takes effect after the synchronization is complete because the SSSD (System Security Services Daemon) cache of cluster nodes needs time to be updated. Then, submit a job. Otherwise, the job may fail to be submitted.
- When the policy of the user group to which the IAM user belongs changes from MRS CommonOperations, MRS FullAccess, or MRS Administrator to MRS ReadOnlyAccess, wait for 5 minutes until the new policy takes effect after the synchronization is complete because the SSSD cache of cluster nodes needs time to be updated.
For clusters of MRS 2.x or earlier:
- Log in to the MRS Manager as user admin.
- On FusionInsight Manager, choose System Settings and click Configure Password Policy to modify the password policy.
- Set Password Validity Period (Days) to 0, indicating that the password never expires.
- Set Password Expiration Notification (Days) to 0.
- Retain the default values for other parameters.
- Choose
- For clusters of MRS 2.x or earlier, the user must have permissions of the Manager_administrator or System_administrator role to create data connections in Management Center.
- A user with only the Manager_tenant or Manager_auditor permission cannot create connections.
. On the page displayed, add a dedicated user as the Kerberos authentication user. Select the user group superGroup for the user, and assign all roles to the user.
- Log in to MRS Manager as the new user and change the initial password. Otherwise, the connection fails to be created.
- Synchronize IAM users.
- Log in to the MRS console.
- Choose Clusters > Active Clusters, select a running cluster, and click its name to go to its details page.
- In the Basic Information area of the Dashboard page, click Synchronize on the right side of IAM User Sync to synchronize IAM users.
- When the policy of the user group to which the IAM user belongs changes from MRS ReadOnlyAccess to MRS CommonOperations, MRS FullAccess, or MRS Administrator, wait for 5 minutes until the new policy takes effect after the synchronization is complete because the SSSD (System Security Services Daemon) cache of cluster nodes needs time to be updated. Then, submit a job. Otherwise, the job may fail to be submitted.
- When the policy of the user group to which the IAM user belongs changes from MRS CommonOperations, MRS FullAccess, or MRS Administrator to MRS ReadOnlyAccess, wait for 5 minutes until the new policy takes effect after the synchronization is complete because the SSSD cache of cluster nodes needs time to be updated.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot