Updated on 2022-09-23 GMT+08:00

Configuring Users to Access Resources of a Trusted Cluster

Scenario

After cross-cluster mutual trust is configured, permission must be configured for users in the local cluster, so that the users can access the same resources in the peer cluster as the users in the peer cluster.

The operations described in this section apply only to clusters of versions earlier than MRS 3.x.

For clusters of MRS 3.x or later, see Assigning User Permissions After Cross-Cluster Mutual Trust Is Configured.

Prerequisites

The mutual trust relationship has been configured between two clusters (clusters A and B). The clients of the clusters have been updated.

Procedure

  1. Log in to MRS Manager of cluster A and choose System > Manage User. Check whether cluster A has accounts that are the same as those of cluster B.

    • If yes, go to 2.
    • If no, go to 3.

  2. Click on the left side of the username to unfold the detailed user information. Check whether the user group and role to which the user belongs meet the service requirements.

    For example, user admin of cluster A has the permission to access and create files in the /tmp directory of cluster A. Then go to 4.

  3. Create the accounts in cluster A and bind the accounts to the user group and roles required by the services. Then go to 4.
  4. Choose Service > HDFS > Instance. Query the OM IP Address of NameNode (Active).
  5. Log in to the client of cluster B.

    For example, if you have updated the client on the Master2 node, log in to the Master2 node to use the client. For details, see Using an MRS Client.

  6. Run the following command to access the /tmp directory of cluster A.

    hdfs dfs -ls hdfs://192.168.6.159:9820/tmp

    In the preceding command, 192.168.6.159 is the IP address of the active NameNode of cluster A; 9820 is the default port for communication between the client and the NameNode.

  7. Run the following command to create a file in the /tmp directory of cluster A:

    hdfs dfs -touchz hdfs://192.168.6.159:9820/tmp/mrstest.txt

    If you can query the mrstest.txt file in the /tmp directory of cluster A, the cross-cluster mutual trust is configured successfully.