Help Center/ MapReduce Service/ User Guide/ Configuring Storage-Compute Decoupling for an MRS Cluster/ Interconnecting an MRS Cluster with OBS Using an IAM Agency/ Interconnecting an MRS Cluster with OBS Using an IAM Agency
Updated on 2024-09-23 GMT+08:00
View PDF
Share

Interconnecting an MRS Cluster with OBS Using an IAM Agency

MRS allows you to store data in OBS and use an MRS cluster for data computing only. In this way, storage and compute are separated. You can create an IAM agency, which enables ECS to automatically obtain the temporary AK/SK to access OBS. This prevents the AK/SK from being exposed in the configuration file.

By binding an agency, ECSs or BMSs can manage some of your resources. Determine whether to configure an agency based on the actual service scenario. This feature can be used with Hadoop, Hive, Spark, Presto, and Flink components in clusters. To interconnect MRS with OBS using an IAM agency, perform the following tasks:

  1. Creating an ECS Agency with OBS Access Permissions
  2. Creating a Decoupled Storage and Compute Cluster
  3. Creating an OBS File System for Storing Data
  4. Creating a Lifecycle Rule

Creating an ECS Agency with OBS Access Permissions

  • MRS presets MRS_ECS_DEFAULT_AGENCY in the IAM agency list by default, allowing you to choose this agency when creating a cluster. This agency has OBSOperateAccess permission and, for users with fine-grained policies enabled, CESFullAccess, CES Administrator, and KMS Administrator permissions in the region where the cluster is located. Do not modify MRS_ECS_DEFAULT_AGENCY on IAM.
  • If you want to use the preset agency, skip the step for creating an agency. If you want to use a custom agency, perform the following steps to create an agency. (To create or modify an agency, you must have the Security Administrator permission.) If you need to have more fine-grained control over the permissions of a specific path in the OBS file system, you can refer to Configuring Fine-Grained OBS Access Permissions for MRS Cluster Users to create a custom role policy.
  1. Log in to the Huawei Cloud management console.
  2. In the service list, choose Management & Governance > Identity and Access Management.
  3. Choose Agencies. On the displayed page, click Create Agency.
  4. Set Agency Name. For example, enter mrs_ecs_obs.
  5. Set Agency Type to Cloud service and select ECS BMS to authorize ECS or BMS to invoke OBS. See Figure 1.
  6. Set Validity Period to Unlimited and click Done.
    Figure 1 Creating an agency
  7. In the displayed dialog box, click Authorize. Search for OBS OperateAccess and select it.

    If KMS encryption is configured for an OBS bucket, the KMS Administrator policy must be selected.

    Figure 2 Configuring permissions
  8. Click Next. On the page that is displayed, select the desired scope for the permissions you selected. By default, All resources is selected. Click Show More, select Global resources, and click OK.
  9. In the dialog box that is displayed, click OK to start authorization. After the message "Authorization successful." is displayed, click Finish. The agency is successfully created.

Creating a Decoupled Storage and Compute Cluster

You can configure an agency when creating a cluster or bind an agency to an existing cluster to separate storage and compute. This section uses a cluster with Kerberos authentication enabled as an example.

Configuring an agency when creating a cluster:

  1. Go to the Buy Cluster page.
  2. Click Buy Cluster. The page for buying a cluster is displayed.
  3. Click the Custom Config tab.
  4. On the Quick Config tab page, set the following parameters:
    • Basic configuration:
      • Billing Mode: Select Pay-per-use.
      • Region: Select a region as required.
    • Cluster configuration:
      • Cluster Name: You can use the default name. However, you are advised to include an abbreviation of the project name or date to make it easier to distinguish and consolidate memory.
      • Cluster Type: Select Custom.
      • Version Type: Select LTS or Normal.
      • Cluster Version: Select a cluster version as needed, for example, MRS 3.2.0-LTS.1.
      • Component: Be careful when selecting a cluster type that combines multiple components, as certain cluster types do not allow for the addition of components after the cluster has been created.
      • Metadata: Select Local.
    • Network configuration:
      • AZ: Retain the default value.
      • VPC: Use the default value.
      • Subnet: Use the default value.
      • Security Group: Use the default value.
      • EIP: Retain the default value.
    • Node configuration:
      • CPU Architecture: Retain the default value. This parameter is not available for MRS 3.1.0 and 3.1.5.
      • Common Template: This parameter is available only when Cluster Type is set to Custom. Retain the default value.
      • Cluster Node: Select the number of cluster nodes and node specifications based on site requirements.
    • Login credentials:
      • Kerberos Authentication: Determine whether to enable it as needed. If the cluster to create contains Presto, Kerberos authentication cannot be enabled.
      • Username: The default username is admin, which is used to log in to FusionInsight Manager.
      • Password/Confirm Password: Set a password for the user admin. Keep the password secure.
      • Login Mode: Select a method for logging in to ECSs. In this example, select Password.
      • Username: The default username is root, which is used to remotely log in to ECSs.
      • Password/Confirm Password: Set the password for the user root.
    • Advanced Configuration: Enable advanced settings and set an agency.
    • Enterprise Project: Retain the default value.
    • Secure Communications: Select this option. For details, see Configuring Secure Communication Authorization for an MRS Cluster.
  5. Click Buy Now and wait until the cluster is created.

    If Kerberos authentication is enabled for a cluster, check whether Kerberos authentication is required. If yes, click Continue. If no, click Back to disable Kerberos authentication and then create a cluster.

Configuring an agency for an existing cluster:

  1. Log in to the MRS console. In the navigation pane on the left, choose Active Clusters.
  2. Click the name of the cluster to enter its details page.
  3. On the Dashboard page, click Synchronize on the right of IAM User Sync to synchronize IAM users.
  4. On the Dashboard tab page, click Manage Agency on the right side of Agency to select an agency and click OK to bind it. Alternatively, click Create Agency to go to the IAM console to create an agency and select it.
    Figure 3 Binding an agency

Creating an OBS File System for Storing Data

In big data storage-computing decoupling scenarios, make sure to use an OBS parallel file system. For details, see Parallel File System. Using a regular object bucket can significantly impact the performance of the cluster.

  1. Log in to the OBS Console.
  2. Choose Parallel File Systems > Create Parallel File System.
  3. Enter the file system name, for example, mrs-word001.

    Set other parameters as required.

    Figure 4 Creating an OBS parallel file system
  4. Click Create Now.
  5. In the parallel file system list on the OBS console, click the file system name to go to the details page.
  6. In the navigation pane, choose Files and create the program and input folders.
    • program: Upload the program package to this folder.
    • input: Upload the input data to this folder.

Creating a Lifecycle Rule

In MRS 3.2.0-LTS.1 and later versions, components prevent mis-deletion by default. That is, file data deleted by component users is not directly deleted but stored in the recycle bin directory in the OBS file system.

To save OBS space, you need to enable periodical deletion of file data from the OBS recycle bin by referring to Configuring the Policy for Clearing Recycle Bin Directories of MRS Cluster Components.