HPE Ezmeral Data Fabric 6.1.x is In Maintenance and transitions to "End of Maintenance" in June 2024. Please see the latest documentation.

About MapR 6.1
This site contains the main documentation for Version 6.1 of the MapR Converged Data Platform, including installation, configuration, administration, and reference information.
6.1 Installation
This section contains information about installing and upgrading MapR software. It also contains information about how to migrate data and applications from an Apache Hadoop cluster to a MapR cluster.
6.1 MapR Data Platform
MapR Data Platform is the industry-leading data platform for AI and analytics that solves enterprise business needs.
6.1 Administration
This section describes how to manage the nodes and services that make up a cluster.
6.1 Development
This section contains information related to application development for Ezmeral ecosystem components and MapR Data Platform products, including the file system, Database (Key-Value and JSON), and Event Streams.
- Application Development Process
  Before you start developing applications on the MapR Data Platform platform, consider how you will get the data into the platform, the storage format of the data, the type of processing or modeling that is required, and how the data will be accessed.
- MapR XD and Apps
  The following sections provide information about accessing the MapR XD with C and Java applications.
- MapR Database and Apps
  This section contains information about developing client applications for JSON and key-value tables.
- MapR Event Store For Apache Kafka and Apps
  MapR Event Store For Apache Kafka brings integrated publish and subscribe messaging to MapR Data Platform.
- MapReduce and Apps
  This section contains information associated with developing YARN applications.
- MapR Data Science Refinery
  The MapR Data Science Refinery product is an easy-to-deploy and scalable data science toolkit with native access to all platform assets and superior out-of-the-box security.
- MapR Data Fabric for Kubernetes
  This section describes how to leverage the capabilities of the MapR Data Fabric for Kubernetes.
- Ecosystem Components
  The following sections provide information about each open-source project that is supported by the MapR Data Platform.
  - Ezmeral Ecosystem Packs
  - AsyncHBase
  - Cascading
  - Apache Drill
  - Flume
  - HBase
  - HBase Client and MapR Database Binary Tables
  - HCatalog
  - Hive
    - Getting Started with Hive
    - Configuring Hive
      - Configure Hive Directories
      - Configuring Hive Client on MapR Client Node
        This topic describes how to configure the Hive client on a MapR client node.
      - Configuring MSCK REPAIR TABLE
        This section guides you through configuring MSCK REPAIR TABLE command to compare and update the partitions in Hive Metastore and file systems.
      - Configuring Database for Hive Metastore
      - User Impersonation for Hive
      - Hive Security
        Hive Security Configuration Options
        This section describes changes made in Hive default configuration. It shows how to configure Hive after manual installation.
        Hive Authentication
        The authentication method that you configure for the Hive Metastore, HiveServer2, and WebHcat determines how these Hive components access and connect to each other.
        Authentication for Hive Metastore
        Authentication for HiveServer2
        Authentication for WebHCat
        Configure Kerberos Authentication for WebHCat
        Configure Simple Authentication for WebHCat
        When the MapR cluster is not secure, simple authentication is enabled for WebHCat. No configuration is required.
        Configure PAM Authentication for WebHCat
        When the MapR cluster is secure, username and password authentication is enabled for WebHCat. No configuration is required.
        Hive Encryption
        When you configure encryption, the thrift messages sent between the Hive Metastore, HiveServer 2, and HiveServer2 clients are encrypted.
        Hive Password Encryption
        EEP 4.0 introduces default configuration for Hive Metastore password encryption using the data-fabric Installer. The password is stored in the hive-site.xml file.
        Hive Authorization
        MapR Data Platform has built-in platform authorization that protects all data regardless of the execution engine. This topic describes alternative authorization modes you can choose to implement.
        Fallback Hive Authorizer
        Fallback Hive Authorizer is used by Hive DDL (Data Definition Language) tasks for access control and for checking authorization from Driver.doAuthorization().
    - Integrating Hive
    - Managing Hive Services
    - Connecting to Hive
    - Enabling High Availability for Hive
      This section describes how to enable High Availability for HiveServer2 and HiveMetastore.
    - Hive Features in MapR Data Platform
      Describes MapR Data Platform-specific features in Hive.
    - Hive 2.3 API Changes
      This topic describes the public API changes that occurred between Hive 2.1 EEP 5.0.0 and Hive 2.3 EEP 6.0.0.
    - Hive 2.1 API
    - Troubleshooting Hive and Tez
    - Hive Logging
      This section describes Hive logging for Hive 2.1 and later releases and includes information about log splitting.
  - HttpFS
  - Hue
  - Impala
  - Livy
    Apache Livy is primarily used to provide integration between Hue and Spark.
  - MapR Event Store For Apache Kafka Clients and Tools
    Describes the supported MapR Event Store For Apache Kafka tools and clients.
  - S3 Gateway
    The S3 gateway is a service that provides an S3-compatible interface to expose data in MapR Data Platform as objects. The S3 gateway manages all inbound S3 API requests to put data into and get data out of cloud storage.
  - Myriad
  - Oozie
  - Pig
  - Sentry
  - Apache Spark
  - Sqoop
  - YARN
  - Zeppelin
- Maven and MapR
  This section discusses topics associated with Maven and MapR.
- Developer's Reference
  This section contains in-depth information for the developer.
- API Documentation
  MapR Data Platform supports public APIs for MapR File System, MapR Database, and MapR Event Store For Apache Kafka. These APIs are available for application-development purposes.
Other Docs
This section contains release-independent information, including: MapR Installer documentation, Ecosystem release notes, interoperability matrices, security vulnerabilities, and links to other MapR version documentation.
Glossary
Definitions for commonly used terms in MapR Converged Data Platform environments.

Configure Kerberos Authentication for WebHCat

About this task

When security features are enabled on your MapR cluster and Kerberos is in use, communications between WebHCat and its clients can use Kerberos with SPNEGO.

To enable WebHCat to use Kerberos, complete the following steps on the node where WebHCat is installed.

Procedure

Create the principal HTTP/<FQDN@REALM> for WebHCat and add the principal to the keytab file. For example:
```
kadmin: addprinc -randkey HTTP/<FQDN@REALM>
kadmin: xst -k /opt/mapr/HTTP.keytab HTTP/<FQDN>
```
Verify the following:
- The principal was added to the /opt/mapr/conf/HTTP.keytab file and that the file is only readable by the mapr user. For example: chown mapr /opt/mapr/conf/HTTP.keytab
- The node where the WebHCat server is running has an HTTP user with a valid maprlogin password.

Add the following section to the /opt/mapr/hive/hive-<version>/hcatalog/etc/webhcat/webhcat-site.xml file:

<property>
    <name>templeton.kerberos.secret</name>
    <value>secret value</value>
</property>
<property>
    <name>templeton.kerberos.principal</name>
    <value>HTTP/<FQDN@REALM></value>
</property>
<property>
    <name>templeton.kerberos.keytab</name>
    <value>/opt/mapr/conf/HTTP.keytab</value>
</property>

Add the following section to the /opt/mapr/hadoop/hadoop-<version>/etc/hadoop/core-site.xml file:

<property>
      <name>hadoop.proxyuser.HTTP.groups</name>
      <value>*</value>
      <description>Allow the superuser mapr to impersonate any member of any group</description>
</property>
<property>
      <name>hadoop.proxyuser.HTTP.hosts</name>
      <value>*</value>
      <description>The superuser can connect from any host to impersonate a user</description>
</property>

Start WebHCat. See Managing the WebHCat Server.
To test if the connection is working, generate a Kerberos ticket with the kinit utility and then run the following command:
```
curl --negotiate -i -u : 'http://<FQDN>:50111/templeton/v1/ddl/database/' 
```