Versions Compared

Old Version 12

changes.mady.by.user Chandna Mitra

Saved on

compared with

New Version Current

changes.mady.by.user Gouri Bhagchandani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this article

Table of Contents
maxLevel2
absoluteUrltrue

...

You can create an account from Designer or Manager. In Designer, when working on pipelines, every Snap that needs an account prompts you to create a new account or use an existing account. The accounts can be created in or used from:

  • Your private project folder: This folder contains the pipelines that will use the account.
  • Your Project Space’s shared folder: This folder is accessible to all the users that belong to the Project Space.
  • The global shared folder: This folder is accessible to all the users within an organization in the SnapLogic instance.

Account Configuration

In Manager, you can navigate to the required folder and create an account in it (see Accounts). To create an account for binary files:

  1. Click Create, then select Hadoop, then Kerberos.
  2. Supply an account label.

  3. Supply the necessary information.

  4. (Optional) Supply additional information on this account in the Notes field of the Info tab.
  5. Click Apply.
Warning

Avoid changing account credentials while pipelines using them are in progress. This may lead to unexpected results, including locking the account.

Account Types

Kerberos

Account Settings

...

Label

...

Client Principal

...

Overview

Use this account type to connect Hadoop Snaps with data sources that use Kerberos accounts.

Prerequisites

None.

Limitations

The security model configured for the Groundplex (SIMPLE or KERBEROS authentication) must match the security model of the remote server. Due to limitations of the Hadoop library, we are only able to create the necessary internal credentials for the configuration of the Groundplex.

Known Issues

None.

Account Settings

...

Field Name

Field Type

Description

Label


Default Value: N/A
Example: Kerberos Account

String

Multiexcerpt include macro
nameAccount_Label
pageAWS S3 Account for Hadoop

Client Principal

Default Value: N/A
Example: snaplogic/EXAMPLE.COM@ATHENA.MIT.

...

EDU

String

Specify the client principal associated with the account.

Keytab File

...

Default Value: N/A
Example: /keytabs/snaplogic.keytab

String

Specify the path to the Keytab file.

Hadoop config directory

Default Value: N/A
Example: /etc/

...

hadoop/

...

Default value: [None]

...

Required. Service Principal.

Example: krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU

Default value: [None]

Note

Even though you pass both client and server principals here, the Snap only validates the client information and not the server information. This is because server validation requires information that is available only in the Snap's settings and not the Account settings.

Account Encryption

...

If you are using Standard Encryption, the High sensitivity settings under Enhanced Encryption are followed.

...

If you have the Enhanced Account Encryption feature, the following describes which fields are encrypted for each sensitivity level selected per each account.

Account:

  • HighKeytab File
  • Medium + HighKeytab File
  • Low + Medium + HighKeytab File

...

config

String/Expression

Specify the path of the Hadoop configuration files to read the Hadoop configuration for a specific instance of a Hadoop cluster. The account uses the config files from this path to initialize the Hadoop object and establishes a connection with the Hadoop cluster.

  • When you specify a path in this field, the account overrides the value set on the Snaplex system property. This enables you to create multiple Kerberos accounts, each configured to read Hadoop configurations for more than one cluster.  A pipeline can then include multiple instances of the Read or Write Snap, each using a unique account from the account list.

  • If you leave this field blank, the account uses the path in the Snaplex configuration. If the specified Hadoop config locations (either in the account settings or the Snaplex configuration) are invalid, then the Snap generates default security configurations to use.

Troubleshooting

Error Message

Reason

Resolution

Failed to validate account: Kerberos keytab file does not exist or cannot be read.

Specify the location of the keytab file.

This typically means that the Keytab File or Client Principal details provided are incorrect.

Verify if the provided credentials are correct.

Cannot locate default realm

This error appears when the value in the Client Principal field is not in the format expected.

Failure in URL connection or file access denial, detail: SIMPLE authentication is not enabled.  Available:[TOKEN, KERBEROS]

Either the value in the Hadoop config directory field or the Node properties is empty or the configuration directory is invalid.

Specify a valid path for the Hadoop configuration files.


Snap Pack History

...

Related Content