License Statement
Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Revision History
| Version | Date |
|---|---|
2.0.0 |
To be announced. |
1.3.0 |
January, 2016 |
1. About This Document
This guide describes how to provision the end-user Trafodion binaries on top of an existing Hadoop environment. This install allows you to store and query data using Trafodion, either via Trafodion clients (see Trafodion Client Installation Guide or via application code you write.
If you want to install a Trafodion developer-build environment, then please refer to the Trafodion Contributor Guide for instructions.
1.1. Intended Audience
This guide assumes that you are well-versed in Linux and Hadoop administration. If you don’t have such experience, then you should consider going through the steps required to install a Hadoop environment before attempting to install Trafodion.
The instructions contained herein apply to the following environments.
-
Single-Node Environments: Typically used when you want to evaluate Trafodion.
-
Cluster (Multi-Node) Environments: Typically used when you deploy Trafodion for application usage.
| Trafodion can be provisioned on a single-node or multi-node environment. Unless specifically noted, the term cluster is used to mean both single- and multi-node environments. |
The provisioning instructions applies to a diverse set of platforms:
-
Virtual Machines: Often used for evaluations and Trafodion development.
-
Cloud: Used for Product Environments as well as for Developer Environments.
-
Bare Metal: Used for Product Environments as well as for Developer Environments.
| The term node is used to represent a computing platform on which operating system, Hadoop, and Trafodion software is running. Unless specifically qualified (bare-metal node, virtual-machine node, or cloud-node), node represents a computing platform in your cluster regardless of platform type. |
1.2. New and Changed Information
This is a new guide.
1.3. Notation Conventions
This list summarizes the notation conventions for syntax presentation in this manual.
-
UPPERCASE LETTERS
Uppercase letters indicate keywords and reserved words. Type these items exactly as shown. Items not enclosed in brackets are required.
SELECT -
lowercase letters
Lowercase letters, regardless of font, indicate variable items that you supply. Items not enclosed in brackets are required.
file-name -
[ ] Brackets
Brackets enclose optional syntax items.
DATETIME [start-field TO] end-fieldA group of items enclosed in brackets is a list from which you can choose one item or none.
The items in the list can be arranged either vertically, with aligned brackets on each side of the list, or horizontally, enclosed in a pair of brackets and separated by vertical lines.
For example:
DROP SCHEMA schema [CASCADE] DROP SCHEMA schema [ CASCADE | RESTRICT ]
-
{ } Braces
Braces enclose required syntax items.
FROM { grantee [, grantee ] ... }A group of items enclosed in braces is a list from which you are required to choose one item.
The items in the list can be arranged either vertically, with aligned braces on each side of the list, or horizontally, enclosed in a pair of braces and separated by vertical lines.
For example:
INTERVAL { start-field TO end-field } { single-field } INTERVAL { start-field TO end-field | single-field } -
| Vertical Line
A vertical line separates alternatives in a horizontal list that is enclosed in brackets or braces.
{expression | NULL} -
… Ellipsis
An ellipsis immediately following a pair of brackets or braces indicates that you can repeat the enclosed sequence of syntax items any number of times.
ATTRIBUTE[S] attribute [, attribute] ... {, sql-expression } ...An ellipsis immediately following a single syntax item indicates that you can repeat that syntax item any number of times.
For example:
expression-n ... -
Punctuation
Parentheses, commas, semicolons, and other symbols not previously described must be typed as shown.
DAY (datetime-expression) @script-fileQuotation marks around a symbol such as a bracket or brace indicate the symbol is a required character that you must type as shown.
For example:
"{" module-name [, module-name] ... "}" -
Item Spacing
Spaces shown between items are required unless one of the items is a punctuation symbol such as a parenthesis or a comma.
DAY (datetime-expression) DAY(datetime-expression)If there is no space between two items, spaces are not permitted. In this example, no spaces are permitted between the period and any other items:
myfile.sh -
Line Spacing
If the syntax of a command is too long to fit on a single line, each continuation line is indented three spaces and is separated from the preceding line by a blank line.
This spacing distinguishes items in a continuation line from items in a vertical list of selections.
match-value [NOT] LIKE _pattern [ESCAPE esc-char-expression]
1.4. Comments Encouraged
We encourage your comments concerning this document. We are committed to providing documentation that meets your needs. Send any errors found, suggestions for improvement, or compliments to user@trafodion.incubator.apache.org.
Include the document title and any comment, error found, or suggestion for improvement you have concerning this document.
2. Introduction
Trafodion is a Hadoop add-on service that provides transactional SQL on top of HBase. Typically, you use Trafodion as the database for applications that require Online Transaction Processing (OLTP), Operational Data Store (ODS), and/or strong reporting capabilities. You access Trafodion using standard JDBC and ODBC APIs.
You may choose whether to add Trafodion to an existing Hadoop environment or to create a standalone Hadoop environment specifically for Hadoop.
This guide assumes that a Hadoop environment exists upon which your provisioning Trafodion. Refer to Hadoop Software for information about what Hadoop software is required Trafodion.
2.1. Security Considerations
The following users need be considered for Trafodion:
-
Provisioning User: A Linux-level user that performs the Trafodion provisioning tasks. This user ID requires
sudoaccess and passwordless ssh among the nodes where Trafodion is installed. In addition, this user ID requires access to Hadoop distribution, HDFS, and HBase administrative users to change respective environment’s configuration settings per Trafodion requirements. Refer to Trafodion Provisioning User for more information about the requirements and usage associated with this user ID. -
Runtime User: A Linux-level user under which the Trafodion software runs. This user ID must be registered as a user in the Hadoop Distributed File System (HDFS) to store and access objects in HDFS, HBase, and Hive. In addition, this user ID requires passwordless access among the nodes where Trafodion is installed. Refer to Trafodion Runtime User for more information about this user ID.
-
Trafodion Database Users: Trafodion users are managed by the Trafodion security features (grant, revoke, etc.), which can be integrated with LDAP if so desired. These users are referred to as database users and do not have direct access to the operating system. Refer to Register User, Grant, and other SQL statements in the Trafodion SQL Reference Manual for more information about managing Trafodion Database Users.
Optionally, you can enable Trafodion Security. If you do not enable security in Trafodion, then a client interface to Trafodion may request a user name and password, but Trafodion ignores the user name and password entered in the client interface, and the session runs as the database root user,DB__ROOT, without restrictions. If you want to restrict users, restrict access to certain users only, or restrict access to an object or operation, then you must enable security, which enforces authentication and authorization. Refer to Enable Security for more information about this option.
2.2. Provisioning Options
Trafodion ships with a set of scripts (the Trafodion Installer) that takes care of many of the installation and upgrade tasks associated with the Trafodion software and its requirements. There is a separate set of scripts to remove Trafodion, if needed.
Currently, the Trafodion Installer is able to install Trafodion on select Cloudera and Hortonworks Hadoop distributions only. The Trafodion Installer limitations are noted as they apply in the different chapters below. For example, the Trafodion Installer is less capable on SUSE than it is on RedHat/CentOS; you have to install the prerequisite software packages outside the Trafodion Installer.
The Trafodion Installer automates many of the tasks required to install/upgrade Trafodion, spanning from downloading and installing required software packages and making required changes to your Hadoop environment via creating the Trafodion runtime user ID to installing and starting Trafodion. It is, therefore, highly recommend that you use the Trafodion Installer for initial installation and upgrades of Trafodion. These steps are referred to as "Script-Based Provisioning" in this guide. Refer to Trafodion Installer provides usage information.
If, for any reason, you choose not to use the Trafodion Installer, then separate chapters provide step-by-step recipes for the tasks required to install/upgrade Trafodion. These steps are referred to as Recipe-Based Provisioning in this guide. It is assumed that you are well-versed in Linux and Hadoop administrative tasks if using Recipe-Based Provisioning.
2.3. Provisioning Activities
Trafodion provisioning is divided into the following main activities:
-
Requirements: Activities and documentation required to install the Trafodion software. These activities include tasks such as understanding hardware and operating system requirements, Hadoop requirements, what software packages that need to be downloaded, configuration settings that need to be changed, user IDs requirements, and so on.
-
Prepare: Activities to prepare the operating system and the Hadoop ecosystem to run Trafodion. These activities include tasks such as installing required software packages, configure the Trafodion Installation User, gather information about the Hadoop environment, modify configuration for different Hadoop services, and so forth.
-
Install: Activities related to installing the Trafodion software. These activities include tasks such as unpacking the Trafodion tar files, creating the Trafodion Runtime User, creating Trafodion HDFS directories, installing the Trafodion software, and so forth.
-
Upgrade: Activities related to the upgrading the Trafodion software. These activities include tasks such as shutting down Trafodion, installing a new version of the Trafodion software, and so on. The upgrade tasks vary depending on the differences between the current and new release of Trafodion. For example, an upgrade may or may not include an upgrade of the Trafodion metadata.
-
Activate: Activities related to starting the Trafodion software. These actives include basic management tasks such as starting and checking the status of the Trafodion components, performing basic smoke tests, and so forth.
-
Remove: Activities related to removing Trafodion from your Hadoop cluster.
2.4. Provisioning Master Node
All provisioning tasks are performed from a single node in the cluster, which must be part of the Hadoop environment you’re adding Trafodion to. This node is referred to as the "Provisioning Master Node" in this guide.
The Trafodion Provisioning User must have access to all other nodes from the Provisioning Master Node in order to perform provisioning tasks on the cluster.
2.5. Trafodion Installer
The Trafodion Installer is a set of scripts automates most of the tasks requires to install/upgrade Trafodion. You download the Trafodion Installer tar file from the Trafodion download page. Next, you unpack the tar file.
Example
$ mkdir $HOME/trafodion-installer
$ cd $HOME/trafodion-downloads
$ tar -zxf apache-trafodion-installer-1.3.0-incubating-bin.tar.gz -C $HOME/trafodion-installer
$ ls $HOME/trafodion-installer/installer
bashrc_default tools traf_config_check trafodion_apache_hadoop_install traf_package_setup
build-version-1.3.0.txt traf_add_user traf_config_setup trafodion_config_default traf_setup
dcs_installer traf_apache_hadoop_config_setup traf_create_systemdefaults trafodion_install traf_sqconfig
rest_installer traf_authentication_conf_default traf_getHadoopNodes trafodion_license traf_start
setup_known_hosts.exp traf_cloudera_mods98 traf_hortonworks_mods98 trafodion_uninstaller
$The Trafodion Installer supports two different modes:
-
Guided Setup: Prompts for information as it works through the installation/upgrade process. This mode is recommended for new users.
-
Automated Setup: Required information is provided in a pre-formatted bash-script configuration file, which is provided via a command argument when running the Trafodion Installer thereby suppressing all prompts.
A template of the configuration file is available here within the installer directory:
trafodion_config_default. Make a copy of the file in your directory and populate the needed information.Automated Setup is recommended since it allows you to record the required provisioning information information ahead of time. Refer to Automated Setup for information about how to populate this file.
2.5.1. Usage
The following shows help for the Trafodion Installer.
./trafodion_install --help
This script will install Trafodion. It will create a configuration
file (if one has not been created), setup of the environment needed
for Trafodion, configure HBase with Hbase-trx and co-processors needed,
and install a specified Trafodion build.
Options:
--help Print this message and exit
--accept_license If provided, the user agrees to accept all the
provisions in the Trafodion license. This allows
for automation by skipping the display and prompt of
the Trafodion license.
--config_file If provided, all install prompts will be
taken from this file and not prompted for.2.5.2. Install vs. Upgrade
The Trafodion Installer automatically detects whether you’re performing an install
or an upgrade by looking for the Trafodion Runtime User in the /etc/passwd file.
-
If the user ID doesn’t exist, then the Trafodion Installer runs in install mode.
-
If the user ID exists, then the Trafodion Installer runs in upgrade mode.
2.5.3. Guided Setup
By default, the Trafodion Installer runs in Guided Setup mode, which means that it prompts you for information during the install/upgrade process.
Refer to the following sections for examples:
2.5.4. Automated Setup
The --config_file option runs the Trafodion in Automated Setup mode.
Before running the Trafodion Installer with this option, you do the following:
-
Copy the
trafodion_config_defaultfile.Example
cp trafodion_config_default my_config -
Edit the new file using information you collect in the Gather Configuration Information section in the Prepare chapter.
-
Run the Trafodion Installer in Automated Setup Mode
Example
./trafodion_installer --config_file my_config
| Your Trafodion Configuration File contains the password for the Trafodion Runtime User and for the Distribution Manager. Therefore, we recommend that you secure the file in a manner that matches the security policies of your organization. |
Example: Creating a Trafodion Configuration File
Using the instructions in Gather Configuration Information in the Prepare chapter, you record the following information.
| ID | Information | Setting |
|---|---|---|
ADMIN |
Administrator user name for Apache Ambari or Cloudera Manager. |
admin |
BACKUP_DCS_NODES |
List of nodes where to start the backup DCS Master components. |
|
CLOUD_CONFIG |
Whether you’re installing Trafodion on a cloud environment. |
N |
CLOUD_TYPE |
What type of cloud environment you’re installing Trafodion on. |
|
CLUSTER_NAME |
The name of the Hadoop Cluster. |
Cluster 1 |
DCS_BUILD |
Tar file containing the DCS component. |
|
DCS_PRIMARY_MASTER_NODE |
The node where the primary DCS should run. |
|
DCS_SERVER_PARM |
Number of concurrent client sessions per node. |
8 |
ENABLE_HA |
Whether to run DCS in high-availability (HA) mode. |
N |
EPEL_RPM |
Location of EPEL RPM. Specify if you don’t have access to the Internet. |
|
FLOATING_IP |
IP address if running DCS in HA mode. |
|
HADOOP_TYPE |
The type of Hadoop distribution you’re installing Trafodion on. |
cloudera |
HBASE_GROUP |
Linux group name for the HBASE administrative user. |
hbase |
HBASE_USER |
Linux user name for the HBASE administrative user. |
hbase |
HDFS_USER |
Linux user name for the HDFS administrative user. |
hdfs |
HOME_DIR |
Root directory under which the |
/home |
INIT_TRAFODION |
Whether to automatically initialize the Trafodion database. |
Y |
INTERFACE |
Interface type used for $FLOATING_IP. |
|
JAVA_HOME |
Location of Java 1.7.0_65 or higher (JDK). |
/usr/java/jdk1.7.0_67-cloudera |
LDAP_CERT |
Full path to TLS certificate. |
|
LDAP_HOSTS |
List of nodes where LDAP Identity Store servers are running. |
|
LDAP_ID |
List of LDAP unique identifiers. |
|
LDAP_LEVEL |
LDAP Encryption Level. |
|
LDAP_PASSWORD |
Password for LDAP_USER. |
|
LDAP_PORT |
Port used to communicate with LDAP Identity Store. |
|
LDAP_SECURITY |
Whether to enable simple LDAP authentication. |
N |
LDAP_USER |
LDAP Search user name. |
|
LOCAL_WORKDIR |
The directory where the Trafodion Installer is located. |
/home/centos/trafodion-installer/installer |
MANAGEMENT_ENABLED |
Whether your installation uses separate management nodes. |
N |
MANAGEMENT_NODES |
The FQDN names of management nodes, if any. |
|
NODE_LIST |
The FQDN names of the nodes where Trafodion will be installed. |
trafodion-1 trafodion-2 |
PASSWORD |
Administrator password for Apache Ambari or Cloudera Manager. |
admin |
REST_BUILD |
Tar file containing the REST component. |
|
SQ_ROOT |
Target directory for the Trafodion software. |
/home/trafodion/apache-trafodion-1.3.0-incubating-bin |
START |
Whether to start Trafodion after install/upgrade. |
Y |
SUSE_LINUX |
Whether your installing Trafodion on SUSE Linux. |
false |
TRAF_PACKAGE |
The location of the Trafodion installation package tar file or core installation tar file. |
/home/centos/trafodion-download/apache-trafodion-1.3.0-incubating-bin.tar.gz |
TRAF_USER |
The Trafodion runtime user ID. Must be |
trafodion |
TRAF_USER_PASSWORD |
The password used for the |
traf123 |
URL |
FQDN and port for the Distribution Manager’s REST API. |
trafodion-1.apache.org:7180 |
Next, you edit my_config to contain the following:
#!/bin/bash
# @@@ START COPYRIGHT @@@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# @@@ END COPYRIGHT @@@
#====================================================
# Trafodion Configuration File
# This file contains default values for the installer.
# Users can also edit this file and provide values for all parameters
# and then specify this file on the run line of trafodion_install.
# Example:
# ./trafodion_install --config_file <Trafodion-config-file>
# WARNING: This mode is for advanced users!
#
#=====================================================
#=====================================================
#Must be set to 'true' if on a SUSE linux system. If on another type of system
#this must be set to false.
export SUSE_LINUX="false"
# The working directory where Trafodion installer untars files, etc.
# do not change this unless you really know what you are doing
export TRAF_WORKDIR="/usr/lib/trafodion"
# This is the directory where the installer scripts were untarred to
export LOCAL_WORKDIR="/home/centos/trafodion-installer/installer"
# The maximum number of dcs servers, i.e. client connections
export DCS_SERVERS_PARM="8"
# "true" if this is an upgrade
export UPGRADE_TRAF="false"
# Trafodion userid, This is the userid the Trafodion instance will run under
export TRAF_USER="trafodion"
# Trafodion userid's password
export TRAF_USER_PASSWORD="traf123"
# a blank separated list of nodes in your cluster
# node names should include full domain names
#This can not be left blank!
export NODE_LIST="trafodion-1 trafodion-2"
# count of nodes in node list
export node_count="2"
# another list of the same nodes in NODE_LIST but specified in a pdsh usable format
# i.e. "-w centos-cdh[1-6]" or "-w node1 -w node2 -w node3"
export MY_NODES="-w trafodion-[1-2]"
# the directory prefix for the trafodion userid's $HOME directory
# i.e. /opt/home, not /opt/home/trafodion
export HOME_DIR="/home"
#JAVA HOME must be a JDK. Must include FULL Path. Must be 1.7.0_65 or higher.
export JAVA_HOME="/usr/java/jdk1.7.0_67-cloudera"
# If your machine doesn't have external internet access then you must
# specify the location of the EPEL rpm, otherwise leave blank and it
# will be installed from the internet
export EPEL_RPM=""
# full path of the Trafodion package tar file
export TRAF_PACKAGE="/home/centos/trafodion-download/apache-trafodion-1.3.0-incubating-bin.tar.gz"
# if TRAF_PACKAGE wasn't specified then these two values must be specified
# TRAF_BUILD is the trafodion_server tar file
# DCS_BUILD is the DCS tar file
# REST_BUILD is the REST tar file
export TRAF_BUILD=""
export DCS_BUILD=""
export REST_BUILD=""
# Either "cloudera" or "hortonworks" (all lowercase)
export HADOOP_TYPE="cloudera"
# The URL for Cloudera/Hortonworks REST API (i.e. node1.host.com:8080)
export URL="trafodion-1.apache.org:7180"
# Cloudera/Hortonworks UI admin's userid and password
export ADMIN="admin"
export PASSWORD="admin"
# hadoop cluster name
export CLUSTER_NAME=""
# the Hadoop HDFS userid
export HDFS_USER="hdfs"
# the Hadoop HBase userid and group
export HBASE_USER="hbase"
export HBASE_GROUP="hbase"
# The hadoop HBase service name
export HBASE="hbase"
# full path of where to install Trafodion to
# Example is used below. If $HOME_DIR or $TRAF_USER have been changed
# then this will need to be changed.
# On an upgrade, it is recommend to choose a different directory.
# First time install : /home/trafodion/traf
# On Upgrade: /home/trafodion/traf_<date>
# By doing this the previous version will remain and allow for an easier rollback.
export SQ_ROOT="/home/trafodion/apache-trafodion-1.3.0-incubating-bin"
# Start Trafodion after install completes
export START="Y"
# initialize trafodion after starting
export INIT_TRAFODION="Y"
# full path to the sqconfig file
# Default is to leave as is and this file will be created.
export SQCONFIG=""
export CONFIG_COMPLETE="true"
#Turn on simple security. MUST have existing LDAP configured.
export LDAP_SECURITY="N"
#Name of LDAP Config file
export LDAP_AUTH_FILE="traf_authentication_config_${HOSTNAME}"Once completed, run the Trafodion Installer with the --config_file option.
Refer to the following sections for examples:
2.6. Trafodion Provisioning Directories
Trafodion stores its provisioning information in the following directories on each node in the cluster:
-
/etc/trafodion: Configurtion information. -
/usr/lib/trafodion: Copies of the installer files.
3. Requirements
Trafodion requires an x86 version of Linux.
The current release of Trafodion has been tested with:
-
64-bit Red Hat Enterprise Linux (RHEL) or CentOS 6.5, 6.6, and 6.7
-
SUSE SLES 11.3
-
Cloudera CDH 5.2
-
Cloudera CDH 5.3
-
Hortonworks HDP 2.2
Other OS releases may work, too. The Trafodion project is currently working on better support for non-distribution version of Hadoop.
3.1. General Cluster and OS Requirements and Recommendations
64-bit x86 instruction set running a Linux distribution is required. Further, Trafodion assumes an environment based on the requirements of the tested Hadoop distributions/services.
3.1.1. Hardware Requirements and Recommendations
Single-Node Cluster
It is possible to run Trafodion on a single-node sandbox environment. Typically, any sandbox running a Hadoop distribution can be used. A typical single-node configuration uses 4-8 cores with 16 GB of memory, and 20 GB free disk space.
Multi-Node Cluster
For multi-node end-user clusters, your typical HBase environment should suffice for Trafodion. Typically, memory configuration range between 64-128 GB per node with minimum requirement of 16 GB. The cluster size can span from 1 to n nodes; a minimum of two nodes is recommended. A minimum of two cores is required regardless of whether you’re deploying Trafodion on a bare-metal or virtual environment.
Recommended configurations:
| Attribute | Guidance |
|---|---|
Processors per Node |
• Small: 2 cores |
Memory per Node |
• Small: 16 GB |
Concurrency:Nodes |
• Two Small Nodes: Four concurrent queries |
3.1.2. OS Requirements and Recommendations
Please verify these requirements on each node you will install Trafodion on:
| Function | Requirement | Verification Guidance |
|---|---|---|
Linux |
64-bit version of Red Hat 6.5 or later, or SUSE SLES 11.3 or later. |
|
sshd |
The |
• |
ntpd |
The |
• |
FQDN |
• |
• |
Port Availability |
The Linux Kernel Firewall ( |
• |
passwordless ssh |
The user name used to provision Trafodion must have passwordless ssh access to all nodes. |
ssh to the nodes, ensure that no password prompt appears. |
sudo privileges |
The user name used to provision Trafodion must sudo access to a number of root functions . |
|
bash |
Available for shell-script execution. |
|
java |
Available to run the Trafodion software. Same version as HBase is using. |
|
perl |
Available for script execution. |
|
python |
Available for script execution. |
|
yum |
Available for installs, updates, and removal of software packages. |
|
rpm |
Available for installs, updates, and removal of software packages. |
|
scp |
Available to copy files among nodes in the cluster. |
|
curl |
Available to transfer data with URL syntax. |
|
wget |
Available to download files from the Web. |
|
pdsh |
Available to run shell commands in parallel. |
|
pdcp |
Available to copy files among nodes in parallel. part of the |
|
3.1.3. IP Ports
The following table lists the default ports used by the different Trafodion components plus the configuration file and configuration attribute associated with each port setting.
| Default Port | Configuration File | Configuration Entry | Required | Range | Protocol | Comment |
|---|---|---|---|---|---|---|
4200 |
rest-site.xml |
trafodion.rest.port |
Yes |
1 |
REST |
Trafodion REST Server. |
4201 |
rest-site.xml |
trafodion.rest.https.port |
Yes |
1 |
HTTPS |
Trafodion REST Server (HTTPS). |
23400 |
dcs-site.xml |
dcs.master.port |
Yes |
n |
binary |
Start of Trafodion DCS port range. (37800 for Trafodion 1.1) |
24400 |
dcs-site.xml |
dcs.master.info.port |
Yes |
1 |
HTTP |
DCS master web GUI. (40010 for Trafodion 1.1) |
24410 |
dcs-site.xml |
dcs.server.info.port |
Yes |
n |
HTTP |
Start of range for DCS server web GUIs. (40020 for Trafodion 1.1) |
50030 |
mapred-site.xml |
mapred.job.tracker.http.address |
No |
1 |
HTTP |
MapReduce Job Tracker web GUI. |
50070 |
hdfs-site.xml |
dfs.http.address |
No |
1 |
HTTP |
HDFS Name Node web GUI. |
50075 |
hdfs-site.xml |
dfs.datanode.http.address |
No |
1 |
HTTP |
HDFS Data Node web GUI. |
50090 |
hdfs-site.xml |
dfs.secondary.http.address |
No |
1 |
HTTP |
HDFS Secondary Name Node web GUI. |
60010 |
hbase-site.xml |
hbase.master.info.port |
No |
1 |
HTTP |
HBase Master web GUI. |
60030 |
hbase-site.xml |
hbase.regionserver.info.port |
No |
1 |
HTTP |
HBase Region Server web GUI. |
There are two port ranges used by Trafodion.
-
23400 is a range, to allow multiple mxosrvr processes on each node. Allow a range of a few ports, enough to cover all the servers per node that are listed in the "servers" file in the DCS configuration directory.
-
24410 is a range as well, enough to cover the DCS servers per node, usually 1 or 2.
On top of the ports identified above, you also need the ports required by your Hadoop distribution. For example:
Although not all the ports will be used on every node of the cluster, you need to open most of them for all the nodes in the cluster that have Trafodion, HBase, or HDFS servers on them.
3.2. Prerequisite Software
3.2.1. Hadoop Software
Trafodion runs as an add-on service on Hadoop distributions. The following Hadoop services and their dependencies must be installed and running on the cluster where you intend to install Trafodion:
-
Hadoop Distributed File System (HDFS)
-
YARN with MapReduce version 2
-
ZooKeeper
-
HBase
-
Hive
-
Apache Ambari (Hortonworks) or Cloudera Manager (Cloudera) with associated embedded databases.
The following distributions have been tested with Trafodion.1
| Distribution | Version | HBase Version | Installation Documentation |
|---|---|---|---|
Cloudera Distribution Including Apache Hadoop (CDH) |
5.2 or 5.3 |
0.98 |
CHD 5.2 Installation |
Hortonworks Data Platform (HDP) |
2.2 |
0.98 |
-
Future releases of Trafodion will move away from distribution-specific integration. Instead, Trafodion will be tested with specific version of the Hadoop, HDFS, HBase, and other services/products only.
-
When possible, install using parcels to simply the installation process.
| Trafodion does not yet support installation on a non-distribution version of Hadoop; that is, Hadoop downloaded from the Apache web site. This restriction will be lifted in a later release of Trafodion. |
3.2.2. Software Packages
In addition to the software packages required to run different Hadoop services listed above (for example, Java),
Trafodion requires supplementary software to be installed on the cluster before it is installed. These are Linux
tools that are not typically packaged as part of the core Linux distribution.
For RedHat/CentOS, the Trafodion Installer automatically attempts get a subset of these packages over the Internet.
If the cluster’s access to the Internet is disabled, then you need to manually download the packages and make them available
for installation. You need to build and install log4c++ manually.
|
| Package | Usage | Installation |
|---|---|---|
EPEL |
Add-on packages to completed the Linux distribution. |
Download Fedora RPM |
pdsh |
Parallelize shell commands during install and Trafodion runtime utilities. |
yum install pdsh |
log4cxx |
Message logging. |
Manual process1 |
sqlite |
Internal configuration information managed by the Trafodion Foundation component. |
yum install sqlite |
expect |
Not used? |
yum install expect |
perl-DBD-SQLite |
Allows Perl scripts to connect to SQLite. |
yum install perl-DBD-SQLite |
perl-Params-Validate |
Validates method/function parameters in Perl scripts. |
yum install perl-Params-Validate |
perl-Time-HiRes |
High resolution alarm, sleep, gettimeofday, interval timers in Perl scripts. |
yum install perl-Time-HiRes |
protobuf |
Data serialization. |
yum install protobuf |
xerces-c |
C++ XML parsing. |
yum install xerces-c |
gzip |
Data compress/decompress. |
yum install gzip |
rpm-build2 |
Build binary and source software packages. |
yum install rpm-build |
apr-devel2 |
Support files used to build applications using the APR library. |
yum install apr-devel |
apr-util-devel2 |
Support files used to build applications using the APR utility library. |
yum install apr-util-devel |
doxygen2 |
Generate documentation from annotated C++ sources. |
yum install doxygen |
gcc2 |
GNU Compiler Collection |
yum install gcc |
gcc_c++2 |
GNU C++ compiler. |
yum install gcc_c++ |
-
log4c++was recently withdrawn from public repositories. Therefore, you will need to build thelog4c++RPM on your system and then install the RPM using the procedure described in log4c++ Installation. -
Software package required to build
log4c++. Not required otherwise. These packages are not installed by the Trafodion Installer in this release.
The Trafodion Installer requires Internet access to install the required software packages.
3.3. Trafodion User IDs and Their Privileges
3.3.1. Trafodion Runtime User
The trafodion:trafodion user ID is created as part of the installation process. The default password is: traf123.
Trafodion requires that either HDFS ACL support or Kerberos is enabled. The Trafodion Installer will enable HDFS ACL support. Kerberos-based security settings are outside the scope of this guide. Please refer to the security information in Apache HBase™ Reference Guide for information about how to set up HBase security with Kerberos.
Also, Trafodion requires sudo access to ip and arping so that floating or elastic IP addresses can be moved from one node to
another in case of node failures.
Do not create the trafodion:trafodion user ID in advance. The Trafodion Installer uses the presence of this user ID to determine
whether you’re doing an installation or upgrade.
|
3.3.2. Trafodion Provisioning User
Typically, the Trafodion Installer is used for Trafodion installations. It requires access to the user IDs documented below.
Linux Installation User
The user ID that performs the Trafodion installation steps. Typically, this User ID runs the Trafodion Installer.
Requirements:
-
User name or group cannot be
trafodion. -
Passwordless ssh access to all nodes in the cluster.
-
Internet access to download software packages.
-
requirettymust be disabled in/etc/sudoers. -
sudo1 access to:-
Download and install software packages.
-
Modify
/etc/sudoers.d(allow thetrafodionuser to modify floating IP:ipandarping). -
Create the
trafodionuser ID and group. -
Install Trafodion software into the HBase environment.
-
Run Java version command on each node in the cluster.
-
Run Hadoop version command on each node in the cluster.
-
Run HBase version command on each node in the cluster.
-
Create directories and files in:
-
/etc -
/usr/lib -
/var/log
-
-
Invoke
suto execute commands as other users; for example,trafodion. -
Edit
sysctl.confand activate changes usingsysctl -p:-
Modify kernel limits.
-
Reserve IP ports.
-
-
1 sudo is required in the current release of Trafodion. This restriction may be relaxed in later releases.
Alternative mechanisms for privileged access (such as running as root or sudo alternative commands) are not supported.
Distribution Manager User
A user ID that can change the configuration using Apache Ambari or Cloudera Manager. The Trafodion Installer makes REST request to perform configuration and control functions to the distribution manager using this user ID.
Requirements:
-
Administrator user name and password.
-
URL to Distribution Manager’s REST API.
HDFS Administrator User
The HDFS super user. Required to create directories and change security settings, as needed.
The Trafodion Installer uses su to run commands under this user ID.
Requirements:
-
HDFS Administrator user name.
-
Write access to home directory on the node where the Distribution Manager is running.
HBase Administrator User
The HBase super user. Required to change directory ownership in HDFS.
Requirements:
-
HBase Administrator user name and group.
-
Read access to
hbase-site.xml.
3.4. Required Configuration Changes
Trafodion requires changes to a number of different areas of your system configuration: operating system, HDFS, and HBase.
| These changes are performed by the Trafodion Installer, if used. |
3.4.1. Operating System Changes
/etc/security/limits.d/trafodion.conf on each node in the cluster must contain the following settings:
# Trafodion settings
trafodion soft core unlimited
trafodion hard core unlimited
trafodion soft memlock unlimited
trafodion hard memlock unlimited
trafodion soft nofile 32768
trafodion hard nofile 65536
trafodion soft nproc 100000
trafodion hard nproc 1000003.4.2. ZooKeeper Changes
| These changes require a restart of ZooKeeper on all nodes in the cluster. |
Trafodion requires the following changes to zoo.cfg:
| Setting | New Value | Purpose |
|---|---|---|
maxClientCnxns |
0 |
Tell ZooKeeper to impose no limit to the number of connections to enable better Trafodion concurrency. |
3.4.3. HDFS Changes
| These changes require a restart of HDFS on all nodes in the cluster. |
Trafodion requires the following changes to the HDFS environment:
| Action | Purpose |
|---|---|
• Create |
|
• Create |
Used to stage data when processing the Trafodion LOAD INTO table statement and as a temporary directory to create links to actual HFile for snapshot scanning. |
• Create |
|
• Create |
-
These steps are performed after HDFS ACLs have been enabled.
The following changes are required in hdfs-site.xml:
| Setting | New Value | Purpose |
|---|---|---|
dfs.namenode.acls.enabled |
true |
Enable HDFS POSIX Access Control Lists (ACLs). |
3.4.4. HBase Changes
| These changes require a restart of ZooKeeper and HBase on all nodes in the cluster. |
Trafodion requires that the following changes to the HBase environment:
| Action | Affected Directories | Purpose |
|---|---|---|
Install/replace Trafodion’s version of |
• |
Trafodion transaction management relies on an enhanced version of |
Install/Replace Trafodion utility jar file. |
• |
TODO: Add purpose here. |
The following changes are required in hbase-site.xml. Please refer to the
Apache HBase™ Reference Guide for additional descriptions of these settings.
| Setting | New Value | Purpose |
|---|---|---|
hbase.master. distributed.log.splitting |
false |
Do not use the HBase Split Log Manager. Instead, the HMaster controls all log-splitting activities. |
hbase.coprocessor. region.classes |
org.apache.hadoop. hbase.coprocessor. transactional.TrxRegionObserver, org.apache.hadoop. hbase.coprocessor. transactional.TrxRegionEndpoint, org.apache.hadoop. hbase.coprocessor. AggregateImplementation |
Install Trafodion coprocessor classes. |
hbase.hregion.impl |
org.apache.hadoop. hbase.regionserver. transactional.TransactionalRegion |
Trafodion needs to be able to read the Write Ahead Log from a coprocessor using the getScanner method. This method is protected in standard HBase. This change overloads the getScanner method to be public thereby allowing coprocessor code to use it. |
hbase.regionserver. region.split.policy |
org.apache.hadoop. hbase.regionserver. ConstantSizeRegionSplitPolicy |
Tell HBase to use the ConstantSizeRegionSplitPolicy for region splitting. This setting causes region splitting to occur only when the maximum file size is reached. |
hbase.snapshot. enabled |
true |
Enable the HBase Snapshot feature. Used for Trafodion backup and restore. |
hbase.bulkload. staging.dir |
hbase-staging |
Use |
hbase.regionserver.region. transactional.tlog |
true |
The HBase Regions requests that the Transaction Manager re-drives in-doubt transactions. |
hbase.snapshot. master.timeoutMillis |
600000 |
HMaster timeout when waiting for RegionServers involved in the snapshot operation. |
hbase.snapshot. region.timeout |
600000 |
RegionServer timeout when waiting for snapshot to be created. |
hbase.client. scanner.timeout.period |
600000 |
Time limit to perform a scan request. |
hbase.regionserver. lease.period |
600000 |
Clients must report within this time limit or they are considered dead by HBase. |
hbase.namenode. java.heapsize1 |
1073741824 (1GB) |
Java Heap Size for the HDFS NameNode. |
hbase.secondary.namenode. java.heapsize1 |
1073741824 (1GB) |
Java Heap Size for the HDFS Secondary NameNode. |
-
Applies to Cloudera distributions only.
3.5. Recommended Configuration Changes
The following configuration changes are recommended but not required.
| The Trafodion Installer does not make these changes. |
3.5.1. Recommended Security Changes
The trafodion user ID should not be given other sudo privileges than what’s specified in this manual. Also, we
recommend that this user ID is locked (sudo passwd -l trafodion) once the installation/upgrade activity has been completed.
Users that need issue commands as the trafodion ID should do so using sudo; for example, sudo -u trafodion -i.
3.5.2. Recommended HDFS Configuration Changes
These settings are configured in the hadoop-env.sh file.
| Property | Recommended Setting | Guidance |
|---|---|---|
DataNode Java Heap Size |
2 GB |
Use this setting for a large configuration. |
NameNode Java Heap Size |
2 GB |
Use this setting for a large configuration. |
Secondary NameNode Java Heap Size |
2 GB |
Use this setting for a large configuration. |
3.5.3. Recommended HBase Configuration Changes
| Configuration Property | Recommended Setting | Guidance |
|---|---|---|
hbase.rpc.timeout |
10 minutes |
This setting depends on the tables' size. Sixty (60) seconds is the default.
Increase this value for big tables. Make it the same value as |
hbase.client.scanner.timeout.period |
10 minutes |
Similar to the |
hbase.snapshot.master.timeoutMillis and hbase.snapshot.region.timeout |
10 minutes |
HBase’s default setting is 60000 milliseconds. If you experience timeout issues with HBase snapshots when you use the Trafodion Bulk Loader or other statements, you can set the value for these two HBase properties to 10 minutes (600,000 milliseconds). |
hbase.hregion.max.filesize |
107374182400 bytes |
HBase’s default setting is 10737418240 (10 GB). We have increased the setting to 107374182400 (100 GB), which reduces the number of HStoreFiles per table and appears to reduce disruptions to active transactions from region splitting. |
hbase.hstore.blockingStoreFiles |
10 |
|
hbase.regionserver.handler.count |
<num> |
This setting should match the number of concurrent sessions (mxosrvr). The default is 10. |
4. Prepare
You need to prepare your Hadoop environment before installing Trafodion.
4.1. Install Optional Workstation Software
If you are using a Windows workstation, then the following optional software helps installation process. We recommended that you pre-install the software before continuing with the Trafodion installation:
-
putty and puttygen (download from PuTTY web site)
-
VNC client (download from RealVNC web site)
-
Firefox or Chrome browser
-
SFTP client to transfer files from your workstation to the Linux server: WinSCP or FileZilla
4.2. Configure Installation User ID
Trafodion installation requires a user ID with these attributes:
-
sudoaccess per the requirements documented in Linux Installation User. -
passwordless ssh to all nodes on the cluster where Trafodion will be installed.
| You may need to request permission from your cluster-management team to obtain this type of access. |
The following example shows how to set up your user ID to have "passwordless ssh" abilities.
Do the following on the Provision Master Node:
echo -e 'y\n' | ssh-keygen -t rsa -N "" -f $HOME/.ssh/id_rsa
cat $HOME/.ssh/id_rsa.pub >> $HOME/.ssh/authorized_keys
echo localhost $(cat /etc/ssh/ssh_host_rsa_key.pub) >> $HOME/.ssh/known_hosts
echo "NoHostAuthenticationForLocalhost=yes" >> $HOME/.ssh/config
chmod 600 $HOME/.ssh/config
chmod 600 $HOME/.ssh/authorized_keys
chmod 700 $HOME/.ssh/After running these commands, do the following:
-
If necessary, create the
$HOME/.sshdirectory on the other nodes in your cluster and secure it private to yourself (chmod 700). -
If necessary, create the
$HOME/.ssh/authorized_keysfile on the other nodes in your cluster. Secure it withchmod 600 $HOME/.ssh/authorized_keys. -
Copy the content of the
$HOME/.ssh/authorized_keysfile on the Provisioning Master Node and append the to the$HOME/.ssh/authorized_keysfile on the other nodes in your cluster. -
sshto the other nodes in the cluster. Answeryto the prompt asking you whether to continue the connection. This adds the node to the$HOME/.ssh/known_hostsfile completing the passwordless ssh setup.
4.3. Disable requiretty
You need to disable requiretty in /etc/sudoers on all nodes in the cluster
to ensure that sudo commands can be run from inside the installation scripts.
Comment out the Defaults requiretty setting in the /etc/sudoers file to
ensure that the requiretty option is NOT being used.
4.4. Verify OS Requirements and Recommendations
Please ensure that the OS Requirements and Recommendations are met for each node in the cluster where you intend to install Trafodion.
4.5. Configure LDAP Identity Store
If you plan to enable security in Trafodion, then you need to have an LDAP identity store available to perform authentication. The Trafodion Installer prompts you to set up an authentication configuration file that points to an LDAP server (or servers), which enables security (that is, authentication and authorization) in the Trafodion database.
If you wish to manually set up the authentication configuration file and enable security, then refer to the section on Enable Security.
4.6. Gather Configuration Information
You need to gather/decide information about your environment to aid installation Trafodion, both for the Trafodion Installer and for recipe-based provisioning. (Listed in alphabetical order to make it easier to find information when referenced in the install and upgrade instructions.)
| ID1 | Information | Default | Notes |
|---|---|---|---|
ADMIN |
Administrator user name for Apache Ambari or Cloudera Manager. |
admin |
A user that can change configuration and restart services via the distribution manager’s REST API. |
BACKUP_DCS_NODES |
List of nodes where to start the backup DCS Master components. |
None |
Blank separated FQDN list. Not needed if $ENABLE_HA = N. |
CLOUD_CONFIG |
Whether you’re installing Trafodion on a cloud environment. |
N |
N = bare-metal or VM installation. |
CLOUD_TYPE |
What type of cloud environment you’re installing Trafodion on. |
None |
{ AWS | OpenStack | Other }. Not applicable for bare-metal or VM installation. |
CLUSTER_NAME |
The name of the Hadoop Cluster. |
None |
From Apache Ambari or Cloudera Manager. |
DCS_BUILD |
Tar file containing the DCS component. |
None |
Not needed if using a Trafodion package installation tar file. |
DCS_PRIMARY_MASTER_NODE |
The node where the primary DCS should run. |
None |
The DCS Master handles JDBC and ODBC connection requests. |
DCS_SERVER_PARM |
Number of concurrent client sessions per node. |
16 |
This number specifies the concurrent sessions per node to be supported. Each session could require up to 1GB of physical memory. The number can be changed post-installation. For more information, refer to the Trafodion Client Installation Guide. |
ENABLE_HA |
Whether to run DCS in high-availability (HA) mode. |
N |
You need the floating IP address, the interface, and the backup nodes for DCS Master if enabling this feature. |
EPEL_RPM |
Location of EPEL RPM. |
None |
Specify if you don’t have access to the Internet. Downloaded automatically by the Trafodion Installer. |
FLOATING_IP |
IP address if running DCS in HA mode. |
None |
Not needed if $ENABLE_HA = N. An FQDN name or IP address. |
HADOOP_TYPE |
The type of Hadoop distribution you’re installing Trafodion on. |
None |
Lowercase. cloudera or hadoop. |
HBASE_GROUP |
Linux group name for the HBASE administrative user. |
hbase |
Required in order to provide access to select HDFS directories to this user ID. |
HBASE_USER |
Linux user name for the HBASE administrative user. |
hbase |
Required in order to provide access to select HDFS directories to this user ID. |
HDFS_USER |
Linux user name for the HDFS administrative user. |
hdfs |
The Trafodion Installer uses |
HOME_DIR |
Root directory under which the |
/home |
Example |
INIT_TRAFODION |
Whether to automatically initialize the Trafodion database. |
N |
Does not apply to Recipe-Based Provisioning. Applies if $START=Y only. |
INTERFACE |
Interface type used for $FLOATING_IP. |
None |
Not needed if $ENABLE_HA = N. |
JAVA_HOME |
Location of Java 1.7.0_65 or higher (JDK). |
$JAVA_HOME setting |
Fully qualified path of the JDK. For example:
|
LDAP_CERT2 |
Full path to TLS certificate. |
None |
Required of $LDAP_LEVEL = 1 or 2. |
LDAP_HOSTS2 |
List of nodes where LDAP Identity Store servers are running. |
None |
Blank separated. FQDN format. |
LDAP_ID2 |
List of LDAP unique identifiers. |
None |
Blank separated. |
LDAP_LEVEL2 |
LDAP Encryption Level. |
0 |
0: Encryption not used, 1: SSL, 2: TLS |
LDAP_PASSWORD2 |
Password for LDAP_USER. |
None |
If LDAP_USER is required only. |
LDAP_PORT2 |
Port used to communicate with LDAP Identity Store. |
None |
Examples: 389 for no encryption or TLS, 636 for SSL. |
LDAP_SECURITY2 |
Whether to enable simple LDAP authentication. |
N |
If Y, then you need to provide LDAP_HOSTS. |
LDAP_USER2 |
LDAP Search user name. |
None |
If required. If so, must provide LDAP_PASSWORD, too. |
LOCAL_WORKDIR |
The directory where the Trafodion Installer is located. |
None |
Full path, no environmental variables. |
MANAGEMENT_ENABLED |
Whether your installation uses separate management nodes. |
N |
Y if using separate management nodes for Apache Ambari or Cloudera Manager. |
MANAGEMENT_NODES |
The FQDN names of management nodes, if any. |
None |
Provide a blank-separated list of node names. |
NODE_LIST |
The FQDN names of the nodes where Trafodion will be installed. |
None |
Provide a blank-separated list of node names. The Trafodion
Provisioning ID must have passwordless and |
PASSWORD |
Administrator password for Apache Ambari or Cloudera Manager. |
admin |
A user that can change configuration and restart services via the distribution manager’s REST API. |
REST_BUILD |
Tar file containing the REST component. |
None |
Not needed if using a Trafodion package installation tar file. |
SQ_ROOT |
Target directory for the Trafodion software. |
$HOME_DIR/trafodion |
Trafodion is installed in this directory on all nodes in |
START |
Whether to start Trafodion after install/upgrade. |
N |
Does not apply to Recipe-Based Provisioning. |
SUSE_LINUX |
Whether your installing Trafodion on SUSE Linux. |
false |
Auto-detected by the Trafodion Installer. |
TRAF_PACKAGE |
The location of the Trafodion installation package tar file or core installation tar file. |
None |
The package file contains the Trafodion server, DCS, and REST software while the core installation file contains the Trafodion server software only. If you’re using a core installation file, then you need to record the location of the DCS and REST installation tar files, too. Normally, you perform Trafodion provisioning using a Trafodion package installation tar file. |
TRAF_USER |
The Trafodion runtime user ID. |
trafodion |
Must be |
TRAF_USER_PASSWORD |
The password used for the |
traf123 |
Must be 6-8 characters long. |
URL |
FQDN and port for the Distribution Manager’s REST API. |
None |
Include |
-
The ID matches the environmental variables used in the Trafodion Installation configuration file. Refer to Trafodion Installer for more information.
-
Refer to Enable Security for more information about these security settings.
4.7. Install Required Software Packages
4.7.1. Download and Install Packages
This step is required if you’re:
-
Installing Trafodion on SUSE.
-
Using Recipe-Based Provisioning.
-
Can’t download the required software packages using the Internet.
If none of these situations exist, then we highly recommend that you use the Trafodion Installer.
You perform this step as a user with root or sudo access.
Install the packages listed in Software Packages above on all nodes in the cluster. Note the special
handling for log4c++. See Install log4c++ below for more information.
4.7.2. Install log4c++
You perform this step as a user with root or sudo access.
This step is required regardless of the Provisioning Options used.
-
Download the log4c++ RPM from the Trafodion Download page.
-
Copy and Install the log4c++ RPM on All Nodes
Use either
rpm -Uoryum install.Example
# Repeat for all nodes in the cluster from the Provisioning Master Node scp log4cxx-0.10.0-13.el6.x86_64.rpm <other-node>:$PWD ssh <other-node> sudo yum -y install log4cxx-0.10.0-13.el6.x86_64.rpm exit -
Verify RPM Installation on Every Node
Use the following command to verify that
log4c++has been installed on every node in the cluster.# Repeat for all nodes in the cluster sudo rpm -qa | grep log4cxx log4cxx-0.10.0-13.el6.x86_64
4.8. Download Trafodion Binaries
You download the Trafodion binaries from the Trafodion Download page. Download the following packages:
-
Trafodion Installer (if planning to use the Trafodion Installer)
-
Trafodion Server
| You can download and install the Trafodion Clients once you’ve installed and activated Trafodion. Refer to the Trafodion Client Install Guide for instructions. |
Example
$ mkdir $HOME/trafodion-download
$ cd $HOME/trafodion-download
$ # Download the Trafodion Installer binaries
$ wget http://apache.cs.utah.edu/incubator/trafodion/trafodion-1.3.0.incubating/apache-trafodion-installer-1.3.0-incubating-bin.tar.gz
Resolving http://apache.cs.utah.edu... 192.168.1.56
Connecting to http://apache.cs.utah.edu|192.168.1.56|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68813 (67K) [application/x-gzip]
Saving to: "apache-trafodion-installer-1.3.0-incubating-bin.tar.gz"
100%[=====================================================================================================================>] 68,813 124K/s in 0.5s
2016-02-14 04:19:42 (124 KB/s) - "apache-trafodion-installer-1.3.0-incubating-bin.tar.gz" saved [68813/68813]$ # Download the Trafodion Server binaries
$ wget http://apache.cs.utah.edu/incubator/trafodion/trafodion-1.3.0.incubating/apache-trafodion-1.3.0-incubating-bin.tar.gz
Resolving http://apache.cs.utah.edu... 192.168.1.56
Connecting to http://apache.cs.utah.edu|192.168.1.56|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 214508243 (205M) [application/x-gzip]
Saving to: "apache-trafodion-1.3.0-incubating-bin.tar.gz"
100%[=====================================================================================================================>] 214,508,243 3.90M/s in 55s
2016-02-14 04:22:14 (3.72 MB/s) - "apache-trafodion-1.3.0-incubating-bin.tar.gz" saved [214508243/214508243]
$ ls -l
total 209552
-rw-rw-r-- 1 centos centos 214508243 Jan 12 20:10 apache-trafodion-1.3.0-incubating-bin.tar.gz
-rw-rw-r-- 1 centos centos 68813 Jan 12 20:10 apache-trafodion-installer-1.3.0-incubating-bin.tar.gz
$4.9. Preparation for Recipe-Based Provisioning
| This step should be skipped if you plan to use the Trafodion Installer |
4.9.1. Modify OS Settings
Ensure that the /etc/security/limits.d/trafodion.conf on each node contains the limits settings required by Trafodion.
Refer to Operating System Changes for the required settings.
4.9.2. Modify ZooKeeper Configuration
Do the following:
-
Modify the ZooKeeper configuration as follows:
Attribute Setting maxClientCnxns
0
-
Restart ZooKeeper to activate the new configuration setting.
4.9.3. Modify HDFS Configuration
Do the following:
-
Modify the HDFS configuration as follows:
Attribute Setting dfs.namenode.acls.enabled
true
-
Restart HDFS to activate the new configuration setting.
4.9.4. Modify HBase Configuration
Do the following:
-
Modify the HBase configuration as follows:
Attribute Setting hbase.master.distributed.log.splitting
false
hbase.coprocessor.region.classes
org.apache.hadoop.hbase.coprocessor.transactional.TrxRegionObserver,org.apache.hadoop.hbase.coprocessor.transactional.TrxRegionEndpoint, org.apache.hadoop.hbase.coprocessor.AggregateImplementation
hbase.hregion.impl
org.apache.hadoop.hbase.regionserver.transactional.TransactionalRegion
hbase.regionserver.region.split.policy
org.apache.hadoop.hbase.regionserver.ConstantSizeRegionSplitPolicy
hbase.snapshot.enabled
true
hbase.bulkload.staging.dir
hbase-staging
hbase.regionserver.region.transactional.tlog
true
hbase.snapshot.master.timeoutMillis
600000
hbase.snapshot.region.timeout
600000
hbase.client.scanner.timeout.period
600000
hbase.regionserver.lease.period
600000
hbase.namenode.java.heapsizea
1073741824
hbase.secondary.namenode.java.heapsizea
1073741824
a) Applies to Cloudera distributions only.
-
Restart HBase to activate the new configuration setting.
5. Install
This chapter describes how to use the Trafodion Installer to install Trafodion. You use the Trafodion Provisioning ID to run the Trafodion Installer.
| Prior to version 2.0.0, you must install log4c++ on all nodes in the cluster prior to running the Trafodion Installer. Refer to Build and Install log4c++ for instructions. |
5.1. Unpack Installer
You should already have downloaded the Trafodion Binaries per the instructions in the Download Trafodion Binaries in the Prepare chapter. If not, please do so now.
The first step in the installation process is to unpack the Trafodion Installer tar file.
Example
$ mkdir $HOME/trafodion-installer
$ cd $HOME/trafodion-downloads
$ tar -zxf apache-trafodion-installer-1.3.0-incubating-bin.tar.gz -C $HOME/trafodion-installer
$ ls $HOME/trafodion-installer/installer
bashrc_default tools traf_config_check trafodion_apache_hadoop_install traf_package_setup
build-version-1.3.0.txt traf_add_user traf_config_setup trafodion_config_default traf_setup
dcs_installer traf_apache_hadoop_config_setup traf_create_systemdefaults trafodion_install traf_sqconfig
rest_installer traf_authentication_conf_default traf_getHadoopNodes trafodion_license traf_start
setup_known_hosts.exp traf_cloudera_mods98 traf_hortonworks_mods98 trafodion_uninstaller
$5.2. Automated Install
The --config_file option runs the Trafodion in Automated Setup mode. Refer to Trafodion Installer
in the Introduction chapter for instructions of how you edit your configuration file.
Edit your config file using the information you collected in the Gather Configuration Information step in the Prepare chapter.
The following example shows an automated install of Trafodion on a two-node Hortonworks Hadoop cluster.
By default, the Trafodion Installer invokes sqlci so that you can enter the initialize trafodion; command.
This is shown in the example below.
|
Example
-
Run the Trafodion Installer in Automated Setup mode.
$ cd $HOME/trafodion-installer/installer $ ./trafodion_install --config_file my ****************************** TRAFODION INSTALLATION START ****************************** ***INFO: testing sudo access ***INFO: Log file located at /var/log/trafodion/trafodion_install_2016-02-16-21-12-03.log ***INFO: Config directory: /etc/trafodion ***INFO: Working directory: /usr/lib/trafodion ************************************ Trafodion Configuration File Check ************************************ ***INFO: Testing sudo access on node trafodion-1 ***INFO: Testing sudo access on node trafodion-2 ***INFO: Testing ssh on trafodion-1 ***INFO: Testing ssh on trafodion-2 ***INFO: Getting list of all hortonworks nodes ***INFO: Getting list of all hortonworks nodes ***INFO: hortonworks list of nodes: trafodion-1 trafodion-2 ***INFO: Testing ssh on trafodion-1 ***INFO: Testing ssh on trafodion-2 ***INFO: Testing sudo access on trafodion-1 ***INFO: Testing sudo access on trafodion-2 ***DEBUG: trafodionFullName=trafodion_server-1.3.0.tgz ***INFO: Trafodion version = 1.3.0 ***DEBUG: HBase's java_exec=/usr/jdk64/jdk1.7.0_67/bin/java ****************************** TRAFODION SETUP ****************************** ***INFO: Starting Trafodion environment setup (2016-02-16-21-12-31) === 2016-02-16-21-12-31 === # @@@ START COPYRIGHT @@@ # # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at . . . 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS BY TYPING "ACCEPT" YOU AGREE TO THE TERMS OF THIS AGREEMENT: ***INFO: testing sudo access ***INFO: Checking all nodes in specified node list trafodion-1 trafodion-2 ***INFO: Total number of nodes = 2 ***INFO: Starting Trafodion Package Setup (2016-02-16-21-12-35) ***INFO: Installing required packages ***INFO: Log file located in /var/log/trafodion ***INFO: ... EPEL rpm ***INFO: ... pdsh on node trafodion-1 ***INFO: ... pdsh on node trafodion-2 ***INFO: Checking if log4cxx is installed ... ***INFO: Checking if sqlite is installed ... ***INFO: Checking if expect is installed ... . . . ***INFO: trafodion user added successfully ***INFO: Trafodion environment setup completed ***INFO: creating sqconfig file ***INFO: Reserving DCS ports ****************************** TRAFODION MODS ****************************** ***INFO: Hortonworks installed will run traf_hortonworks_mods98 ***INFO: Detected JAVA version 1.7 ***INFO: copying hbase-trx-hdp2_2-1.3.0.jar to all nodes PORT=:8080 ########## Performing 'set' hbase.master.distributed.log.splitting:false on (Site:hbase-site, Tag:version1) ########## PUTting json into: doSet_version1455657199513777160.json . . . Starting the REST environment now starting rest, logging to /home/trafodion/apache-trafodion-1.3.0-incubating-bin/rest-1.3.0/bin/../logs/rest-trafodion-1-rest-trafodion-1.out SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/home/trafodion/apache-trafodion-1.3.0-incubating-bin/rest-1.3.0/lib/slf4j-log4j12-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: Found binding in [jar:file:/usr/hdp/2.2.9.0-3393/hadoop/lib/slf4j-log4j12-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory] DcsMaster is not started. Please start DCS using 'dcsstart' command... Process Configured Actual Down --------- ---------- ------ ---- DcsMaster 1 0 1 DcsServer 2 0 2 mxosrvr 8 8 You can monitor the SQ shell log file : /home/trafodion/apache-trafodion-1.3.0-incubating-bin/logs/sqmon.log Startup time 0 hour(s) 1 minute(s) 9 second(s) Apache Trafodion Conversational Interface 1.3.0 Copyright (c) 2015 Apache Software Foundation >> initialize trafodion; --- SQL operation complete. >> End of MXCI Session ***INFO: Installation completed successfully. ********************************* TRAFODION INSTALLATION COMPLETE ********************************* $ -
Switch to the Trafodion Runtime User and check the status of Trafodion.
Example
$ sudo su - trafodion $ sqcheck Checking if processes are up. Checking attempt: 1; user specified max: 2. Execution time in seconds: 0. The SQ environment is up! Process Configured Actual Down ------- ---------- ------ ---- DTM 2 2 RMS 4 4 MXOSRVR 8 8 $
Trafodion is now running on your Hadoop cluster. Please refer to the Activate chapter for basic instructions on how to verify the Trafodion management and how to perform basic management operations.
5.3. Guided Install
The Trafodion Installer prompts you for the information you collected in the Gather Configuration Information step in the Prepare chapter.
The following example shows a guided install of Trafodion on a two-node Cloudera Hadoop cluster.
By default, the Trafodion Installer invokes sqlci so that you can enter the initialize trafodion; command.
This is shown in the example below.
|
Example
-
Run the Trafodion Installer in guided mode.
$ cd $HOME/trafodion-installer/installer $ ./trafodion_install ****************************** TRAFODION INSTALLATION START ****************************** ***INFO: testing sudo access ***INFO: Log file located at /var/log/trafodion/trafodion_install_2016-02-15-04-45-30.log ***INFO: Config directory: /etc/trafodion ***INFO: Working directory: /usr/lib/trafodion ******************************* Trafodion Configuration Setup ******************************* ***INFO: Please press [Enter] to select defaults. Enter trafodion password, default is [traf123]: traf123 Enter list of nodes (blank separated), default []: trafodion-1 trafodion-2 Enter Trafodion userid's home directory prefix, default is [/home]: /home Specify full path to EPEL RPM (including .rpm), default is None: ***INFO: Will attempt to download RPM if EPEL is not installed on all nodes. Specify location of Java 1.7.0_65 or higher (JDK), default is []: /usr/java/jdk1.7.0_67-cloudera Enter full path (including .tar or .tar.gz) of trafodion tar file []: /home/centos/trafodion-download/apache-trafodion-1.3.0-incubating-bin.tar.gz Enter Hadoop admin username, default is [admin]: Enter Hadoop admin password, default is [admin]: Enter Hadoop external network URL:port (no 'http://' needed), default is []: trafodion-1.apache.org:7180 Enter HDFS username, default is [hdfs]: Enter HBase username, default is [hbase]: Enter HBase group, default is [hbase]: Enter directory to install trafodion to, default is [/home/trafodion/apache-trafodion-1.3.0-incubating-bin]: Total number of client connections per node, default [16]: 8 Enable simple LDAP security (Y/N), default is N: N ***INFO: Configuration file: /etc/trafodion/trafodion_config ***INFO: Trafodion configuration setup complete ************************************ Trafodion Configuration File Check ************************************ The authenticity of host 'trafodion-1 (10.1.30.71)' can't be established. RSA key fingerprint is 83:96:d4:5e:c1:b8:b1:62:8d:c6:78:a7:7f:1f:6a:d7. Are you sure you want to continue connecting (yes/no)? yes ***INFO: Testing sudo access on node trafodion-1 ***INFO: Testing sudo access on node trafodion-2 ***INFO: Testing ssh on trafodion-1 ***INFO: Testing ssh on trafodion-2 ***INFO: Getting list of all cloudera nodes ***INFO: Getting list of all cloudera nodes ***INFO: cloudera list of nodes: trafodion-1 trafodion-2 ***INFO: Testing ssh on trafodion-1 ***INFO: Testing ssh on trafodion-2 ***INFO: Testing sudo access on trafodion-1 ***INFO: Testing sudo access on trafodion-2 ***DEBUG: trafodionFullName=trafodion_server-1.3.0.tgz ***INFO: Trafodion version = 1.3.0 ***DEBUG: HBase's java_exec=/usr/java/jdk1.7.0_67-cloudera/bin/java ****************************** TRAFODION SETUP ****************************** ***INFO: Starting Trafodion environment setup (2016-02-15-07-09-58) === 2016-02-15-07-09-58 === # @@@ START COPYRIGHT @@@ # # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # . . . and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS BY TYPING "ACCEPT" YOU AGREE TO THE TERMS OF THIS AGREEMENT:ACCEPT ***INFO: testing sudo access ***INFO: Checking all nodes in specified node list trafodion-1 trafodion-2 ***INFO: Total number of nodes = 2 ***INFO: Starting Trafodion Package Setup (2016-02-15-07-11-09) ***INFO: Installing required packages ***INFO: Log file located in /var/log/trafodion ***INFO: ... pdsh on node trafodion-1 ***INFO: ... pdsh on node trafodion-2 ***INFO: Checking if log4cxx is installed ... ***INFO: Checking if sqlite is installed ... ***INFO: Checking if expect is installed ... ***INFO: Installing expect on all nodes . . . ***INFO: modifying limits in /usr/lib/trafodion/trafodion.conf on all nodes ***INFO: create Trafodion userid "trafodion" ***INFO: Trafodion userid's (trafodion) home directory: /home/trafodion ***INFO: testing sudo access Generating public/private rsa key pair. Created directory '/home/trafodion/.ssh'. Your identification has been saved in /home/trafodion/.ssh/id_rsa. Your public key has been saved in /home/trafodion/.ssh/id_rsa.pub. The key fingerprint is: 4b:b3:60:38:c9:9d:19:f8:cd:b1:c8:cd:2a:6e:4e:d0 trafodion@trafodion-1 The key's randomart image is: +--[ RSA 2048]----+ | | | . | | . . . | | o * X o | | . E X S | | . o + + | | o . o | | o.. | | oo | +-----------------+ ***INFO: creating .bashrc file ***INFO: Setting up userid trafodion on all other nodes in cluster ***INFO: Creating known_hosts file for all nodes trafodion-1 trafodion-2 ***INFO: trafodion user added successfully ***INFO: Trafodion environment setup completed ***INFO: creating sqconfig file ***INFO: Reserving DCS ports ****************************** TRAFODION MODS ****************************** ***INFO: Cloudera installed will run traf_cloudera_mods98 ***INFO: Detected JAVA version 1.7 ***INFO: copying hbase-trx-cdh5_3-1.3.0.jar to all nodes ***INFO: Cloudera Manager is on trafodion-1 ***INFO: Detected JAVA version 1.7 ***INFO: copying hbase-trx-cdh5_3-1.3.0.jar to all nodes ***INFO: Cloudera Manager is on trafodion-1 % Total % Received % Xferd Average Speed Time Time Time Current . . . ***INFO: Hadoop restart completed successfully ***INFO: waiting for HDFS to exit safemode Safe mode is OFF ***INFO: Setting HDFS ACLs for snapshot scan support ***INFO: Trafodion Mods ran successfully. ****************************** TRAFODION START ****************************** /usr/lib/trafodion/installer/.. ***INFO: Log file location /var/log/trafodion/trafodion_install_2016-02-15-07-08-07.log ***INFO: traf_start ****************************************** ****************************************** ****************************************** ****************************************** /home/trafodion/apache-trafodion-1.3.0-incubating-bin ***INFO: untarring build file /usr/lib/trafodion/apache-trafodion-1.3.0-incubating-bin/trafodion_server-1.3.0.tgz to /home/trafodion/apache-trafodion-1.3.0-incubating-bin . . . ******* Generate public/private certificates ******* Cluster Name : Cluster%201 Generating Self Signed Certificate.... *********************************************************** Certificate file :server.crt Private key file :server.key Certificate/Private key created in directory :/home/trafodion/sqcert *********************************************************** *********************************************************** Updating Authentication Configuration *********************************************************** Creating folders for storing certificates ***INFO: copying /home/trafodion/sqcert directory to all nodes ***INFO: copying install to all nodes ***INFO: starting Trafodion instance Checking orphan processes. Removing old mpijob* files from /home/trafodion/apache-trafodion-1.3.0-incubating-bin/tmp Removing old monitor.port* files from /home/trafodion/apache-trafodion-1.3.0-incubating-bin/tmp Executing sqipcrm (output to sqipcrm.out) Starting the SQ Environment (Executing /home/trafodion/apache-trafodion-1.3.0-incubating-bin/sql/scripts/gomon.cold) Background SQ Startup job (pid: 7276) . . . Zookeeper is listening on port 2181 DcsMaster is listening on port 23400 Process Configured Actual Down --------- ---------- ------ ---- DcsMaster 1 1 DcsServer 2 2 mxosrvr 8 8 You can monitor the SQ shell log file : /home/trafodion/apache-trafodion-1.3.0-incubating-bin/logs/sqmon.log Startup time 0 hour(s) 1 minute(s) 9 second(s) Apache Trafodion Conversational Interface 1.3.0 Copyright (c) 2015 Apache Software Foundation >> initialize trafodion; --- SQL operation complete. >> End of MXCI Session ***INFO: Installation completed successfully. ********************************* TRAFODION INSTALLATION COMPLETE ********************************* $ -
Switch to the Trafodion Runtime User and check the status of Trafodion.
$ sudo su - trafodion $ sqcheck Checking if processes are up. Checking attempt: 1; user specified max: 2. Execution time in seconds: 0. The SQ environment is up! Process Configured Actual Down ------- ---------- ------ ---- DTM 2 2 RMS 4 4 MXOSRVR 8 8 $
Trafodion is now running on your Hadoop cluster. Please refer to the Activate chapter for basic instructions on how to verify the Trafodion management and how to perform basic management operations.
6. Upgrade
This chapter describes how to use the Trafodion Installer to upgrade Trafodion. You use the Trafodion Provisioning ID to run the Trafodion Installer.
6.1. Download Updated Trafodion Binaries
You perform this step as the Trafodion Provisioning User.
You download the updated Trafodion binaries from the Trafodion Download page. Download the following packages:
-
Trafodion Installer (if planning to use the Trafodion Installer)
-
Trafodion Server
Refer to Download Trafodion Binaries in the Prepare chapter for examples.
6.2. Unpack Installer
You perform this step as the Trafodion Provisioning User.
You unpack the updated Trafodion Installer into a new directory.
Example
$ mkdir $HOME/trafodion-installer-2.0
$ cd $HOME/trafodion-downloads
$ tar -zxf apache-trafodion-installer-2.0.0-incubating-bin.tar.gz -C $HOME/trafodion-installer
$ ls $HOME/trafodion-installer/installer-2.0
bashrc_default tools traf_config_check trafodion_apache_hadoop_install traf_package_setup
build-version-2.0.0.txt traf_add_user traf_config_setup trafodion_config_default traf_setup
dcs_installer traf_apache_hadoop_config_setup traf_create_systemdefaults trafodion_install traf_sqconfig
rest_installer traf_authentication_conf_default traf_getHadoopNodes trafodion_license traf_start
setup_known_hosts.exp traf_cloudera_mods98 traf_hortonworks_mods98 trafodion_uninstaller
$6.3. Stop Trafodion
You perform this step as the Trafodion Runtime User.
Example
$ sudo su trafodion
$ sqstop
Shutting down the REST environment now
stopping rest.
Shutting down the DCS environment now
stopping master.
trafodion-1: stopping server.
trafodion-2: stopping server.
stopped $zlobsrv0
stopped $zlobsrv1
Shutting down (normal) the SQ environment!
Wed Feb 17 05:12:40 UTC 2016
Processing cluster.conf on local host trafodion-1
[$Z000KAE] Shell/shell Version 1.0.1 Apache_Trafodion Release 1.3.0 (Build release [1.3.0-0-g5af956f_Bld2], date 20160112_1927)
ps[$Z000KAE] %ps
[$Z000KAE] NID,PID(os) PRI TYPE STATES NAME PARENT PROGRAM
[$Z000KAE] ------------ --- ---- ------- ----------- ----------- ---------------
[$Z000KAE] 000,00064198 000 WDG ES--A-- $WDG000 NONE sqwatchdog
[$Z000KAE] 000,00064199 000 PSD ES--A-- $PSD000 NONE pstartd
[$Z000KAE] 000,00064212 001 GEN ES--A-- $TSID0 NONE idtmsrv
[$Z000KAE] 000,00064242 001 DTM ES--A-- $TM0 NONE tm
[$Z000KAE] 000,00065278 001 GEN ES--A-- $ZSC000 NONE mxsscp
[$Z000KAE] 000,00065305 001 SSMP ES--A-- $ZSM000 NONE mxssmp
[$Z000KAE] 000,00001219 001 GEN ES--A-- $Z0000ZU NONE mxosrvr
[$Z000KAE] 000,00001235 001 GEN ES--A-- $Z00010A NONE mxosrvr
[$Z000KAE] 000,00001279 001 GEN ES--A-- $Z00011J NONE mxosrvr
[$Z000KAE] 000,00001446 001 GEN ES--A-- $Z00016B NONE mxosrvr
[$Z000KAE] 000,00024864 001 GEN ES--A-- $Z000KAE NONE shell
[$Z000KAE] 001,00025180 000 PSD ES--A-- $PSD001 NONE pstartd
[$Z000KAE] 001,00025179 000 WDG ES--A-- $WDG001 NONE sqwatchdog
[$Z000KAE] 001,00025234 001 DTM ES--A-- $TM1 NONE tm
[$Z000KAE] 001,00025793 001 GEN ES--A-- $ZSC001 NONE mxsscp
[$Z000KAE] 001,00025797 001 SSMP ES--A-- $ZSM001 NONE mxssmp
[$Z000KAE] 001,00026587 001 GEN ES--A-- $Z010LPM NONE mxosrvr
[$Z000KAE] 001,00026617 001 GEN ES--A-- $Z010LQH NONE mxosrvr
[$Z000KAE] 001,00026643 001 GEN ES--A-- $Z010LR8 NONE mxosrvr
[$Z000KAE] 001,00026644 001 GEN ES--A-- $Z010LR9 NONE mxosrvr
shutdown
[$Z000KAE] %shutdown
exit
Issued a 'shutdown normal' request
Shutdown in progress
# of SQ processes: 0
SQ Shutdown (normal) from /home/trafodion Successful
Wed Feb 17 05:12:47 UTC 2016
$6.4. Automated Upgrade
You perform this step as the Trafodion Provisioning User.
The --config_file option runs the Trafodion in Automated Setup mode. Refer to Trafodion Installer
in the Introduction chapter for instructions of how you edit your configuration file.
At a minimum, you need to change the following settings:
-
LOCAL_WORKDIR -
TRAF_PACKAGE -
SQ_ROOT
Example
$ cd $HOME/trafodion-configuration
$ cp my_config my_config_2.0
$ # Pre edit content
export LOCAL_WORKDIR="/home/centos/trafodion-installer/installer"
export TRAF_PACKAGE="/home/centos/trafodion-download/apache-trafodion-1.3.0-incubating-bin.tar.gz"
export SQ_ROOT="/home/trafodion/apache-trafodion-1.3.0-incubating-bin"
$ # Use your favorit editor to modify my_config_2.0
$ emacs my_config_2.0
$ # Post edit changes
export LOCAL_WORKDIR="/home/centos/trafodion-installer-2.0/installer"
export TRAF_PACKAGE="/home/centos/trafodion-download/apache-trafodion-2.0.0-incubating-bin.tar.gz"
export SQ_ROOT="/home/trafodion/apache-trafodion-2.0.0-incubating-bin"The following example shows an upgrade of Trafodion on a two-node Hortonworks Hadoop cluster using Automated Setup mode.
| The Trafodion Installer performs the same configuration changes as it does for an installation, including restarting Hadoop services. |
Example
-
Run the updated Trafodion Installer using the modified my_config_2.0 file.
$ cd $HOME/trafodion-installer-2.0/installer $ ./trafodion_install --config_file $HOME/trafodion-configuration/my_config_2.0 ****************************** TRAFODION INSTALLATION START ****************************** ***INFO: Testing sudo access on node trafodion-1 ***INFO: Testing sudo access on node trafodion-2 ***INFO: Testing ssh on trafodion-1 ***INFO: Testing ssh on trafodion-2 ***INFO: Getting list of all hortonworks nodes ***INFO: Getting list of all hortonworks nodes ***INFO: hortonworks list of nodes: trafodion-1 trafodion-2 ***INFO: Testing ssh on trafodion-1 ***INFO: Testing ssh on trafodion-2 ***INFO: Testing sudo access on trafodion-1 ***INFO: Testing sudo access on trafodion-2 ***INFO: Trafodion scanner will not be run. ***DEBUG: trafodionFullName=trafodion_server-2.0.0.tgz ***INFO: Trafodion version = 2.0.0 ***DEBUG: HBase's java_exec=/usr/jdk64/jdk1.7.0_67/bin/java ****************************** TRAFODION SETUP ****************************** ***INFO: Installing required RPM packages ***INFO: Starting Trafodion Package Setup (2016-02-17-05-33-29) ***INFO: Installing required packages ***INFO: Log file located in /var/log/trafodion ***INFO: ... pdsh on node trafodion-1 ***INFO: ... pdsh on node trafodion-2 ***INFO: Checking if log4cxx is installed ... . . . DcsMaster is not started. Please start DCS using 'dcsstart' command... Process Configured Actual Down --------- ---------- ------ ---- DcsMaster 1 0 1 DcsServer 2 0 2 mxosrvr 8 8 You can monitor the SQ shell log file : /home/trafodion/apache-trafodion-2.0.0-incubating-bin/logs/sqmon.log Startup time 0 hour(s) 1 minute(s) 9 second(s) Apache Trafodion Conversational Interface 1.3.0 Copyright (c) 2015 Apache Software Foundation >>Metadata Upgrade: started Version Check: started Metadata is already at Version 1.1. Version Check: done Metadata Upgrade: done --- SQL operation complete. >> End of MXCI Session ***INFO: Installation completed successfully. ********************************* TRAFODION INSTALLATION COMPLETE ********************************* $ -
Switch to the Trafodion Runtime User and check the status of Trafodion.
$ sudo su - trafodion $ sqcheck Checking if processes are up. Checking attempt: 1; user specified max: 2. Execution time in seconds: 0. The SQ environment is up! Process Configured Actual Down ------- ---------- ------ ---- DTM 2 2 RMS 4 4 MXOSRVR 8 8 $
Trafodion is now running on your Hadoop cluster. Please refer to the Activate chapter for basic instructions on how to verify the Trafodion management and how to perform basic management operations.
6.5. Guided Upgrade
You perform this step as the Trafodion Provisioning User.
As in the case with an installation, the Trafodion Installer prompts you for the information you collected in the Gather Configuration Information step in the Prepare chapter. Some of the prompts are populated with the current values.
export LOCAL_WORKDIR="/home/centos/trafodion-installer/installer" export TRAF_PACKAGE="/home/centos/trafodion-download/apache-trafodion-1.3.0-incubating-bin.tar.gz" export SQ_ROOT="/home/trafodion/apache-trafodion-1.3.0-incubating-bin"
The following example shows a guided upgrade of Trafodion on a two-node Cloudera Hadoop cluster.
Example
-
Run the updated Trafodion Installer in Guided Setup mode to perform the upgrade. Change information at prompts as applicable.
$ cd $HOME/trafodion-installer-2.0/installer $ ./trafodion_install ****************************** TRAFODION INSTALLATION START ****************************** ***INFO: testing sudo access ***INFO: Log file located at /var/log/trafodion/trafodion_install_2016-02-17-08-15-33.log ***INFO: Config directory: /etc/trafodion ***INFO: Working directory: /usr/lib/trafodion ******************************* Trafodion Configuration Setup ******************************* ***INFO: Please press [Enter] to select defaults. Enter trafodion password, default is [traf123]: Enter list of nodes (blank separated), default []: trafodion-1.apache.org trafodion-2.apache.org Specify location of Java 1.7.0_65 or higher (JDK), default is [/usr/java/jdk1.7.0_67-cloudera]: Enter full path (including .tar or .tar.gz) of trafodion tar file []: /home/centos/trafodion-download/apache-trafodion-2.0.0-incubating-bin.tar.gz Enter Hadoop admin username, default is [admin]: Enter Hadoop admin password, default is [admin]: Enter Hadoop external network URL:port (no 'http://' needed), default is []: trafodion-1.apache.org:7180 Enter HDFS username, default is [hdfs]: Enter HBase username, default is [hbase]: Enter HBase group, default is [hbase]: Enter directory to install trafodion to, default is [/home/trafodion/apache-trafodion-1.3.0-incubating-bin]: /home/centos/apache-trafodion-2.0.0-incubating-bin Start Trafodion after install (Y/N), default is Y: Total number of client connections per node, default [16]: 8 Enable simple LDAP security (Y/N), default is N: ***INFO: Configuration file: /etc/trafodion/trafodion_config ***INFO: Trafodion configuration setup complete ************************************ Trafodion Configuration File Check ************************************ ***INFO: Testing sudo access on node trafodion-1 ***INFO: Testing sudo access on node trafodion-2 ***INFO: Testing ssh on trafodion-1 ***INFO: Testing ssh on trafodion-2 ***INFO: Getting list of all cloudera nodes ***INFO: Getting list of all cloudera nodes ***INFO: cloudera list of nodes: trafodion-1 trafodion-2 ***INFO: Testing ssh on trafodion-1 ***INFO: Testing ssh on trafodion-2 ***INFO: Testing sudo access on trafodion-1 ***INFO: Testing sudo access on trafodion-2 ***INFO: Checking cloudera Version ***INFO: nameOfVersion=cdh5.3.0 ***INFO: HADOOP_PATH=/usr/lib/hbase/lib ***INFO: Trafodion scanner will not be run. ***DEBUG: trafodionFullName=trafodion_server-1.3.0.tgz ***INFO: Trafodion version = 1.3.0 ***DEBUG: HBase's java_exec=/usr/java/jdk1.7.0_67-cloudera/bin/java ****************************** TRAFODION SETUP ****************************** ***INFO: Installing required RPM packages ***INFO: Starting Trafodion Package Setup (2016-02-17-08-16-11) ***INFO: Installing required packages ***INFO: Log file located in /var/log/trafodion ***INFO: ... pdsh on node trafodion-1 ***INFO: ... pdsh on node trafodion-2 ***INFO: Checking if log4cxx is installed ... ***INFO: Checking if sqlite is installed ... ***INFO: Checking if expect is installed ... ***INFO: Checking if perl-DBD-SQLite* is installed ... ***INFO: Checking if protobuf is installed ... ***INFO: Checking if xerces-c is installed ... ***INFO: Checking if perl-Params-Validate is installed ... ***INFO: Checking if perl-Time-HiRes is installed ... ***INFO: Checking if gzip is installed ... ***INFO: creating sqconfig file ***INFO: Reserving DCS ports ****************************** TRAFODION MODS ****************************** ***INFO: Cloudera installed will run traf_cloudera_mods98 ***INFO: Detected JAVA version 1.7 ***INFO: copying hbase-trx-cdh5_3-1.3.0.jar to all nodes ***INFO: Cloudera Manager is on trafodion-1 . . . Zookeeper is listening on port 2181 DcsMaster is listening on port 23400 Process Configured Actual Down --------- ---------- ------ ---- DcsMaster 1 1 DcsServer 2 2 mxosrvr 8 8 You can monitor the SQ shell log file : /home/trafodion/apache-trafodion-2.0.0-incubating-bin/logs/sqmon.log Startup time 0 hour(s) 1 minute(s) 9 second(s) Apache Trafodion Conversational Interface 1.3.0 Copyright (c) 2015 Apache Software Foundation >> End of MXCI Session ***INFO: Installation completed successfully. ********************************* TRAFODION INSTALLATION COMPLETE ********************************* $ -
Switch to the Trafodion Runtime User and check the status of Trafodion.
$ sudo su - trafodion $ sqcheck Checking if processes are up. Checking attempt: 1; user specified max: 2. Execution time in seconds: 0. The SQ environment is up! Process Configured Actual Down ------- ---------- ------ ---- DTM 2 2 RMS 4 4 MXOSRVR 8 8 $
Trafodion is now running on your Hadoop cluster. Please refer to the Activate chapter for basic instructions on how to verify the Trafodion management and how to perform basic management operations.
7. Activate
7.1. Manage Trafodion
You use the Trafodion runtime user ID to perform Trafodion management operations.
The following table provides an overview of the different Trafodion management scripts.
| Component | Start | Stop | Status |
|---|---|---|---|
All of Trafodion |
sqstart |
sqstop |
sqcheck |
RMS Server |
rmsstart |
rmsstop |
rmscheck |
REST Server |
reststart |
reststop |
- |
LOB Server |
lobstart |
lobstop |
- |
DCS (Database Connectivity Services) |
dcsstart |
dcsstop |
dcscheck |
Example: Start Trafodion
cd $MY_SQROOT/sql/scripts
sqstart
sqcheck7.2. Validate Trafodion Installation
You can use sqlci (part of the base product) or trafci (requires separate install; see the Trafodion Client Installation Guide) to validate your installation.
7.2.1. Smoke Test
A simple smoke test to validate that Trafodion is functioning.
get schemas;
create table table1 (a int);
invoke table1;
insert into table1 values (1), (2), (3), (4);
select * from table1;
drop table table1;
exit;Example
$ sqlci
Apache Trafodion Conversational Interface 1.3.0
Copyright (c) 2015 Apache Software Foundation
>>get schemas;
Schemas in Catalog TRAFODION
============================
SEABASE
_MD_
_REPOS_
--- SQL operation complete.
>>create table table1 (a int);
--- SQL operation complete.
>>invoke table1;
-- Definition of Trafodion table TRAFODION.SEABASE.TABLE1
-- Definition current Mon Feb 15 07:42:02 2016
(
SYSKEY LARGEINT NO DEFAULT NOT NULL NOT DROPPABLE
NOT SERIALIZED
, A INT DEFAULT NULL SERIALIZED
)
--- SQL operation complete.
>>insert into table1 values (1), (2), (3), (4);
--- 4 row(s) inserted.
>>select * from table1;
A
-----------
1
2
3
4
--- 4 row(s) selected.
>>drop table table1;
--- SQL operation complete.
>>exit;
$Assuming no errors, your installation has been successful. Next, do the following:
-
Install the Trafodion client software. Refer to the Trafodion Client Installation Guide.
-
Use Trafodion. Refer to the Trafodion SQL Reference Manual.
-
Review other Trafodion documentation. Refer to the Trafodion documentation.
7.3. Troubleshooting Tips
If you are not able to start up the environment or if there are problems running sqlci or trafci, then verify that the all the processes are up and running.
-
sqcheckshould indicate all processes are running.
If processes are not running as expected, then:
-
sqstopto shut down Trafodion. If some Trafodion processes do not terminate cleanly, then runckillall. -
sqstartto restart Trafodion.
If problems persist please review logs:
-
$MY_SQROOT/logs: Trafodion logs.
8. Remove
You use the Trafodion Provisioning User for these instructions.
You do not need to use the trafodion_uninstaller script if upgrading Trafodion. Instead, use the trafodion_install script,
which automatically upgrades the version of Trafodion. Please refer to the Install chapter for further instructions.
|
Run the commands from the first node of the cluster. Do not run them from a machine that is not part of the Trafodion cluster.
8.1. Stop Trafodion
Do the following:
su trafodion
cd $MY_SQROOT/sql/scripts or cds
sqstop
exitExample
[admin@trafodion-1 ~]$ su trafodion
[trafodion@trafodion-1 scripts]$ cds
[trafodion@trafodion-1 scripts]$ sqstop
Shutting down the REST environment now
stopping rest.
Shutting down the DCS environment now
stopping master.
trafodion-1: stopping server.
trafodion-2: stopping server.
stopped $zlobsrv0
stopped $zlobsrv1
Shutting down (normal) the SQ environment!
Mon Feb 15 07:49:18 UTC 2016
Processing cluster.conf on local host trafodion-1
.
.
.[$Z000HDS] 001,00024772 001 GEN ES--A-- $Z010K7S NONE mxosrvr
[$Z000HDS] 001,00024782 001 GEN ES--U-- $ZLOBSRV1 NONE mxlobsrvr
shutdown
[$Z000HDS] %shutdown
exit
Issued a 'shutdown normal' request
Shutdown in progress
# of SQ processes: 0
SQ Shutdown (normal) from /home/trafodion/apache-trafodion-1.3.0-incubating-bin/sql/scripts Successful
Mon Feb 15 07:49:26 UTC 2016
[trafodion@trafodion-1 scripts]$ exit
[admin@trafodion-1 ~]$8.2. Run trafodion_uninstaller
The trafodion_uninstaller completely removes Trafodion.
Example
[admin@trafodion-1 ~]$ cd $HOME/trafodion-installer/installer
[admin@trafodion-1 installer]$ ./trafodion_uninstaller
Do you want to uninstall Trafodion (Everything will be removed)? (Y/N) y
***INFO: testing sudo access
***INFO: NOTE, rpms that were installed will not be removed.
***INFO: stopping Trafodion instance
SQ environment is not up.
Going to execute ckillall
Can't find file /home/trafodion/.vnc/trafodion-1:1.pid
You'll have to kill the Xvnc process manually
***INFO: restoring linux system files that were changed
***INFO: removing hbase-trx* from Hadoop directories
pdsh@trafodion-1: trafodion-1: ssh exited with exit code 1
pdsh@trafodion-1: trafodion-2: ssh exited with exit code 1
pdsh@trafodion-1: trafodion-1: ssh exited with exit code 1
pdsh@trafodion-1: trafodion-2: ssh exited with exit code 1
***INFO remove the Trafodion userid and group
***INFO: removing all files from /home/trafodion/apache-trafodion-1.3.0-incubating-bin
***INFO: removing all files from /usr/lib/trafodion and /var/log/trafodion
***INFO: removing all files from /etc/trafodion
***INFO: Trafodion uninstall complete.
[admin@trafodion-1 installer]$9. Enable Security
If you do not enable security in Trafodion, then a client interface to Trafodion may request a user name and password,
but Trafodion ignores the user name and password entered in the client interface, and the session runs as the database root user,
DB__ROOT, without restrictions. If you want to restrict users, restrict access to certain users only, or restrict access to an
object or operation, then you must enable security, which enforces authentication and authorization. You can enable security
during installation by answering the Trafodion Installer’s prompts or after installation by running the traf_authentication_setup
script, which enables both authentication and authorization. For more information, see
Authentication Setup Script below.
Trafodion does not manage user names and passwords internally but does support authentication via directory servers that support the OpenLDAP protocol, also known as LDAP servers. You can configure the LDAP servers during installation by answering the Trafodion Installer’s prompts, or you can configure the LDAP servers manually after installation. For more information, please refer to Configuring LDAP Servers below.
Once authentication and authorization are enabled, Trafodion allows users to be registered in the database and allows privileges on objects to be granted to users and roles (which are granted to users). Trafodion also supports component-level (or system-level) privileges, such as MANAGE_USERS, which can be granted to users and roles. Refer to Manage Users below.
9.1. Configuring LDAP Servers
To specify the LDAP server(s) to be used for authentication, you need to configure the text file .traf_authentication_config,
located (by default) in $MY_SQROOT/sql/scripts. This file is a flat file, organized as a series of attribute/value pairs.
Details on all the attributes and values accepted in the authentication configuration file and how to configure alternate locations
can be found in .traf_authentication_config below.
A sample template file is located in $MY_SQROOT/sql/scripts/traf_authentication_config.
Attributes and values in the authentication configuration file are separated with a colon immediately following the attribute name. In general, white space is ignored but spaces may be relevant in some values. Attribute names are always case insensitive. Multiple instances of an attribute are specified by repeating the attribute name and providing the new value. For attributes with only one instance, if the attribute is repeated, the last value provided is used.
Attribute1: valueA
Attribute2: valueB
Attribute1: valueCIf Attribute1 has only one instance, valueC is used, otherwise, valueA and valueC are both added to the list of values for Attribute1.
Attributes are grouped into sections; this is for future enhancements. Attributes are declared in the LOCAL section, unless otherwise specified.
| Section names, attribute names, and the general layout of the authentication configuration file are subject to change in future versions of Trafodion and backward compatibility is not guaranteed. |
Specification of your directory server(s) requires at a minimum:
| Setting | Description | Example |
|---|---|---|
LDAP Host Name(s) |
One or more names of hosts that support the OpenLDAP protocol must be specified. Trafodion attempts to connect to all
provided host names during the authentication process. The set of user names and passwords should be identical on all hosts to avoid unpredictable
results. The attribute name is |
|
LDAP Port Number |
Port number of the LDAP server. Typically this is 389 for servers using no encryption or TLS, and 636 for servers using SSL.
The attribute name is |
|
LDAP Unique Identifier |
Attribute(s) used by the directory server that uniquely identifies the user name. You may provide one or more unique identifier specifiers. |
|
Encryption Level |
A numeric value indicating the encryption scheme used by your LDAP server. Values are: |
|
Search username and password |
Some LDAP servers require a known user name and password to search the directory of user names. If your environment has that requirement, provide these "search" values. |
|
There are additional optional attributes that can be used to customize Trafodion authentication. As mentioned earlier, they are described in .traf_authentication_config below.
You can test the authentication configuration file for syntactic errors using the ldapconfigcheck tool. If you have loaded the Trafodion
environment (sqenv.sh), then the tool automatically checks the file at $MY_SQROOT/sql/scripts/.traf_authentication_config.
If not, you can specify the file to be checked.
Example
ldapconfigcheck -file myconfigfile
File myconfigfile is valid.If an error is found, then the line number with the error is displayed along with the error. Please refer to ldapconfigcheck below for more information.
| The authentication configuration file needs to be propagated to all nodes, but there is a script that does that for you described later. For now, you can test your changes on the local node. |
You can test the LDAP connection using the utility ldapcheck. To use this utility the Trafodion environment must be loaded (sqenv.sh),
but the Trafodion instance does not need to be running. To test the connection only, you can specify any user name, and a name lookup is performed
using the attributes in .traf_authentication_config.
ldapcheck --username=fakename@company.com
User fakename@company.com not foundIf ldapcheck reports either that the user was found or the user was not found, the connection was successful. However, if an error is reported,
either the configuration file is not setup correctly, or there is a problem either with your LDAP server or the connection to the server. You can
get additional error detail by including the --verbose option. Please refer to ldapcheck for more information.
If you supply a password, ldapcheck attempts to authenticate the specified username and password. The example below shows the password
for illustrative purposes, but to avoid typing the password on the command line, leave the password blank (--password=) and the utility
prompts for the password with no echo.
ldapcheck --username=realuser@company.com --password=StrongPassword
Authentication successful9.2. Generate Trafodion Certificate
Trafodion clients such as trafci encrypt the password before sending it to Trafodion. A self-signed certificate is used to encrypt the password.
The certificate and key should be generated when the sqgen script is invoked. By default, the files server.key and server.crt are located
in $HOME/sqcert. If those files are not present and since Trafodion clients does not send unencrypted passwords, then you need to manually generate
those files. To do so, run the script sqcertgen located in $MY_SQROOT/sql/scripts. The script runs openssl to generate the certificate and key.
To run openssl manually, follow the example:
openssl req -x509 -nodes -days 365 -subj '/C=US/ST=California/L=PaloAlto/CN=host.domain.com/O=Some Company/OU=Service Connection'
- newkey rsa:2048 -keyout server.key -out server.crt| Option | Description |
|---|---|
-x509 |
Generate a self-signed certificate. |
-days <validity of certificate> |
Make the certificate valid for the days specified. |
-newkey rsa:<bytes> |
Generate a new private key of type RSA of length 1024 or 2048 bytes. |
-subj <certificateinfo> |
Specify the information that is incorporated in the certificate.
Each instance in a cluster should have a unique common name( |
-keyout <filename> |
Write the newly generated RSA private key to the file specified. |
-nodes |
It is an optional parameter that specifies NOT to encrypt the private key. If you encrypt the private key, then you must enter the password every time the private key is used by an application. |
-out <filename> |
Write the self-signed certificate to the specified file. |
Both the public (server.crt) and private (server.key) files should be placed in the directory $HOME/sqcert. If you do not want to use
the HOME directory or if you want to use different names for the private and/or public key files, then Trafodion supports environment variables
to specific the alternate locations or names.
-
Trafodion first checks the environment variables
SQCERT_PRIVKEYandSQCERT_PUBKEY. If they are set, Trafodion uses the fully qualified filename value of the environment variable.You can specify either one filename environment variable or both.
-
If at least one filename environment variable is not set, Trafodion checks the value of the environment variable
SQCERT_DIR. If set, then the default filenameserver.keyorserver.crtis appended to the value of the environment variableSQCERT_DIR. -
If the filename environment variable is not set and the directory environment variable is not set, then Trafodion uses the default location (
$HOME/sqcert) and the default filename.
9.3. Authentication Setup Script
The final step to enable security is to change the value of the environment variable TRAFODION_ENABLE_AUTHENTICATION from NO to YES
and turn on authorization. This is achieved by invoking the traf_authentication_setup script, which is located in $MY_SQROOT/sql/scripts.
Usage
Usage: traf_authentication_setup [options]
Options:
--file <loc> Optional location of OpenLDAP configuration file
--help Prints this message
--off Disables authentication and authorization
--on Enables authentication and authorization
--setup Enables authentication
--status Returns status of authentication enablement| Option | Description |
|---|---|
|
If specified, then |
|
|
|
If specified, then |
|
Use this option if the Trafodion metadata has not been initialized. This option enables authentication but does not call the database to create privilege-related metadata tables. Later, when Trafodion metadata is initialized, privilege-related metadata tables and default permissions are automatically created. |
|
Reports the value of the environment variable |
Example
INFO: Start of security (authentication and authorization) script Wed Mar 25 15:12:50 PDT 2xxx.
INFO: *** Trafodion security (authentication and authorization) status ***
Authentication is ENABLED
Authorization (grant/revoke) is ENABLED
INFO: End of security (authorization and authentication) script Wed Mar 25 15:12:54 PDT 2xxx.
Any time the environment file (sqenvcom.sh) is changed (and propagated to all nodes), Database Connectivity Services (DCS) must be restarted to
pick up the new value. If the configuration file is changed, it re-reads in 30 minutes (by default), but you can have changes take effect
immediately by restarting DCS.
|
To restart DCS, run the scripts stop-dcs.sh and start-dcs.sh, located in $MY_SQROOT/dcs-<x>.<y>.<z>/bin.
9.4. Manage Users
Users are registered in the Trafodion database and are used to enforce authorization. If security is disabled, any user can register any user at any time.
However, once security is enabled, user administration is considered a secure operation, and registration of users is restricted to DBROOT or any user
granted the MANAGE_USERS component privilege. To initially register a user, connect to Trafodion with the external user mapped to DBROOT
(also known as the Trafodion ID).
When security is enabled, the DBROOT user is registered as the TRAFODION external user name. It is recommended that the DBROOT user be mapped
to the external user name that is used to connect for root operations. To do this, start a sqlci session and perform the ALTER USER command, for example:
ALTER USER DB__ROOT SET EXTERNAL NAME trafodion_rootuser_in_ldap;To learn more about how to register users, grant object and component privileges, and manage users and roles, please see the Trafodion SQL Reference Manual.
9.5. .traf_authentication_config
The .traf_authentication_config file is user to enable the Trafodion security features.
9.5.1. File Location
By default, the Trafodion authentication configuration file is located in $MY_SQROOT/sql/scripts/.traf_authentication_config.
If you want to store the configuration file in a different location and/or use a different filename, then Trafodion supports environment
variables to specify the alternate location/name.
Trafodion firsts checks the environment variable TRAFAUTH_CONFIGFILE. If set, the value is used as the fully-qualified Trafodion
authentication configuration file.
If the environment variable is not set, then Trafodion next checks the variable TRAFAUTH_CONFIGDIR. If set, the value is prepended to
.traf_authentication_config and used as the Trafodion authentication file.
If neither is set, Trafodion defaults to $MY_SQROOT/sql/scripts/.traf_authentication_config.
9.5.2. Template
# To use authentication in Trafodion, this file must be configured
# as described below and placed in $MY_SQROOT/sql/scripts and be named
# .traf_authentication_config. You must also enable authentication by
# running the script traf_authentication_setup in $MY_SQROOT/sql/scripts.
#
# NOTE: the format of this configuration file is expected to change in the
# next release of Trafodion. Backward compatibility is not guaranteed.
#
SECTION: Defaults
DefaultSectionName: local
RefreshTime: 1800
TLS_CACERTFilename:
SECTION: local
# If one or more of the LDAPHostName values is a load balancing host, list
# the name(s) here, one name: value pair for each host.
LoadBalanceHostName:
# One or more identically configured hosts must be specified here,
# one name: value pair for each host.
LDAPHostName:
# Default is port 389, change if using 636 or any other port
LDAPPort:389
# Must specify one or more unique identifiers, one name: value pair for each
UniqueIdentifier:
# If the configured LDAP server requires a username and password to
# to perform name lookup, provide those here.
LDAPSearchDN:
LDAPSearchPwd:
# If configured LDAP server requires TLS(1) or SSL (2), update this value
LDAPSSL:0
# Default timeout values in seconds
LDAPNetworkTimeout: 30
LDAPTimeout: 30
LDAPTimeLimit: 30
# Default values for retry logic algorithm
RetryCount: 5
RetryDelay: 2
PreserveConnection: No
ExcludeBadHosts: Yes
MaxExcludeListSize: 39.5.3. Configuration Attributes
| Attribute Name | Purpose | Example Value | Notes |
|---|---|---|---|
|
Host name of the local LDAP server. |
ldap.master.com |
If more than one |
|
Port number of the local LDAP server. |
345 |
Must be numeric value. Related to |
|
If a search user is needed, the search user distinguished name is specified here. |
cn=aaabbb, dc=demo, dc=net |
If anonymous search is allowed on the local server, then this attribute does not need to be specified or can be specified with no value (blank). To date, anonymous search is the normal approach used. |
|
Password for the |
welcome |
None. |
|
A numeric value specifying whether the local LDAP server interface is unencrypted or TLS or SSL. Legal values are 0 for unencrypted, 1 for SSL, and 2 for TLS. For SSL/TLS, see the section below on Encryption Support. |
0 |
None. |
|
The directory attribute that contains the user’s unique identifier. |
uid=,ou=Users,dc=demo,dc=net |
To account for the multiple forms of |
|
Specifies the timeout (in seconds) after which the next |
20 |
The value must be a positive number or -1. Setting this to -1 results in an infinite timeout. |
|
Specifies the time to wait when performing a search on the LDAP server for the user name. The number must be a positive integer.
This parameter is similar to |
15 |
The server may still apply a lower server-side limit on the duration of a search operation. |
|
Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs aborts if no response is received.
This parameter is similar to |
15 |
The value must be a positive number or -1. Setting this to -1 results in an infinite timeout. |
|
Number of attempts to establish a successful LDAP connection. Default is 5 retries before returning an error. |
10 |
When a failed operation is retried, it is attempted with each configured LDAP server, until the operation is successful or the number of configured retries is exceeded. |
|
Specifies the number of seconds to delay between retries. Default value is 2 seconds. See description of |
1 |
None. |
|
Specifies whether the connection to LDAP server is maintained (YES) or closed (NO) once the operation finishes. Default value is NO. |
YES |
None. |
|
Specifies the number of seconds that must have elapsed before the configuration file is reread. Default is 1800 (30 minutes). |
3600 |
If set to zero, the configuration file is never read. The connectivity servers must be restarted for changes to take effect if this value is zero. This attribute is not specific to either configuration and must be defined in the DEFAULTS section. |
|
Specifies the location of the certificate file for the LDAP server(s). Filename can either be fully qualified or relative to |
cert.pem |
This attribute applies to both configurations. If a configuration does not require a certificate, then this attribute is ignored. This attribute must be defined in the DEFAULTS section. |
|
Specifies the configuration type that is assigned to a user by the |
LOCAL |
This attribute must be defined in the |
9.6. ldapcheck
9.6.1. Usage
ldapcheck [<option>]...
<option> ::= --help|-h display usage information
--username=<LDAP-username>
--password[=<password>]
--primary Use first configuration
--local Use first configuration
--enterprise Use first configuration
--secondary Use second configuration
--remote Use second configuration
--cluster Use second configuration
--verbose Display non-zero retry counts
and LDAP errors9.6.2. Considerations
-
Aliases for primary include enterprise and local. Aliases for secondary include cluster and remote. If no configuration is specified, primary is assumed.
-
The equals sign is required when supplying a value to username or password.
-
To be prompted for a password value with no echo, specify the password argument but omit the equals sign and value.
-
Passwords that contain special characters may need to be escaped if the password is specified on the command line or within a script file.
-
If the password keyword is not specified, only the username is checked. The tool can therefore be used to test the LDAP configuration and connection to the configured LDAP server(s) without knowing a valid username or password.
9.7. ldapconfigcheck
This page describes the ldapconfigcheck tool, which validates the syntactic correctness of a Trafodion authentication configuration file. Trafodion does not need to be running to run the tool.
9.7.1. Considerations
If the configuration filename is not specified, then the tool looks for a file using environment variables. Those environment variables and the search order are:
-
TRAFAUTH_CONFIGFILEA fully qualified name is expected.
-
TRAFAUTH_CONFIGDIRFilename
.traf_authentication_config/is appended to the specified directory -
MY_SQROOT/sql/scripts/.traf_authentication_configis appended to the value ofMY_SQROOT.
9.7.2. Errors
One of the following is output when the tool is run. Only the first error encountered is reported.
| Code | Text |
|---|---|
0 |
File |
1 |
File |
2 |
File: |
3 |
File: |
4 |
File: |
5 |
File: |
6 |
File: |
7 |
No file provided. Either specify a file parameter or verify environment variables. |
8 |
TLS was requested in at least one section, but |
9 |
Missing host name in at least one section. |
10 |
Missing unique identifier in at least one section. |
11 |
At least one LDAP connection configuration section must be specified. |
12 |
Internal error parsing |
10. Install Recipe
To be written.
11. Upgrade Recipe
To be written.