Provide a list of credentials to allow access to HDFS from host other than hdfs_relay.

This is used by files or trees operation when the source is a cluster node (src: node:///...)


Each item of the list has the following attributes:

Name req? Description
host yes The source host
principal yes A Kerberos principal allowing all HDFS related operation to be performed. See below
local_keytab_path yes if
is not defined
A local path to the associated keytab file. This path is relative to the embeding file. See below
node_keytab_path yes if
is not defined
A path to the associated keytab file on the node. See below
when no Boolean. Allow conditional deployment of this item.
Default True

Kerberos authentication

When performing a copy operation (files or trees) from a cluster's host to HDFS, if a principal and ..._keytab_path variables are defined for this host, Kerberos authentication will be activated before issuing the operation.

This means a kinit will be issued with provided values on this host before any HDFS access, and a kdestroy issued after. This has the following consequences:

Regarding the keytab file, two cases:


- host: sr1
  principal: hdfs-mycluster
  node_keytab_path: /etc/security/keytabs/hdfs.headless.keytab