No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionInsight HD 6.5.0 Administrator Guide 02

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
User Information Overview

User Information Overview

User Classification

FusionInsight cluster provides the following three types of users. The system administrator is required to periodically change the passwords. It is not recommended to use the default passwords.

User Type

Description

System user

  • A user created on FusionInsight Manager for FusionInsight system O&M and service scenarios. There are two types of users:
    • Human-machine user: used for FusionInsight Manager O&M scenarios and component client operation scenarios. If you select this value, you need to set Password and Confirm Password by referring to Creating a User.
    • Machine-machine user: used for FusionInsight system application development scenarios.
  • An account that is used to run the OMS database.

System internal user

An account used to implement Kerberos authentication, communication between processes, save user group information, and associate user rights. It is recommended that internal system users not be used in operation and maintenance scenarios. Perform the operation as user admin or contact the system administrator to create a user based on service requirements.

Database user

  • An account used in OMS database management and data access.
  • An account that is used to run the database of service components (Hue, Hive, Metadata, Loader, Oozie, Redis and DBService).

System users

NOTE:
  • User root of the OS is required, the password of user root on all the nodes must be the same.
  • User ldap of the OS is required. The account cannot be deleted because this operation may interrupt cluster running. Password management policies are maintained by administrators.

Type

Username

Initial Password

Description

Password Changing Method

FusionInsight HD system administrator

admin

Admin@123

Administrator of FusionInsight Manager.

See Changing the Password for User admin.

FusionInsight HD node OS user

ommdba

Bigdata123@

User that creates the FusionInsight HD system database. This user is an OS user generated on the management nodes and does not require a unified password. The user cannot be used for remote login.

See Changing the Password for an OS User.

omm

Bigdata123@

Internal running user of the FusionInsight HD system. This user is an OS user generated on all nodes and does not require a unified password.

Internal system users

Type

Default User

Initial Password

Description

Password Changing Method

Kerberos administrator

kadmin/admin

Admin@123

Account that is used to add, delete, and modify the user on Kerberos.

See Changing the Password for the Kerberos Administrator.

OMS Kerberos administrator

kadmin/admin

Admin@123

Account that is used to add, delete, and modify the user on OMS Kerberos.

See Changing the Password for the OMS Kerberos Administrator.

LDAP administrator

cn=root,dc=hadoop,dc=com

LdapChangeMe@123

Account that is used to add, delete, and modify the user information on LDAP.

See Changing the Password for the LDAP Administrator and the LDAP User (Including OMS LDAP).

OMS LDAP administrator

cn=root,dc=hadoop,dc=com

LdapChangeMe@123

Account that is used to add, delete, and modify the user information on OMS LDAP.

LDAP user

cn=pg_search_dn,ou=Users,dc=hadoop,dc=com

pg_search_dn@123

User that is used to query information about users and user groups on LDAP.

OMS LDAP user

cn=pg_search_dn,ou=Users,dc=hadoop,dc=com

pg_search_dn@123

User that is used to query information about users and user groups on OMS LDAP.

LDAP administrator account

cn=krbkdc,ou=Users,dc=hadoop,dc=com

LdapChangeMe@123

Account that is used to query Kerberos component authentication account information.

See Changing the Password for the LDAP Administrator.

cn=krbadmin,ou=Users,dc=hadoop,dc=com

LdapChangeMe@123

Account that is used to add, delete, or query Kerberos component authentication account information.

Component Running User

hdfs

Hdfs@123

HDFS system administrator, permission:

  1. File system operation permission:
    • Views, modifies, and creates files.
    • Views and creates directories.
    • Views and modifies the groups where files belong.
    • Views and sets disk quotas of users.
  2. HDFS management operation permission:
    • Views the WebUI status.
    • Views and sets the active and standby HDFS status.
    • Enters and exits the HDFS in security mode.
    • Checks the HDFS file system.
  3. Logs in to the FTP service.

See Changing the Password for a Component Running User.

hbase

Hbase@123

HBase system administrator, permission:

  • Cluster management permission: Enables and disables tables, and triggers MajorCompact and Access Control List (ACL).
  • Grants and reclaims permission, and shuts down the cluster.
  • Table management permission: Creates, modifies, and deletes tables.
  • Data management permission: Reads and writes table-, column family-, and column-level data.
  • Logs in to the HMaster WebUI.
  • Logs in to the FTP service.

mapred

Mapred@123

MapReduce system administrator, permission:

  • Submits, stops, and views the MapReduce tasks.
  • Modifies the YARN configuration parameters.
  • Accesses the Yarn WebUI.
  • Logs in to the FTP service.

zookeeper

ZooKeeper@123

Zookeeper system administrator, permission:

  • Adds, deletes, modifies, and queries all nodes in ZooKeeper.
  • Modifies and queries quotas of all nodes in ZooKeeper.

spark

Spark@123

Spark system administrator, permission:

  • Accesses the Spark WebUI.
  • Submits Spark tasks.
  • Logs in to the FTP service.

spark1

Spark@123

Spark1 system administrator, permission:

  • Accesses the Spark1 WebUI.
  • Submits Spark tasks.
  • Logs in to the FTP service.

spark2

Spark@123

Spark2 system administrator, permission:

  • Accesses the Spark2 WebUI.
  • Submits Spark tasks.
  • Logs in to the FTP service.

spark3

Spark@123

Spark3 system administrator, permission:

  • Accesses the Spark3 WebUI.
  • Submits Spark tasks.
  • Logs in to the FTP service.

spark4

Spark@123

Spark4 system administrator, permission:

  • Accesses the Spark4 WebUI.
  • Submits Spark tasks.
  • Logs in to the FTP service.

solr

Solr@123

Solr system administrator, permission:

  • Accesses the Solr Admin UI.
  • Configuration file management: Uploads a Solr configuration file to a ZooKeeper directory and modifies the Solr configuration file in the ZooKeeper directory.
  • Index collection management: Creates, deletes, and views collections.
  • Index data operations: Creates, deletes, and views indexes.

elasticsearch

Elastic@123

Elasticsearch system administrator, permission:

  • Index collection management: Creates, deletes, and views indexes.
  • Index data operations: Creates, deletes, and views indexes.

oms/manager

Randomly generated by the system

Controller and NodeAgent authentication user, which has permission on supergroup.

backup/manager

Randomly generated by the system

User for running backup and recovery tasks. The user has permissions of supergroup, wheel, and ficommon as well as permissions to access HDFS, HBase, Hive, and ZooKeeper data in mutually trusted clusters after the cross-cluster trust relationship is configured.

hdfs/hadoop.hadoop.com

Randomly generated by the system

HDFS system startup user, permission:

  1. File system operation permission:
    • Views, modifies, and creates files.
    • Views and creates directories.
    • Views and modifies the groups where files belong.
    • Views and sets disk quotas of users.
  2. HDFS management operation permission:
    • Views the WebUI status.
    • Views and sets the active and standby HDFS status.
    • Enters and exits the HDFS in security mode.
    • Checks the HDFS file system.
  3. Logs in to the FTP service.

mapred/hadoop.hadoop.com

Randomly generated by the system

MapReduce system startup user, permission:

  • Submits, stops, and views the MapReduce tasks.
  • Modifies the YARN configuration parameters.
  • Accesses the Yarn WebUI.
  • Logs in to the FTP service.

mr_zk/hadoop.hadoop.com

Randomly generated by the system

User for MapReduce to access ZooKeeper.

hbase/hadoop.hadoop.com

Randomly generated by the system

User for the authentication between internal components during the HBase system startup.

hbase/zkclient.hadoop.com

Randomly generated by the system

User for HBase to perform ZooKeeper authentication in a security mode cluster.

thrift/hadoop.hadoop.com

Randomly generated by the system

ThriftServer system running user.

thrift/<hostname>

Randomly generated by the system

User for the ThriftServer system to access HBase. This user has the read, write, execute, create, and admin permission on all NameSpaces and tables of HBase. <hostname> specifies the host name of the node where ThriftServer is installed.

hive/hadoop.hadoop.com

Randomly generated by the system

User for the authentication between internal components during the Hive system startup, permission:

  1. Hive administrator permission:
    • Creates, deleted, and modifies databases.
    • Creates, queries, modifies, and deletes tables.
    • Queries, inserts, and loads data.
  2. HDFS file operation permission:
    • Views, modifies, and creates files.
    • Views and creates directories.
    • Views and modifies the groups where files belong.
  3. Submits and stops MapReduce jobs.

hive1/hadoop.hadoop.com

Randomly generated by the system

User for the authentication between internal components during the Hive1 system startup, permission:

  1. Hive1 administrator permission:
    • Creates, deleted, and modifies databases.
    • Creates, queries, modifies, and deletes tables.
    • Queries, inserts, and loads data.
  2. HDFS file operation permission:
    • Views, modifies, and creates files.
    • Views and creates directories.
    • Views and modifies the groups where files belong.
  3. Submits and stops MapReduce jobs.

hive2/hadoop.hadoop.com

Randomly generated by the system

User for the authentication between internal components during the Hive2 system startup, permission:

  1. Hive2 administrator permission:
    • Creates, deleted, and modifies databases.
    • Creates, queries, modifies, and deletes tables.
    • Queries, inserts, and loads data.
  2. HDFS file operation permission:
    • Views, modifies, and creates files.
    • Views and creates directories.
    • Views and modifies the groups where files belong.
  3. Submits and stops MapReduce jobs.

hive3/hadoop.hadoop.com

Randomly generated by the system

User for the authentication between internal components during the Hive3 system startup, permission:

  1. Hive3 administrator permission:
    • Creates, deleted, and modifies databases.
    • Creates, queries, modifies, and deletes tables.
    • Queries, inserts, and loads data.
  2. HDFS file operation permission:
    • Views, modifies, and creates files.
    • Views and creates directories.
    • Views and modifies the groups where files belong.
  3. Submits and stops MapReduce jobs.

hive4/hadoop.hadoop.com

Randomly generated by the system

User for the authentication between internal components during the Hive4 system startup, permission:

  1. Hive4 administrator permission:
    • Creates, deleted, and modifies databases.
    • Creates, queries, modifies, and deletes tables.
    • Queries, inserts, and loads data.
  2. HDFS file operation permission:
    • Views, modifies, and creates files.
    • Views and creates directories.
    • Views and modifies the groups where files belong.
  3. Submits and stops MapReduce jobs.

loader/hadoop.hadoop.com

Randomly generated by the system

User for Loader system startup and Kerberos authentication.

HTTP/<hostname>

Randomly generated by the system

Used to connect to the HTTP interface of each component. <hostname> indicates the name of the node in the cluster.

hue

Randomly generated by the system

User for Hue system startup, Kerberos authentication, and HDFS and Hive access.

flume

Randomly generated by the system

User for Flume system startup and HDFS and Hive access. The user has read and write permission of the HDFS directory /flume.

ftpserver

Randomly generated by the system

FTP-Server system startup user.

metadata/hadoop.hadoop.com

Randomly generated by the system

Metadata system startup user for accessing Hive and HBase metadata.

spark/hadoop.hadoop.com

Randomly generated by the system

Spark system startup user.

spark_zk/hadoop.hadoop.com

Randomly generated by the system

User for Spark to access ZooKeeper.

spark1/hadoop.hadoop.com

Randomly generated by the system

Spark1 system startup user.

spark2/hadoop.hadoop.com

Randomly generated by the system

Spark2 system startup user.

spark3/hadoop.hadoop.com

Randomly generated by the system

Spark3 system startup user.

spark4/hadoop.hadoop.com

Randomly generated by the system

Spark4 system startup user.

zookeeper/hadoop.hadoop.com

Randomly generated by the system

ZooKeeper system startup user.

zkcli/hadoop.hadoop.com

Randomly generated by the system

ZooKeeper server login user.

oozie

Randomly generated by the system

User for Oozie system startup and Kerberos authentication.

solr/hadoop.hadoop.com

Randomly generated by the system

  • Used to access the HDFS data directory. The HDFS Solr data directory is /user/solr and the user has the read and write permission of the directory.
  • Used to access the ZooKeeper data directory. The user can access all the files in the /solr directory in ZooKeeper and has the read and write permission of all the files in the directory.

elasticsearch/hadoop.hadoop.com

Randomly generated by the system

Used to access the ZooKeeper data directory. The user can access all the files in the /elasticsearch directory in ZooKeeper and has the read and write permission of all the files in the directory.

HTTP/<hostname>

Randomly generated by the system

User for performing Kerberos authentication on the HTTP service of Solr.

HTTP/SOLR_SERVER_IP

Randomly generated by the system

User for performing Kerberos authentication on the HTTP service of Solr.

HTTP/SOLR_FLOAT_IP

Randomly generated by the system

User for performing Kerberos authentication on the HTTP service of Solr.

kafka/hadoop.hadoop.com

Randomly generated by the system

Security authentication for Kafka.

storm/hadoop.hadoop.com

Randomly generated by the system

Storm system startup user.

storm_zk/hadoop.hadoop.com

Randomly generated by the system

User for the Worker process to access ZooKeeper.

redisCli

Randomly generated by the system

Redis administrator.

redis/hadoop.hadoop.com

Randomly generated by the system

Redis system startup user.

check_ker_M

Randomly generated by the system

User for performing a system internal test about whether the Kerberos service is normal.

K/M

Randomly generated by the system

Kerberos internal functional user. This user cannot be deleted, and the password of this user cannot be changed. This internal account cannot be used on the nodes where Kerberos service is not installed.

None

kadmin/changepw

Randomly generated by the system

kadmin/history

Randomly generated by the system

krbtgt/HADOOP.COM

Randomly generated by the system

LDAP user

admin

None

Administrator of FusionInsight Manager.

The primary group is compcommon and the admin does not have the rights of the group but has the rights of the Manager_administrator role.

NOTE:

If you upgrade from the previous version of V100R002C60U20 to the current version, the primary group is supergroup.

The LDAP user does not support login and authentication, and does not have password changing method.

backup

The primary group is supergroup.

backup/manager

The primary group is supergroup.

oms

The primary group is supergroup.

oms/manager

The primary group is supergroup.

zookeeper

The primary group is hadoop.

zookeeper/hadoop.hadoop.com

The primary group is hadoop.

zkcli

The primary group is hadoop.

zkcli/hadoop.hadoop.com

The primary group is hadoop.

flume

The primary group is hadoop.

ftpserver

The primary group is supergroup.

hdfs

The primary group is hadoop.

hdfs/hadoop.hadoop.com

The primary group is hadoop.

mapred

The primary group is hadoop.

mapred/hadoop.hadoop.com

The primary group is hadoop.

mr_zk

The primary group is hadoop.

mr_zk/hadoop.hadoop.com

The primary group is hadoop.

hue

The primary group is supergroup.

hive

The primary group is hive.

hive/hadoop.hadoop.com

The primary group is hive.

hive1

The primary group is hive1.

hive1/hadoop.hadoop.com

The primary group is hive1.

hive2

The primary group is hive2.

hive2/hadoop.hadoop.com

The primary group is hive2.

hive3

The primary group is hive3.

hive3/hadoop.hadoop.com

The primary group is hive3.

hive4

The primary group is hive4.

hive4/hadoop.hadoop.com

The primary group is hive4.

hbase

The primary group is hadoop.

hbase/hadoop.hadoop.com

The primary group is hadoop.

thrift

The primary group is hadoop.

thrift/hadoop.hadoop.com

The primary group is hadoop.

oozie

The primary group is hadoop.

hbase/zkclient.hadoop.com

The primary group is hadoop.

loader

The primary group is hadoop.

loader/hadoop.hadoop.com

The primary group is hadoop.

spark

The primary group is hadoop.

spark/hadoop.hadoop.com

The primary group is hadoop.

spark_zk

The primary group is hadoop.

spark1

The primary group is hadoop.

spark1/hadoop.hadoop.com

The primary group is hadoop.

spark2

The primary group is hadoop.

spark2/hadoop.hadoop.com

The primary group is hadoop.

spark3

The primary group is hadoop.

spark3/hadoop.hadoop.com

The primary group is hadoop.

spark4

The primary group is hadoop.

spark4/hadoop.hadoop.com

The primary group is hadoop.

metadata

The primary group is supergroup.

metadata/hadoop.hadoop.com

The primary group is supergroup.

kafka

The primary group is kafkaadmin.

kafka/hadoop.hadoop.com

The primary group is kafkaadmin.

storm

The primary group is stormadmin.

storm/hadoop.hadoop.com

The primary group is stormadmin.

storm_zk

The primary group is storm.

storm_zk/hadoop.hadoop.com

The primary group is storm.

redisCli

The primary group is supergroup.

redis

The primary group is supergroup.

redis/hadoop.hadoop.com

The primary group is supergroup.

solr

The primary group is solr.

solr/hadoop.hadoop.com

The primary group is solr.

graphbase

The primary group is supergroup.

Database User

System database users contain OMS database users and DBService database users.

Type

Default User

Initial Password

Description

Password Changing Method

OMS database

ommdba

dbChangeMe@123456

Database administrator who performs maintenance operations, such as creates, starts, and stops applications.

See Changing the Password for the OMS Database Administrator.

omm

ChangeMe@123456

Service data access user

See Changing the Password for the OMS Database Data Access User.

DBService database

omm

dbserverAdmin@123

Administrator of the GaussDB database in the DBService component

See Changing the Password for a Component Database User.

hive

HiveUser@

User for Hive to connect to the DBService database hivemeta

hive1

HiveUser@

User for Hive1 to connect to the DBService database hivemeta1

hive2

HiveUser@

User for Hive2 to connect to the DBService database hivemeta2

hive3

HiveUser@

User for Hive3 to connect to the DBService database hivemeta3

hive4

HiveUser@

User for Hive4 to connect to the DBService database hivemeta4

hue

HueUser@123

User for Hue to connect to the DBService database hue

sqoop

SqoopUser@

User for Loader to connect to the DBService database sqoop

metadata

Huawei123!

User for Metadata to connect to the DBService database metadata

oozie

OozieUser@

User for Oozie to connect to the DBService database oozie

redis

redisDB@

User for Redis to connect to the DBService database redismeta

Download
Updated: 2019-05-17

Document ID: EDOC1100074522

Views: 6085

Downloads: 12

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next