Provisioning Guide

Version 2.0.0
Table of Contents
1. About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2. New and Changed Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3. Notation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.4. Comments Encouraged ..................................................................... 6
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.1. Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.2. Provisioning Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.3. Provisioning Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.4. Provisioning Master Node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.5. Trafodion Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.5.1. Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.5.2. Install vs. Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.5.3. Guided Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.5.4. Automated Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.6. Trafodion Provisioning Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.1. General Cluster and OS Requirements and Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.1.1. Hardware Requirements and Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.1.2. OS Requirements and Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.1.3. IP Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.2. Prerequisite Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.2.1. Hadoop Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.2.2. Software Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.3. Trafodion User IDs and Their Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.3.1. Trafodion Runtime User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.3.2. Trafodion Provisioning User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.4. Required Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.4.1. Operating System Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.4.2. ZooKeeper Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.4.3. HDFS Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.4.4. HBase Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.5. Recommended Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.5.1. Recommended Security Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.5.2. Recommended HDFS Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.5.3. Recommended HBase Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4. Prepare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.1. Install Optional Workstation Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.2. Configure Installation User ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.3. Disable requiretty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.4. Verify OS Requirements and Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
 4.5. Configure LDAP Identity Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4.6. Gather Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4.7. Install Required Software Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.7.1. Download and Install Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.7.2. Install log4c++ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
4.8. Download Trafodion Binaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
4.9. Preparation for Recipe-Based Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.9.1. Modify OS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.9.2. Modify ZooKeeper Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.9.3. Modify HDFS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4.9.4. Modify HBase Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5. Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
5.1. Unpack Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
5.2. Automated Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
5.3. Guided Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
6. Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
6.1. Download Updated Trafodion Binaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
6.2. Unpack Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
6.3. Stop Trafodion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
6.4. Automated Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
6.5. Guided Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
7. Activate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
7.1. Manage Trafodion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
7.2. Validate Trafodion Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
7.2.1. Smoke Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
7.3. Troubleshooting Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
8. Remove . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
8.1. Stop Trafodion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
8.2. Run trafodion_uninstaller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
9. Enable Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
9.1. Configuring LDAP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
9.2. Generate Trafodion Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
9.3. Authentication Setup Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
9.4. Manage Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
9.5. .traf_authentication_config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
9.5.1. File Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
9.5.2. Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
9.5.3. Configuration Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
9.6. ldapcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
9.6.1. Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
9.6.2. Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
9.7. ldapconfigcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
9.7.1. Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
9.7.2. Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
10. Install Recipe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
11. Upgrade Recipe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
 Provisioning Guide

License Statement

Licensed to the Apache Software Foundation (ASF) under one or more contributor license
agreements. See the NOTICE file distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file to you under the Apache
License, Version 2.0 (the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the
License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
OF ANY KIND, either express or implied. See the License for the specific language
governing permissions and limitations under the License.

Preface | 1
 Provisioning Guide

Revision History

Version Date
2.0.0 To be announced.
1.3.0 January, 2016

2 | Preface
 Provisioning Guide

Chapter 1. About This Document

This guide describes how to provision the end-user Trafodion binaries on top of an existing Hadoop environment. This
install allows you to store and query data using Trafodion, either via Trafodion clients (see Trafodion Client Installation
Guide or via application code you write.

If you want to install a Trafodion developer-build environment, then please refer to the Trafodion Contributor Guide for
instructions.

1.1. Intended Audience

This guide assumes that you are well-versed in Linux and Hadoop administration. If you don’t have such experience, then
you should consider going through the steps required to install a Hadoop environment before attempting to install
Trafodion.

The instructions contained herein apply to the following environments.

• Single-Node Environments: Typically used when you want to evaluate Trafodion.

• Cluster (Multi-Node) Environments: Typically used when you deploy Trafodion for application usage.

Trafodion can be provisioned on a single-node or multi-node environment. Unless specifically noted,

 the term cluster is used to mean both single- and multi-node environments.

The provisioning instructions applies to a diverse set of platforms:

• Virtual Machines: Often used for evaluations and Trafodion development.

• Cloud: Used for Product Environments as well as for Developer Environments.

• Bare Metal: Used for Product Environments as well as for Developer Environments.

The term node is used to represent a computing platform on which operating system, Hadoop, and

 Trafodion software is running. Unless specifically qualified (bare-metal node, virtual-machine node, or
cloud-node), node represents a computing platform in your cluster regardless of platform type.

1.2. New and Changed Information

This is a new guide.

Chapter 1. About This Document | 3

 Provisioning Guide

1.3. Notation Conventions

This list summarizes the notation conventions for syntax presentation in this manual.

• UPPERCASE LETTERS

Uppercase letters indicate keywords and reserved words. Type these items exactly as shown. Items not enclosed in
brackets are required.

SELECT

• lowercase letters

Lowercase letters, regardless of font, indicate variable items that you supply. Items not enclosed in brackets are
required.

file-name

• [ ] Brackets

Brackets enclose optional syntax items.

DATETIME [start-field TO] end-field

A group of items enclosed in brackets is a list from which you can choose one item or none.

The items in the list can be arranged either vertically, with aligned brackets on each side of the list, or horizontally,
enclosed in a pair of brackets and separated by vertical lines.

For example:

DROP SCHEMA schema [CASCADE]

DROP SCHEMA schema [ CASCADE | RESTRICT ]

4 | Chapter 1. About This Document

 Provisioning Guide

• { } Braces

Braces enclose required syntax items.

FROM { grantee [, grantee ] ... }

A group of items enclosed in braces is a list from which you are required to choose one item.

The items in the list can be arranged either vertically, with aligned braces on each side of the list, or horizontally,
enclosed in a pair of braces and separated by vertical lines.

For example:

INTERVAL { start-field TO end-field }

{ single-field }
INTERVAL { start-field TO end-field | single-field }

• | Vertical Line

A vertical line separates alternatives in a horizontal list that is enclosed in brackets or braces.

{expression | NULL}

• … Ellipsis

An ellipsis immediately following a pair of brackets or braces indicates that you can repeat the enclosed sequence of
syntax items any number of times.

ATTRIBUTE[S] attribute [, attribute] ...

{, sql-expression } ...

An ellipsis immediately following a single syntax item indicates that you can repeat that syntax item any number of
times.

For example:

expression-n ...

• Punctuation

Chapter 1. About This Document | 5

 Provisioning Guide

Parentheses, commas, semicolons, and other symbols not previously described must be typed as shown.

DAY (datetime-expression)
@script-file

Quotation marks around a symbol such as a bracket or brace indicate the symbol is a required character that you must
type as shown.

For example:

"{" module-name [, module-name] ... "}"

• Item Spacing

Spaces shown between items are required unless one of the items is a punctuation symbol such as a parenthesis or a
comma.

DAY (datetime-expression) DAY(datetime-expression)

If there is no space between two items, spaces are not permitted. In this example, no spaces are permitted between
the period and any other items:

myfile.sh

• Line Spacing

If the syntax of a command is too long to fit on a single line, each continuation line is indented three spaces and is
separated from the preceding line by a blank line.

This spacing distinguishes items in a continuation line from items in a vertical list of selections.

match-value [NOT] LIKE _pattern

[ESCAPE esc-char-expression]

1.4. Comments Encouraged

We encourage your comments concerning this document. We are committed to providing documentation that meets your
needs. Send any errors found, suggestions for improvement, or compliments to user@trafodion.incubator.apache.org.

6 | Chapter 1. About This Document

 Provisioning Guide

Include the document title and any comment, error found, or suggestion for improvement you have concerning this
document.

Chapter 1. About This Document | 7

 Provisioning Guide

Chapter 2. Introduction
Trafodion is a Hadoop add-on service that provides transactional SQL on top of HBase. Typically, you use Trafodion as the
database for applications that require Online Transaction Processing (OLTP), Operational Data Store (ODS), and/or strong
reporting capabilities. You access Trafodion using standard JDBC and ODBC APIs.

You may choose whether to add Trafodion to an existing Hadoop environment or to create a standalone Hadoop
environment specifically for Hadoop.

This guide assumes that a Hadoop environment exists upon which your provisioning Trafodion. Refer to Hadoop Software
for information about what Hadoop software is required Trafodion.

2.1. Security Considerations

The following users need be considered for Trafodion:

• Provisioning User: A Linux-level user that performs the Trafodion provisioning tasks. This user ID requires sudo
access and passwordless ssh among the nodes where Trafodion is installed. In addition, this user ID requires access
to Hadoop distribution, HDFS, and HBase administrative users to change respective environment’s configuration
settings per Trafodion requirements. Refer to Trafodion Provisioning User for more information about the requirements
and usage associated with this user ID.

• Runtime User: A Linux-level user under which the Trafodion software runs. This user ID must be registered as a user
in the Hadoop Distributed File System (HDFS) to store and access objects in HDFS, HBase, and Hive. In addition, this
user ID requires passwordless access among the nodes where Trafodion is installed. Refer to Trafodion Runtime User
for more information about this user ID.

• Trafodion Database Users: Trafodion users are managed by the Trafodion security features (grant, revoke, etc.),
which can be integrated with LDAP if so desired. These users are referred to as database users and do not have
direct access to the operating system. Refer to Register User, Grant, and other SQL statements in the Trafodion SQL
Reference Manual for more information about managing Trafodion Database Users.

Optionally, you can enable Trafodion Security. If you do not enable security in Trafodion, then a client interface to
Trafodion may request a user name and password, but Trafodion ignores the user name and password entered in the
client interface, and the session runs as the database root user, DB__ROOT, without restrictions. If you want to restrict
users, restrict access to certain users only, or restrict access to an object or operation, then you must enable security,
which enforces authentication and authorization. Refer to Enable Security for more information about this option.

8 | Chapter 2. Introduction
 Provisioning Guide

2.2. Provisioning Options

Trafodion ships with a set of scripts (the Trafodion Installer) that takes care of many of the installation and upgrade tasks
associated with the Trafodion software and its requirements. There is a separate set of scripts to remove Trafodion, if
needed.

Currently, the Trafodion Installer is able to install Trafodion on select Cloudera and Hortonworks Hadoop distributions only.
The Trafodion Installer limitations are noted as they apply in the different chapters below. For example, the Trafodion
Installer is less capable on SUSE than it is on RedHat/CentOS; you have to install the prerequisite software packages
outside the Trafodion Installer.

The Trafodion Installer automates many of the tasks required to install/upgrade Trafodion, spanning from downloading and
installing required software packages and making required changes to your Hadoop environment via creating the
Trafodion runtime user ID to installing and starting Trafodion. It is, therefore, highly recommend that you use the Trafodion
Installer for initial installation and upgrades of Trafodion. These steps are referred to as "Script-Based Provisioning" in this
guide. Refer to Trafodion Installer provides usage information.

If, for any reason, you choose not to use the Trafodion Installer, then separate chapters provide step-by-step recipes for
the tasks required to install/upgrade Trafodion. These steps are referred to as Recipe-Based Provisioning in this guide. It
is assumed that you are well-versed in Linux and Hadoop administrative tasks if using Recipe-Based Provisioning.

2.3. Provisioning Activities

Trafodion provisioning is divided into the following main activities:

• Requirements: Activities and documentation required to install the Trafodion software. These activities include tasks
such as understanding hardware and operating system requirements, Hadoop requirements, what software packages
that need to be downloaded, configuration settings that need to be changed, user IDs requirements, and so on.

• Prepare: Activities to prepare the operating system and the Hadoop ecosystem to run Trafodion. These activities
include tasks such as installing required software packages, configure the Trafodion Installation User, gather
information about the Hadoop environment, modify configuration for different Hadoop services, and so forth.

• Install: Activities related to installing the Trafodion software. These activities include tasks such as unpacking the
Trafodion tar files, creating the Trafodion Runtime User, creating Trafodion HDFS directories, installing the Trafodion
software, and so forth.

Chapter 2. Introduction | 9
 Provisioning Guide

• Upgrade: Activities related to the upgrading the Trafodion software. These activities include tasks such as shutting
down Trafodion, installing a new version of the Trafodion software, and so on. The upgrade tasks vary depending on
the differences between the current and new release of Trafodion. For example, an upgrade may or may not include an
upgrade of the Trafodion metadata.

• Activate: Activities related to starting the Trafodion software. These actives include basic management tasks such as
starting and checking the status of the Trafodion components, performing basic smoke tests, and so forth.

• Remove: Activities related to removing Trafodion from your Hadoop cluster.

2.4. Provisioning Master Node

All provisioning tasks are performed from a single node in the cluster, which must be part of the Hadoop environment
you’re adding Trafodion to. This node is referred to as the "Provisioning Master Node" in this guide.

The Trafodion Provisioning User must have access to all other nodes from the Provisioning Master Node in order to
perform provisioning tasks on the cluster.

2.5. Trafodion Installer

The Trafodion Installer is a set of scripts automates most of the tasks requires to install/upgrade Trafodion. You download
the Trafodion Installer tar file from the Trafodion download page. Next, you unpack the tar file.

Example

$ mkdir $HOME/trafodion-installer
$ cd $HOME/trafodion-downloads
$ tar -zxf apache-trafodion-installer-1.3.0-incubating-bin.tar.gz -C $HOME/trafodion-
installer
$ ls $HOME/trafodion-installer/installer
bashrc_default tools traf_config_check
trafodion_apache_hadoop_install traf_package_setup
build-version-1.3.0.txt traf_add_user traf_config_setup
trafodion_config_default traf_setup
dcs_installer traf_apache_hadoop_config_setup traf_create_systemdefaults
trafodion_install traf_sqconfig
rest_installer traf_authentication_conf_default traf_getHadoopNodes
trafodion_license traf_start
setup_known_hosts.exp traf_cloudera_mods98 traf_hortonworks_mods98
trafodion_uninstaller
$

10 | Chapter 2. Introduction
 Provisioning Guide

The Trafodion Installer supports two different modes:

1. Guided Setup: Prompts for information as it works through the installation/upgrade process. This mode is
recommended for new users.

2. Automated Setup: Required information is provided in a pre-formatted bash-script configuration file, which is provided
via a command argument when running the Trafodion Installer thereby suppressing all prompts.

A template of the configuration file is available here within the installer directory: trafodion_config_default.
Make a copy of the file in your directory and populate the needed information.

Automated Setup is recommended since it allows you to record the required provisioning information information
ahead of time. Refer to Automated Setup for information about how to populate this file.

2.5.1. Usage

The following shows help for the Trafodion Installer.

./trafodion_install --help

This script will install Trafodion. It will create a configuration

file (if one has not been created), setup of the environment needed
for Trafodion, configure HBase with Hbase-trx and co-processors needed,
and install a specified Trafodion build.

Options:
--help Print this message and exit
--accept_license If provided, the user agrees to accept all the
provisions in the Trafodion license. This allows
for automation by skipping the display and prompt of
the Trafodion license.
--config_file If provided, all install prompts will be
taken from this file and not prompted for.

Chapter 2. Introduction | 11
 Provisioning Guide

2.5.2. Install vs. Upgrade

The Trafodion Installer automatically detects whether you’re performing an install or an upgrade by looking for the
Trafodion Runtime User in the /etc/passwd file.

• If the user ID doesn’t exist, then the Trafodion Installer runs in install mode.

• If the user ID exists, then the Trafodion Installer runs in upgrade mode.

2.5.3. Guided Setup

By default, the Trafodion Installer runs in Guided Setup mode, which means that it prompts you for information during the
install/upgrade process.

Refer to the following sections for examples:

• Guided Install

• Guided Upgrade

2.5.4. Automated Setup

The --config_file option runs the Trafodion in Automated Setup mode.

Before running the Trafodion Installer with this option, you do the following:

1. Copy the trafodion_config_default file.

Example

cp trafodion_config_default my_config

2. Edit the new file using information you collect in the Gather Configuration Information section in the Prepare chapter.

3. Run the Trafodion Installer in Automated Setup Mode

Example

./trafodion_installer --config_file my_config

12 | Chapter 2. Introduction
 Provisioning Guide

Your Trafodion Configuration File contains the password for the Trafodion Runtime User and for the

 Distribution Manager. Therefore, we recommend that you secure the file in a manner that matches
the security policies of your organization.

Example: Creating a Trafodion Configuration File

Using the instructions in Gather Configuration Information in the Prepare chapter, you record the following information.

ID Information Setting
ADMIN Administrator user name for Apache Ambari or Cloudera admin
Manager.
BACKUP_DCS_NODES List of nodes where to start the backup DCS Master
components.
CLOUD_CONFIG Whether you’re installing Trafodion on a cloud environment. N
CLOUD_TYPE What type of cloud environment you’re installing Trafodion
on.
CLUSTER_NAME The name of the Hadoop Cluster. Cluster 1
DCS_BUILD Tar file containing the DCS component.
DCS_PRIMARY_MASTER_NODE The node where the primary DCS should run.
DCS_SERVER_PARM Number of concurrent client sessions per node. 8
ENABLE_HA Whether to run DCS in high-availability (HA) mode. N
EPEL_RPM Location of EPEL RPM. Specify if you don’t have access to
the Internet.
FLOATING_IP IP address if running DCS in HA mode.
HADOOP_TYPE The type of Hadoop distribution you’re installing Trafodion cloudera
on.
HBASE_GROUP Linux group name for the HBASE administrative user. hbase
HBASE_USER Linux user name for the HBASE administrative user. hbase
HDFS_USER Linux user name for the HDFS administrative user. hdfs
HOME_DIR Root directory under which the trafodion home directory /home
should be created.
INIT_TRAFODION Whether to automatically initialize the Trafodion database. Y
INTERFACE Interface type used for $FLOATING_IP.
JAVA_HOME Location of Java 1.7.0_65 or higher (JDK). /usr/java/jdk1.7.0_67-
cloudera
LDAP_CERT Full path to TLS certificate.
LDAP_HOSTS List of nodes where LDAP Identity Store servers are
running.
LDAP_ID List of LDAP unique identifiers.
LDAP_LEVEL LDAP Encryption Level.
LDAP_PASSWORD Password for LDAP_USER.
LDAP_PORT Port used to communicate with LDAP Identity Store.
LDAP_SECURITY Whether to enable simple LDAP authentication. N
LDAP_USER LDAP Search user name.

Chapter 2. Introduction | 13
 Provisioning Guide

ID Information Setting
LOCAL_WORKDIR The directory where the Trafodion Installer is located. /home/centos/trafodion-
installer/installer
MANAGEMENT_ENABLED Whether your installation uses separate management N
nodes.
MANAGEMENT_NODES The FQDN names of management nodes, if any.
NODE_LIST The FQDN names of the nodes where Trafodion will be trafodion-1 trafodion-2
installed.
PASSWORD Administrator password for Apache Ambari or Cloudera admin
Manager.
REST_BUILD Tar file containing the REST component.
SQ_ROOT Target directory for the Trafodion software. /home/trafodion/apach
e-trafodion-1.3.0-
incubating-bin
START Whether to start Trafodion after install/upgrade. Y
SUSE_LINUX Whether your installing Trafodion on SUSE Linux. false
TRAF_PACKAGE The location of the Trafodion installation package tar file or /home/centos/trafodion-
core installation tar file. download/apache-
trafodion-1.3.0-
incubating-bin.tar.gz
TRAF_USER The Trafodion runtime user ID. Must be trafodion in this trafodion
release.
TRAF_USER_PASSWORD The password used for the trafodion:trafodion user traf123
ID.
URL FQDN and port for the Distribution Manager’s REST API. trafodion-
1.apache.org:7180

Next, you edit my_config to contain the following:

#!/bin/bash
# @@@ START COPYRIGHT @@@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# @@@ END COPYRIGHT @@@

14 | Chapter 2. Introduction
 Provisioning Guide

#====================================================
# Trafodion Configuration File
# This file contains default values for the installer.

# Users can also edit this file and provide values for all parameters
# and then specify this file on the run line of trafodion_install.
# Example:
# ./trafodion_install --config_file <Trafodion-config-file>
# WARNING: This mode is for advanced users!
#
#=====================================================

#=====================================================
#Must be set to 'true' if on a SUSE linux system. If on another type of system
#this must be set to false.

export SUSE_LINUX="false"

# The working directory where Trafodion installer untars files, etc.

# do not change this unless you really know what you are doing
export TRAF_WORKDIR="/usr/lib/trafodion"

# This is the directory where the installer scripts were untarred to

export LOCAL_WORKDIR="/home/centos/trafodion-installer/installer"

# The maximum number of dcs servers, i.e. client connections

export DCS_SERVERS_PARM="8"

# "true" if this is an upgrade

export UPGRADE_TRAF="false"

# Trafodion userid, This is the userid the Trafodion instance will run under
export TRAF_USER="trafodion"

# Trafodion userid's password

export TRAF_USER_PASSWORD="traf123"

# a blank separated list of nodes in your cluster

# node names should include full domain names
#This can not be left blank!
export NODE_LIST="trafodion-1 trafodion-2"

# count of nodes in node list

export node_count="2"

# another list of the same nodes in NODE_LIST but specified in a pdsh usable format
# i.e. "-w centos-cdh[1-6]" or "-w node1 -w node2 -w node3"
export MY_NODES="-w trafodion-[1-2]"

# the directory prefix for the trafodion userid's $HOME directory

# i.e. /opt/home, not /opt/home/trafodion
export HOME_DIR="/home"

Chapter 2. Introduction | 15
 Provisioning Guide

#JAVA HOME must be a JDK. Must include FULL Path. Must be 1.7.0_65 or higher.

export JAVA_HOME="/usr/java/jdk1.7.0_67-cloudera"

# If your machine doesn't have external internet access then you must
# specify the location of the EPEL rpm, otherwise leave blank and it
# will be installed from the internet
export EPEL_RPM=""

# full path of the Trafodion package tar file

export TRAF_PACKAGE="/home/centos/trafodion-download/apache-trafodion-1.3.0-incubating-
bin.tar.gz"

# if TRAF_PACKAGE wasn't specified then these two values must be specified

# TRAF_BUILD is the trafodion_server tar file
# DCS_BUILD is the DCS tar file
# REST_BUILD is the REST tar file
export TRAF_BUILD=""
export DCS_BUILD=""
export REST_BUILD=""
# Either "cloudera" or "hortonworks" (all lowercase)
export HADOOP_TYPE="cloudera"

# The URL for Cloudera/Hortonworks REST API (i.e. node1.host.com:8080)

export URL="trafodion-1.apache.org:7180"

# Cloudera/Hortonworks UI admin's userid and password

export ADMIN="admin"
export PASSWORD="admin"

# hadoop cluster name

export CLUSTER_NAME=""

# the Hadoop HDFS userid

export HDFS_USER="hdfs"

# the Hadoop HBase userid and group

export HBASE_USER="hbase"
export HBASE_GROUP="hbase"

# The hadoop HBase service name

export HBASE="hbase"

# full path of where to install Trafodion to

# Example is used below. If $HOME_DIR or $TRAF_USER have been changed
# then this will need to be changed.
# On an upgrade, it is recommend to choose a different directory.
# First time install : /home/trafodion/traf
# On Upgrade: /home/trafodion/traf_<date>
# By doing this the previous version will remain and allow for an easier rollback.
export SQ_ROOT="/home/trafodion/apache-trafodion-1.3.0-incubating-bin"

# Start Trafodion after install completes

export START="Y"

16 | Chapter 2. Introduction
 Provisioning Guide

# initialize trafodion after starting

export INIT_TRAFODION="Y"

# full path to the sqconfig file

# Default is to leave as is and this file will be created.
export SQCONFIG=""

export CONFIG_COMPLETE="true"

#Turn on simple security. MUST have existing LDAP configured.

export LDAP_SECURITY="N"

#Name of LDAP Config file

export LDAP_AUTH_FILE="traf_authentication_config_${HOSTNAME}"

Once completed, run the Trafodion Installer with the --config_file option.

Refer to the following sections for examples:

• Automated Install

• Automated Upgrade

2.6. Trafodion Provisioning Directories

Trafodion stores its provisioning information in the following directories on each node in the cluster:

• /etc/trafodion: Configurtion information.

• /usr/lib/trafodion: Copies of the installer files.

Chapter 2. Introduction | 17
 Provisioning Guide

Chapter 3. Requirements
Trafodion requires an x86 version of Linux.

The current release of Trafodion has been tested with:

• 64-bit Red Hat Enterprise Linux (RHEL) or CentOS 6.5, 6.6, and 6.7

• SUSE SLES 11.3

• Cloudera CDH 5.2

• Cloudera CDH 5.3

• Hortonworks HDP 2.2

Other OS releases may work, too. The Trafodion project is currently working on better support for non-distribution version
of Hadoop.

3.1. General Cluster and OS Requirements and Recommendations

64-bit x86 instruction set running a Linux distribution is required. Further, Trafodion assumes an environment based on the
requirements of the tested Hadoop distributions/services.

3.1.1. Hardware Requirements and Recommendations

Single-Node Cluster

It is possible to run Trafodion on a single-node sandbox environment. Typically, any sandbox running a Hadoop distribution
can be used. A typical single-node configuration uses 4-8 cores with 16 GB of memory, and 20 GB free disk space.

Multi-Node Cluster

For multi-node end-user clusters, your typical HBase environment should suffice for Trafodion. Typically, memory
configuration range between 64-128 GB per node with minimum requirement of 16 GB. The cluster size can span from 1
to n nodes; a minimum of two nodes is recommended. A minimum of two cores is required regardless of whether you’re
deploying Trafodion on a bare-metal or virtual environment.

18 | Chapter 3. Requirements
 Provisioning Guide

Recommended configurations:

Attribute Guidance
Processors per Node • Small: 2 cores
• Medium: 4 cores
• Large: 8+ cores
Memory per Node • Small: 16 GB
• Medium: 64 GB
• Large: 128 GB
Concurrency:Nodes • Two Small Nodes: Four concurrent queries
• Two Medium Nodes: 64 concurrent queries
• Two Large Nodes: 256 concurrent queries

3.1.2. OS Requirements and Recommendations

Please verify these requirements on each node you will install Trafodion on:

Function Requirement Verification Guidance

Linux 64-bit version of Red Hat 6.5 or later, or SUSE
SLES 11.3 or later.
sshd The ssh daemon is running on each node in • ps aux | grep sshd
the cluster. • sudo netstat -plant | grep :22
ntpd The ntp daemon is running and synchronizing • ps aux | grep ntp
time on each node in the cluster. • ntpq -p
FQDN • /etc/hosts is set up for fully-qualified node • hostname --fqdn shows the fully-qualified
names (FQDN). node name, if any.
• /etc/resolv.conf is configured to use a • The fully-qualified node name is part of the
name server. /etc/hosts file.
• host -T <FQDN> (responds if using a DNS
server, times out otherwise)
• Simply ssh among nodes using ssh <FQDN>.
Port Availability The Linux Kernel Firewall (iptables) has • lsmod | grep ip_tables checks whether
either been disabled or ports required by iptables is loaded. If not, no further checking
Trafodion have been opened. is needed.
• sudo iptables -nL | grep <port>
checks the configuration of a port. An empty
response indicates no rule for the port, which
often means the port is not open.
passwordless ssh The user name used to provision Trafodion ssh to the nodes, ensure that no password
must have passwordless ssh access to all prompt appears.
nodes.
sudo privileges The user name used to provision Trafodion sudo echo "test" on each node.
must sudo access to a number of root functions
.
bash Available for shell-script execution. bash --version
java Available to run the Trafodion software. Same java --version
version as HBase is using.
perl Available for script execution. perl --version
python Available for script execution. python --version

Chapter 3. Requirements | 19
 Provisioning Guide

Function Requirement Verification Guidance

yum Available for installs, updates, and removal of yum --version
software packages.
rpm Available for installs, updates, and removal of rpm --version
software packages.
scp Available to copy files among nodes in the scp --help
cluster.
curl Available to transfer data with URL syntax. curl --version
wget Available to download files from the Web. wget --version
pdsh Available to run shell commands in parallel. pdsh -V
pdcp Available to copy files among nodes in parallel. pdcp -V
part of the pdsh package.

3.1.3. IP Ports

The following table lists the default ports used by the different Trafodion components plus the configuration file and
configuration attribute associated with each port setting.

Default Configuration File Configuration Entry Required Ran Protocol Comment

Port ge
4200 rest-site.xml trafodion.rest.port Yes 1 REST Trafodion REST Server.
4201 rest-site.xml trafodion.rest.https.port Yes 1 HTTPS Trafodion REST Server
(HTTPS).
23400 dcs-site.xml dcs.master.port Yes n binary Start of Trafodion DCS port
range. (37800 for Trafodion
1.1)
24400 dcs-site.xml dcs.master.info.port Yes 1 HTTP DCS master web GUI.
(40010 for Trafodion 1.1)
24410 dcs-site.xml dcs.server.info.port Yes n HTTP Start of range for DCS server
web GUIs. (40020 for
Trafodion 1.1)
50030 mapred-site.xml mapred.job.tracker.http No 1 HTTP MapReduce Job Tracker web
.address GUI.
50070 hdfs-site.xml dfs.http.address No 1 HTTP HDFS Name Node web GUI.
50075 hdfs-site.xml dfs.datanode.http.addr No 1 HTTP HDFS Data Node web GUI.
ess
50090 hdfs-site.xml dfs.secondary.http.addr No 1 HTTP HDFS Secondary Name
ess Node web GUI.
60010 hbase-site.xml hbase.master.info.port No 1 HTTP HBase Master web GUI.
60030 hbase-site.xml hbase.regionserver.info No 1 HTTP HBase Region Server web
.port GUI.

There are two port ranges used by Trafodion.

• 23400 is a range, to allow multiple mxosrvr processes on each node. Allow a range of a few ports, enough to cover all
the servers per node that are listed in the "servers" file in the DCS configuration directory.

20 | Chapter 3. Requirements
 Provisioning Guide

• 24410 is a range as well, enough to cover the DCS servers per node, usually 1 or 2.

On top of the ports identified above, you also need the ports required by your Hadoop distribution. For example:

• Cloudera Ports

• Hortonworks Ports

Although not all the ports will be used on every node of the cluster, you need to open most of them for all the nodes in the
cluster that have Trafodion, HBase, or HDFS servers on them.

3.2. Prerequisite Software

3.2.1. Hadoop Software

Trafodion runs as an add-on service on Hadoop distributions. The following Hadoop services and their dependencies must
be installed and running on the cluster where you intend to install Trafodion:

• Hadoop Distributed File System (HDFS)

• YARN with MapReduce version 2

• ZooKeeper

• HBase

• Hive

• Apache Ambari (Hortonworks) or Cloudera Manager (Cloudera) with associated embedded databases.

The following distributions have been tested with Trafodion.1

Distribution Version HBase Installation Documentation

Version
Cloudera Distribution 5.2 or 5.3 0.98 CHD 5.2 Installation
Including Apache Hadoop http://www.cloudera.com/downloads/manager/5-3-0.html2
(CDH)
Hortonworks Data Platform 2.2 0.98 HDP 2.2 Installation
(HDP)

1. Future releases of Trafodion will move away from distribution-specific integration. Instead, Trafodion will be tested with
specific version of the Hadoop, HDFS, HBase, and other services/products only.

2. When possible, install using parcels to simply the installation process.

Chapter 3. Requirements | 21
 Provisioning Guide

Trafodion does not yet support installation on a non-distribution version of Hadoop; that is, Hadoop
 downloaded from the Apache web site. This restriction will be lifted in a later release of Trafodion.

3.2.2. Software Packages

In addition to the software packages required to run different Hadoop services listed above (for example, Java), Trafodion
requires supplementary software to be installed on the cluster before it is installed. These are Linux tools that are not
typically packaged as part of the core Linux distribution.

For RedHat/CentOS, the Trafodion Installer automatically attempts get a subset of these packages
over the Internet. If the cluster’s access to the Internet is disabled, then you need to manually
 download the packages and make them available for installation. You need to build and install
log4c++ manually.

Package Usage Installation

EPEL Add-on packages to completed the Linux distribution. Download Fedora RPM
pdsh Parallelize shell commands during install and yum install pdsh
Trafodion runtime utilities.
log4cxx Message logging. Manual process1
sqlite Internal configuration information managed by the yum install sqlite
Trafodion Foundation component.
expect Not used? yum install expect
perl-DBD-SQLite Allows Perl scripts to connect to SQLite. yum install perl-DBD-SQLite
perl-Params-Validate Validates method/function parameters in Perl scripts. yum install perl-Params-Validate
perl-Time-HiRes High resolution alarm, sleep, gettimeofday, interval yum install perl-Time-HiRes
timers in Perl scripts.
protobuf Data serialization. yum install protobuf
xerces-c C++ XML parsing. yum install xerces-c
gzip Data compress/decompress. yum install gzip
2
rpm-build Build binary and source software packages. yum install rpm-build
2
apr-devel Support files used to build applications using the APR yum install apr-devel
library.
apr-util-devel2 Support files used to build applications using the APR yum install apr-util-devel
utility library.
doxygen2 Generate documentation from annotated C++ yum install doxygen
sources.
gcc2 GNU Compiler Collection yum install gcc
2
gcc_c++ GNU C++ compiler. yum install gcc_c++

1. log4c++ was recently withdrawn from public repositories. Therefore, you will need to build the log4c++ RPM on your
system and then install the RPM using the procedure described in log4c++ Installation.

22 | Chapter 3. Requirements
 Provisioning Guide

2. Software package required to build log4c++. Not required otherwise. These packages are not installed by the
Trafodion Installer in this release.

The Trafodion Installer requires Internet access to install the required software packages.

3.3. Trafodion User IDs and Their Privileges

3.3.1. Trafodion Runtime User

The trafodion:trafodion user ID is created as part of the installation process. The default password is: traf123.

Trafodion requires that either HDFS ACL support or Kerberos is enabled. The Trafodion Installer will enable HDFS ACL
support. Kerberos-based security settings are outside the scope of this guide. Please refer to the security information in
Apache HBase™ Reference Guide for information about how to set up HBase security with Kerberos.

Also, Trafodion requires sudo access to ip and arping so that floating or elastic IP addresses can be moved from one
node to another in case of node failures.

Do not create the trafodion:trafodion user ID in advance. The Trafodion Installer uses the
 presence of this user ID to determine whether you’re doing an installation or upgrade.

3.3.2. Trafodion Provisioning User

Typically, the Trafodion Installer is used for Trafodion installations. It requires access to the user IDs documented below.

Linux Installation User

The user ID that performs the Trafodion installation steps. Typically, this User ID runs the Trafodion Installer.

Requirements:

• User name or group cannot be trafodion.

• Passwordless ssh access to all nodes in the cluster.

• Internet access to download software packages.

• requiretty must be disabled in /etc/sudoers.

• sudo1 access to:

Chapter 3. Requirements | 23
 Provisioning Guide

• Download and install software packages.

• Modify /etc/sudoers.d (allow the trafodion user to modify floating IP: ip and arping).

• Create the trafodion user ID and group.

• Install Trafodion software into the HBase environment.

• Run Java version command on each node in the cluster.

• Run Hadoop version command on each node in the cluster.

• Run HBase version command on each node in the cluster.

• Create directories and files in:

• /etc

• /usr/lib

• /var/log

• Invoke su to execute commands as other users; for example, trafodion.

• Edit sysctl.conf and activate changes using sysctl -p:

• Modify kernel limits.

• Reserve IP ports.

1
sudo is required in the current release of Trafodion. This restriction may be relaxed in later releases. Alternative
mechanisms for privileged access (such as running as root or sudo alternative commands) are not supported.

Distribution Manager User

A user ID that can change the configuration using Apache Ambari or Cloudera Manager. The Trafodion Installer makes
REST request to perform configuration and control functions to the distribution manager using this user ID.

Requirements:

• Administrator user name and password.

• URL to Distribution Manager’s REST API.

HDFS Administrator User

The HDFS super user. Required to create directories and change security settings, as needed. The Trafodion Installer
uses su to run commands under this user ID.

24 | Chapter 3. Requirements
 Provisioning Guide

Requirements:

• HDFS Administrator user name.

• Write access to home directory on the node where the Distribution Manager is running.

HBase Administrator User

The HBase super user. Required to change directory ownership in HDFS.

Requirements:

• HBase Administrator user name and group.

• Read access to hbase-site.xml.

3.4. Required Configuration Changes

Trafodion requires changes to a number of different areas of your system configuration: operating system, HDFS, and
HBase.

 These changes are performed by the Trafodion Installer, if used.

3.4.1. Operating System Changes

/etc/security/limits.d/trafodion.conf on each node in the cluster must contain the following settings:

# Trafodion settings
trafodion soft core unlimited
trafodion hard core unlimited
trafodion soft memlock unlimited
trafodion hard memlock unlimited
trafodion soft nofile 32768
trafodion hard nofile 65536
trafodion soft nproc 100000
trafodion hard nproc 100000

Chapter 3. Requirements | 25
 Provisioning Guide

3.4.2. ZooKeeper Changes

 These changes require a restart of ZooKeeper on all nodes in the cluster.

Trafodion requires the following changes to zoo.cfg:

Setting New Value Purpose

maxClientCnxns 0 Tell ZooKeeper to impose no limit to
the number of connections to
enable better Trafodion
concurrency.

3.4.3. HDFS Changes

 These changes require a restart of HDFS on all nodes in the cluster.

Trafodion requires the following changes to the HDFS environment:

Action Purpose
• Create /hbase-staging directory.
• Change owner to HBase Administrator.
• Create /bulkload directory. Used to stage data when processing the
• Change owner to trafodion. Trafodion LOAD INTO table statement and as a
temporary directory to create links to actual
HFile for snapshot scanning.
• Create /lobs directory.
• Change owner to trafodion.
• Create /apps/hbase/data/archive1.
• Change owner to: hbase:hbase (Cloudera) or hbase:hdfs
(Hortonworks)
• Give the trafodion user RWX access to
/apps/hbase/data/archive
• Set default user of /apps/hbase/data/archive to trafodion
• Recursively change setafcl of /apps/hbase/data/archive to
RWX

1. These steps are performed after HDFS ACLs have been enabled.

The following changes are required in hdfs-site.xml:

Setting New Value Purpose

dfs.namenode.acls.enabled true Enable HDFS POSIX Access
Control Lists (ACLs).

26 | Chapter 3. Requirements
 Provisioning Guide

3.4.4. HBase Changes

 These changes require a restart of ZooKeeper and HBase on all nodes in the cluster.

Trafodion requires that the following changes to the HBase environment:

Action Affected Directories Purpose

Install/replace Trafodion’s • /usr/lib/hbase/lib/ Trafodion transaction management relies
version of hbase-trx • /usr/share/cmf/lib/plugins/ on an enhanced version of hbase-trx.
(Cloudera)
• /usr/hdp/current/hbase-
regionserver/lib/ (Hortonworks)
Install/Replace Trafodion • /usr/lib/hbase/lib/ TODO: Add purpose here.
utility jar file. • /usr/share/cmf/lib/plugins/
(Cloudera)
• /usr/hdp/current/hbase-
regionserver/lib (Hortonworks)

The following changes are required in hbase-site.xml. Please refer to the Apache HBase™ Reference Guide for
additional descriptions of these settings.

Setting New Value Purpose

hbase.master. false Do not use the HBase Split Log
distributed.log.splitting Manager. Instead, the HMaster
controls all log-splitting activities.
hbase.coprocessor. region.classes org.apache.hadoop. hbase.coprocessor. Install Trafodion coprocessor
transactional.TrxRegionObserver, classes.
org.apache.hadoop. hbase.coprocessor.
transactional.TrxRegionEndpoint,
org.apache.hadoop. hbase.coprocessor.
AggregateImplementation
hbase.hregion.impl org.apache.hadoop. hbase.regionserver. Trafodion needs to be able to read
transactional.TransactionalRegion the Write Ahead Log from a
coprocessor using the getScanner
method. This method is protected in
standard HBase. This change
overloads the getScanner method
to be public thereby allowing
coprocessor code to use it.
hbase.regionserver. org.apache.hadoop. hbase.regionserver. Tell HBase to use the
region.split.policy ConstantSizeRegionSplitPolicy ConstantSizeRegionSplitPolicy for
region splitting. This setting causes
region splitting to occur only when
the maximum file size is reached.
hbase.snapshot. enabled true Enable the HBase Snapshot
feature. Used for Trafodion backup
and restore.
hbase.bulkload. staging.dir hbase-staging Use /hbase-staging as the bulk
load staging directory.

Chapter 3. Requirements | 27
 Provisioning Guide

Setting New Value Purpose

hbase.regionserver.region. true The HBase Regions requests that
transactional.tlog the Transaction Manager re-drives
in-doubt transactions.
hbase.snapshot. 600000 HMaster timeout when waiting for
master.timeoutMillis RegionServers involved in the
snapshot operation.
hbase.snapshot. region.timeout 600000 RegionServer timeout when waiting
for snapshot to be created.
hbase.client. 600000 Time limit to perform a scan
scanner.timeout.period request.
hbase.regionserver. lease.period 600000 Clients must report within this time
limit or they are considered dead by
HBase.
hbase.namenode. java.heapsize1 1073741824 (1GB) Java Heap Size for the HDFS
NameNode.
hbase.secondary.namenode. 1073741824 (1GB) Java Heap Size for the HDFS
java.heapsize1 Secondary NameNode.

1. Applies to Cloudera distributions only.

3.5. Recommended Configuration Changes

The following configuration changes are recommended but not required.

 The Trafodion Installer does not make these changes.

3.5.1. Recommended Security Changes

The trafodion user ID should not be given other sudo privileges than what’s specified in this manual. Also, we
recommend that this user ID is locked (sudo passwd -l trafodion) once the installation/upgrade activity has been
completed. Users that need issue commands as the trafodion ID should do so using sudo; for example, sudo -u
trafodion -i.

3.5.2. Recommended HDFS Configuration Changes

These settings are configured in the hadoop-env.sh file.

Property Recommended Guidance

Setting
DataNode Java Heap Size 2 GB Use this setting for a large configuration.
NameNode Java Heap Size 2 GB Use this setting for a large configuration.
Secondary NameNode Java Heap Size 2 GB Use this setting for a large configuration.

28 | Chapter 3. Requirements
 Provisioning Guide

3.5.3. Recommended HBase Configuration Changes

Configuration Property Recommended Guidance

Setting
hbase.rpc.timeout 10 minutes This setting depends on the tables' size. Sixty (60) seconds
is the default. Increase this value for big tables. Make it the
same value as
hbase.client.scanner.timeout.period. We have
found that increasing the setting to six-hundred (600)
seconds will prevent many of the timeout-related errors we
encountered, such as OutOfOrderNextException
errors.
hbase.client.scanner.timeout.period 10 minutes Similar to the hbase.rpc.timeout setting. Sixty (60)
seconds is the default. Depending on the size of a user
table, we have experienced timeout failures on count(*) and
update statistics commands from this setting. The
underlying issue is the length of the execution of the
coprocessor within HBase.
NOTE: HBase uses the smaller of hbase.rpc.timeout
and hbase.client.scanner.timeout.period to
calculate the scanner timeout.
hbase.snapshot.master.timeoutMilli 10 minutes HBase’s default setting is 60000 milliseconds. If you
s and experience timeout issues with HBase snapshots when you
hbase.snapshot.region.timeout use the Trafodion Bulk Loader or other statements, you can
set the value for these two HBase properties to 10 minutes
(600,000 milliseconds).
hbase.hregion.max.filesize 107374182400 bytes HBase’s default setting is 10737418240 (10 GB). We have
increased the setting to 107374182400 (100 GB), which
reduces the number of HStoreFiles per table and appears to
reduce disruptions to active transactions from region
splitting.
hbase.hstore.blockingStoreFiles 10 http://gbif.blogspot.com/2012/07/optimizing-writes-in-
hbase.html
hbase.regionserver.handler.count <num> This setting should match the number of concurrent
sessions (mxosrvr). The default is 10.

Chapter 3. Requirements | 29
 Provisioning Guide

Chapter 4. Prepare
You need to prepare your Hadoop environment before installing Trafodion.

1. Install Optional Workstation Software

2. Configure Installation User ID

3. Disable requiretty

4. Verify OS Requirements and Recommendations

5. Configure LDAP Identity Store

6. Gather Configuration Information

7. Install Required Software Packages

8. Perform Recipe-Based Provisioning Tasks

4.1. Install Optional Workstation Software

If you are using a Windows workstation, then the following optional software helps installation process. We recommended
that you pre-install the software before continuing with the Trafodion installation:

• putty and puttygen (download from PuTTY web site)

• VNC client (download from RealVNC web site)

• Firefox or Chrome browser

• SFTP client to transfer files from your workstation to the Linux server: WinSCP or FileZilla

4.2. Configure Installation User ID

Trafodion installation requires a user ID with these attributes:

• sudo access per the requirements documented in Linux Installation User.

• passwordless ssh to all nodes on the cluster where Trafodion will be installed.

You may need to request permission from your cluster-management team to obtain this type of
 access.

The following example shows how to set up your user ID to have "passwordless ssh" abilities.

30 | Chapter 4. Prepare
 Provisioning Guide

Do the following on the Provision Master Node:

echo -e 'y\n' | ssh-keygen -t rsa -N "" -f $HOME/.ssh/id_rsa

cat $HOME/.ssh/id_rsa.pub >> $HOME/.ssh/authorized_keys
echo localhost $(cat /etc/ssh/ssh_host_rsa_key.pub) >> $HOME/.ssh/known_hosts
echo "NoHostAuthenticationForLocalhost=yes" >> $HOME/.ssh/config
chmod 600 $HOME/.ssh/config
chmod 600 $HOME/.ssh/authorized_keys
chmod 700 $HOME/.ssh/

After running these commands, do the following:

• If necessary, create the $HOME/.ssh directory on the other nodes in your cluster and secure it private to yourself
(chmod 700).

• If necessary, create the $HOME/.ssh/authorized_keys file on the other nodes in your cluster. Secure it with
chmod 600 $HOME/.ssh/authorized_keys.

• Copy the content of the $HOME/.ssh/authorized_keys file on the Provisioning Master Node and append the to
the $HOME/.ssh/authorized_keys file on the other nodes in your cluster.

• ssh to the other nodes in the cluster. Answer y to the prompt asking you whether to continue the connection. This
adds the node to the $HOME/.ssh/known_hosts file completing the passwordless ssh setup.

4.3. Disable requiretty

You need to disable requiretty in /etc/sudoers on all nodes in the cluster to ensure that sudo commands can be
run from inside the installation scripts.

Comment out the Defaults requiretty setting in the /etc/sudoers file to ensure that the requiretty option is
NOT being used.

4.4. Verify OS Requirements and Recommendations

Please ensure that the OS Requirements and Recommendations are met for each node in the cluster where you intend to
install Trafodion.

Chapter 4. Prepare | 31
 Provisioning Guide

4.5. Configure LDAP Identity Store

If you plan to enable security in Trafodion, then you need to have an LDAP identity store available to perform
authentication. The Trafodion Installer prompts you to set up an authentication configuration file that points to an LDAP
server (or servers), which enables security (that is, authentication and authorization) in the Trafodion database.

If you wish to manually set up the authentication configuration file and enable security, then refer to the section on Enable
Security.

4.6. Gather Configuration Information

You need to gather/decide information about your environment to aid installation Trafodion, both for the Trafodion Installer
and for recipe-based provisioning. (Listed in alphabetical order to make it easier to find information when referenced in the
install and upgrade instructions.)

ID1 Information Default Notes

ADMIN Administrator user name for admin A user that can change configuration and
Apache Ambari or Cloudera restart services via the distribution
Manager. manager’s REST API.
BACKUP_DCS_NODES List of nodes where to start None Blank separated FQDN list. Not needed if
the backup DCS Master $ENABLE_HA = N.
components.
CLOUD_CONFIG Whether you’re installing N N = bare-metal or VM installation.
Trafodion on a cloud
environment.
CLOUD_TYPE What type of cloud None { AWS | OpenStack | Other }. Not
environment you’re installing applicable for bare-metal or VM
Trafodion on. installation.
CLUSTER_NAME The name of the Hadoop None From Apache Ambari or Cloudera
Cluster. Manager.
DCS_BUILD Tar file containing the DCS None Not needed if using a Trafodion package
component. installation tar file.
DCS_PRIMARY_MASTER_ The node where the primary None The DCS Master handles JDBC and
NODE DCS should run. ODBC connection requests.
DCS_SERVER_PARM Number of concurrent client 16 This number specifies the concurrent
sessions per node. sessions per node to be supported. Each
session could require up to 1GB of
physical memory. The number can be
changed post-installation. For more
information, refer to the Trafodion Client
Installation Guide.
ENABLE_HA Whether to run DCS in high- N You need the floating IP address, the
availability (HA) mode. interface, and the backup nodes for DCS
Master if enabling this feature.
EPEL_RPM Location of EPEL RPM. None Specify if you don’t have access to the
Internet. Downloaded automatically by
the Trafodion Installer.

32 | Chapter 4. Prepare
 Provisioning Guide

ID1 Information Default Notes

FLOATING_IP IP address if running DCS in None Not needed if $ENABLE_HA = N. An
HA mode. FQDN name or IP address.
HADOOP_TYPE The type of Hadoop None Lowercase. cloudera or hadoop.
distribution you’re installing
Trafodion on.
HBASE_GROUP Linux group name for the hbase Required in order to provide access to
HBASE administrative user. select HDFS directories to this user ID.
HBASE_USER Linux user name for the hbase Required in order to provide access to
HBASE administrative user. select HDFS directories to this user ID.
HDFS_USER Linux user name for the hdfs The Trafodion Installer uses sudo su to
HDFS administrative user. make HDFS configuration changes under
this user.
HOME_DIR Root directory under which /home Example
the trafodion home
directory should be created. If the home directory of the trafodion
user is /opt/home/trafodion, then
specify the root directory as /opt/home.
INIT_TRAFODION Whether to automatically N Does not apply to Recipe-Based
initialize the Trafodion Provisioning. Applies if $START=Y only.
database.
INTERFACE Interface type used for None Not needed if $ENABLE_HA = N.
$FLOATING_IP.
JAVA_HOME Location of Java 1.7.0_65 or $JAVA_HOME Fully qualified path of the JDK. For
higher (JDK). setting example: /usr/java/jdk1.7.0_67-
cloudera
LDAP_CERT2 Full path to TLS certificate. None Required of $LDAP_LEVEL = 1 or 2.
2
LDAP_HOSTS List of nodes where LDAP None Blank separated. FQDN format.
Identity Store servers are
running.
LDAP_ID2 List of LDAP unique None Blank separated.
identifiers.
LDAP_LEVEL2 LDAP Encryption Level. 0 0: Encryption not used, 1: SSL, 2: TLS
2
LDAP_PASSWORD Password for LDAP_USER. None If LDAP_USER is required only.
2
LDAP_PORT Port used to communicate None Examples: 389 for no encryption or TLS,
with LDAP Identity Store. 636 for SSL.
LDAP_SECURITY2 Whether to enable simple N If Y, then you need to provide
LDAP authentication. LDAP_HOSTS.
LDAP_USER2 LDAP Search user name. None If required. If so, must provide
LDAP_PASSWORD, too.
LOCAL_WORKDIR The directory where the None Full path, no environmental variables.
Trafodion Installer is located.
MANAGEMENT_ENABLED Whether your installation N Y if using separate management nodes
uses separate management for Apache Ambari or Cloudera Manager.
nodes.
MANAGEMENT_NODES The FQDN names of None Provide a blank-separated list of node
management nodes, if any. names.
NODE_LIST The FQDN names of the None Provide a blank-separated list of node
nodes where Trafodion will be names. The Trafodion Provisioning ID
installed. must have passwordless and sudo
access to these nodes.

Chapter 4. Prepare | 33
 Provisioning Guide

ID1 Information Default Notes

PASSWORD Administrator password for admin A user that can change configuration and
Apache Ambari or Cloudera restart services via the distribution
Manager. manager’s REST API.
REST_BUILD Tar file containing the REST None Not needed if using a Trafodion package
component. installation tar file.
SQ_ROOT Target directory for the $HOME_DIR/traf Trafodion is installed in this directory on
Trafodion software. odion all nodes in $NODE_LIST.
START Whether to start Trafodion N Does not apply to Recipe-Based
after install/upgrade. Provisioning.
SUSE_LINUX Whether your installing false Auto-detected by the Trafodion Installer.
Trafodion on SUSE Linux.
TRAF_PACKAGE The location of the Trafodion None The package file contains the Trafodion
installation package tar file or server, DCS, and REST software while
core installation tar file. the core installation file contains the
Trafodion server software only. If you’re
using a core installation file, then you
need to record the location of the DCS
and REST installation tar files, too.
Normally, you perform Trafodion
provisioning using a Trafodion package
installation tar file.
TRAF_USER The Trafodion runtime user trafodion Must be trafodion in this release.
ID.
TRAF_USER_PASSWORD The password used for the traf123 Must be 6-8 characters long.
trafodion:trafodion
user ID.
URL FQDN and port for the None Include http:// or https:// as
Distribution Manager’s REST applicable. Specify in the form: <IP-
API. address>:<port> or <node
name>:<port> Example:
https://susevm-
1.yourcompany.local:8080

1. The ID matches the environmental variables used in the Trafodion Installation configuration file. Refer to Trafodion
Installer for more information.

2. Refer to Enable Security for more information about these security settings.

34 | Chapter 4. Prepare
 Provisioning Guide

4.7. Install Required Software Packages

4.7.1. Download and Install Packages

This step is required if you’re:

• Installing Trafodion on SUSE.

• Using Recipe-Based Provisioning.

• Can’t download the required software packages using the Internet.

If none of these situations exist, then we highly recommend that you use the Trafodion Installer.

You perform this step as a user with root or sudo access.

Install the packages listed in Software Packages above on all nodes in the cluster. Note the special handling for log4c++.
See Install log4c++ below for more information.

Chapter 4. Prepare | 35
 Provisioning Guide

4.7.2. Install log4c++

You perform this step as a user with root or sudo access.

This step is required regardless of the Provisioning Options used.

1. Download the log4c++ RPM from the Trafodion Download page.

2. Copy and Install the log4c++ RPM on All Nodes

Use either rpm -U or yum install.

Example

# Repeat for all nodes in the cluster from the Provisioning Master Node
scp log4cxx-0.10.0-13.el6.x86_64.rpm <other-node>:$PWD

ssh <other-node>
sudo yum -y install log4cxx-0.10.0-13.el6.x86_64.rpm
exit

36 | Chapter 4. Prepare
 Provisioning Guide

3. Verify RPM Installation on Every Node

Use the following command to verify that log4c++ has been installed on every node in the cluster.

# Repeat for all nodes in the cluster

sudo rpm -qa | grep log4cxx
log4cxx-0.10.0-13.el6.x86_64

4.8. Download Trafodion Binaries

You download the Trafodion binaries from the Trafodion Download page. Download the following packages:

• Trafodion Installer (if planning to use the Trafodion Installer)

• Trafodion Server

You can download and install the Trafodion Clients once you’ve installed and activated Trafodion.
 Refer to the Trafodion Client Install Guide for instructions.

Example

http://apache.cs.utah.edu/incubator/celix/celix-1.0.0.incubating/celix-1.0.0.incubating.tar.gz

$ mkdir $HOME/trafodion-download
$ cd $HOME/trafodion-download
$ # Download the Trafodion Installer binaries
$ wget http://apache.cs.utah.edu/incubator/trafodion/trafodion-1.3.0.incubating/apache-
trafodion-installer-1.3.0-incubating-bin.tar.gz
Resolving http://apache.cs.utah.edu... 192.168.1.56
Connecting to http://apache.cs.utah.edu|192.168.1.56|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68813 (67K) [application/x-gzip]
Saving to: "apache-trafodion-installer-1.3.0-incubating-bin.tar.gz"

100%[==================================================================================
===================================>] 68,813 124K/s in 0.5s

2016-02-14 04:19:42 (124 KB/s) - "apache-trafodion-installer-1.3.0-incubating-

bin.tar.gz" saved [68813/68813]

Chapter 4. Prepare | 37
 Provisioning Guide

$ # Download the Trafodion Server binaries

$ wget http://apache.cs.utah.edu/incubator/trafodion/trafodion-1.3.0.incubating/apache-
trafodion-1.3.0-incubating-bin.tar.gz
Resolving http://apache.cs.utah.edu... 192.168.1.56
Connecting to http://apache.cs.utah.edu|192.168.1.56|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 214508243 (205M) [application/x-gzip]
Saving to: "apache-trafodion-1.3.0-incubating-bin.tar.gz"

100%[==================================================================================
===================================>] 214,508,243 3.90M/s in 55s

2016-02-14 04:22:14 (3.72 MB/s) - "apache-trafodion-1.3.0-incubating-bin.tar.gz" saved

[214508243/214508243]

$ ls -l
total 209552
-rw-rw-r-- 1 centos centos 214508243 Jan 12 20:10 apache-trafodion-1.3.0-incubating-
bin.tar.gz
-rw-rw-r-- 1 centos centos 68813 Jan 12 20:10 apache-trafodion-installer-1.3.0-
incubating-bin.tar.gz
$

4.9. Preparation for Recipe-Based Provisioning

 This step should be skipped if you plan to use the Trafodion Installer

4.9.1. Modify OS Settings

Ensure that the /etc/security/limits.d/trafodion.conf on each node contains the limits settings required by
Trafodion. Refer to Operating System Changes for the required settings.

4.9.2. Modify ZooKeeper Configuration

Do the following:

1. Modify the ZooKeeper configuration as follows:

Attribute Setting
maxClientCnxns 0

2. Restart ZooKeeper to activate the new configuration setting.

38 | Chapter 4. Prepare
 Provisioning Guide

4.9.3. Modify HDFS Configuration

Do the following:

1. Modify the HDFS configuration as follows:

Attribute Setting
dfs.namenode.acls.enabled true

2. Restart HDFS to activate the new configuration setting.

4.9.4. Modify HBase Configuration

Do the following:

1. Modify the HBase configuration as follows:

Attribute Setting
hbase.master.distributed.log.splitting false
hbase.coprocessor.region.classes org.apache.hadoop.hbase.coprocessor.transactional.TrxRegionObser
ver,org.apache.hadoop.hbase.coprocessor.transactional.TrxRegionEn
dpoint,
org.apache.hadoop.hbase.coprocessor.AggregateImplementation
hbase.hregion.impl org.apache.hadoop.hbase.regionserver.transactional.TransactionalRe
gion
hbase.regionserver.region.split.policy org.apache.hadoop.hbase.regionserver.ConstantSizeRegionSplitPolic
y
hbase.snapshot.enabled true
hbase.bulkload.staging.dir hbase-staging
hbase.regionserver.region.transactional.tlog true
hbase.snapshot.master.timeoutMillis 600000
hbase.snapshot.region.timeout 600000
hbase.client.scanner.timeout.period 600000
hbase.regionserver.lease.period 600000
a
hbase.namenode.java.heapsize 1073741824
a
hbase.secondary.namenode.java.heapsize 1073741824

a) Applies to Cloudera distributions only.

2. Restart HBase to activate the new configuration setting.

Chapter 4. Prepare | 39
 Provisioning Guide

Chapter 5. Install
This chapter describes how to use the Trafodion Installer to install Trafodion. You use the Trafodion Provisioning ID to run
the Trafodion Installer.

Prior to version 2.0.0, you must install log4c++ on all nodes in the cluster prior to running the
 Trafodion Installer. Refer to Build and Install log4c++ for instructions.

5.1. Unpack Installer

You should already have downloaded the Trafodion Binaries per the instructions in the Download Trafodion Binaries in the
Prepare chapter. If not, please do so now.

The first step in the installation process is to unpack the Trafodion Installer tar file.

Example

$ mkdir $HOME/trafodion-installer
$ cd $HOME/trafodion-downloads
$ tar -zxf apache-trafodion-installer-1.3.0-incubating-bin.tar.gz -C $HOME/trafodion-
installer
$ ls $HOME/trafodion-installer/installer
bashrc_default tools traf_config_check
trafodion_apache_hadoop_install traf_package_setup
build-version-1.3.0.txt traf_add_user traf_config_setup
trafodion_config_default traf_setup
dcs_installer traf_apache_hadoop_config_setup traf_create_systemdefaults
trafodion_install traf_sqconfig
rest_installer traf_authentication_conf_default traf_getHadoopNodes
trafodion_license traf_start
setup_known_hosts.exp traf_cloudera_mods98 traf_hortonworks_mods98
trafodion_uninstaller
$

5.2. Automated Install

The --config_file option runs the Trafodion in Automated Setup mode. Refer to Trafodion Installer in the Introduction
chapter for instructions of how you edit your configuration file.

Edit your config file using the information you collected in the Gather Configuration Information step in the Prepare
chapter.

40 | Chapter 5. Install
 Provisioning Guide

The following example shows an automated install of Trafodion on a two-node Hortonworks Hadoop cluster.

By default, the Trafodion Installer invokes sqlci so that you can enter the initialize
 trafodion; command. This is shown in the example below.

Example

1. Run the Trafodion Installer in Automated Setup mode.

$ cd $HOME/trafodion-installer/installer
$ ./trafodion_install --config_file my
******************************
TRAFODION INSTALLATION START
******************************

***INFO: testing sudo access

***INFO: Log file located at /var/log/trafodion/trafodion_install_2016-02-16-21-12-
03.log
***INFO: Config directory: /etc/trafodion
***INFO: Working directory: /usr/lib/trafodion

************************************
Trafodion Configuration File Check
************************************

***INFO: Testing sudo access on node trafodion-1

***INFO: Testing sudo access on node trafodion-2
***INFO: Testing ssh on trafodion-1
***INFO: Testing ssh on trafodion-2
***INFO: Getting list of all hortonworks nodes
***INFO: Getting list of all hortonworks nodes
***INFO: hortonworks list of nodes: trafodion-1 trafodion-2
***INFO: Testing ssh on trafodion-1
***INFO: Testing ssh on trafodion-2
***INFO: Testing sudo access on trafodion-1
***INFO: Testing sudo access on trafodion-2
***DEBUG: trafodionFullName=trafodion_server-1.3.0.tgz
***INFO: Trafodion version = 1.3.0
***DEBUG: HBase's java_exec=/usr/jdk64/jdk1.7.0_67/bin/java

******************************
TRAFODION SETUP
******************************

***INFO: Starting Trafodion environment setup (2016-02-16-21-12-31)

=== 2016-02-16-21-12-31 ===
# @@@ START COPYRIGHT @@@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file

Chapter 5. Install | 41
 Provisioning Guide

# distributed with this work for additional information

# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
.
.
.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer, and
charge a fee for, acceptance of support, warranty, indemnity, or
other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify, defend,
and hold each Contributor harmless for any liability incurred by,
or claims asserted against, such Contributor by reason of your
accepting any such warranty or additional liability.

END OF TERMS AND CONDITIONS

BY TYPING "ACCEPT" YOU AGREE TO THE TERMS OF THIS AGREEMENT: ***INFO: testing sudo
access
***INFO: Checking all nodes in specified node list
trafodion-1
trafodion-2
***INFO: Total number of nodes = 2
***INFO: Starting Trafodion Package Setup (2016-02-16-21-12-35)
***INFO: Installing required packages
***INFO: Log file located in /var/log/trafodion
***INFO: ... EPEL rpm
***INFO: ... pdsh on node trafodion-1
***INFO: ... pdsh on node trafodion-2
***INFO: Checking if log4cxx is installed ...
***INFO: Checking if sqlite is installed ...
***INFO: Checking if expect is installed ...
.
.
.
***INFO: trafodion user added successfully
***INFO: Trafodion environment setup completed
***INFO: creating sqconfig file
***INFO: Reserving DCS ports

******************************
TRAFODION MODS
******************************

***INFO: Hortonworks installed will run traf_hortonworks_mods98

***INFO: Detected JAVA version 1.7
***INFO: copying hbase-trx-hdp2_2-1.3.0.jar to all nodes
PORT=:8080
########## Performing 'set' hbase.master.distributed.log.splitting:false on
(Site:hbase-site, Tag:version1)

42 | Chapter 5. Install
 Provisioning Guide

########## PUTting json into: doSet_version1455657199513777160.json

.
.
.
Starting the REST environment now
starting rest, logging to /home/trafodion/apache-trafodion-1.3.0-incubating-
bin/rest-1.3.0/bin/../logs/rest-trafodion-1-rest-trafodion-1.out
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/home/trafodion/apache-trafodion-1.3.0-incubating-
bin/rest-1.3.0/lib/slf4j-log4j12-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/usr/hdp/2.2.9.0-3393/hadoop/lib/slf4j-log4j12-
1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory]

DcsMaster is not started. Please start DCS using 'dcsstart' command...

Process Configured Actual Down

--------- ---------- ------ ----
DcsMaster 1 0 1
DcsServer 2 0 2
mxosrvr 8 8

You can monitor the SQ shell log file : /home/trafodion/apache-trafodion-1.3.0-

incubating-bin/logs/sqmon.log

Startup time 0 hour(s) 1 minute(s) 9 second(s)

Apache Trafodion Conversational Interface 1.3.0
Copyright (c) 2015 Apache Software Foundation
>> initialize trafodion;
--- SQL operation complete.
>>

End of MXCI Session

***INFO: Installation completed successfully.

*********************************
TRAFODION INSTALLATION COMPLETE
*********************************

2. Switch to the Trafodion Runtime User and check the status of Trafodion.

Example

Chapter 5. Install | 43
 Provisioning Guide

$ sudo su - trafodion
$ sqcheck
Checking if processes are up.
Checking attempt: 1; user specified max: 2. Execution time in seconds: 0.

The SQ environment is up!

Process Configured Actual Down

------- ---------- ------ ----
DTM 2 2
RMS 4 4
MXOSRVR 8 8

Trafodion is now running on your Hadoop cluster. Please refer to the Activate chapter for basic instructions on how to
verify the Trafodion management and how to perform basic management operations.

5.3. Guided Install

The Trafodion Installer prompts you for the information you collected in the Gather Configuration Information step in the
Prepare chapter.

The following example shows a guided install of Trafodion on a two-node Cloudera Hadoop cluster.

By default, the Trafodion Installer invokes sqlci so that you can enter the initialize
 trafodion; command. This is shown in the example below.

Example

1. Run the Trafodion Installer in guided mode.

$ cd $HOME/trafodion-installer/installer
$ ./trafodion_install

******************************
TRAFODION INSTALLATION START
******************************

***INFO: testing sudo access

***INFO: Log file located at /var/log/trafodion/trafodion_install_2016-02-15-04-45-
30.log
***INFO: Config directory: /etc/trafodion
***INFO: Working directory: /usr/lib/trafodion

44 | Chapter 5. Install
 Provisioning Guide

*******************************
Trafodion Configuration Setup
*******************************

***INFO: Please press [Enter] to select defaults.

Enter trafodion password, default is [traf123]: traf123

Enter list of nodes (blank separated), default []: trafodion-1 trafodion-2
Enter Trafodion userid's home directory prefix, default is [/home]: /home
Specify full path to EPEL RPM (including .rpm), default is None:
***INFO: Will attempt to download RPM if EPEL is not installed on all nodes.
Specify location of Java 1.7.0_65 or higher (JDK), default is []:
/usr/java/jdk1.7.0_67-cloudera
Enter full path (including .tar or .tar.gz) of trafodion tar file []:
/home/centos/trafodion-download/apache-trafodion-1.3.0-incubating-bin.tar.gz
Enter Hadoop admin username, default is [admin]:
Enter Hadoop admin password, default is [admin]:
Enter Hadoop external network URL:port (no 'http://' needed), default is []:
trafodion-1.apache.org:7180
Enter HDFS username, default is [hdfs]:
Enter HBase username, default is [hbase]:
Enter HBase group, default is [hbase]:
Enter directory to install trafodion to, default is [/home/trafodion/apache-
trafodion-1.3.0-incubating-bin]:
Total number of client connections per node, default [16]: 8
Enable simple LDAP security (Y/N), default is N: N
***INFO: Configuration file: /etc/trafodion/trafodion_config
***INFO: Trafodion configuration setup complete

************************************
Trafodion Configuration File Check
************************************

The authenticity of host 'trafodion-1 (10.1.30.71)' can't be established.

RSA key fingerprint is 83:96:d4:5e:c1:b8:b1:62:8d:c6:78:a7:7f:1f:6a:d7.
Are you sure you want to continue connecting (yes/no)? yes
***INFO: Testing sudo access on node trafodion-1
***INFO: Testing sudo access on node trafodion-2
***INFO: Testing ssh on trafodion-1
***INFO: Testing ssh on trafodion-2
***INFO: Getting list of all cloudera nodes
***INFO: Getting list of all cloudera nodes
***INFO: cloudera list of nodes: trafodion-1 trafodion-2
***INFO: Testing ssh on trafodion-1
***INFO: Testing ssh on trafodion-2
***INFO: Testing sudo access on trafodion-1
***INFO: Testing sudo access on trafodion-2
***DEBUG: trafodionFullName=trafodion_server-1.3.0.tgz
***INFO: Trafodion version = 1.3.0
***DEBUG: HBase's java_exec=/usr/java/jdk1.7.0_67-cloudera/bin/java

******************************

Chapter 5. Install | 45
 Provisioning Guide

TRAFODION SETUP
******************************

***INFO: Starting Trafodion environment setup (2016-02-15-07-09-58)

=== 2016-02-15-07-09-58 ===
# @@@ START COPYRIGHT @@@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
.
.
.
and hold each Contributor harmless for any liability incurred by,
or claims asserted against, such Contributor by reason of your
accepting any such warranty or additional liability.

END OF TERMS AND CONDITIONS

BY TYPING "ACCEPT" YOU AGREE TO THE TERMS OF THIS AGREEMENT:ACCEPT

***INFO: testing sudo access
***INFO: Checking all nodes in specified node list
trafodion-1
trafodion-2
***INFO: Total number of nodes = 2
***INFO: Starting Trafodion Package Setup (2016-02-15-07-11-09)
***INFO: Installing required packages
***INFO: Log file located in /var/log/trafodion
***INFO: ... pdsh on node trafodion-1
***INFO: ... pdsh on node trafodion-2
***INFO: Checking if log4cxx is installed ...
***INFO: Checking if sqlite is installed ...
***INFO: Checking if expect is installed ...
***INFO: Installing expect on all nodes
.
.
.
***INFO: modifying limits in /usr/lib/trafodion/trafodion.conf on all nodes
***INFO: create Trafodion userid "trafodion"
***INFO: Trafodion userid's (trafodion) home directory: /home/trafodion
***INFO: testing sudo access
Generating public/private rsa key pair.
Created directory '/home/trafodion/.ssh'.
Your identification has been saved in /home/trafodion/.ssh/id_rsa.
Your public key has been saved in /home/trafodion/.ssh/id_rsa.pub.
The key fingerprint is:
4b:b3:60:38:c9:9d:19:f8:cd:b1:c8:cd:2a:6e:4e:d0 trafodion@trafodion-1
The key's randomart image is:
+--[ RSA 2048]----+

46 | Chapter 5. Install
 Provisioning Guide

| |
| . |
| . . . |
| o * X o |
| . E X S |
| . o + + |
| o . o |
| o.. |
| oo |
+-----------------+
***INFO: creating .bashrc file
***INFO: Setting up userid trafodion on all other nodes in cluster
***INFO: Creating known_hosts file for all nodes
trafodion-1
trafodion-2
***INFO: trafodion user added successfully
***INFO: Trafodion environment setup completed
***INFO: creating sqconfig file
***INFO: Reserving DCS ports

******************************
TRAFODION MODS
******************************

***INFO: Cloudera installed will run traf_cloudera_mods98

***INFO: Detected JAVA version 1.7
***INFO: copying hbase-trx-cdh5_3-1.3.0.jar to all nodes
***INFO: Cloudera Manager is on trafodion-1
***INFO: Detected JAVA version 1.7
***INFO: copying hbase-trx-cdh5_3-1.3.0.jar to all nodes
***INFO: Cloudera Manager is on trafodion-1
% Total % Received % Xferd Average Speed Time Time Time Current
.
.
.
***INFO: Hadoop restart completed successfully
***INFO: waiting for HDFS to exit safemode
Safe mode is OFF
***INFO: Setting HDFS ACLs for snapshot scan support
***INFO: Trafodion Mods ran successfully.

******************************
TRAFODION START
******************************

/usr/lib/trafodion/installer/..
***INFO: Log file location /var/log/trafodion/trafodion_install_2016-02-15-07-08-
07.log
***INFO: traf_start
******************************************
******************************************
******************************************
******************************************
/home/trafodion/apache-trafodion-1.3.0-incubating-bin

Chapter 5. Install | 47
 Provisioning Guide

***INFO: untarring build file /usr/lib/trafodion/apache-trafodion-1.3.0-incubating-

bin/trafodion_server-1.3.0.tgz to /home/trafodion/apache-trafodion-1.3.0-incubating-
bin
.
.
.
******* Generate public/private certificates *******

Cluster Name : Cluster%201

Generating Self Signed Certificate....
***********************************************************
Certificate file :server.crt
Private key file :server.key
Certificate/Private key created in directory :/home/trafodion/sqcert
***********************************************************

***********************************************************
Updating Authentication Configuration
***********************************************************
Creating folders for storing certificates

***INFO: copying /home/trafodion/sqcert directory to all nodes

***INFO: copying install to all nodes
***INFO: starting Trafodion instance
Checking orphan processes.
Removing old mpijob* files from /home/trafodion/apache-trafodion-1.3.0-incubating-
bin/tmp

Removing old monitor.port* files from /home/trafodion/apache-trafodion-1.3.0-

incubating-bin/tmp

Executing sqipcrm (output to sqipcrm.out)

Starting the SQ Environment (Executing /home/trafodion/apache-trafodion-1.3.0-
incubating-bin/sql/scripts/gomon.cold)
Background SQ Startup job (pid: 7276)
.
.
.
Zookeeper is listening on port 2181
DcsMaster is listening on port 23400

Process Configured Actual Down

--------- ---------- ------ ----
DcsMaster 1 1
DcsServer 2 2
mxosrvr 8 8

You can monitor the SQ shell log file : /home/trafodion/apache-trafodion-1.3.0-

incubating-bin/logs/sqmon.log

Startup time 0 hour(s) 1 minute(s) 9 second(s)

Apache Trafodion Conversational Interface 1.3.0

48 | Chapter 5. Install
 Provisioning Guide

Copyright (c) 2015 Apache Software Foundation

>> initialize trafodion;
--- SQL operation complete.
>>

End of MXCI Session

***INFO: Installation completed successfully.

*********************************
TRAFODION INSTALLATION COMPLETE
*********************************

2. Switch to the Trafodion Runtime User and check the status of Trafodion.

$ sudo su - trafodion
$ sqcheck
Checking if processes are up.
Checking attempt: 1; user specified max: 2. Execution time in seconds: 0.

The SQ environment is up!

Process Configured Actual Down

------- ---------- ------ ----
DTM 2 2
RMS 4 4
MXOSRVR 8 8

Trafodion is now running on your Hadoop cluster. Please refer to the Activate chapter for basic instructions on how to
verify the Trafodion management and how to perform basic management operations.

Chapter 5. Install | 49
 Provisioning Guide

Chapter 6. Upgrade
This chapter describes how to use the Trafodion Installer to upgrade Trafodion. You use the Trafodion Provisioning ID to
run the Trafodion Installer.

6.1. Download Updated Trafodion Binaries

You perform this step as the Trafodion Provisioning User.

You download the updated Trafodion binaries from the Trafodion Download page. Download the following packages:

• Trafodion Installer (if planning to use the Trafodion Installer)

• Trafodion Server

Refer to Download Trafodion Binaries in the Prepare chapter for examples.

6.2. Unpack Installer

You perform this step as the Trafodion Provisioning User.

You unpack the updated Trafodion Installer into a new directory.

Example

$ mkdir $HOME/trafodion-installer-2.0
$ cd $HOME/trafodion-downloads
$ tar -zxf apache-trafodion-installer-2.0.0-incubating-bin.tar.gz -C $HOME/trafodion-
installer
$ ls $HOME/trafodion-installer/installer-2.0
bashrc_default tools traf_config_check
trafodion_apache_hadoop_install traf_package_setup
build-version-2.0.0.txt traf_add_user traf_config_setup
trafodion_config_default traf_setup
dcs_installer traf_apache_hadoop_config_setup traf_create_systemdefaults
trafodion_install traf_sqconfig
rest_installer traf_authentication_conf_default traf_getHadoopNodes
trafodion_license traf_start
setup_known_hosts.exp traf_cloudera_mods98 traf_hortonworks_mods98
trafodion_uninstaller
$

50 | Chapter 6. Upgrade
 Provisioning Guide

6.3. Stop Trafodion

You perform this step as the Trafodion Runtime User.

Example

$ sudo su trafodion
$ sqstop
Shutting down the REST environment now
stopping rest.
Shutting down the DCS environment now
stopping master.
trafodion-1: stopping server.
trafodion-2: stopping server.
stopped $zlobsrv0
stopped $zlobsrv1
Shutting down (normal) the SQ environment!
Wed Feb 17 05:12:40 UTC 2016
Processing cluster.conf on local host trafodion-1
[$Z000KAE] Shell/shell Version 1.0.1 Apache_Trafodion Release 1.3.0 (Build release
[1.3.0-0-g5af956f_Bld2], date 20160112_1927)
ps

Chapter 6. Upgrade | 51
 Provisioning Guide

[$Z000KAE] %ps
[$Z000KAE] NID,PID(os) PRI TYPE STATES NAME PARENT PROGRAM
[$Z000KAE] ------------ --- ---- ------- ----------- ----------- ---------------
[$Z000KAE] 000,00064198 000 WDG ES--A-- $WDG000 NONE sqwatchdog
[$Z000KAE] 000,00064199 000 PSD ES--A-- $PSD000 NONE pstartd
[$Z000KAE] 000,00064212 001 GEN ES--A-- $TSID0 NONE idtmsrv
[$Z000KAE] 000,00064242 001 DTM ES--A-- $TM0 NONE tm
[$Z000KAE] 000,00065278 001 GEN ES--A-- $ZSC000 NONE mxsscp
[$Z000KAE] 000,00065305 001 SSMP ES--A-- $ZSM000 NONE mxssmp
[$Z000KAE] 000,00001219 001 GEN ES--A-- $Z0000ZU NONE mxosrvr
[$Z000KAE] 000,00001235 001 GEN ES--A-- $Z00010A NONE mxosrvr
[$Z000KAE] 000,00001279 001 GEN ES--A-- $Z00011J NONE mxosrvr
[$Z000KAE] 000,00001446 001 GEN ES--A-- $Z00016B NONE mxosrvr
[$Z000KAE] 000,00024864 001 GEN ES--A-- $Z000KAE NONE shell
[$Z000KAE] 001,00025180 000 PSD ES--A-- $PSD001 NONE pstartd
[$Z000KAE] 001,00025179 000 WDG ES--A-- $WDG001 NONE sqwatchdog
[$Z000KAE] 001,00025234 001 DTM ES--A-- $TM1 NONE tm
[$Z000KAE] 001,00025793 001 GEN ES--A-- $ZSC001 NONE mxsscp
[$Z000KAE] 001,00025797 001 SSMP ES--A-- $ZSM001 NONE mxssmp
[$Z000KAE] 001,00026587 001 GEN ES--A-- $Z010LPM NONE mxosrvr
[$Z000KAE] 001,00026617 001 GEN ES--A-- $Z010LQH NONE mxosrvr
[$Z000KAE] 001,00026643 001 GEN ES--A-- $Z010LR8 NONE mxosrvr
[$Z000KAE] 001,00026644 001 GEN ES--A-- $Z010LR9 NONE mxosrvr
shutdown
[$Z000KAE] %shutdown
exit
Issued a 'shutdown normal' request

Shutdown in progress

# of SQ processes: 0
SQ Shutdown (normal) from /home/trafodion Successful
Wed Feb 17 05:12:47 UTC 2016
$

52 | Chapter 6. Upgrade
 Provisioning Guide

6.4. Automated Upgrade

You perform this step as the Trafodion Provisioning User.

The --config_file option runs the Trafodion in Automated Setup mode. Refer to Trafodion Installer in the Introduction
chapter for instructions of how you edit your configuration file.

At a minimum, you need to change the following settings:

• LOCAL_WORKDIR

• TRAF_PACKAGE

• SQ_ROOT

Example

$ cd $HOME/trafodion-configuration
$ cp my_config my_config_2.0
$ # Pre edit content

export LOCAL_WORKDIR="/home/centos/trafodion-installer/installer"
export TRAF_PACKAGE="/home/centos/trafodion-download/apache-trafodion-1.3.0-incubating-
bin.tar.gz"
export SQ_ROOT="/home/trafodion/apache-trafodion-1.3.0-incubating-bin"

$ # Use your favorit editor to modify my_config_2.0

$ emacs my_config_2.0
$ # Post edit changes

export LOCAL_WORKDIR="/home/centos/trafodion-installer-2.0/installer"
export TRAF_PACKAGE="/home/centos/trafodion-download/apache-trafodion-2.0.0-incubating-
bin.tar.gz"
export SQ_ROOT="/home/trafodion/apache-trafodion-2.0.0-incubating-bin"

The following example shows an upgrade of Trafodion on a two-node Hortonworks Hadoop cluster using Automated Setup
mode.

The Trafodion Installer performs the same configuration changes as it does for an installation,
 including restarting Hadoop services.

Example

1. Run the updated Trafodion Installer using the modified my_config_2.0 file.

Chapter 6. Upgrade | 53
 Provisioning Guide

$ cd $HOME/trafodion-installer-2.0/installer
$ ./trafodion_install --config_file $HOME/trafodion-configuration/my_config_2.0
******************************
TRAFODION INSTALLATION START
******************************

***INFO: Testing sudo access on node trafodion-1

***INFO: Testing sudo access on node trafodion-2
***INFO: Testing ssh on trafodion-1
***INFO: Testing ssh on trafodion-2
***INFO: Getting list of all hortonworks nodes
***INFO: Getting list of all hortonworks nodes
***INFO: hortonworks list of nodes: trafodion-1 trafodion-2
***INFO: Testing ssh on trafodion-1
***INFO: Testing ssh on trafodion-2
***INFO: Testing sudo access on trafodion-1
***INFO: Testing sudo access on trafodion-2
***INFO: Trafodion scanner will not be run.
***DEBUG: trafodionFullName=trafodion_server-2.0.0.tgz
***INFO: Trafodion version = 2.0.0
***DEBUG: HBase's java_exec=/usr/jdk64/jdk1.7.0_67/bin/java

******************************
TRAFODION SETUP
******************************

***INFO: Installing required RPM packages

***INFO: Starting Trafodion Package Setup (2016-02-17-05-33-29)
***INFO: Installing required packages
***INFO: Log file located in /var/log/trafodion
***INFO: ... pdsh on node trafodion-1
***INFO: ... pdsh on node trafodion-2
***INFO: Checking if log4cxx is installed ...
.
.
.
DcsMaster is not started. Please start DCS using 'dcsstart' command...

Process Configured Actual Down

--------- ---------- ------ ----
DcsMaster 1 0 1
DcsServer 2 0 2
mxosrvr 8 8

You can monitor the SQ shell log file : /home/trafodion/apache-trafodion-2.0.0-

incubating-bin/logs/sqmon.log

Startup time 0 hour(s) 1 minute(s) 9 second(s)

Apache Trafodion Conversational Interface 1.3.0
Copyright (c) 2015 Apache Software Foundation
>>Metadata Upgrade: started

54 | Chapter 6. Upgrade
 Provisioning Guide

Version Check: started

Metadata is already at Version 1.1.
Version Check: done

Metadata Upgrade: done

--- SQL operation complete.

>>

End of MXCI Session

***INFO: Installation completed successfully.

*********************************
TRAFODION INSTALLATION COMPLETE
*********************************

2. Switch to the Trafodion Runtime User and check the status of Trafodion.

$ sudo su - trafodion
$ sqcheck
Checking if processes are up.
Checking attempt: 1; user specified max: 2. Execution time in seconds: 0.

The SQ environment is up!

Process Configured Actual Down

------- ---------- ------ ----
DTM 2 2
RMS 4 4
MXOSRVR 8 8

Trafodion is now running on your Hadoop cluster. Please refer to the Activate chapter for basic instructions on how to
verify the Trafodion management and how to perform basic management operations.

Chapter 6. Upgrade | 55
 Provisioning Guide

6.5. Guided Upgrade

You perform this step as the Trafodion Provisioning User.

As in the case with an installation, the Trafodion Installer prompts you for the information you collected in the Gather
Configuration Information step in the Prepare chapter. Some of the prompts are populated with the current values.

export LOCAL_WORKDIR="/home/centos/trafodion-installer/installer" export TRAF_PACKAGE="/home/centos/trafodion-

download/apache-trafodion-1.3.0-incubating-bin.tar.gz" export SQ_ROOT="/home/trafodion/apache-trafodion-1.3.0-
incubating-bin"

The following example shows a guided upgrade of Trafodion on a two-node Cloudera Hadoop cluster.

Example

1. Run the updated Trafodion Installer in Guided Setup mode to perform the upgrade. Change information at prompts as
applicable.

$ cd $HOME/trafodion-installer-2.0/installer
$ ./trafodion_install
******************************
TRAFODION INSTALLATION START
******************************

***INFO: testing sudo access

***INFO: Log file located at /var/log/trafodion/trafodion_install_2016-02-17-08-15-
33.log
***INFO: Config directory: /etc/trafodion
***INFO: Working directory: /usr/lib/trafodion

*******************************
Trafodion Configuration Setup
*******************************

***INFO: Please press [Enter] to select defaults.

Enter trafodion password, default is [traf123]:

Enter list of nodes (blank separated), default []: trafodion-1.apache.org trafodion-
2.apache.org
Specify location of Java 1.7.0_65 or higher (JDK), default is
[/usr/java/jdk1.7.0_67-cloudera]:
Enter full path (including .tar or .tar.gz) of trafodion tar file []:
/home/centos/trafodion-download/apache-trafodion-2.0.0-incubating-bin.tar.gz
Enter Hadoop admin username, default is [admin]:
Enter Hadoop admin password, default is [admin]:
Enter Hadoop external network URL:port (no 'http://' needed), default is []:
trafodion-1.apache.org:7180
Enter HDFS username, default is [hdfs]:

56 | Chapter 6. Upgrade
 Provisioning Guide

Enter HBase username, default is [hbase]:

Enter HBase group, default is [hbase]:
Enter directory to install trafodion to, default is [/home/trafodion/apache-
trafodion-1.3.0-incubating-bin]: /home/centos/apache-trafodion-2.0.0-incubating-bin
Start Trafodion after install (Y/N), default is Y:
Total number of client connections per node, default [16]: 8
Enable simple LDAP security (Y/N), default is N:
***INFO: Configuration file: /etc/trafodion/trafodion_config
***INFO: Trafodion configuration setup complete

************************************
Trafodion Configuration File Check
************************************

***INFO: Testing sudo access on node trafodion-1

***INFO: Testing sudo access on node trafodion-2
***INFO: Testing ssh on trafodion-1
***INFO: Testing ssh on trafodion-2
***INFO: Getting list of all cloudera nodes
***INFO: Getting list of all cloudera nodes
***INFO: cloudera list of nodes: trafodion-1 trafodion-2
***INFO: Testing ssh on trafodion-1
***INFO: Testing ssh on trafodion-2
***INFO: Testing sudo access on trafodion-1
***INFO: Testing sudo access on trafodion-2
***INFO: Checking cloudera Version
***INFO: nameOfVersion=cdh5.3.0
***INFO: HADOOP_PATH=/usr/lib/hbase/lib
***INFO: Trafodion scanner will not be run.
***DEBUG: trafodionFullName=trafodion_server-1.3.0.tgz
***INFO: Trafodion version = 1.3.0
***DEBUG: HBase's java_exec=/usr/java/jdk1.7.0_67-cloudera/bin/java

******************************
TRAFODION SETUP
******************************

***INFO: Installing required RPM packages

***INFO: Starting Trafodion Package Setup (2016-02-17-08-16-11)
***INFO: Installing required packages
***INFO: Log file located in /var/log/trafodion
***INFO: ... pdsh on node trafodion-1
***INFO: ... pdsh on node trafodion-2
***INFO: Checking if log4cxx is installed ...
***INFO: Checking if sqlite is installed ...
***INFO: Checking if expect is installed ...
***INFO: Checking if perl-DBD-SQLite* is installed ...
***INFO: Checking if protobuf is installed ...
***INFO: Checking if xerces-c is installed ...
***INFO: Checking if perl-Params-Validate is installed ...
***INFO: Checking if perl-Time-HiRes is installed ...
***INFO: Checking if gzip is installed ...
***INFO: creating sqconfig file

Chapter 6. Upgrade | 57
 Provisioning Guide

***INFO: Reserving DCS ports

******************************
TRAFODION MODS
******************************

***INFO: Cloudera installed will run traf_cloudera_mods98

***INFO: Detected JAVA version 1.7
***INFO: copying hbase-trx-cdh5_3-1.3.0.jar to all nodes
***INFO: Cloudera Manager is on trafodion-1
.
.
.
Zookeeper is listening on port 2181
DcsMaster is listening on port 23400

Process Configured Actual Down

--------- ---------- ------ ----
DcsMaster 1 1
DcsServer 2 2
mxosrvr 8 8

You can monitor the SQ shell log file : /home/trafodion/apache-trafodion-2.0.0-

incubating-bin/logs/sqmon.log

Startup time 0 hour(s) 1 minute(s) 9 second(s)

Apache Trafodion Conversational Interface 1.3.0
Copyright (c) 2015 Apache Software Foundation
>>

End of MXCI Session

***INFO: Installation completed successfully.

*********************************
TRAFODION INSTALLATION COMPLETE
*********************************

2. Switch to the Trafodion Runtime User and check the status of Trafodion.

58 | Chapter 6. Upgrade
 Provisioning Guide

$ sudo su - trafodion
$ sqcheck
Checking if processes are up.
Checking attempt: 1; user specified max: 2. Execution time in seconds: 0.

The SQ environment is up!

Process Configured Actual Down

------- ---------- ------ ----
DTM 2 2
RMS 4 4
MXOSRVR 8 8

Trafodion is now running on your Hadoop cluster. Please refer to the Activate chapter for basic instructions on how to
verify the Trafodion management and how to perform basic management operations.

Chapter 6. Upgrade | 59
 Provisioning Guide

Chapter 7. Activate

7.1. Manage Trafodion

You use the Trafodion runtime user ID to perform Trafodion management operations.

The following table provides an overview of the different Trafodion management scripts.

Component Start Stop Status

All of Trafodion sqstart sqstop sqcheck
RMS Server rmsstart rmsstop rmscheck
REST Server reststart reststop -
LOB Server lobstart lobstop -
DCS (Database Connectivity Services) dcsstart dcsstop dcscheck

Example: Start Trafodion

cd $MY_SQROOT/sql/scripts
sqstart
sqcheck

7.2. Validate Trafodion Installation

You can use sqlci (part of the base product) or trafci (requires separate install; see the Trafodion Client Installation Guide)
to validate your installation.

7.2.1. Smoke Test

A simple smoke test to validate that Trafodion is functioning.

get schemas;
create table table1 (a int);
invoke table1;
insert into table1 values (1), (2), (3), (4);
select * from table1;
drop table table1;
exit;

60 | Chapter 7. Activate
 Provisioning Guide

Example

$ sqlci
Apache Trafodion Conversational Interface 1.3.0
Copyright (c) 2015 Apache Software Foundation
>>get schemas;

Schemas in Catalog TRAFODION

============================

SEABASE
_MD_
_REPOS_

--- SQL operation complete.

>>create table table1 (a int);

--- SQL operation complete.

>>invoke table1;

-- Definition of Trafodion table TRAFODION.SEABASE.TABLE1

-- Definition current Mon Feb 15 07:42:02 2016

(
SYSKEY LARGEINT NO DEFAULT NOT NULL NOT DROPPABLE
NOT SERIALIZED
, A INT DEFAULT NULL SERIALIZED
)

--- SQL operation complete.

>>insert into table1 values (1), (2), (3), (4);

--- 4 row(s) inserted.

>>select * from table1;

A
-----------

1
2
3
4

--- 4 row(s) selected.

>>drop table table1;

--- SQL operation complete.

>>exit;
$

Chapter 7. Activate | 61
 Provisioning Guide

Assuming no errors, your installation has been successful. Next, do the following:

• Install the Trafodion client software. Refer to the Trafodion Client Installation Guide.

• Use Trafodion. Refer to the Trafodion SQL Reference Manual.

• Review other Trafodion documentation. Refer to the Trafodion documentation.

7.3. Troubleshooting Tips

If you are not able to start up the environment or if there are problems running sqlci or trafci, then verify that the all the
processes are up and running.

• sqcheck should indicate all processes are running.

If processes are not running as expected, then:

• sqstop to shut down Trafodion. If some Trafodion processes do not terminate cleanly, then run ckillall.

• sqstart to restart Trafodion.

If problems persist please review logs:

• $MY_SQROOT/logs: Trafodion logs.

62 | Chapter 7. Activate
 Provisioning Guide

Chapter 8. Remove
You use the Trafodion Provisioning User for these instructions.

You do not need to use the trafodion_uninstaller script if upgrading Trafodion. Instead, use

 the trafodion_install script, which automatically upgrades the version of Trafodion. Please
refer to the Install chapter for further instructions.

Run the commands from the first node of the cluster. Do not run them from a machine that is not part of the Trafodion
cluster.

8.1. Stop Trafodion

Do the following:

su trafodion
cd $MY_SQROOT/sql/scripts or cds
sqstop
exit

Example

[admin@trafodion-1 ~]$ su trafodion

[trafodion@trafodion-1 scripts]$ cds
[trafodion@trafodion-1 scripts]$ sqstop
Shutting down the REST environment now
stopping rest.
Shutting down the DCS environment now
stopping master.
trafodion-1: stopping server.
trafodion-2: stopping server.
stopped $zlobsrv0
stopped $zlobsrv1
Shutting down (normal) the SQ environment!
Mon Feb 15 07:49:18 UTC 2016
Processing cluster.conf on local host trafodion-1
.
.
.

Chapter 8. Remove | 63
 Provisioning Guide

[$Z000HDS] 001,00024772 001 GEN ES--A-- $Z010K7S NONE mxosrvr

[$Z000HDS] 001,00024782 001 GEN ES--U-- $ZLOBSRV1 NONE mxlobsrvr
shutdown
[$Z000HDS] %shutdown
exit
Issued a 'shutdown normal' request

Shutdown in progress

# of SQ processes: 0
SQ Shutdown (normal) from /home/trafodion/apache-trafodion-1.3.0-incubating-
bin/sql/scripts Successful
Mon Feb 15 07:49:26 UTC 2016
[trafodion@trafodion-1 scripts]$ exit
[admin@trafodion-1 ~]$

8.2. Run trafodion_uninstaller

The trafodion_uninstaller completely removes Trafodion.

Example

[admin@trafodion-1 ~]$ cd $HOME/trafodion-installer/installer

[admin@trafodion-1 installer]$ ./trafodion_uninstaller
Do you want to uninstall Trafodion (Everything will be removed)? (Y/N) y
***INFO: testing sudo access
***INFO: NOTE, rpms that were installed will not be removed.
***INFO: stopping Trafodion instance
SQ environment is not up.
Going to execute ckillall

Can't find file /home/trafodion/.vnc/trafodion-1:1.pid

You'll have to kill the Xvnc process manually

***INFO: restoring linux system files that were changed

***INFO: removing hbase-trx* from Hadoop directories
pdsh@trafodion-1: trafodion-1: ssh exited with exit code 1
pdsh@trafodion-1: trafodion-2: ssh exited with exit code 1
pdsh@trafodion-1: trafodion-1: ssh exited with exit code 1
pdsh@trafodion-1: trafodion-2: ssh exited with exit code 1
***INFO remove the Trafodion userid and group
***INFO: removing all files from /home/trafodion/apache-trafodion-1.3.0-incubating-bin
***INFO: removing all files from /usr/lib/trafodion and /var/log/trafodion
***INFO: removing all files from /etc/trafodion
***INFO: Trafodion uninstall complete.
[admin@trafodion-1 installer]$

64 | Chapter 8. Remove
 Provisioning Guide

Chapter 9. Enable Security

If you do not enable security in Trafodion, then a client interface to Trafodion may request a user name and password, but
Trafodion ignores the user name and password entered in the client interface, and the session runs as the database root
user, DB__ROOT, without restrictions. If you want to restrict users, restrict access to certain users only, or restrict access to
an object or operation, then you must enable security, which enforces authentication and authorization. You can enable
security during installation by answering the Trafodion Installer’s prompts or after installation by running the
traf_authentication_setup script, which enables both authentication and authorization. For more information, see
Authentication Setup Script below.

Trafodion does not manage user names and passwords internally but does support authentication via directory servers
that support the OpenLDAP protocol, also known as LDAP servers. You can configure the LDAP servers during
installation by answering the Trafodion Installer’s prompts, or you can configure the LDAP servers manually after
installation. For more information, please refer to Configuring LDAP Servers below.

Once authentication and authorization are enabled, Trafodion allows users to be registered in the database and allows
privileges on objects to be granted to users and roles (which are granted to users). Trafodion also supports component-
level (or system-level) privileges, such as MANAGE_USERS, which can be granted to users and roles. Refer to Manage
Users below.

9.1. Configuring LDAP Servers

To specify the LDAP server(s) to be used for authentication, you need to configure the text file
.traf_authentication_config, located (by default) in $MY_SQROOT/sql/scripts. This file is a flat file, organized
as a series of attribute/value pairs. Details on all the attributes and values accepted in the authentication configuration file
and how to configure alternate locations can be found in .traf_authentication_config below.

A sample template file is located in $MY_SQROOT/sql/scripts/traf_authentication_config.

Attributes and values in the authentication configuration file are separated with a colon immediately following the attribute
name. In general, white space is ignored but spaces may be relevant in some values. Attribute names are always case
insensitive. Multiple instances of an attribute are specified by repeating the attribute name and providing the new value.
For attributes with only one instance, if the attribute is repeated, the last value provided is used.

Attribute1: valueA
Attribute2: valueB
Attribute1: valueC

Chapter 9. Enable Security | 65

 Provisioning Guide

If Attribute1 has only one instance, valueC is used, otherwise, valueA and valueC are both added to the list of
values for Attribute1.

Attributes are grouped into sections; this is for future enhancements. Attributes are declared in the LOCAL section, unless
otherwise specified.

Section names, attribute names, and the general layout of the authentication configuration file are
 subject to change in future versions of Trafodion and backward compatibility is not guaranteed.

Specification of your directory server(s) requires at a minimum:

Setting Description Example

LDAP Host One or more names of hosts that support the OpenLDAP protocol LDAPHostName:
Name(s) must be specified. Trafodion attempts to connect to all provided ldap.company.com
host names during the authentication process. The set of user
names and passwords should be identical on all hosts to avoid
unpredictable results. The attribute name is LDAPHostName.
LDAP Port Port number of the LDAP server. Typically this is 389 for servers LDAPPort: 389
Number using no encryption or TLS, and 636 for servers using SSL. The
attribute name is LDAPPort.
LDAP Unique Attribute(s) used by the directory server that uniquely identifies the UniqueIdentifier:
Identifier user name. You may provide one or more unique identifier uid=,ou=users,dc=com
specifiers.
Encryption A numeric value indicating the encryption scheme used by your LDAPSSL: 2
Level LDAP server. Values are:
If your LDAP server uses TLS you
• 0: Encryption not used must specify a file containing the
• 1: SSL certificate used to encrypt the
• 2: TLS password. By default the Trafodion
software looks for this file in
$MY_SQROOT/cacerts, but you
may specify a fully qualified
filename, or set the environment
variable CACERTS_DIR to another
directory. To specify the file
containing the certificate, you set
the value of the attribute
TLS_CACERTFilename, located in
the Defaults section.

Example
` TLS_CACERTFilename:
mycert.pem
TLS_CACertFilename:
/usr/etc/cert.pem `
Search Some LDAP servers require a known user name and password to LDAPSearchDN:
username and search the directory of user names. If your environment has that lookup@company.com
password requirement, provide these "search" values. LDAPSearchPwd: Lookup123

There are additional optional attributes that can be used to customize Trafodion authentication. As mentioned earlier, they
are described in .traf_authentication_config below.

66 | Chapter 9. Enable Security

 Provisioning Guide

You can test the authentication configuration file for syntactic errors using the ldapconfigcheck tool. If you have loaded
the Trafodion environment (sqenv.sh), then the tool automatically checks the file at
$MY_SQROOT/sql/scripts/.traf_authentication_config. If not, you can specify the file to be checked.

Example

ldapconfigcheck -file myconfigfile

File myconfigfile is valid.

If an error is found, then the line number with the error is displayed along with the error. Please refer to ldapconfigcheck
below for more information.

The authentication configuration file needs to be propagated to all nodes, but there is a script that
 does that for you described later. For now, you can test your changes on the local node.

You can test the LDAP connection using the utility ldapcheck. To use this utility the Trafodion environment must be
loaded (sqenv.sh), but the Trafodion instance does not need to be running. To test the connection only, you can specify
any user name, and a name lookup is performed using the attributes in .traf_authentication_config.

ldapcheck --username=fakename@company.com
User fakename@company.com not found

If ldapcheck reports either that the user was found or the user was not found, the connection was successful. However,
if an error is reported, either the configuration file is not setup correctly, or there is a problem either with your LDAP server
or the connection to the server. You can get additional error detail by including the --verbose option. Please refer to
ldapcheck for more information.

If you supply a password, ldapcheck attempts to authenticate the specified username and password. The example
below shows the password for illustrative purposes, but to avoid typing the password on the command line, leave the
password blank (--password=) and the utility prompts for the password with no echo.

ldapcheck --username=realuser@company.com --password=StrongPassword

Authentication successful

Chapter 9. Enable Security | 67

 Provisioning Guide

9.2. Generate Trafodion Certificate

Trafodion clients such as trafci encrypt the password before sending it to Trafodion. A self-signed certificate is used to
encrypt the password. The certificate and key should be generated when the sqgen script is invoked. By default, the files
server.key and server.crt are located in $HOME/sqcert. If those files are not present and since Trafodion clients
does not send unencrypted passwords, then you need to manually generate those files. To do so, run the script
sqcertgen located in $MY_SQROOT/sql/scripts. The script runs openssl to generate the certificate and key.

To run openssl manually, follow the example:

openssl req -x509 -nodes -days 365 -subj

'/C=US/ST=California/L=PaloAlto/CN=host.domain.com/O=Some Company/OU=Service
Connection'
- newkey rsa:2048 -keyout server.key -out server.crt

Option Description
-x509 Generate a self-signed certificate.
-days <validity of certificate> Make the certificate valid for the days specified.
-newkey rsa:<bytes> Generate a new private key of type RSA of length 1024 or 2048 bytes.
-subj <certificateinfo> Specify the information that is incorporated in the certificate. Each
instance in a cluster should have a unique common name(CN).
-keyout <filename> Write the newly generated RSA private key to the file specified.
-nodes It is an optional parameter that specifies NOT to encrypt the private key.
If you encrypt the private key, then you must enter the password every
time the private key is used by an application.
-out <filename> Write the self-signed certificate to the specified file.

Both the public (server.crt) and private (server.key) files should be placed in the directory $HOME/sqcert. If you
do not want to use the HOME directory or if you want to use different names for the private and/or public key files, then
Trafodion supports environment variables to specific the alternate locations or names.

• Trafodion first checks the environment variables SQCERT_PRIVKEY and SQCERT_PUBKEY. If they are set, Trafodion
uses the fully qualified filename value of the environment variable.

You can specify either one filename environment variable or both.

• If at least one filename environment variable is not set, Trafodion checks the value of the environment variable
SQCERT_DIR. If set, then the default filename server.key or server.crt is appended to the value of the
environment variable SQCERT_DIR.

• If the filename environment variable is not set and the directory environment variable is not set, then Trafodion uses
the default location ($HOME/sqcert) and the default filename.

68 | Chapter 9. Enable Security

 Provisioning Guide

9.3. Authentication Setup Script

The final step to enable security is to change the value of the environment variable
TRAFODION_ENABLE_AUTHENTICATION from NO to YES and turn on authorization. This is achieved by invoking the
traf_authentication_setup script, which is located in $MY_SQROOT/sql/scripts.

Usage

Usage: traf_authentication_setup [options]

Options:
--file <loc> Optional location of OpenLDAP configuration file
--help Prints this message
--off Disables authentication and authorization
--on Enables authentication and authorization
--setup Enables authentication
--status Returns status of authentication enablement

Option Description
--file If specified, then filename is copied to $MY_SQROOT/. Users working in their own private
environment can refer to a site-specific configuration file from a central location.
--on traf_authentication_setup invokes ldapconfigcheck to verify the configuration file is
syntactically correct. It also invokes ldapcheck to verify that a connection can be made to
an LDAP server.

If both checks pass, the script sets the environment variable

TRAFODION_ENABLE_AUTHENTICATION to YES in the file $MY_SQROOT/sqenvcom.sh,
and propagates sqenvcom.sh and .traf_authentication_config to all nodes in
the cluster.

The last step is to enable authorization by creating privilege-related metadata tables and
set up default permissions with a call to the database. The list of privilege-related metadata
tables, users, roles, and component privileges are logged in
$MY_SQROOT/logs/authEnable.log.

Specifying --on requires that a valid .traf_authentication_config file exists and

the Trafodion metadata initialized.
--off If specified, then traf_authentication_setup sets the environment variable
TRAFODION_ENABLE_AUTHENTICATION to NO in $MY_SQROOT/sqenvcom.sh and
propagates the file to all the nodes in the cluster.

The last step is to disable authorization by removing any privilege-related metadata and
permissions with a call to the database. The results of this operation is logged in
$MY_SQROOT/logs/authEnable.log.
--setup Use this option if the Trafodion metadata has not been initialized. This option enables
authentication but does not call the database to create privilege-related metadata tables.
Later, when Trafodion metadata is initialized, privilege-related metadata tables and default
permissions are automatically created.

Chapter 9. Enable Security | 69

 Provisioning Guide

Option Description
--status Reports the value of the environment variable TRAFODION_ENABLE_AUTHENTICATION in
$MY_SQROOT/sqenvcom.sh on the current node and reports the status of security
features in the database.

Example

INFO: Start of security (authentication and authorization) script Wed Mar 25 15:12:50
PDT 2xxx.

INFO: *** Trafodion security (authentication and authorization) status ***

Authentication is ENABLED
Authorization (grant/revoke) is ENABLED

INFO: End of security (authorization and authentication) script Wed Mar 25 15:12:54 PDT
2xxx.

Any time the environment file (sqenvcom.sh) is changed (and propagated to all nodes), Database
Connectivity Services (DCS) must be restarted to pick up the new value. If the configuration file is
 changed, it re-reads in 30 minutes (by default), but you can have changes take effect immediately by
restarting DCS.

To restart DCS, run the scripts stop-dcs.sh and start-dcs.sh, located in $MY_SQROOT/dcs-<x>.<y>.<z>/bin.

9.4. Manage Users

Users are registered in the Trafodion database and are used to enforce authorization. If security is disabled, any user can
register any user at any time. However, once security is enabled, user administration is considered a secure operation,
and registration of users is restricted to DBROOT or any user granted the MANAGE_USERS component
privilege. To initially register a user, connect to Trafodion with the external user
mapped to DBROOT (also known as the Trafodion ID).

When security is enabled, the DBROOT user is registered as the TRAFODION external user name. It
is recommended that the DBROOT user be mapped to the external user name that is used to connect for root
operations. To do this, start a sqlci session and perform the ALTER USER command, for example:

ALTER USER DB__ROOT SET EXTERNAL NAME trafodion_rootuser_in_ldap;

To learn more about how to register users, grant object and component privileges, and manage users and roles, please
see the Trafodion SQL Reference Manual.

70 | Chapter 9. Enable Security

 Provisioning Guide

9.5. .traf_authentication_config

The .traf_authentication_config file is user to enable the Trafodion security features.

9.5.1. File Location

By default, the Trafodion authentication configuration file is located in

$MY_SQROOT/sql/scripts/.traf_authentication_config. If you want to store the configuration file in a different
location and/or use a different filename, then Trafodion supports environment variables to specify the alternate
location/name.

Trafodion firsts checks the environment variable TRAFAUTH_CONFIGFILE. If set, the value is used as the fully-qualified
Trafodion authentication configuration file.

If the environment variable is not set, then Trafodion next checks the variable TRAFAUTH_CONFIGDIR. If set, the value is
prepended to .traf_authentication_config and used as the Trafodion authentication file.

If neither is set, Trafodion defaults to $MY_SQROOT/sql/scripts/.traf_authentication_config.

Chapter 9. Enable Security | 71

 Provisioning Guide

9.5.2. Template

# To use authentication in Trafodion, this file must be configured

# as described below and placed in $MY_SQROOT/sql/scripts and be named
# .traf_authentication_config. You must also enable authentication by
# running the script traf_authentication_setup in $MY_SQROOT/sql/scripts.
#
# NOTE: the format of this configuration file is expected to change in the
# next release of Trafodion. Backward compatibility is not guaranteed.
#
SECTION: Defaults
DefaultSectionName: local
RefreshTime: 1800
TLS_CACERTFilename:
SECTION: local

# If one or more of the LDAPHostName values is a load balancing host, list

# the name(s) here, one name: value pair for each host.
LoadBalanceHostName:

# One or more identically configured hosts must be specified here,

# one name: value pair for each host.
LDAPHostName:

# Default is port 389, change if using 636 or any other port

LDAPPort:389

# Must specify one or more unique identifiers, one name: value pair for each
UniqueIdentifier:

# If the configured LDAP server requires a username and password to

# to perform name lookup, provide those here.
LDAPSearchDN:
LDAPSearchPwd:

# If configured LDAP server requires TLS(1) or SSL (2), update this value
LDAPSSL:0

# Default timeout values in seconds

LDAPNetworkTimeout: 30
LDAPTimeout: 30
LDAPTimeLimit: 30

# Default values for retry logic algorithm

RetryCount: 5
RetryDelay: 2
PreserveConnection: No
ExcludeBadHosts: Yes
MaxExcludeListSize: 3

72 | Chapter 9. Enable Security

 Provisioning Guide

9.5.3. Configuration Attributes

Attribute Name Purpose Example Value Notes

LDAPHostName Host name of the local ldap.master.com If more than one LDAPHostName entry is
LDAP server. provided, then Trafodion attempts to
connect with each LDAP server before
returning an authentication error. Also see
the description related to RetryCount
and RetryDelay entries.
LDAPPort Port number of the 345 Must be numeric value. Related to
local LDAP server. LDAPSSL entry. Standard port numbers
for OpenLDAP are as follows:

• Non-secure: 389
• SSL: 636
• TLS: 389
LDAPSearchDN If a search user is cn=aaabbb, dc=demo, If anonymous search is allowed on the
needed, the search dc=net local server, then this attribute does not
user distinguished need to be specified or can be specified
name is specified here. with no value (blank). To date,
anonymous search is the normal
approach used.
LDAPSearchPWD Password for the welcome None.
LDAPSearchDN value.
See that entry for
details.
LDAPSSL A numeric value 0 None.
specifying whether the
local LDAP server
interface is
unencrypted or TLS or
SSL. Legal values are
0 for unencrypted, 1 for
SSL, and 2 for TLS. For
SSL/TLS, see the
section below on
Encryption Support.
UniqueIdentifier The directory attribute uid=,ou=Users,dc=dem To account for the multiple forms of DN
that contains the user’s o,dc=net supported by a given LDAP server,
unique identifier. specify the UniqueIdentifier
parameter multiple times with different
values. During a search, each
UniqueIdentifier is tried in the order
it is listed in the configuration file.

Chapter 9. Enable Security | 73

 Provisioning Guide

Attribute Name Purpose Example Value Notes

LDAPNetworkTimeout Specifies the timeout 20 The value must be a positive number or
(in seconds) after -1. Setting this to -1 results in an infinite
which the next timeout.
LDAPHostName entry
is tried, in case of no
response for a
connection request.
This parameter is
similar to
NETWORK_TIMEOUT in
ldap_conf(5).
Default value is 30
seconds.
LDAPTimelimit Specifies the time to 15 The server may still apply a lower server-
wait when performing a side limit on the duration of a search
search on the LDAP operation.
server for the user
name. The number
must be a positive
integer. This parameter
is similar to
TIMELIMIT in
ldap_conf(5).
Default value is 30
seconds.
LDAPTimeout Specifies a timeout (in 15 The value must be a positive number or
seconds) after which -1. Setting this to -1 results in an infinite
calls to synchronous timeout.
LDAP APIs aborts if no
response is received.
This parameter is
similar to TIMEOUT in
ldap_conf(5).
Default value is 30
seconds.
RetryCount Number of attempts to 10 When a failed operation is retried, it is
establish a successful attempted with each configured LDAP
LDAP connection. server, until the operation is successful or
Default is 5 retries the number of configured retries is
before returning an exceeded.
error.
RetryDelay Specifies the number of 1 None.
seconds to delay
between retries.
Default value is 2
seconds. See
description of
RetryCount.
PreserveConnection Specifies whether the YES None.
connection to LDAP
server is maintained
(YES) or closed (NO)
once the operation
finishes. Default value
is NO.

74 | Chapter 9. Enable Security

 Provisioning Guide

Attribute Name Purpose Example Value Notes

RefreshTime Specifies the number of 3600 If set to zero, the configuration file is
seconds that must never read. The connectivity servers must
have elapsed before be restarted for changes to take effect if
the configuration file is this value is zero. This attribute is not
reread. Default is 1800 specific to either configuration and must
(30 minutes). be defined in the DEFAULTS section.
TLS_CACERTFilename Specifies the location cert.pem This attribute applies to both
of the certificate file for configurations. If a configuration does not
the LDAP server(s). require a certificate, then this attribute is
Filename can either be ignored. This attribute must be defined in
fully qualified or relative the DEFAULTS section.
to $CACERTS_DIR.
DefaultSectionName Specifies the LOCAL This attribute must be defined in the
configuration type that DEFAULTS section. If the
is assigned to a user by DefaultSectionName attribute is
the REGISTER USER specified, then a section by that name (or
command if no equivalent) must be defined in
authentication type is .traf_ldapconfig. Legal values are
specified. In the initial LOCAL and ENTERPRISE. This syntax is
Trafodion release, only likely to change.
one configuration is
supported.

9.6. ldapcheck

9.6.1. Usage

ldapcheck [<option>]...
<option> ::= --help|-h display usage information
--username=<LDAP-username>
--password[=<password>]
--primary Use first configuration
--local Use first configuration
--enterprise Use first configuration
--secondary Use second configuration
--remote Use second configuration
--cluster Use second configuration
--verbose Display non-zero retry counts
and LDAP errors

9.6.2. Considerations

• Aliases for primary include enterprise and local. Aliases for secondary include cluster and remote. If no configuration is
specified, primary is assumed.

• The equals sign is required when supplying a value to username or password.

Chapter 9. Enable Security | 75

 Provisioning Guide

• To be prompted for a password value with no echo, specify the password argument but omit the equals sign and value.

• Passwords that contain special characters may need to be escaped if the password is specified on the command line
or within a script file.

• If the password keyword is not specified, only the username is checked. The tool can therefore be used to test the
LDAP configuration and connection to the configured LDAP server(s) without knowing a valid username or password.

9.7. ldapconfigcheck

This page describes the ldapconfigcheck tool, which validates the syntactic correctness of a Trafodion authentication
configuration file. Trafodion does not need to be running to run the tool.

9.7.1. Considerations

If the configuration filename is not specified, then the tool looks for a file using environment variables. Those environment
variables and the search order are:

1. TRAFAUTH_CONFIGFILE

A fully qualified name is expected.

2. TRAFAUTH_CONFIGDIR

Filename .traf_authentication_config/ is appended to the specified directory

3. MY_SQROOT

/sql/scripts/.traf_authentication_config is appended to the value of MY_SQROOT.

76 | Chapter 9. Enable Security

 Provisioning Guide

9.7.2. Errors

One of the following is output when the tool is run. Only the first error encountered is reported.

Code Text
0 File filename is valid.
1 File filename not found.
2 File: filename

Invalid attribute name on line line-number.

3 File: filename

Missing required value on line line-number.

4 File: filename

Value out of range on line line-number.

5 File: filename

Open of traf_authentication_config file failed.

6 File: filename

Read of traf_authentication_config file failed.

7 No file provided. Either specify a file parameter or verify environment variables.
8 TLS was requested in at least one section, but TLS_CACERTFilename was not provided.
9 Missing host name in at least one section.

Each LDAP connection configuration section must provide at least one host name.
10 Missing unique identifier in at least one section.

Each LDAP connection configuration section must provide at least one unique identifier.
11 At least one LDAP connection configuration section must be specified.
12 Internal error parsing .traf_authentication_config.

Chapter 9. Enable Security | 77

 Provisioning Guide

Chapter 10. Install Recipe

To be written.

78 | Chapter 10. Install Recipe

 Provisioning Guide

Chapter 11. Upgrade Recipe

To be written.

Chapter 11. Upgrade Recipe | 79