Skip to content

Commit

Permalink
[Doc] Fix typos and misused formats (#48689)
Browse files Browse the repository at this point in the history 
Signed-off-by: 絵空事スピリット <[email protected]>
(cherry picked from commit 63af2b1)

# Conflicts:
#	docs/en/sql-reference/sql-statements/data-manipulation/BROKER_LOAD.md
#	docs/zh/sql-reference/sql-statements/data-manipulation/BROKER_LOAD.md
  • Loading branch information
@EsoragotoSpirit @mergify
EsoragotoSpirit authored and mergify[bot] committed Jul 22, 2024
1 parent 833c723 commit 8dbffbf
Show file tree
Hide file tree
Showing 2 changed files with 88 additions and 2 deletions.
50 changes: 48 additions & 2 deletions docs/en/sql-reference/sql-statements/data-manipulation/BROKER_LOAD.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,7 +205,7 @@ Open-source HDFS supports two authentication methods: simple authentication and
| Parameter | Description |
| ------------------------------- | ------------------------------------------------------------ |
| hadoop.security.authentication | The authentication method. Valid values: `simple` and `kerberos`. Default value: `simple`. `simple` represents simple authentication, meaning no authentication, and `kerberos` represents Kerberos authentication. |
| kerberos_principal | The Kerberos principal to be authenticated. Each principal consists of the following three parts to ensure that it is unique across the HDFS cluster:<ul><li>`username` or `servicename`: The name of the principal.</li><li>`instance`: the name of the server that hosts the node to be authenticated in the HDFS cluster. The server name helps ensure that the principal is unique, for example, when the HDFS cluster consists of multiple DataNodes that each are independently authenticated.</li><li>`realm`: The name of the realm. The realm name must be capitalized. Example: `nn/[[email protected]](mailto:[email protected])`.</li></ul> |
| kerberos_principal | The Kerberos principal to be authenticated. Each principal consists of the following three parts to ensure that it is unique across the HDFS cluster:<ul><li>`username` or `servicename`: The name of the principal.</li><li>`instance`: the name of the server that hosts the node to be authenticated in the HDFS cluster. The server name helps ensure that the principal is unique, for example, when the HDFS cluster consists of multiple DataNodes that each are independently authenticated.</li><li>`realm`: The name of the realm. The realm name must be capitalized.</li></ul>Example: `nn/[email protected]`. |
| kerberos_keytab | The save path of the Kerberos keytab file. |
| kerberos_keytab_content | The Base64-encoded content of the the Kerberos keytab file. You can choose to specify either `kerberos_keytab` or `kerberos_keytab_content`. |

Expand All @@ -224,11 +224,17 @@ Open-source HDFS supports two authentication methods: simple authentication and

You can configure an HA mechanism for the NameNode of the HDFS cluster. This way, if the NameNode is switched over to another node, StarRocks can automatically identify the new node that serves as the NameNode. This includes the following scenarios:

- If you load data from a single HDFS cluster that has one Kerberos user configured, both load-based loading and load-free loading are supported.
- If you load data from a single HDFS cluster that has one Kerberos user configured, both broker-based loading and broker-free loading are supported.

<<<<<<< HEAD
- To perform load-based loading, make sure that at least one independent [broker group](../../../deployment/deploy_broker.md) is deployed, and place the `hdfs-site.xml` file to the `{deploy}/conf` path on the broker node that serves the HDFS cluster. StarRocks will add the `{deploy}/conf` path to the environment variable `CLASSPATH` upon broker startup, allowing the brokers to read information about the HDFS cluster nodes.

- To perform load-free loading, place the `hdfs-site.xml` file to the `{deploy}/conf` paths of each FE node and each BE node.
=======
- To perform broker-based loading, make sure that at least one independent broker group is deployed, and place the `hdfs-site.xml` file to the `{deploy}/conf` path on the broker node that serves the HDFS cluster. StarRocks will add the `{deploy}/conf` path to the environment variable `CLASSPATH` upon broker startup, allowing the brokers to read information about the HDFS cluster nodes.

- To perform broker-free loading, place the `hdfs-site.xml` file to the `{deploy}/conf` paths of each FE node and each BE or CN node.
>>>>>>> 63af2b18fa ([Doc] Fix typos and misused formats (#48689))
- If you load data from a single HDFS cluster that has multiple Kerberos users configured, only broker-based loading is supported. Make sure that at least one independent [broker group](../../../deployment/deploy_broker.md) is deployed, and place the `hdfs-site.xml` file to the `{deploy}/conf` path on the broker node that serves the HDFS cluster. StarRocks will add the `{deploy}/conf` path to the environment variable `CLASSPATH` upon broker startup, allowing the brokers to read information about the HDFS cluster nodes.

Expand Down Expand Up @@ -327,13 +333,53 @@ To create an Access/Secret key pair to access your Google GCS bucket, follow the

2. In the left-side navigation pane, choose **Google Cloud Storage** and then **Settings**.

<<<<<<< HEAD
3. Click the **Interoperability** tab.
=======
| **Parameter** | **Default value** | **Value** **example** | **Description** |
| -------------------------------------- | ----------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
| gcp.gcs.service_account_email | "" | `"[email protected]"` | The email address in the JSON file generated at the creation of the service account. |
| gcp.gcs.service_account_private_key_id | "" | "61d257bd8479547cb3e04f0b9b6b9ca07af3b7ea" | The private key ID in the JSON file generated at the creation of the service account. |
| gcp.gcs.service_account_private_key | "" | "-----BEGIN PRIVATE KEY----xxxx-----END PRIVATE KEY-----\n" | The private key in the JSON file generated at the creation of the service account. |
>>>>>>> 63af2b18fa ([Doc] Fix typos and misused formats (#48689))

4. (Optional.) If you have not enabled the Interoperability feature, click **Interoperable Access**.

![img](../../../assets/BROKERLOAD-1.png)

<<<<<<< HEAD
5. Click the **Create new Key** button to create an Access/Secret key pair.
=======
```SQL
"gcp.gcs.use_compute_engine_service_account" = "true",
"gcp.gcs.impersonation_service_account" = "<assumed_google_service_account_email>"
```

The following table describes the parameters you need to configure in `StorageCredentialParams`.

| **Parameter** | **Default value** | **Value** **example** | **Description** |
| ------------------------------------------ | ----------------- | --------------------- | ------------------------------------------------------------ |
| gcp.gcs.use_compute_engine_service_account | false | true | Specifies whether to directly use the service account that is bound to your Compute Engine. |
| gcp.gcs.impersonation_service_account | "" | "hello" | The service account that you want to impersonate. |

- Make a service account (named as meta service account) impersonate another service account (named as data service account):

```SQL
"gcp.gcs.service_account_email" = "<google_service_account_email>",
"gcp.gcs.service_account_private_key_id" = "<meta_google_service_account_email>",
"gcp.gcs.service_account_private_key" = "<meta_google_service_account_email>",
"gcp.gcs.impersonation_service_account" = "<data_google_service_account_email>"
```

The following table describes the parameters you need to configure in `StorageCredentialParams`.

| **Parameter** | **Default value** | **Value** **example** | **Description** |
| -------------------------------------- | ----------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
| gcp.gcs.service_account_email | "" | `"[email protected]"` | The email address in the JSON file generated at the creation of the meta service account. |
| gcp.gcs.service_account_private_key_id | "" | "61d257bd8479547cb3e04f0b9b6b9ca07af3b7ea" | The private key ID in the JSON file generated at the creation of the meta service account. |
| gcp.gcs.service_account_private_key | "" | "-----BEGIN PRIVATE KEY----xxxx-----END PRIVATE KEY-----\n" | The private key in the JSON file generated at the creation of the meta service account. |
| gcp.gcs.impersonation_service_account | "" | "hello" | The data service account that you want to impersonate. |
>>>>>>> 63af2b18fa ([Doc] Fix typos and misused formats (#48689))

#### Other S3-compatible storage system

Expand Down
40 changes: 40 additions & 0 deletions docs/zh/sql-reference/sql-statements/data-manipulation/BROKER_LOAD.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -325,13 +325,53 @@ StarRocks 访问存储系统的认证配置。

2. 在左侧导航栏,选择 **Google Cloud Storage**,然后选择 **Settings**

<<<<<<< HEAD
3. 选择 **Interoperability** 页签。
=======
| **参数** | **默认值** | **取值样例** | **说明** |
| -------------------------------------- | ---------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
| gcp.gcs.service_account_email | "" | `"[email protected]"` | 创建 Service Account 时生成的 JSON 文件中的 Email。 |
| gcp.gcs.service_account_private_key_id | "" | "61d257bd8479547cb3e04f0b9b6b9ca07af3b7ea" | 创建 Service Account 时生成的 JSON 文件中的 Private Key ID。 |
| gcp.gcs.service_account_private_key | "" | "-----BEGIN PRIVATE KEY----xxxx-----END PRIVATE KEY-----\n" | 创建 Service Account 时生成的 JSON 文件中的 Private Key。 |
>>>>>>> 63af2b18fa ([Doc] Fix typos and misused formats (#48689))

如果还没有启用 Interoperability 特性,请单击 **Interoperable Access**

![Google GCS - Access Key Pair](../../../assets/8.2.2-1.png)

<<<<<<< HEAD
4. 单击 **Create new Key** 按钮,按界面提示完成密钥对的创建。
=======
```SQL
"gcp.gcs.use_compute_engine_service_account" = "true",
"gcp.gcs.impersonation_service_account" = "<assumed_google_service_account_email>"
```

`StorageCredentialParams` 包含如下参数。

| **参数** | **默认值** | **取值样例** | **说明** |
| ------------------------------------------ | ---------- | ------------ | ------------------------------------------------------------ |
| gcp.gcs.use_compute_engine_service_account | false | true | 是否直接使用 Compute Engine 上面绑定的 Service Account。 |
| gcp.gcs.impersonation_service_account | "" | "hello" | 需要模拟的目标 Service Account。 |

- 使用一个 Service Account(即“Meta Service Account”)模拟另一个 Service Account(即“Data Service Account”)

```SQL
"gcp.gcs.service_account_email" = "<google_service_account_email>",
"gcp.gcs.service_account_private_key_id" = "<meta_google_service_account_email>",
"gcp.gcs.service_account_private_key" = "<meta_google_service_account_email>",
"gcp.gcs.impersonation_service_account" = "<data_google_service_account_email>"
```

`StorageCredentialParams` 包含如下参数。

| **参数** | **默认值** | **取值样例** | **说明** |
| -------------------------------------- | ---------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
| gcp.gcs.service_account_email | "" | `"[email protected]"` | 创建 Meta Service Account 时生成的 JSON 文件中的 Email。 |
| gcp.gcs.service_account_private_key_id | "" | "61d257bd8479547cb3e04f0b9b6b9ca07af3b7ea" | 创建 Meta Service Account 时生成的 JSON 文件中的 Private Key ID。 |
| gcp.gcs.service_account_private_key | "" | "-----BEGIN PRIVATE KEY----xxxx-----END PRIVATE KEY-----\n" | 创建 Meta Service Account 时生成的 JSON 文件中的 Private Key。 |
| gcp.gcs.impersonation_service_account | "" | "hello" | 需要模拟的目标 Data Service Account。 |
>>>>>>> 63af2b18fa ([Doc] Fix typos and misused formats (#48689))

#### 阿里云 OSS

Expand Down

0 comments on commit 8dbffbf

Please sign in to comment.