Configure Kudu Flags, SSL, and Superuser ACLs

This page describes setting Kudu flags, enabling SSL for the web server, and configuring superuser ACLs.

Set Kudu Flags

You can set stable and advanced stable flags from the Ambari UI. However, you cannot set evolving flags from the UI.

To add evolving flags, update the Jinja template in either of the following files:

  • Advanced kudu-master-env
  • Advanced kudu-tablet-env

Enable SSL for the Web Server

By default, each Kudu master and tablet server runs a web server that you can access at:

  • Master: http(s)://$IP:8051
  • Tablet: http(s)://$IP:8055

To enable SSL:

  1. Place the SSL key and certificate files in .pem format on each machine.

  2. In the Ambari UI, in Advanced kudu-master-env and Advanced kudu-tablet-env, set the following properties:

    • webserver_certificate_file = /path/to/cert.pem
    • webserver_private_key_file = /path/to/key.pem

  3. Ensure both files are available on each node that you want to access through the web server.

Configure Superuser ACLs

If you are using Impala with Ranger, you must configure the superuser ACLs:

  1. Add impala to the comma-separated list for the superuser_acl property in kudu-master-env.
  2. Use Impala Ranger (internally Hive) service policies to govern access to Kudu tables.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
  Last updated on Sep 19, 2025
On This Page
Configure Kudu Flags, SSL, and Superuser ACLsSet Kudu FlagsEnable SSL for the Web ServerConfigure Superuser ACLs