| <!DOCTYPE html> |
| <html lang="en"> |
| <head> |
| <meta charset="utf-8" /> |
| <meta http-equiv="X-UA-Compatible" content="IE=edge" /> |
| <meta name="viewport" content="width=device-width, initial-scale=1" /> |
| <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags --> |
| <meta name="description" content="A new open source Apache Hadoop ecosystem project, Apache Kudu completes Hadoop's storage layer to enable fast analytics on fast data" /> |
| <meta name="author" content="Cloudera" /> |
| <title>Apache Kudu - Apache Kudu Security</title> |
| <!-- Bootstrap core CSS --> |
| <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" |
| integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" |
| crossorigin="anonymous"> |
| |
| <!-- Custom styles for this template --> |
| <link href="/css/kudu.css" rel="stylesheet"/> |
| <link href="/css/asciidoc.css" rel="stylesheet"/> |
| <link rel="shortcut icon" href="/img/logo-favicon.ico" /> |
| <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css" /> |
| |
| |
| |
| <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries --> |
| <!--[if lt IE 9]> |
| <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script> |
| <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> |
| <![endif]--> |
| </head> |
| <body> |
| <div class="kudu-site container-fluid"> |
| <!-- Static navbar --> |
| <nav class="navbar navbar-default"> |
| <div class="container-fluid"> |
| <div class="navbar-header"> |
| <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> |
| <span class="sr-only">Toggle navigation</span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| </button> |
| |
| <a class="logo" href="/"><img |
| src="//d3dr9sfxru4sde.cloudfront.net/i/k/apachekudu_logo_0716_80px.png" |
| srcset="//d3dr9sfxru4sde.cloudfront.net/i/k/apachekudu_logo_0716_80px.png 1x, //d3dr9sfxru4sde.cloudfront.net/i/k/apachekudu_logo_0716_160px.png 2x" |
| alt="Apache Kudu"/></a> |
| |
| </div> |
| <div id="navbar" class="collapse navbar-collapse"> |
| <ul class="nav navbar-nav navbar-right"> |
| <li > |
| <a href="/">Home</a> |
| </li> |
| <li > |
| <a href="/overview.html">Overview</a> |
| </li> |
| <li class="active"> |
| <a href="/docs/">Documentation</a> |
| </li> |
| <li > |
| <a href="/releases/">Download</a> |
| </li> |
| <li > |
| <a href="/blog/">Blog</a> |
| </li> |
| <!-- NOTE: this dropdown menu does not appear on Mobile, so don't add anything here |
| that doesn't also appear elsewhere on the site. --> |
| <li class="dropdown"> |
| <a href="/community.html" role="button" aria-haspopup="true" aria-expanded="false">Community <span class="caret"></span></a> |
| <ul class="dropdown-menu"> |
| <li class="dropdown-header">GET IN TOUCH</li> |
| <li><a class="icon email" href="/community.html">Mailing Lists</a></li> |
| <li><a class="icon slack" href="https://getkudu-slack.herokuapp.com/">Slack Channel</a></li> |
| <li role="separator" class="divider"></li> |
| <li><a href="/community.html#meetups-user-groups-and-conference-presentations">Events and Meetups</a></li> |
| <li><a href="/committers.html">Project Committers</a></li> |
| <!--<li><a href="/roadmap.html">Roadmap</a></li>--> |
| <li><a href="/community.html#contributions">How to Contribute</a></li> |
| <li role="separator" class="divider"></li> |
| <li class="dropdown-header">DEVELOPER RESOURCES</li> |
| <li><a class="icon github" href="https://github.com/apache/incubator-kudu">GitHub</a></li> |
| <li><a class="icon gerrit" href="http://gerrit.cloudera.org:8080/#/q/status:open+project:kudu">Gerrit Code Review</a></li> |
| <li><a class="icon jira" href="https://issues.apache.org/jira/browse/KUDU">JIRA Issue Tracker</a></li> |
| <li role="separator" class="divider"></li> |
| <li class="dropdown-header">SOCIAL MEDIA</li> |
| <li><a class="icon twitter" href="https://twitter.com/ApacheKudu">Twitter</a></li> |
| <li><a href="https://www.reddit.com/r/kudu/">Reddit</a></li> |
| <li role="separator" class="divider"></li> |
| <li class="dropdown-header">APACHE SOFTWARE FOUNDATION</li> |
| <li><a href="https://www.apache.org/security/" target="_blank">Security</a></li> |
| <li><a href="https://www.apache.org/foundation/sponsorship.html" target="_blank">Sponsorship</a></li> |
| <li><a href="https://www.apache.org/foundation/thanks.html" target="_blank">Thanks</a></li> |
| <li><a href="https://www.apache.org/licenses/" target="_blank">License</a></li> |
| </ul> |
| </li> |
| <li > |
| <a href="/faq.html">FAQ</a> |
| </li> |
| </ul><!-- /.nav --> |
| </div><!-- /#navbar --> |
| </div><!-- /.container-fluid --> |
| </nav> |
| |
| <!-- |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| |
| <div class="container"> |
| <div class="row"> |
| <div class="col-md-9"> |
| |
| <h1>Apache Kudu Security</h1> |
| <div id="preamble"> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Kudu includes security features which allow Kudu clusters to be hardened against |
| access from unauthorized users. This guide describes the security features |
| provided by Kudu. <a href="#configuration">Configuring a Secure Kudu Cluster</a> lists essential configuration options when |
| deploying a secure Kudu cluster. <a href="#known-limitations">Known Limitations</a> contains a list of |
| known deficiencies in Kudu’s security capabilities.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="_authentication"><a class="link" href="#_authentication">Authentication</a></h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Kudu can be configured to enforce secure authentication among servers, and |
| between clients and servers. Authentication prevents untrusted actors from |
| gaining access to Kudu, and securely identifies the connecting user or services |
| for authorization checks. Authentication in Kudu is designed to interoperate |
| with other secure Hadoop components by utilizing Kerberos.</p> |
| </div> |
| <div class="paragraph"> |
| <p>Authentication can be configured on Kudu servers using the |
| <code>--rpc-authentication</code> flag, which can be set to <code>required</code>, <code>optional</code>, or |
| <code>disabled</code>. By default, the flag is set to <code>optional</code>. When <code>required</code>, Kudu |
| will reject connections from clients and servers who lack authentication |
| credentials. When <code>optional</code>, Kudu will attempt to use strong authentication. |
| When <code>disabled</code> or strong authentication fails for 'optional', by default Kudu |
| will only allow unauthenticated connections from trusted subnets, which are |
| private networks (127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16, |
| 169.254.0.0/16) and local subnets of all local network interfaces. Unauthenticated |
| connections from publicly routable IPs will be rejected.</p> |
| </div> |
| <div class="paragraph"> |
| <p>The trusted subnets can be configured using the <code>--trusted_subnets</code> flag, |
| which can be set to IP blocks in CIDR notation separated by comma. Set it to |
| '0.0.0.0/0' to allow unauthenticated connections from all remote IP addresses. |
| However, if network access is not otherwise restricted by a firewall, |
| malicious users may be able to gain unauthorized access. This can be mitigated |
| if authentication is configured to be required.</p> |
| </div> |
| <div class="admonitionblock warning"> |
| <table> |
| <tr> |
| <td class="icon"> |
| <i class="fa icon-warning" title="Warning"></i> |
| </td> |
| <td class="content"> |
| When the <code>--rpc-authentication</code> flag is set to <code>optional</code>, |
| the cluster does not prevent access from unauthenticated users. To secure a |
| cluster, use <code>--rpc-authentication=required</code>. |
| </td> |
| </tr> |
| </table> |
| </div> |
| <div class="sect2"> |
| <h3 id="_internal_pki"><a class="link" href="#_internal_pki">Internal PKI</a></h3> |
| <div class="paragraph"> |
| <p>Kudu uses an internal PKI system to issue X.509 certificates to servers in |
| the cluster. Connections between peers who have both obtained certificates will |
| use TLS for authentication, which doesn’t require contacting the Kerberos KDC. |
| These certificates are <em>only</em> used for internal communication among Kudu |
| servers, and between Kudu clients and servers. The certificates are never |
| presented in a public facing protocol.</p> |
| </div> |
| <div class="paragraph"> |
| <p>By using internally-issued certificates, Kudu offers strong authentication which |
| scales to huge clusters, and allows TLS encryption to be used without requiring |
| you to manually deploy certificates on every node.</p> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="_authentication_tokens"><a class="link" href="#_authentication_tokens">Authentication Tokens</a></h3> |
| <div class="paragraph"> |
| <p>After authenticating to a secure cluster, the Kudu client will automatically |
| request an authentication token from the Kudu master. An authentication token |
| encapsulates the identity of the authenticated user and carries the master’s |
| RSA signature so that its authenticity can be verified.</p> |
| </div> |
| <div class="paragraph"> |
| <p>This token will be used to authenticate subsequent connections. By default, |
| authentication tokens are only valid for seven days, so that even if a token |
| were compromised, it could not be used indefinitely. For the most part, |
| authentication tokens should be completely transparent to users. By using |
| authentication tokens, Kudu takes advantage of strong authentication without |
| paying the scalability cost of communicating with a central authority for every |
| connection.</p> |
| </div> |
| <div class="paragraph"> |
| <p>When used with distributed compute frameworks such as Spark, authentication |
| tokens can simplify configuration and improve security. For example, the Kudu |
| Spark connector will automatically retrieve an authentication token during the |
| planning stage, and distribute the token to tasks. This allows Spark to work |
| against a secured Kudu cluster where only the planner node has Kerberos |
| credentials.</p> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="_client_authentication_to_secure_kudu_clusters"><a class="link" href="#_client_authentication_to_secure_kudu_clusters">Client Authentication to Secure Kudu Clusters</a></h3> |
| <div class="paragraph"> |
| <p>Users running client Kudu applications must first run the <code>kinit</code> command to |
| obtain a Kerberos ticket-granting ticket. For example:</p> |
| </div> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="highlight"><code class="language-bash" data-lang="bash">$ kinit admin@EXAMPLE-REALM.COM</code></pre> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>Once authenticated, you use the same client code to read from and write to Kudu |
| servers with and without Kerberos configuration.</p> |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="_scalability"><a class="link" href="#_scalability">Scalability</a></h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Kudu authentication is designed to scale to thousands of nodes, which requires |
| avoiding unnecessary coordination with a central authentication authority (such |
| as the Kerberos KDC). Instead, Kudu servers and clients will use Kerberos to |
| establish initial trust with the Kudu master, and then use alternate credentials |
| for subsequent connections. In particular, the master will issue internal |
| X.509 certificates to servers, and temporary authentication tokens to clients.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="_encryption"><a class="link" href="#_encryption">Encryption</a></h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Kudu allows all communications among servers and between clients and servers |
| to be encrypted with TLS.</p> |
| </div> |
| <div class="paragraph"> |
| <p>Encryption can be configured on Kudu servers using the <code>--rpc-encryption</code> flag, |
| which can be set to <code>required</code>, <code>optional</code>, or <code>disabled</code>. By default, the flag |
| is set to <code>optional</code>. When <code>required</code>, Kudu will reject unencrypted connections. |
| When <code>optional</code>, Kudu will attempt to use encryption. Same as authentication, |
| when <code>disabled</code> or encryption fails for <code>optional</code>, Kudu will only allow |
| unencrypted connections from trusted subnets and reject any unencrypted connections |
| from publicly routable IPs. To secure a cluster, use <code>--rpc-encryption=required</code>.</p> |
| </div> |
| <div class="admonitionblock note"> |
| <table> |
| <tr> |
| <td class="icon"> |
| <i class="fa icon-note" title="Note"></i> |
| </td> |
| <td class="content"> |
| Kudu will automatically turn off encryption on local loopback connections, |
| since traffic from these connections is never exposed externally. This allows |
| locality-aware compute frameworks like Spark and Impala to avoid encryption |
| overhead, while still ensuring data confidentiality. |
| </td> |
| </tr> |
| </table> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="_coarse_grained_authorization"><a class="link" href="#_coarse_grained_authorization">Coarse-Grained Authorization</a></h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Kudu supports coarse-grained authorization of client requests based on the |
| authenticated client Kerberos principal (i.e. user or service). The two levels |
| of access which can be configured are:</p> |
| </div> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p><strong>Superuser</strong> - principals authorized as a superuser are able to perform |
| certain administrative functionality such as using the <code>kudu</code> command line tool |
| to diagnose or repair cluster issues.</p> |
| </li> |
| <li> |
| <p><strong>User</strong> - principals authorized as a user are able to access and modify all |
| data in the Kudu cluster. This includes the ability to create, drop, and alter |
| tables as well as read, insert, update, and delete data.</p> |
| </li> |
| </ul> |
| </div> |
| <div class="admonitionblock note"> |
| <table> |
| <tr> |
| <td class="icon"> |
| <i class="fa icon-note" title="Note"></i> |
| </td> |
| <td class="content"> |
| Internally, Kudu has a third access level for the daemons themselves. |
| This ensures that users cannot connect to the cluster and pose as tablet |
| servers. |
| </td> |
| </tr> |
| </table> |
| </div> |
| <div class="paragraph"> |
| <p>Access levels are granted using whitelist-style Access Control Lists (ACLs), one |
| for each of the two levels. Each access control list either specifies a |
| comma-separated list of users, or may be set to <code>*</code> to indicate that all |
| authenticated users are able to gain access at the specified level. See |
| <a href="#configuration">Configuring a Secure Kudu Cluster</a> below for examples.</p> |
| </div> |
| <div class="admonitionblock note"> |
| <table> |
| <tr> |
| <td class="icon"> |
| <i class="fa icon-note" title="Note"></i> |
| </td> |
| <td class="content"> |
| The default value for the User ACL is <code>*</code>, which allows all users access |
| to the cluster. However, if authentication is enabled, this still restricts access |
| to only those users who are able to successfully authenticate via Kerberos. |
| Unauthenticated users on the same network as the Kudu servers will be unable |
| to access the cluster. |
| </td> |
| </tr> |
| </table> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="web-ui"><a class="link" href="#web-ui">Web UI Encryption</a></h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The Kudu web UI can be configured to use secure HTTPS encryption by providing |
| each server with TLS certificates. See <a href="#configuration">Configuring a Secure Kudu Cluster</a> for more information on |
| web UI HTTPS configuration.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="_web_ui_redaction"><a class="link" href="#_web_ui_redaction">Web UI Redaction</a></h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>To prevent sensitive data from being exposed in the web UI, all row data is |
| redacted. Table metadata, such as table names, column names, and partitioning |
| information is not redacted. The web UI can be completely disabled by setting |
| the <code>--webserver-enabled=false</code> flag on Kudu servers.</p> |
| </div> |
| <div class="admonitionblock warning"> |
| <table> |
| <tr> |
| <td class="icon"> |
| <i class="fa icon-warning" title="Warning"></i> |
| </td> |
| <td class="content"> |
| Disabling the web UI will also disable REST endpoints such as |
| <code>/metrics</code>. Monitoring systems rely on these endpoints to gather metrics data. |
| </td> |
| </tr> |
| </table> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="logs"><a class="link" href="#logs">Log Security</a></h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>To prevent sensitive data from being included in Kudu server logs, all row data |
| is redacted by default. By setting the <code>--redact=log</code> flag, redaction will be |
| disabled in the web UI but retained for server logs. Alternatively, <code>--redact=none</code> |
| can be used to disable redaction completely.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="configuration"><a class="link" href="#configuration">Configuring a Secure Kudu Cluster</a></h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The following configuration parameters should be set on all servers (master and |
| tablet server) in order to ensure that a Kudu cluster is secure:</p> |
| </div> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="highlight"><code># Connection Security |
| #-------------------- |
| --rpc-authentication=required |
| --rpc-encryption=required |
| --keytab-file=<path-to-kerberos-keytab> |
| |
| # Web UI Security |
| #-------------------- |
| --webserver-certificate-file=<path-to-cert-pem> |
| --webserver-private-key-file=<path-to-key-pem> |
| # optional |
| --webserver-private-key-password-cmd=<password-cmd> |
| |
| # If you prefer to disable the web UI entirely: |
| --webserver-enabled=false |
| |
| # Coarse-grained authorization |
| #-------------------------------- |
| |
| # This example ACL setup allows the 'impala' user as well as the |
| # 'nightly_etl_service_account' principal access to all data in the |
| # Kudu cluster. The 'hadoopadmin' user is allowed to use administrative |
| # tooling. Note that, by granting access to 'impala', other users |
| # may access data in Kudu via the Impala service subject to its own |
| # authorization rules. |
| --user-acl=impala,nightly_etl_service_account |
| --superuser-acl=hadoopadmin</code></pre> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>Further information about these flags can be found in the configuration |
| flag reference.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="known-limitations"><a class="link" href="#known-limitations">Known Limitations</a></h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Kudu has a few known security limitations:</p> |
| </div> |
| <div class="dlist"> |
| <dl> |
| <dt class="hdlist1">Custom Kerberos Principal</dt> |
| <dd> |
| <p>Kudu does not support setting a custom service |
| principal for Kudu processes. The principal must be 'kudu'.</p> |
| </dd> |
| <dt class="hdlist1">External PKI</dt> |
| <dd> |
| <p>Kudu does not support externally-issued certificates for internal |
| wire encryption (server to server and client to server).</p> |
| </dd> |
| <dt class="hdlist1">Fine-grained Authorization</dt> |
| <dd> |
| <p>Kudu does not have the ability to restrict access |
| based on operation type or target (table, column, etc). ACLs currently do not |
| support authorization based on membership in a group.</p> |
| </dd> |
| <dt class="hdlist1">On-disk Encryption</dt> |
| <dd> |
| <p>Kudu does not have built-in on-disk encryption. However, |
| Kudu can be used with whole-disk encryption tools such as dm-crypt.</p> |
| </dd> |
| <dt class="hdlist1">Web UI Authentication</dt> |
| <dd> |
| <p>The Kudu web UI lacks Kerberos-based authentication |
| (SPNEGO), so access cannot be restricted based on Kerberos principals.</p> |
| </dd> |
| <dt class="hdlist1">Flume Integration</dt> |
| <dd> |
| <p>Flume integration is not supported with secure Kudu clusters |
| which require authentication or encryption.</p> |
| </dd> |
| </dl> |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="col-md-3"> |
| |
| <div id="toc" data-spy="affix" data-offset-top="70"> |
| <ul> |
| |
| <li> |
| |
| <a href="index.html">Introducing Kudu</a> |
| </li> |
| <li> |
| |
| <a href="release_notes.html">Kudu Release Notes</a> |
| </li> |
| <li> |
| |
| <a href="quickstart.html">Getting Started with Kudu</a> |
| </li> |
| <li> |
| |
| <a href="installation.html">Installation Guide</a> |
| </li> |
| <li> |
| |
| <a href="configuration.html">Configuring Kudu</a> |
| </li> |
| <li> |
| |
| <a href="kudu_impala_integration.html">Using Impala with Kudu</a> |
| </li> |
| <li> |
| |
| <a href="administration.html">Administering Kudu</a> |
| </li> |
| <li> |
| |
| <a href="troubleshooting.html">Troubleshooting Kudu</a> |
| </li> |
| <li> |
| |
| <a href="developing.html">Developing Applications with Kudu</a> |
| </li> |
| <li> |
| |
| <a href="schema_design.html">Kudu Schema Design</a> |
| </li> |
| <li> |
| <span class="active-toc">Kudu Security</span> |
| <ul class="sectlevel1"> |
| <li><a href="#_authentication">Authentication</a> |
| <ul class="sectlevel2"> |
| <li><a href="#_internal_pki">Internal PKI</a></li> |
| <li><a href="#_authentication_tokens">Authentication Tokens</a></li> |
| <li><a href="#_client_authentication_to_secure_kudu_clusters">Client Authentication to Secure Kudu Clusters</a></li> |
| </ul> |
| </li> |
| <li><a href="#_scalability">Scalability</a></li> |
| <li><a href="#_encryption">Encryption</a></li> |
| <li><a href="#_coarse_grained_authorization">Coarse-Grained Authorization</a></li> |
| <li><a href="#web-ui">Web UI Encryption</a></li> |
| <li><a href="#_web_ui_redaction">Web UI Redaction</a></li> |
| <li><a href="#logs">Log Security</a></li> |
| <li><a href="#configuration">Configuring a Secure Kudu Cluster</a></li> |
| <li><a href="#known-limitations">Known Limitations</a></li> |
| </ul> |
| </li> |
| <li> |
| |
| <a href="transaction_semantics.html">Kudu Transaction Semantics</a> |
| </li> |
| <li> |
| |
| <a href="background_tasks.html">Background Maintenance Tasks</a> |
| </li> |
| <li> |
| |
| <a href="configuration_reference.html">Kudu Configuration Reference</a> |
| </li> |
| <li> |
| |
| <a href="command_line_tools_reference.html">Kudu Command Line Tools Reference</a> |
| </li> |
| <li> |
| |
| <a href="known_issues.html">Known Issues and Limitations</a> |
| </li> |
| <li> |
| |
| <a href="contributing.html">Contributing to Kudu</a> |
| </li> |
| <li> |
| |
| <a href="export_control.html">Export Control Notice</a> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| </div> |
| <footer class="footer"> |
| <div class="row"> |
| <div class="col-md-9"> |
| <p class="small"> |
| Copyright © 2019 The Apache Software Foundation. Last updated 2018-06-14 08:17:56 PDT |
| </p> |
| <p class="small"> |
| Apache Kudu, Kudu, Apache, the Apache feather logo, and the Apache Kudu |
| project logo are either registered trademarks or trademarks of The |
| Apache Software Foundation in the United States and other countries. |
| </p> |
| </div> |
| <div class="col-md-3"> |
| <a class="pull-right" href="https://www.apache.org/events/current-event.html"> |
| <img src="https://www.apache.org/events/current-event-234x60.png"/> |
| </a> |
| </div> |
| </div> |
| </footer> |
| </div> |
| <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script> |
| <script> |
| // Try to detect touch-screen devices. Note: Many laptops have touch screens. |
| $(document).ready(function() { |
| if ("ontouchstart" in document.documentElement) { |
| $(document.documentElement).addClass("touch"); |
| } else { |
| $(document.documentElement).addClass("no-touch"); |
| } |
| }); |
| </script> |
| <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js" |
| integrity="sha384-0mSbJDEHialfmuBBQP6A4Qrprq5OVfW37PRR3j5ELqxss1yVqOtnepnHVP9aJ7xS" |
| crossorigin="anonymous"></script> |
| <script> |
| (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ |
| (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), |
| m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) |
| })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); |
| |
| ga('create', 'UA-68448017-1', 'auto'); |
| ga('send', 'pageview'); |
| </script> |
| <script src="https://cdnjs.cloudflare.com/ajax/libs/anchor-js/3.1.0/anchor.js"></script> |
| <script> |
| anchors.options = { |
| placement: 'right', |
| visible: 'touch', |
| }; |
| anchors.add(); |
| </script> |
| </body> |
| </html> |
| |