sentry 命令_安装和配置Sentry-阿里云开发者社区
本文主要记录安装和配置Sentry的过程,关于Sentry的介绍,请参考Apache Sentry架构介绍。
1. 环境说明
系统环境:
操作系统:CentOs 6.6
Hadoop版本:CDH5.4
运行用户:root
这里,我参考使用yum安装CDH Hadoop集群一文搭建了一个测试集群,并选择cdh1节点来安装sentry服务。
2. 安装
在cdh1节点上运行下面命令查看Sentry的相关组件有哪些:
$yum list sentry*
sentry.noarch 1.4.0+cdh5.4.0+155-1.cdh5.4.0.p0.47.el6 @cdh
sentry-hdfs-plugin.noarch 1.4.0+cdh5.4.0+155-1.cdh5.4.0.p0.47.el6 @cdh
sentry-store.noarch 1.4.0+cdh5.4.0+155-1.cdh5.4.0.p0.47.el6 @cdh
以上组件说明:
sentry:sentry的基本包
sentry-hdfs-plugin:hdfs插件
sentry-store:sentry store组件
这里安装以上所有组件:
$yum install sentry* -y
3. 配置
参考sentry-site.xml.service.template,来修改Sentry的配置文件 /etc/sentry/conf/sentry-site.xml。
配置 sentry service 相关的参数
sentry.service.admin.group
impala,hive,solr,hue
sentry.service.allow.connect
impala,hive,solr,hue
sentry.verify.schema.version
false
sentry.service.reporting
JMX
sentry.service.server.rpc-address
cdh1
sentry.service.server.rpc-port
8038
sentry.service.web.enable
true
如果需要使用kerberos认证,则还需要配置以下参数:
sentry.service.security.mode
kerberos
sentry.service.server.principal
sentry.service.server.keytab
配置 sentry store 相关参数
sentry store可以使用两种方式,如果使用基于SimpleDbProviderBackend的方式,则需要设置jdbc相关的参数:
sentry.store.jdbc.url
jdbc:postgresql://cdh1:5432/sentry
sentry.store.jdbc.driver
org.postgresql.Driver
sentry.store.jdbc.user
sentry
sentry.store.jdbc.password
sentry
Sentry store的组映射sentry.store.group.mapping有些两种配置方式:org.apache.sentry.provider.common.HadoopGroupMappingService或者org.apache.sentry.provider.file.LocalGroupMapping,当使用后者的时候,还需要配置sentry.store.group.mapping.resource参数,即设置Policy file的路径。
sentry.store.group.mapping
org.apache.sentry.provider.common.HadoopGroupMappingService
sentry.store.group.mapping.resource
Policy file for group mapping. Policy file path for local group mapping, when sentry.store.group.mapping is set to LocalGroupMapping Service class.
配置客户端的参数:
配置Sentry和hive集成时的服务名称,默认值为HS2,这里设置为server1:
sentry.hive.server
server1
初始化数据库
如果配置 sentry store 使用posrgres数据库,当然你也可以使用其他的数据库,则需要创建并初始化数据库。数据库的创建过程,请参考Hadoop自动化安装shell脚本,下面列出关键脚本。
yum install postgresql-server postgresql-jdbc -y
ln -s /usr/share/java/postgresql-jdbc.jar /usr/lib/hive/lib/postgresql-jdbc.jar
ln -s /usr/share/java/postgresql-jdbc.jar /usr/lib/sentry/lib/postgresql-jdbc.jar
su -c "cd ; /usr/bin/pg_ctl start -w -m fast -D /var/lib/pgsql/data" postgres
su -c "cd ; /usr/bin/psql --command\"create user sentry with password 'sentry';\"" postgres
su -c "cd ; /usr/bin/psql --command\"drop database sentry;\"" postgres
su -c "cd ; /usr/bin/psql --command\"CREATE DATABASE sentry owner=sentry;\"" postgres
su -c "cd ; /usr/bin/psql --command\"GRANT ALL privileges ON DATABASE sentry TO sentry;\"" postgres
su -c "cd ; /usr/bin/pg_ctl restart -w -m fast -D /var/lib/pgsql/data" postgres
然后,修改 /var/lib/pgsql/data/pg_hba.conf 内容如下:
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
#host all all 0.0.0.0/0 trust
host all all 127.0.0.1/32 md5
# IPv6 local connections:
#host all all ::1/128 nd5
如果是第一次安装,则初始化 sentry 的元数据库:
$sentry --command schema-tool --conffile /etc/sentry/conf/sentry-site.xml --dbType postgres --initSchema
Sentry store connection URL: jdbc:postgresql://cdh1/sentry
Sentry store Connection Driver : org.postgresql.Driver
Sentry store connection User: sentry
Starting sentry store schema initialization to 1.4.0-cdh5-2
Initialization script sentry-postgres-1.4.0-cdh5-2.sql
Connecting to jdbc:postgresql://cdh1/sentry
Connected to: PostgreSQL (version 8.4.18)
Driver: PostgreSQL Native Driver (version PostgreSQL 9.0 JDBC4 (build 801))
Transaction isolation: TRANSACTION_REPEATABLE_READ
Autocommit status: true1 row affected (0.002 seconds)
No rows affected (0.004 seconds)
Closing: 0: jdbc:postgresql://cdh1/sentry
Initialization script completed
Sentry schemaTool completed
如果是更新,则执行:
$sentry --command schema-tool --conffile /etc/sentry/conf/sentry-site.xml --dbType postgres --upgradeSchema
4. 启动
在cdh1上启动sentry-store服务:
$/etc/init.d/sentry-store start
查看日志:
$cat /var/log/sentry/sentry-store.out