介绍
上一篇实战了Hive+ldap+sentry,而Impala和hive使用的是同一套源数据,所以在Impala上开启ldap也是很方便的。impala+sentry参照Sentry Service for Impala Without kerberos
Impala配置
/etc/default/impala
IMPALA_CATALOG_SERVICE_HOST=hadoop2-148
IMPALA_STATE_STORE_HOST=hadoop2-148
IMPALA_STATE_STORE_PORT=24000
IMPALA_BACKEND_PORT=22000
IMPALA_LOG_DIR=/var/log/impala
IMPALA_CATALOG_ARGS=" \
-sentry_config=/etc/impala/conf/sentry-site.xml \
-log_dir=${IMPALA_LOG_DIR} \
-state_store_port=${IMPALA_STATE_STORE_PORT} \
-state_store_host=${IMPALA_STATE_STORE_HOST}"
IMPALA_STATE_STORE_ARGS=" \
-state_store_port=${IMPALA_STATE_STORE_PORT} \
-log_dir=${IMPALA_LOG_DIR}"
IMPALA_SERVER_ARGS=" \
-sentry_config=/etc/impala/conf/sentry-site.xml \
-server_name=Server \
-enable_ldap_auth=true \
-ldap_tls=false \
-ldap_passwords_in_clear_ok=true \
-ldap_uri=ldap://10.205.54.14 \
-ldap_baseDN=ou=People,dc=bdbigdata,dc=com \
-use_local_tz_for_unix_timestamp_conversions=true \
-convert_legacy_hive_parquet_utc_timestamps=true \
-log_dir=${IMPALA_LOG_DIR} \
-catalog_service_host=${IMPALA_CATALOG_SERVICE_HOST} \
-state_store_port=${IMPALA_STATE_STORE_PORT} \
-use_statestore \
-state_store_host=${IMPALA_STATE_STORE_HOST} \
-be_port=${IMPALA_BACKEND_PORT}"
ENABLE_CORE_DUMPS=false
ps:修改完所有impalad的配置后重启impalad服务
Impala测试
impala-shell -i impalad-server -u hive -l --auth_creds_ok_in_clear
hive用户测试,输入错误密码
hive用户测试,输入正确密码(phpldapadmin中设置的hive密码)