cdh版本:5.14
主要参照官方文档:https://www.cloudera.com/documentation/enterprise/5-14-x/topics/sentry.html
一.部署sentry服务
1.配置:官方建议将hive metastore的heap size至少设为10GB:
Set the HMS heap size to at least 10 GB. This is required because by default, Sentry uses 12 connections to communicate with HMS. To verify the HMS heap size, open the Hive service, click the Configuration tab, and search for the Java Heap Size of Hive Meatstore Server in Bytes property.
hive中每百万个对象(包括servers, databases, tables, partitions, columns, URIs, and views),则sentry的Heap Size相应地需要2.25GB:
Cloudera recommends that for each Sentry host, you have 2.25 GB memory per million objects in the Hive database. Hive objects include servers, databases, tables, partitions, columns, URIs, and views.
Make sure that the JVM heap size is set to a value that is appropriate for the memory requirements. You can check the heap size in Cloudera Manager. Open the Sentry service, click the Configuration tab, and search for the Java Heap Size of Sentry Server in Bytes property. Set that property to the maximum size for the Java process heap memory.
2.安装sentry
在CDH中添加sentry服务
3.开启sentry服务之前的准备工作
Using the default Hive warehouse directory - Permissions on the warehouse directory must be set as follows (see following Note for caveats):
771 on the directory itself (by default, /user/hive/warehouse)
771 on all subdirectories (for example, /user/hive/warehouse/mysubdir)
All files and subdirectories should be owned by hive:hive
For example:
$ sudo -u hdfs hdfs dfs -chmod -R 771 /user/hive/warehouse
$ sudo -u hdfs hdfs dfs -chown -R hive:hive /user/hive/warehouse
在hive服务中勾选开启senrty认证
去除hiveserver2配置项:HiveServer2 Enable Impersonation
增加yarn nodemanager选项-Allowed System Users:增加hive
在hive配置 hadoop.proxyuser.hive.groups,增加hive,hue,sentry
二.集成
1.hive配置项Sentry 服务,选择sentry
2.impala配置项Sentry 服务 选择sentry
3.hue配置项Sentry 服务 选择sentry
转载于:https://blog.51cto.com/xiaolanlan/2379009
722
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
