This website requires JavaScript.

    Hadoop: Cloudera CDH 5.6.0 使用Kerberos及Sentry

    Hadoop

    2020-01-15

    516

    0

    本人的Kerberos和Sentry使用笔记

    1. Kerberos安装

    根据以下地址的文章就可以安装配置啦.

    Configuring Authentication in Cloudera Manager How-to: Quickly Configure Kerberos for Your Apache Hadoop Cluster Configuring Hadoop Security in CDH 5 Changing Hostnames Kerberos basics and installing a KDC Apache Sentry made easy with the new Hue Security App

    生成keytab

    xst -k hdfs.keytab hdfs@DATACENTER
    **使用keytab** 
    kinit -k -t hdfs.keytab  hdfs@DATACENTER

    2.Hive 权限配置

    注意:如果不用kerberos 需要额外配置sentry.hive.testing.mode 参见Securing the Hive Metastore 

    hdfs dfs -chmod -R 771 /user/hive/warehouse hdfs dfs -chown -R hive:hive /user/hive/warehouse
    官方Hive SQL配置权限文档 Hive SQL Syntax for Use with Sentry

    获取ticket

    kinit -k -t hive.keytab hive/xxx@DATACENTER
    **连接beeline** 
    beeline -u "jdbc:hive2://xxx:10000/default;principal=hive/xxx@DATACENTER"
    **显示Role** 
    show roles
    **删除Role** 
    drop role datacenter
    **创建Role** 
    create role admin_role;
create role datacenter_role;
    **将服务器所有权限都赋予admin_role,并给予admin组** 
    GRANT ALL ON SERVER server1 TO ROLE admin_role;
GRANT ROLE admin_role TO GROUP admin;

    将数据库ubt数据库的select权限赋予 datacenter_role和datacenter组 

    REVOKE  ALL ON DATABASE ubt TO ROlE datacenter_role;
    

    GRANT SELECT ON DATABASE ubt TO ROLE datacenter_role; GRANT ROLE datacenter_role TO GROUP datacenter;
    **linux 端创建用户与组** 
    groupadd admin
useradd bihell -G admin

groupadd datacenter
useradd username -G datacenter  /  usermod -a -G datacenter 103382

    3. 其他参考文档

    配置安全的Hive集群集成Sentry Replace Hive CLI with Beeline on a cluster with Sentry Disabling Kerberos for CDH sentry服务后,几个权限问题

    0条评论
    avatar

      © 2014 - present | Haseo Chen | Proudly powered by Dice

      沪ICP备20002437号