This website requires JavaScript.

Hadoop: Cloudera CDH 5.6.0 使用Kerberos及Sentry

本人的Kerberos和Sentry使用笔记

1. Kerberos安装

根据以下地址的文章就可以安装配置啦.

Configuring Authentication in Cloudera Manager How-to: Quickly Configure Kerberos for Your Apache Hadoop Cluster Configuring Hadoop Security in CDH 5 Changing Hostnames Kerberos basics and installing a KDC Apache Sentry made easy with the new Hue Security App

生成keytab

xst -k hdfs.keytab hdfs@DATACENTER
**使用keytab**
kinit -k -t hdfs.keytab  hdfs@DATACENTER

2.Hive 权限配置

注意:如果不用kerberos 需要额外配置sentry.hive.testing.mode 参见Securing the Hive Metastore

hdfs dfs -chmod -R 771 /user/hive/warehouse hdfs dfs -chown -R hive:hive /user/hive/warehouse
官方Hive SQL配置权限文档 Hive SQL Syntax for Use with Sentry

获取ticket

kinit -k -t hive.keytab hive/xxx@DATACENTER
**连接beeline**
beeline -u "jdbc:hive2://xxx:10000/default;principal=hive/xxx@DATACENTER"
**显示Role**
show roles
**删除Role**
drop role datacenter
**创建Role**
create role admin_role;
create role datacenter_role;
**将服务器所有权限都赋予admin_role,并给予admin组**
GRANT ALL ON SERVER server1 TO ROLE admin_role;
GRANT ROLE admin_role TO GROUP admin;

将数据库ubt数据库的select权限赋予 datacenter_role和datacenter组

REVOKE  ALL ON DATABASE ubt TO ROlE datacenter_role;

GRANT SELECT ON DATABASE ubt TO ROLE datacenter_role; GRANT ROLE datacenter_role TO GROUP datacenter;

**linux 端创建用户与组**
groupadd admin
useradd bihell -G admin

groupadd datacenter
useradd username -G datacenter  /  usermod -a -G datacenter 103382

3. 其他参考文档

配置安全的Hive集群集成Sentry Replace Hive CLI with Beeline on a cluster with Sentry Disabling Kerberos for CDH sentry服务后,几个权限问题

0条评论
avatar