安装配置apache sentry服务

环境

• 系统环境：Centos6.7
• Hadoop版本：CDH5.10
• jdk版本：jdk7
• 注：本文并未集成kerberos组件

安装Sentry Server

选择安装hive的节点进行安装测试：

yum install sentry* -y
以下三个组件会进行安装
sentry：sentry的基本包
sentry-hdfs-plugin：hdfs插件
sentry-store：sentry store组件

配置

配置sentry service相关参数

<property>
    <name>sentry.service.server.rpc-address</name>
    <value>HOSTNAME</value>
</property>

<property>
    <name>sentry.service.server.rpc-port</name>
    <value>8038</value>
</property>

<property>
    <name>sentry.service.admin.group</name>
    <value>hive,impala,hue,hdfs</value>
</property>

<property>
    <name>sentry.service.allow.connect</name>
    <value>hive,impala,hue,hdfs</value>
</property>

<property>
    <name>sentry.store.group.mapping</name>
    <value>org.apache.sentry.provider.common.HadoopGroupMappingService</value>
</property>
    
<property>
    <name>sentry.service.reporting</name>
    <value>JMX</value>
</property>

<property>
    <name>sentry.service.web.enable</name>
    <value>true</value>
</property>

<property> 
    <name>sentry.service.web.port</name>  
    <value>51000</value> 
</property>  

<property> 
    <name>sentry.service.web.authentication.type</name>  
    <value>NONE</value> 
</property> 
  
<property>
    <name>sentry.verify.schema.version</name>
    <value>true</value>  
</property>

由于未配置kerberos，添加以下配置

<property>
    <name>sentry.service.security.mode</name>
    <value>none</value>
</property>

配置 sentry store 相关参数

sentry store可以使用两种方式，如果使用database-backed 的方式(还有一种policy files方式)，则需要设置jdbc相关的参数，本文默认为这种方式：

<property>
    <name>sentry.store.jdbc.url</name>
    <value>jdbc:<JDBC connection URL for backend database></value>
</property>

<property>
    <name>sentry.store.jdbc.driver</name>
    <value><JDBC Driver class for backend database></value>
</property>

<property>
    <name>sentry.store.jdbc.user</name>
    <value><User ID for backend database user></value>
</property>

<property>
    <name>sentry.store.jdbc.password</name>
    <value><Password for backend database user></value>
</property>

创建sentry database

这里使用mysql数据库作为sentry store。进入mysql数据库后创建步骤如下：

Create Database sentry;
Create User sentry Identified By 'sentry';
Grant All On sentry.* To sentry@'localhost' Identified By 'sentry';
Grant All On sentry.* To sentry@'%' Identified By 'sentry';
flush privileges;

安装mysql-connector-java

yum install mysql-connector-java
cp /usr/share/java/mysql-connector-java.jar /usr/lib/sentry/lib/ 

初始化sentry database

sentry --command schema-tool --conffile /etc/sentry/conf/sentry-site.xml --dbType mysql --initSchema
显示以下信息表面连接并初始化成功
......
Initialization script completed
Sentry schemaTool completed

启动服务

/etc/init.d/sentry-store start

查看sentry的web界面http://hostname:51000/。