Shulou(Shulou.com)06/03 Report--

There are some options to be enabled on the CM management interface. There are no detailed instructions here. You can find them all online. The article http://www.jianshu.com/p/055c40dcb8c5 is recommended.

But only look at the content of the configuration, as for the following, the author did not explain in detail

The permission setting of sentry is completed in hive sql, and you need to log in with Beeline, such as beeline-u jdbc:hive2://hiveIP:10000-n user-p passwd.

The user name and password belong to the OS server where hive is located, that is, you need to create a user on hiveserver2 and set the password before you can log in. After entering, by default, these user groups have admin permission, that is, grant role,show role and so on.

It is recommended to set up an admin group on the server, and then add another user to join this group, because the above groups may already exist on the server, and most of them are in / bin/false status. Self-built users and groups are best.

For permission setting method, refer to https://www.cloudera.com/documentation/enterprise/5-9-x/topics/sg_hive_sql.html#concept_c2q_4qx_p4__section_gpy_pg4_rp.

The role created in hive sql needs to be added to group, which is the group of the os server. At this point, you can set permissions for hive, but it's a bit troublesome, because if there are multiple hiveserver2

Doesn't the machine have to create a user name and group every day? at this time, you have to log in with ldap. There are many ways to install openldap, which are not described in detail here. However, after using ldap, the authenticated users and groups are still on the os server.

Here, you need to use sssd and nslcd to do the mapping of ldap. The principle is to cache the users on the ldap locally, so as not to put too much pressure on ldap requests, use the command getent passwd | getent group

You can see that the uid that started in 1000 is on ldap, and there is no need to establish it locally, but there is also this user locally. Of course, these users cannot log in, so you can rest assured.

The configuration method of ldap mapping refers to http://maxshu.lofter.com/post/6c7b3_93f73. The author writes it in detail, and it can't be wrong according to him.

On the ldap side, I used the dual-computer hot backup mode to post some configurations, slapd.conf.

# sync###

Index entryCSN,entryUUID eq

Overlay syncprov

Syncprov-checkpoint 1 1 synchronizes a record one day

Syncprov-sessionlog 100

ServerID 001The ID of the two machines is different.

Syncrepl rid=000

Provider=ldap://, another IP:389.

Bindmethod=simple

Binddn= "cn=Manager,dc=yonghui,dc=cn"

Password for credentials=wangjing3344 ldap login

Searchbase= "dc=example,dc=cn" dn

Schemachecking=off

Type=refreshAndPersist

Retry= "60 +"

Mirrormode on

Hue is similar. When enabled, you can set hive permissions directly on hue.

What if hue is also combined with ldap, but has already established some users? Search cm for Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini to add content

[desktop]

[[auth]]

Backend=desktop.auth.backend.LdapBackend,desktop.auth.backend.PamBackend,desktop.auth.backend.AllowFirstUserDjangoBackend

Users established in both ways can log in, but it should be noted that the user originally established on hue should also be configured on ldap, otherwise he will not see any database in hive sql.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.