Cloudera Enterprise 5.15.x | Other versions
Sentry Installation
Sentry enables role-based, fine-grained authorization for HiveServer2 and Impala. It provides classic database-style authorization for Hive and Impala. For more information, and instructions on configuring Sentry for Hive and Impala, see Managing the Sentry Service.
Installing Sentry
Use the following the instructions, depending on your operating system, to install the latest version of Sentry.
Important: Configuration files
Important: Configuration files
- If you install a newer version of a package that is already on the system, configuration files that you have modified will remain intact.
- If you uninstall a package, the package manager renames any configuration files you have modified from <file> to <file>.rpmsave. If you then re-install the package (probably to install a new version) the package manager creates a new <file> with applicable defaults. You are responsible for applying any changes captured in the original configuration file to the new configuration file. In the case of Ubuntu and Debian upgrades, you will be prompted if you have made changes to a file for which there is a new version. For details, see Automatic handling of configuration files by dpkg.
| OS | Command |
|---|---|
| RHEL |
$ sudo yum install sentry |
| SLES |
$ sudo zypper install sentry |
| Ubuntu or Debian |
$ sudo apt-get update; $ sudo apt-get install sentry |
Upgrading Sentry
Upgrading from CDH 5.x to the Latest CDH 5
- Stop the Sentry Service
To stop the Sentry service, identify the PID of the Sentry Service and use the kill command to end the process:
ps -ef | grep sentry kill -9 <PID>
Replace <PID> with the PID of the Sentry Service. - Remove the previous version of Sentry.
OS Command RHEL $ sudo yum remove sentry
SLES $ sudo zypper remove sentry
Ubuntu or Debian $ sudo apt-get remove sentry
- Install the new version of Sentry.
- Upgrade Sentry Database Schema Using schematool
- From a release earlier than CDH 5.2 to CDH 5.4:
Use the Sentry schematool to upgrade the database schema as follows:
bin/sentry --command schema-tool --conffile <sentry-site.xml> --dbType <db-type> --upgradeSchema
Where <db-type> should be either mysql, postgres or oracle. - For CDH 5.5 and higher: The newer releases include password encryption which means you can no longer run schematool as it requires a plaintext password. Password encryption is an important part of security and Sentry defaults to using the CredentialProvider API to accomplish this. Cloudera recommends you use Cloudera Manager to upgrade the Sentry database instead.
- However, if using Cloudera Manager is not an option, and scehmatool is required, to work around the default encryption, obtain the password in plaintext from the API, open sentry-site.xml and manually set the sentry.store.jdbc.password property to use the plaintext password, and remove the hadoop.security.credential.provider.path property and its value. You should now be able to run schematool.
- From a release earlier than CDH 5.2 to CDH 5.4:
- Start the Sentry Service
- Set the SENTRY_HOME and HADOOP_HOME parameters.
- Run the following command:
bin/sentry --command service --conffile <sentry-site.xml>
Page generated May 18, 2018.
| << Updating Hue Search | ©2016 Cloudera, Inc. All rights reserved | Snappy Installation >> |
| Terms and Conditions Privacy Policy |