You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by pr...@apache.org on 2014/07/22 04:16:03 UTC
git commit: SENTRY-333: Add conf directory to sentry distribution
(Tuong Truong via Prasad Mujumdar)
Repository: incubator-sentry
Updated Branches:
refs/heads/master 924f0b038 -> 1411e3739
SENTRY-333: Add conf directory to sentry distribution (Tuong Truong via Prasad Mujumdar)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/1411e373
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/1411e373
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/1411e373
Branch: refs/heads/master
Commit: 1411e3739ab6f161fe7094dbab99ee828af48dd5
Parents: 924f0b0
Author: Prasad Mujumdar <pr...@cloudera.com>
Authored: Mon Jul 21 19:13:54 2014 -0700
Committer: Prasad Mujumdar <pr...@cloudera.com>
Committed: Mon Jul 21 19:13:54 2014 -0700
----------------------------------------------------------------------
sentry-site.xml.hive-client.example | 72 +++++++++++++++++
sentry-site.xml.hive-client.template | 100 ++++++++++++++++++++++++
sentry-site.xml.service.example | 65 +++++++++++++++
sentry-site.xml.service.template | 126 ++++++++++++++++++++++++++++++
sentry-site.xml.solr-client.example | 36 +++++++++
5 files changed, 399 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1411e373/sentry-site.xml.hive-client.example
----------------------------------------------------------------------
diff --git a/sentry-site.xml.hive-client.example b/sentry-site.xml.hive-client.example
new file mode 100644
index 0000000..fd87c62
--- /dev/null
+++ b/sentry-site.xml.hive-client.example
@@ -0,0 +1,72 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<configuration>
+ <property>
+ <name>sentry.hive.provider</name>
+ <value>org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider</value>
+ </property>
+ <property>
+ <name>sentry.hive.server</name>
+ <value>server1</value>
+ </property>
+ <property>
+ <name>sentry.hive.testing.mode</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>sentry.service.client.server.rpc-port</name>
+ <value>8038</value>
+ </property>
+ <property>
+ <name>sentry.service.client.server.rpc-address</name>
+ <value>localhost</value>
+ </property>
+ <property>
+ <name>sentry.service.client.server.rpc-connection-timeout</name>
+ <value>200000</value>
+ </property>
+<!--
+ Properties required for setting the DB provider
+-->
+ <property>
+ <name>sentry.hive.provider.backend</name>
+ <value>org.apache.sentry.provider.db.SimpleDBProviderBackend</value>
+ </property>
+ <property>
+ <name>sentry.service.security.mode</name>
+ <value>none</value>
+ </property>
+ <property>
+ <name>sentry.service.server.principal</name>
+ <value>hivemeta/centos64.cloudera.com@HS2.CLOUDERA.COM</value>
+ </property>
+ <property>
+ <name>sentry.metastore.service.users</name>
+ <value>hive</value>
+ </property>
+
+ <!-- Deprecated, file provider
+ <property>
+ <name>sentry.hive.provider.resource</name>
+ <value>file:///home/prasadm/sentry/config/global-policy.ini</value>
+ </property>
+ -->
+</configuration>
+
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1411e373/sentry-site.xml.hive-client.template
----------------------------------------------------------------------
diff --git a/sentry-site.xml.hive-client.template b/sentry-site.xml.hive-client.template
new file mode 100644
index 0000000..0491de7
--- /dev/null
+++ b/sentry-site.xml.hive-client.template
@@ -0,0 +1,100 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- WARNING!!! This file is provided for documentation purposes ONLY! -->
+<!-- WARNING!!! You should copy to sentry-site.xml and make modification instead. -->
+
+
+<configuration>
+
+ <property>
+ <name>sentry.service.security.mode</name>
+ <value>kerberos</value>
+ <description>Options: kerberos, none. Authentication mode for Sentry service. Currently supports Kerberos and trusted mode </description>
+ </property>
+
+ <property>
+ <name>sentry.service.server.principal</name>
+ <value> </value>
+ <description>Service Kerberos principal</description>
+ </property>
+
+
+ <property>
+ <name>sentry.service.client.server.rpc-address</name>
+ <value> </value>
+ <description> TCP address of the sentry store server</description>
+ </property>
+
+ <property>
+ <name>sentry.service.client.server.rpc-port</name>
+ <value> </value>
+ <description>Port # of the sentry store server</description>
+ </property>
+
+ <property>
+ <name>sentry.service.client.server.rpc-connection-timeout</name>
+ <value>200000</value>
+ <description>Client timeout default(200000) RPC connection timeout in milisecs</description>
+ </property>
+
+ <property>
+ <name>sentry.metastore.service.users</name>
+ <value> </value>
+ <description>
+ Comma separated list of users
+ List of service users (eg hive, impala) to bypass
+ the Sentry metastore authorization. These
+ services handle the metadata authorization
+ on their side.
+ </description>
+ </property>
+
+<!--
+ Some common client properties same as file
+ based provider
+-->
+
+ <property>
+ <name>sentry.provider</name>
+ <value>org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider</value>
+ <description> Deprecated name: hive.sentry.provider. Group mapping which should be used at client side</description>
+ </property>
+
+ <property>
+ <name>sentry.hive.server</name>
+ <value>HS2</value>
+ <description> Deprecated name: hive.sentry.server. Defaut: HS2. Hive Server2 Server identifier like "server1"</description>
+ </property>
+
+ <property>
+ <name>sentry.hive.failure.hooks</name>
+ <value> </value>
+ <description>Deprecated Name: hive.sentry.failure.hooks. Any failure hooks to be configured like navigator (i.e. com.cloudera.navigator.audit.hive.HiveSentryOnFailureHook)</description>
+ </property>
+
+ <property>
+ <name>sentry.hive.provider.backend</name>
+ <value>org.apache.sentry.provider.file.SimpleFileProviderBackend</value>
+ <description> Options: {org.apache.sentry.provider.db.SimpleDBProviderBackend, org.apache.sentry.provider.file.SimpleFileProviderBackend}
+ Privilege provider to be used, we support file based or db based
+ </description>
+ </property>
+
+</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1411e373/sentry-site.xml.service.example
----------------------------------------------------------------------
diff --git a/sentry-site.xml.service.example b/sentry-site.xml.service.example
new file mode 100644
index 0000000..e724ef4
--- /dev/null
+++ b/sentry-site.xml.service.example
@@ -0,0 +1,65 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<configuration>
+ <property>
+ <name>sentry.hive.server</name>
+ <value>server1</value>
+ </property>
+ <property>
+ <name>sentry.store.jdbc.url</name>
+ <value>jdbc:derby:;databaseName=metastore_db;create=true</value>
+ </property>
+ <property>
+ <name>sentry.service.security.mode</name>
+ <value>kerberos</value>
+ </property>
+ <property>
+ <name>sentry.service.server.principal</name>
+ <value></value>
+ </property>
+ <property>
+ <name>sentry.service.server.keytab</name>
+ <value></value>
+ </property>
+ <property>
+ <name>sentry.service.admin.group</name>
+ <value>hive</value>
+ </property>
+ <property>
+ <name>sentry.service.allow.connect</name>
+ <value>hive</value>
+ </property>
+ <property>
+ <name>sentry.store.jdbc.driver</name>
+ <value>org.apache.derby.jdbc.EmbeddedDriver</value>
+ </property>
+ <property>
+ <name>sentry.store.jdbc.user</name>
+ <value>sentry</value>
+ </property>
+ <property>
+ <name>sentry.store.jdbc.password</name>
+ <value>test</value>
+ </property>
+ <property>
+ <name>sentry.verify.schema.version</name>
+ <value>true</value>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1411e373/sentry-site.xml.service.template
----------------------------------------------------------------------
diff --git a/sentry-site.xml.service.template b/sentry-site.xml.service.template
new file mode 100644
index 0000000..a49b221
--- /dev/null
+++ b/sentry-site.xml.service.template
@@ -0,0 +1,126 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- WARNING!!! This file is provided for documentation purposes ONLY! -->
+<!-- WARNING!!! You should copy to sentry-site.xml and make modification instead. -->
+
+<configuration>
+
+ <property>
+ <name>sentry.verify.schema.version</name>
+ <value> </value>
+ <description>
+ value: true, false
+ true Sentry store will verify the schema version in backed DB with expected version in jar.
+ The service won't start if there's a mismatch
+ </description>
+ </property>
+
+ <property>
+ <name>sentry.service.server-max-threads</name>
+ <value> </value>
+ <description> Number of threads 500 Max worker threads to serve client requests</description>
+ </property>
+
+ <property>
+ <name>sentry.service.server-min-threads</name>
+ <value> </value>
+ <description>Number of threads 10 Min worker threads to serve client requests</description>
+ </property>
+
+ <property>
+ <name>sentry.service.allow.connect</name>
+ <value> </value>
+ <description>comma separated list of users - List of users that are allowed to connect to the service (eg Hive, Impala) </description>
+ </property>
+
+ <property>
+ <name>sentry.store.jdbc.url</name>
+ <value> </value>
+ <description>JDBC connection URL for the backed DB</description>
+ </property>
+
+ <property>
+ <name>sentry.store.jdbc.user</name>
+ <value>Setnry</value>
+ <description>Userid for connecting to backend db </description>
+ </property>
+
+ <property>
+ <name>sentry.store.jdbc.password</name>
+ <value>Sentry</value>
+ <description>Sentry password for backend JDBC user </description>
+ </property>
+
+ <property>
+ <name>sentry.service.server.keytab</name>
+ <value></value>
+ <description>Keytab for service principal</description>
+ </property>
+
+ <property>
+ <name>sentry.service.server.rpcport</name>
+ <value>8038</value>
+ <description> TCP port number for service</description>
+ </property>
+
+ <property>
+ <name>sentry.service.server.rpcaddress</name>
+ <value>0.0.0.0</value>
+ <description> TCP interface for service to bind to</description>
+ </property>
+
+ <property>
+ <name>sentry.store.jdbc.driver</name>
+ <value>org.apache.derby.jdbc.EmbeddedDriver</value>
+ <description>Backend JDBC driver - org.apache.derby.jdbc.EmbeddedDriver (only when dbtype = derby) JDBC Driver class for the backed DB</description>
+ </property>
+
+ <property>
+ <name>sentry.service.admin.group</name>
+ <value> </value>
+ <description>Comma separates list of groups. List of groups allowed to make policy updates</description>
+ </property>
+
+ <property>
+ <name>sentry.store.group.mapping</name>
+ <value>org.apache.sentry.provider.common.HadoopGroupMappingService</value>
+ <description>
+ Group mapping class for Sentry service. org.apache.sentry.provider.file.LocalGroupMapping service can be used for local group mapping. </description>
+ </property>
+
+ <property>
+ <name>sentry.store.group.mapping.resource</name>
+ <value> </value>
+ <description> Policy file for group mapping. Policy file path for local group mapping, when sentry.store.group.mapping is set to LocalGroupMapping Service class.</description>
+ </property>
+
+ <property>
+ <name>sentry.service.security.mode</name>
+ <value>kerberos</value>
+ <description>Options: kerberos, none. Authentication mode for Sentry service. Currently supports Kerberos and trusted mode </description>
+ </property>
+
+ <property>
+ <name>sentry.service.server.principal</name>
+ <value> </value>
+ <description>Service Kerberos principal</description>
+ </property>
+
+</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1411e373/sentry-site.xml.solr-client.example
----------------------------------------------------------------------
diff --git a/sentry-site.xml.solr-client.example b/sentry-site.xml.solr-client.example
new file mode 100644
index 0000000..dd39908
--- /dev/null
+++ b/sentry-site.xml.solr-client.example
@@ -0,0 +1,36 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<configuration>
+ <property>
+ <name>sentry.provider</name>
+ <value>org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider</value>
+ </property>
+ <property>
+ <name>sentry.solr.provider.resource</name>
+ <value>/path/to/authz-provider.ini</value>
+ <!--
+ If the HDFS configuration files (core-site.xml, hdfs-site.xml)
+ pointed to by SOLR_HDFS_CONFIG in /etc/default/solr
+ point to HDFS, the path will be in HDFS;
+ alternatively you could specify a full path,
+ e.g.:hdfs://namenode:port/path/to/authz-provider.ini
+ -->
+ </property>
+</configuration>