Skip to end of metadata
Go to start of metadata

Sentry HA is a new feature which provides uninterrupted access of metastore meta data to downstream clients: Hive, Impala, Solr and HDFS ACLs.

Add Enough Servers for Sentry

Theoretically more than one servers can be added into Sentry Service, up to now 2 servers case is fully supported.

Sentry Service (sentry-site.xml)

HA

Config PropertyValueDefaultRequired
sentry.ha.enabledTrue | FalseFalseYes

ZK Quorum

Config PropertyValueDefaultRequired
sentry.ha.zookeeper.quorumcomma separated list of ZK serverslocalhostYes
sentry.ha.zookeeper.client.portZK client port number2180Yes
sentry.zookeeper.client.principalsentry/_HOST@REALM No
sentry.zookeeper.client.keytabsentry.keytab No
sentry.service.server.principalsentry/_HOST@REALM  

ZK Security

Config PropertyValueDefaultRequired
sentry.ha.zookeeper.securityTrue | FalseFalseYes

HiveMetaStore (hive-site.xml)

Config PropertyValueDefaultRequired
sentry.metastore.pluginsenable Sentry HA to work with HMS HA and HDFS SyncUpsentry.zookeeper.client.principalorg.apache.sentry.hdfs.MetastorePluginWithHANo
sentry.zookeeper.client.principalHIVE/_HOST@REALM No
sentry.zookeeper.client.keytabhive.keytab No

HiveServer2 (sentry-site.xml)

Config PropertyValueDefaultRequired
sentry.zookeeper.client.principalHIVE/_HOST@REALM No
sentry.zookeeper.client.keytabhive.keytab No

Impala (sentry-site.xml)

Config PropertyValueDefaultRequired
sentry.zookeeper.client.principalIMPALA/_HOST@REALM No
sentry.zookeeper.client.keytabimpala.keytab No

Hue (sentry-site.xml)

Config PropertyValueDefaultRequired
sentry.zookeeper.client.principalHUE/_HOST@REALM No
sentry.zookeeper.client.keytabhue.keytab No
  • No labels