Repository: incubator-sentry Updated Branches: refs/heads/master 924f0b038 -> 1411e3739
SENTRY-333: Add conf directory to sentry distribution (Tuong Truong via Prasad Mujumdar) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/1411e373 Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/1411e373 Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/1411e373 Branch: refs/heads/master Commit: 1411e3739ab6f161fe7094dbab99ee828af48dd5 Parents: 924f0b0 Author: Prasad Mujumdar <[email protected]> Authored: Mon Jul 21 19:13:54 2014 -0700 Committer: Prasad Mujumdar <[email protected]> Committed: Mon Jul 21 19:13:54 2014 -0700 ---------------------------------------------------------------------- sentry-site.xml.hive-client.example | 72 +++++++++++++++++ sentry-site.xml.hive-client.template | 100 ++++++++++++++++++++++++ sentry-site.xml.service.example | 65 +++++++++++++++ sentry-site.xml.service.template | 126 ++++++++++++++++++++++++++++++ sentry-site.xml.solr-client.example | 36 +++++++++ 5 files changed, 399 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1411e373/sentry-site.xml.hive-client.example ---------------------------------------------------------------------- diff --git a/sentry-site.xml.hive-client.example b/sentry-site.xml.hive-client.example new file mode 100644 index 0000000..fd87c62 --- /dev/null +++ b/sentry-site.xml.hive-client.example @@ -0,0 +1,72 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<configuration> + <property> + <name>sentry.hive.provider</name> + <value>org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider</value> + </property> + <property> + <name>sentry.hive.server</name> + <value>server1</value> + </property> + <property> + <name>sentry.hive.testing.mode</name> + <value>false</value> + </property> + <property> + <name>sentry.service.client.server.rpc-port</name> + <value>8038</value> + </property> + <property> + <name>sentry.service.client.server.rpc-address</name> + <value>localhost</value> + </property> + <property> + <name>sentry.service.client.server.rpc-connection-timeout</name> + <value>200000</value> + </property> +<!-- + Properties required for setting the DB provider +--> + <property> + <name>sentry.hive.provider.backend</name> + <value>org.apache.sentry.provider.db.SimpleDBProviderBackend</value> + </property> + <property> + <name>sentry.service.security.mode</name> + <value>none</value> + </property> + <property> + <name>sentry.service.server.principal</name> + <value>hivemeta/[email protected]</value> + </property> + <property> + <name>sentry.metastore.service.users</name> + <value>hive</value> + </property> + + <!-- Deprecated, file provider + <property> + <name>sentry.hive.provider.resource</name> + <value>file:///home/prasadm/sentry/config/global-policy.ini</value> + </property> + --> +</configuration> + http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1411e373/sentry-site.xml.hive-client.template ---------------------------------------------------------------------- diff --git a/sentry-site.xml.hive-client.template b/sentry-site.xml.hive-client.template new file mode 100644 index 0000000..0491de7 --- /dev/null +++ b/sentry-site.xml.hive-client.template @@ -0,0 +1,100 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<!-- WARNING!!! This file is provided for documentation purposes ONLY! --> +<!-- WARNING!!! You should copy to sentry-site.xml and make modification instead. --> + + +<configuration> + + <property> + <name>sentry.service.security.mode</name> + <value>kerberos</value> + <description>Options: kerberos, none. Authentication mode for Sentry service. Currently supports Kerberos and trusted mode </description> + </property> + + <property> + <name>sentry.service.server.principal</name> + <value> </value> + <description>Service Kerberos principal</description> + </property> + + + <property> + <name>sentry.service.client.server.rpc-address</name> + <value> </value> + <description> TCP address of the sentry store server</description> + </property> + + <property> + <name>sentry.service.client.server.rpc-port</name> + <value> </value> + <description>Port # of the sentry store server</description> + </property> + + <property> + <name>sentry.service.client.server.rpc-connection-timeout</name> + <value>200000</value> + <description>Client timeout default(200000) RPC connection timeout in milisecs</description> + </property> + + <property> + <name>sentry.metastore.service.users</name> + <value> </value> + <description> + Comma separated list of users + List of service users (eg hive, impala) to bypass + the Sentry metastore authorization. These + services handle the metadata authorization + on their side. + </description> + </property> + +<!-- + Some common client properties same as file + based provider +--> + + <property> + <name>sentry.provider</name> + <value>org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider</value> + <description> Deprecated name: hive.sentry.provider. Group mapping which should be used at client side</description> + </property> + + <property> + <name>sentry.hive.server</name> + <value>HS2</value> + <description> Deprecated name: hive.sentry.server. Defaut: HS2. Hive Server2 Server identifier like "server1"</description> + </property> + + <property> + <name>sentry.hive.failure.hooks</name> + <value> </value> + <description>Deprecated Name: hive.sentry.failure.hooks. Any failure hooks to be configured like navigator (i.e. com.cloudera.navigator.audit.hive.HiveSentryOnFailureHook)</description> + </property> + + <property> + <name>sentry.hive.provider.backend</name> + <value>org.apache.sentry.provider.file.SimpleFileProviderBackend</value> + <description> Options: {org.apache.sentry.provider.db.SimpleDBProviderBackend, org.apache.sentry.provider.file.SimpleFileProviderBackend} + Privilege provider to be used, we support file based or db based + </description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1411e373/sentry-site.xml.service.example ---------------------------------------------------------------------- diff --git a/sentry-site.xml.service.example b/sentry-site.xml.service.example new file mode 100644 index 0000000..e724ef4 --- /dev/null +++ b/sentry-site.xml.service.example @@ -0,0 +1,65 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<configuration> + <property> + <name>sentry.hive.server</name> + <value>server1</value> + </property> + <property> + <name>sentry.store.jdbc.url</name> + <value>jdbc:derby:;databaseName=metastore_db;create=true</value> + </property> + <property> + <name>sentry.service.security.mode</name> + <value>kerberos</value> + </property> + <property> + <name>sentry.service.server.principal</name> + <value></value> + </property> + <property> + <name>sentry.service.server.keytab</name> + <value></value> + </property> + <property> + <name>sentry.service.admin.group</name> + <value>hive</value> + </property> + <property> + <name>sentry.service.allow.connect</name> + <value>hive</value> + </property> + <property> + <name>sentry.store.jdbc.driver</name> + <value>org.apache.derby.jdbc.EmbeddedDriver</value> + </property> + <property> + <name>sentry.store.jdbc.user</name> + <value>sentry</value> + </property> + <property> + <name>sentry.store.jdbc.password</name> + <value>test</value> + </property> + <property> + <name>sentry.verify.schema.version</name> + <value>true</value> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1411e373/sentry-site.xml.service.template ---------------------------------------------------------------------- diff --git a/sentry-site.xml.service.template b/sentry-site.xml.service.template new file mode 100644 index 0000000..a49b221 --- /dev/null +++ b/sentry-site.xml.service.template @@ -0,0 +1,126 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<!-- WARNING!!! This file is provided for documentation purposes ONLY! --> +<!-- WARNING!!! You should copy to sentry-site.xml and make modification instead. --> + +<configuration> + + <property> + <name>sentry.verify.schema.version</name> + <value> </value> + <description> + value: true, false + true Sentry store will verify the schema version in backed DB with expected version in jar. + The service won't start if there's a mismatch + </description> + </property> + + <property> + <name>sentry.service.server-max-threads</name> + <value> </value> + <description> Number of threads 500 Max worker threads to serve client requests</description> + </property> + + <property> + <name>sentry.service.server-min-threads</name> + <value> </value> + <description>Number of threads 10 Min worker threads to serve client requests</description> + </property> + + <property> + <name>sentry.service.allow.connect</name> + <value> </value> + <description>comma separated list of users - List of users that are allowed to connect to the service (eg Hive, Impala) </description> + </property> + + <property> + <name>sentry.store.jdbc.url</name> + <value> </value> + <description>JDBC connection URL for the backed DB</description> + </property> + + <property> + <name>sentry.store.jdbc.user</name> + <value>Setnry</value> + <description>Userid for connecting to backend db </description> + </property> + + <property> + <name>sentry.store.jdbc.password</name> + <value>Sentry</value> + <description>Sentry password for backend JDBC user </description> + </property> + + <property> + <name>sentry.service.server.keytab</name> + <value></value> + <description>Keytab for service principal</description> + </property> + + <property> + <name>sentry.service.server.rpcport</name> + <value>8038</value> + <description> TCP port number for service</description> + </property> + + <property> + <name>sentry.service.server.rpcaddress</name> + <value>0.0.0.0</value> + <description> TCP interface for service to bind to</description> + </property> + + <property> + <name>sentry.store.jdbc.driver</name> + <value>org.apache.derby.jdbc.EmbeddedDriver</value> + <description>Backend JDBC driver - org.apache.derby.jdbc.EmbeddedDriver (only when dbtype = derby) JDBC Driver class for the backed DB</description> + </property> + + <property> + <name>sentry.service.admin.group</name> + <value> </value> + <description>Comma separates list of groups. List of groups allowed to make policy updates</description> + </property> + + <property> + <name>sentry.store.group.mapping</name> + <value>org.apache.sentry.provider.common.HadoopGroupMappingService</value> + <description> + Group mapping class for Sentry service. org.apache.sentry.provider.file.LocalGroupMapping service can be used for local group mapping. </description> + </property> + + <property> + <name>sentry.store.group.mapping.resource</name> + <value> </value> + <description> Policy file for group mapping. Policy file path for local group mapping, when sentry.store.group.mapping is set to LocalGroupMapping Service class.</description> + </property> + + <property> + <name>sentry.service.security.mode</name> + <value>kerberos</value> + <description>Options: kerberos, none. Authentication mode for Sentry service. Currently supports Kerberos and trusted mode </description> + </property> + + <property> + <name>sentry.service.server.principal</name> + <value> </value> + <description>Service Kerberos principal</description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1411e373/sentry-site.xml.solr-client.example ---------------------------------------------------------------------- diff --git a/sentry-site.xml.solr-client.example b/sentry-site.xml.solr-client.example new file mode 100644 index 0000000..dd39908 --- /dev/null +++ b/sentry-site.xml.solr-client.example @@ -0,0 +1,36 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<configuration> + <property> + <name>sentry.provider</name> + <value>org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider</value> + </property> + <property> + <name>sentry.solr.provider.resource</name> + <value>/path/to/authz-provider.ini</value> + <!-- + If the HDFS configuration files (core-site.xml, hdfs-site.xml) + pointed to by SOLR_HDFS_CONFIG in /etc/default/solr + point to HDFS, the path will be in HDFS; + alternatively you could specify a full path, + e.g.:hdfs://namenode:port/path/to/authz-provider.ini + --> + </property> +</configuration>
