cdh版本：5.14
主要參照官方文檔：https://www.cloudera.com/documentation/enterprise/5-14-x/topics/sentry.html

成都創(chuàng)新互聯(lián)服務項目包括青岡網(wǎng)站建設、青岡網(wǎng)站制作、青岡網(wǎng)頁制作以及青岡網(wǎng)絡營銷策劃等。多年來，我們專注于互聯(lián)網(wǎng)行業(yè)，利用自身積累的技術(shù)優(yōu)勢、行業(yè)經(jīng)驗、深度合作伙伴關(guān)系等，向廣大中小型企業(yè)、政府機構(gòu)等提供互聯(lián)網(wǎng)行業(yè)的解決方案，青岡網(wǎng)站推廣取得了明顯的社會效益與經(jīng)濟效益。目前，我們服務的客戶以成都為中心已經(jīng)輻射到青岡省份的部分城市，未來相信會繼續(xù)擴大服務區(qū)域并繼續(xù)獲得客戶的支持與信任！

一.部署sentry服務
1.配置：官方建議將hive metastore的heap size至少設為10GB：
Set the HMS heap size to at least 10 GB. This is required because by default, Sentry uses 12 connections to communicate with HMS. To verify the HMS heap size, open the Hive service, click the Configuration tab, and search for the Java Heap Size of Hive Meatstore Server in Bytes property.

hive中每百萬個對象（包括servers, databases, tables, partitions, columns, URIs, and views），則sentry的Heap Size相應地需要2.25GB：
Cloudera recommends that for each Sentry host, you have 2.25 GB memory per million objects in the Hive database. Hive objects include servers, databases, tables, partitions, columns, URIs, and views.

Make sure that the JVM heap size is set to a value that is appropriate for the memory requirements. You can check the heap size in Cloudera Manager. Open the Sentry service, click the Configuration tab, and search for the Java Heap Size of Sentry Server in Bytes property. Set that property to the maximum size for the Java process heap memory.

2.安裝sentry
在CDH中添加sentry服務

3.開啟sentry服務之前的準備工作
Using the default Hive warehouse directory - Permissions on the warehouse directory must be set as follows (see following Note for caveats):
771 on the directory itself (by default, /user/hive/warehouse)
771 on all subdirectories (for example, /user/hive/warehouse/mysubdir)
All files and subdirectories should be owned by hive:hive
For example:
$ sudo -u hdfs hdfs dfs -chmod -R 771 /user/hive/warehouse
$ sudo -u hdfs hdfs dfs -chown -R hive:hive /user/hive/warehouse

在hive服務中勾選開啟senrty認證
去除hiveserver2配置項：HiveServer2 Enable Impersonation
增加yarn nodemanager選項-Allowed System Users：增加hive
在hive配置 hadoop.proxyuser.hive.groups，增加hive,hue,sentry

二.集成

1.hive配置項Sentry 服務，選擇sentry
2.impala配置項Sentry 服務 選擇sentry
3.hue配置項Sentry 服務 選擇sentry