Skip to content

PrestoSQL Standalone Installation#

Note

PrestoSQL will be discontinued in future releases of Privacera. Use Privacera Trino instead. For more information, see Trino Standalone.

Ranger PrestoSQL Plug-In#

To install Apache Ranger PrestoSQL plug-in, use the following steps:

Download Presto Plug-In Package#

  1. Set the Privacera Image Tag version.

    export PRIVACERA_IMAGE_TAG=${PRIVACERA_IMAGE_TAG}
    
  2. Download the PrestoSQL plug-in package.

    mkdir -p ~/privacera/downloads
    cd ~/privacera/downloads
    
    wget https://privacera.s3.amazonaws.com/ranger/${PRIVACERA_IMAGE_TAG}/ranger-2.1.0-SNAPSHOT-presto-plugin.tar.gz -O ranger-2.1.0-SNAPSHOT-presto-plugin.tar.gz
    
    ls -lrth
    
  3. Copy ranger-2.1.0-SNAPSHOT-presto-plugin.tar.gz file to the machine where presto-server is running.

Setup the Environment#

  1. SSH to the machine where presto-server is running.

  2. Go to directory where ranger-2.1.0-SNAPSHOT-presto-plugin.tar.gz have been copied.

  3. Extract the plug-in tar.gz

    tar xvf ranger-2.1.0-SNAPSHOT-presto-plugin.tar.gz
    
  4. Create a Symlink.

    ln -s ranger-2.1.0-SNAPSHOT-presto-plugin ranger-presto-plugin
    

Configuration#

  • Edit the install.properties.

    cd ranger-presto-plugin/
    vi install.properties
    
  • Update the properties as per the table below:

    Property Default Description
    POLICY_MGR_URL NONE This is a Ranger Admin URL. E.g. http://10.100.10.10:6080
    REPOSITORY_NAME privacera_presto This indicates Presto Ranger policy.
    COMPONENT_INSTALL_DIR_NAME /usr/lib/presto This indicates Presto server installed directory.
    XAAUDIT.SOLR.ENABLE false Enable/Disable solr audit. Set as ‘true’ to enable.
    XAAUDIT.SOLR.URL NONE Solr audit URL or audit server URL.
    E.g. http://10.100.10.10:8983/solr/ranger_audits
    XAAUDIT.SOLR.BASIC.AUTH.ENABLED false Set to ‘true’ if solr/auditserver authentication is enabled
    XAAUDIT.SOLR.USER NONE -
    XAAUDIT.SOLR.PASSWORD NONE -
    RANGER_POLICY_AUTHZ_SHOW_CATALOG_DISABLED false Set as true to disable authorization for show catalog query.
    HIVE_POLICY_AUTHZ_ENABLED false Enable/Disable Hive policy authorization for Hive catalog
    Set as ‘true’ to use Hive policies to authorize hive catalog queries.
    HIVE_POLICY_REPO_CATALOG_MAPPING privacera_hive:hive This indicates Hive policy repository and Hive catalog mapping.
    Format: < hive_policy_repo-1 >:< comma_seperated_hive_catalogs >;
    < hive_policy_repo-2 >:< comma_seperated_hive_catalogs >
    E.g. privacera_hive:hivecatalog1, hivecatalog2; privacer_hive_1:hive3, hive4, hive5
    FILE_LOCATION_AUTHZ_ENABLED true This indicates file permission authorization using Privacera S3, ADLS, files policies for the external location in create schema and table.
    REPOSITORY_NAME_S3 privacera_s3 This indicates policy to be used to authorize S3 location.
    REPOSITORY_NAME_ADLS privacera_adls This indicates policy to be used to authorize ADLS location.
    REPOSITORY_NAME_FILES privacera_files This indicates policy to be used to authorize locations other than S3 and ADLS.
  • If Apache Ranger is SSL enabled, then set the following properties:

    SSL_KEYSTORE_FILE_PATH=${Path-to-ranger-plugin-keystore-jks}
    SSL_KEYSTORE_PASSWORD=${Plugin-keystore-password}
    SSL_TRUSTSTORE_FILE_PATH=${Path-to-ranger-plugin-truststore-jks}
    SSL_TRUSTSTORE_PASSWORD=${Plugin-truststore-password}
    CREDENTIAL_PROVIDER_FILE=${Path-to-ranger-jceks}
    

Installation#

  • Enable the presto-plugin by running the enable-presto-plugin.sh command using root user.

    cd ranger-presto-plugin/
    ./enable-presto-plugin.sh
    
  • Now, restart Presto server.


Last update: August 26, 2021