Privacera Platform master publication

PrestoSQL standalone installation

:

Note

PrestoSQL will be discontinued in future releases of Privacera. Use Privacera Trino instead. For more information, see Trino Open Source.

Ranger PrestoSQL Plug-In

To install Apache Ranger PrestoSQL plug-in, use the following steps:

Download Presto plug-in package
  1. Set the Privacera Image Tag version.

    export PRIVACERA_IMAGE_TAG=${PRIVACERA_IMAGE_TAG}
  2. Download the PrestoSQL plug-in package.

    mkdir -p ~/privacera/downloads
    cd ~/privacera/downloads
    wget https://privacera.s3.amazonaws.com/ranger/${PRIVACERA_IMAGE_TAG}/ranger-2.1.0-SNAPSHOT-presto-plugin.tar.gz -O ranger-2.1.0-SNAPSHOT-presto-plugin.tar.gz
    ls -lrth
  3. Copy ranger-2.1.0-SNAPSHOT-presto-plugin.tar.gz file to the machine where presto-server is running.

Setup the environment
  1. SSH to the machine where presto-server is running.

  2. Go to directory where ranger-2.1.0-SNAPSHOT-presto-plugin.tar.gz have been copied.

  3. Extract the plug-in tar.gz

    tar xvf ranger-2.1.0-SNAPSHOT-presto-plugin.tar.gz
  4. Create a Symlink.

    ln -s ranger-2.1.0-SNAPSHOT-presto-plugin ranger-presto-plugin
Configuration
  • Edit the install.properties.

    cd ranger-presto-plugin/
    vi install.properties
  • Update the properties as per the table below:

    Property

    Default

    Description

    POLICY_MGR_URL

    NONE

    This is a Ranger Admin URL. E.g. http://10.100.10.10:6080

    REPOSITORY_NAME

    privacera_presto

    This indicates Presto Ranger policy.

    COMPONENT_INSTALL_DIR_NAME

    /usr/lib/presto

    This indicates Presto server installed directory.

    XAAUDIT.SOLR.ENABLE

    false

    Enable/Disable solr audit. Set as ‘true’ to enable.

    XAAUDIT.SOLR.URL

    NONE

    Solr audit URL or audit server URL.

    E.g. http://10.100.10.10:8983/solr/ranger_audits

    XAAUDIT.SOLR.BASIC.AUTH.ENABLED

    false

    Set to ‘true’ if solr/auditserver authentication is enabled

    XAAUDIT.SOLR.USER

    NONE

    -

    XAAUDIT.SOLR.PASSWORD

    NONE

    -

    RANGER_POLICY_AUTHZ_SHOW_CATALOG_DISABLED

    false

    Set as true to disable authorization for show catalog query.

    HIVE_POLICY_AUTHZ_ENABLED

    false

    Enable/Disable Hive policy authorization for Hive catalog

    Set as ‘true’ to use Hive policies to authorize hive catalog queries.

    HIVE_POLICY_REPO_CATALOG_MAPPING

    privacera_hive:hive

    This indicates Hive policy repository and Hive catalog mapping.

    Format: < hive_policy_repo-1 >:< comma_seperated_hive_catalogs >;

    < hive_policy_repo-2 >:< comma_seperated_hive_catalogs >

    E.g. privacera_hive:hivecatalog1, hivecatalog2; privacer_hive_1:hive3, hive4, hive5

    FILE_LOCATION_AUTHZ_ENABLED

    true

    This indicates file permission authorization using Privacera S3, ADLS, files policies for the external location in create schema and table.

    REPOSITORY_NAME_S3

    privacera_s3

    This indicates policy to be used to authorize S3 location.

    REPOSITORY_NAME_ADLS

    privacera_adls

    This indicates policy to be used to authorize ADLS location.

    REPOSITORY_NAME_FILES

    privacera_files

    This indicates policy to be used to authorize locations other than S3 and ADLS.

  • If Apache Ranger is SSL enabled, then set the following properties:

    SSL_KEYSTORE_FILE_PATH=${Path-to-ranger-plugin-keystore-jks}
    SSL_KEYSTORE_PASSWORD=${Plugin-keystore-password}
    SSL_TRUSTSTORE_FILE_PATH=${Path-to-ranger-plugin-truststore-jks}
    SSL_TRUSTSTORE_PASSWORD=${Plugin-truststore-password}
    CREDENTIAL_PROVIDER_FILE=${Path-to-ranger-jceks}
Installation
  • Enable the presto-plugin by running the enable-presto-plugin.sh command using root user.

    cd ranger-presto-plugin/
    ./enable-presto-plugin.sh
    
  • Now, restart Presto server.