Help Center/ MapReduce Service/ User Guide (ME-Abu Dhabi Region)/ FAQs/ Kerberos Usage/ How Do I Access Presto in a Cluster with Kerberos Authentication Enabled?
Updated on 2022-12-08 GMT+08:00

How Do I Access Presto in a Cluster with Kerberos Authentication Enabled?

  1. Log in to the Master node in the cluster as user root.
  2. Run the following command to configure environment variables:

    source /opt/client/bigdata_env

  3. Access Presto in a cluster with Kerberos authentication enabled.
    1. Log in to MRS Manager and create a role with the Hive Admin Privilege permission, for example, prestorerole.
    2. Create a user, for example, presto001, who belongs to the Presto and Hive groups, and bind the user to the role created in 3.a.
    3. Authenticate user presto001.

      kinit presto001

    4. Download the user authentication credential.
      • Operations on MRS Manager:
        Log in to MRS Manager, choose System > Manage User. Locate the user, and choose More > Download authentication credential.
        Figure 1 Downloading the Presto user authentication credential
      • Operations on FusionInsight Manager:

        Log in to FusionInsight Manager, choose System > Permission > User. On the displayed page, locate the row that contains the user, choose More > Download Authentication Credential.

    5. Decompress the downloaded user credential file, and save the obtained krb5.conf and user.keytab files to the client directory, for example, /opt/client/Presto/.
    6. Run the following command to obtain the user principal:

      klist -kt /opt/client/Presto/user.keytab

    7. Run the following command to connect to the Presto Server of the cluster:

      presto_cli.sh --krb5-config-path {krb5.conf file path} --krb5-principal {User's principal} --krb5-keytab-path {user.keytab file path} --user {presto username}

      • krb5.conf file path: file path set in 3.e, for example, /opt/client/Presto/krb5.conf.
      • user.keytab file path: file path set in 3.e, for example, /opt/client/Presto/user.keytab.
      • User's principal: principal obtained in 3.f.
      • presto username: user created in 3.b, for example, presto001.

      Example: presto_cli.sh --krb5-config-path /opt/client/Presto/krb5.conf --krb5-principal prest001@xxx_xxx_xxx_xxx.COM --krb5-keytab-path /opt/client/Presto/user.keytab --user presto001

    8. On the Presto client, run the following statement to create a schema:

      CREATE SCHEMA hive.demo01 WITH (location = 'obs://presto-demo002/');

    9. Create a table in the schema. The table data is stored in the OBS bucket, as shown in the following example:

      CREATE TABLE hive.demo01.demo_table WITH (format = 'ORC') AS SELECT * FROM tpch.sf1.customer;

      Figure 2 Return result
    10. Run exit to exit the client.