Skip to main content

Privacera Documentation

Connect PrestoSQL standalone to Privacera Platform using Privacera plugin

Note

PrestoSQL will be discontinued in future releases of Privacera. Use Privacera Trino instead. For more information, see Connect Trino Open Source to Privacera Platform via plugin.

To install Apache Ranger PrestoSQL plugin, follow these steps:

  1. Download the Presto plugin package

  2. Set up your host environment

  3. Configure the Presto plugin

  4. Enable the Presto plugin

Download Presto plugin package

  1. Set the Privacera Image Tag version.

    export PRIVACERA_IMAGE_TAG=${PRIVACERA_IMAGE_TAG}
  2. Download the PrestoSQL plug-in package.

    mkdir -p ~/privacera/downloads
    cd ~/privacera/downloads
    wget https://privacera.s3.amazonaws.com/ranger/${PRIVACERA_IMAGE_TAG}/ranger-2.1.0-SNAPSHOT-presto-plugin.tar.gz -O ranger-2.1.0-SNAPSHOT-presto-plugin.tar.gz
    ls -lrth
  3. Copy ranger-2.1.0-SNAPSHOT-presto-plugin.tar.gz file to the machine where presto-server is running.

Set up your host environment

  1. SSH to the machine where presto-server is running.

  2. Go to directory where ranger-2.1.0-SNAPSHOT-presto-plugin.tar.gz have been copied.

  3. Extract the plug-in tar.gz

    tar xvf ranger-2.1.0-SNAPSHOT-presto-plugin.tar.gz
  4. Create a Symlink.

    ln -s ranger-2.1.0-SNAPSHOT-presto-plugin ranger-presto-plugin

Configure the Presto plugin

  1. Edit the install.properties file:

    cd ranger-presto-plugin/
    vi install.properties
  2. Update the properties in the following table:

    Property

    Default

    Description

    POLICY_MGR_URL

    NONE

    This is a Ranger Admin URL. E.g. http://10.100.10.10:6080

    REPOSITORY_NAME

    privacera_presto

    This indicates Presto Ranger policy.

    COMPONENT_INSTALL_DIR_NAME

    /usr/lib/presto

    This indicates Presto server installed directory.

    XAAUDIT.SOLR.ENABLE

    false

    Enable/Disable solr audit. Set as ‘true’ to enable.

    XAAUDIT.SOLR.URL

    NONE

    Solr audit URL or audit server URL.

    E.g. http://10.100.10.10:8983/solr/ranger_audits

    XAAUDIT.SOLR.BASIC.AUTH.ENABLED

    false

    Set to ‘true’ if solr/auditserver authentication is enabled

    XAAUDIT.SOLR.USER

    NONE

    -

    XAAUDIT.SOLR.PASSWORD

    NONE

    -

    RANGER_POLICY_AUTHZ_SHOW_CATALOG_DISABLED

    false

    Set as true to disable authorization for show catalog query.

    HIVE_POLICY_AUTHZ_ENABLED

    false

    Enable/Disable Hive policy authorization for Hive catalog

    Set as ‘true’ to use Hive policies to authorize hive catalog queries.

    HIVE_POLICY_REPO_CATALOG_MAPPING

    privacera_hive:hive

    This indicates Hive policy repository and Hive catalog mapping.

    Format: < hive_policy_repo-1 >:< comma_seperated_hive_catalogs >;

    < hive_policy_repo-2 >:< comma_seperated_hive_catalogs >

    E.g. privacera_hive:hivecatalog1, hivecatalog2; privacer_hive_1:hive3, hive4, hive5

    FILE_LOCATION_AUTHZ_ENABLED

    true

    This indicates file permission authorization using Privacera S3, ADLS, files policies for the external location in create schema and table.

    REPOSITORY_NAME_S3

    privacera_s3

    This indicates policy to be used to authorize S3 location.

    REPOSITORY_NAME_ADLS

    privacera_adls

    This indicates policy to be used to authorize ADLS location.

    REPOSITORY_NAME_FILES

    privacera_files

    This indicates policy to be used to authorize locations other than S3 and ADLS.

  3. If Apache Ranger is SSL enabled, then set the following properties:

    SSL_KEYSTORE_FILE_PATH=${Path-to-ranger-plugin-keystore-jks}
    SSL_KEYSTORE_PASSWORD=${Plugin-keystore-password}
    SSL_TRUSTSTORE_FILE_PATH=${Path-to-ranger-plugin-truststore-jks}
    SSL_TRUSTSTORE_PASSWORD=${Plugin-truststore-password}
    CREDENTIAL_PROVIDER_FILE=${Path-to-ranger-jceks}

Enable the Presto plugin

To enable the Presto plugin:

  1. Run the enable-presto-plugin.sh command using root user:

    cd ranger-presto-plugin/
    ./enable-presto-plugin.sh
  2. Restart the Presto server.