Setting up a Cluster with a Configured SDX Namespace

You can use a configured SDX namespace with a secure Altus Data Warehouse or Data Engineering cluster. A secure Altus cluster uses an environment with the Secure Clusters option enabled.

To set up a cluster with an SDX namespace, complete the following steps:
  1. Create or identify the Hive metastore and Sentry databases that you want to use for the configured SDX namespace.

    Altus SDX supports using a MySQL or PostgreSQL database for the Hive metastore and Sentry.

    You can manually set up the databases to use for the configured SDX namespace or you can use Altus Director to set up the databases:
    • Manually setting up the databases

      If you have the rights to set up databases on your cloud service provider, you can set up the databases for the Hive metastore and Sentry that you want to use for the configured SDX namespace. You must ensure that any cluster you create that uses the configured SDX namespace will have access to the Hive metastore and Sentry databases. When you create a cluster that uses the configured SDX namespace, Altus initializes the database schemas.

      For more information about setting up a MySQL database, see Install and Configure MySQL for Cloudera Software. For more information about creating a PostGres database, see Install and Configure PostgreSQL for Cloudera Software.

    • Using Altus Director to set up the databases

      If you use Altus Director to set up the external databases, you can also use Altus Director to create a cluster and generate the schema in the Hive metastore and Sentry databases.

      For more information about using Altus Director to create an external database, see Defining External Database Servers.

    Note the connection URI for the Hive metastore and Sentry databases. You need to provide the connection URI and the database user login credentials when you create the configured SDX namespace in Altus.

  2. Create a configured SDX namespace in Altus.

    For more information about creating a configured SDX namespace, see Creating a Configured SDX Namespace.

  3. Set up a secure Altus Data Engineering or Altus Data Warehouse cluster that uses the configured SDX namespace.
    When you create the cluster, set the following parameters :
    • SDX Namespace. Specify the configured SDX namespace you created in step 2.
    • Environment. Specify an environment with the Secure Clusters option enabled. The Altus environment must also be set up to allow access from the clusters to your data in object storage and to your Hive metastore and Sentry databases.

    For more information about enabling the Secure Clusters option for an environment, see Enable Secure Clusters.

    For more information about creating an Altus Data Engineering cluster, see Creating and Working with Clusters on the Console or Creating and Working with Clusters Using the CLI.

    For more information about creating an Altus Data Warehouse cluster, see Altus Data Warehouse Clusters on the Console or Altus Data Warehouse Clusters in the CLI.

  4. Grant administrator privileges to the SDX Sentry administrator group.

    When you create a configured SDX namespace, Altus creates an Altus group and adds it to Sentry as an administrator group. You, as creator of the configured SDX namespace, are a member of the group and have administrative privileges in Sentry.

    Altus provides the option to grant the Sentry administrator group ALL privileges on the Sentry server in addition to administrative privileges. Based on the option you select, Altus performs the following actions:

    • If you select the option to grant the Sentry administrator group ALL privileges:

      Altus creates a role with ALL privileges on the Sentry server and assigns it to the Sentry administrator group when you create a cluster to use with the SDX namespace. You can immediately create the databases you need for your use. Cloudera recommends that you select this option when you create a configured SDX namespace to for testing or demonstration purposes.

    • If you do not select the option to grant the Sentry administrator group ALL privileges:

      You must create the groups and roles with the privileges that you require to secure access to the databases and assign the appropriate role to the SDX Sentry administrator group.

      You can create a role with ALL privileges and assign the role to the SDX Sentry administrator group so that you can create and manage the databases that you need to work with. To grant all privileges to the SDX Sentry administrator group, run the following commands:
      create role SentryAdminRoleForAltus;
      grant all on server server1 to role SentryAdminRoleForAltus;
      grant role SentryAdminRoleForAltus to group SDXSentryAdminGroup;

      For Altus Data Engineering clusters, submit a Hive job to run the commands.

      For Altus Data Warehouse clusters, use the Query Editor to run the commands.

    For more information about the SDX Sentry administrator group privileges, see SDX Sentry Administrator Group Privileges.