Using the Sentry Web Server

The Sentry webserver can be used to view reported metrics which can prove useful for debugging. To enable the Sentry webserver for reporting metrics and secure it using Kerberos authentication, perform the following steps:
  1. Go to the Sentry service in Cloudera Manager.
  2. Click the Configuration tab.
  3. Select Scope > Sentry (Service-Wide).
  4. Select Category > Advanced.
  5. Locate the Sentry Service Advanced Configuration Snippet (Safety Valve) for sentry-site.xml property and add the following properties:
    1. To enable the Sentry webserver:
      <!-- Enable the Sentry web server -->
      <property>
      <name>sentry.service.web.enable</name>
      <value>true</value>
      </property>
    2. Metrics for the Sentry service can now be reported using either JMX or console. To obtain the metrics in JSON format, you can use the Sentry Web Server which by default, listens on port 51000. To enable reporting of metrics:
      <!-- Port on which the Sentry web server listens -->
      <property>
      <name>sentry.service.web.port</name>
      <value>51000</value>
      </property>
      
      <!-- Tool being used to report metrics; jmx or console -->
      <property>
      <name>sentry.service.reporter</name>
      <value>jmx</value>
      </property>
    3. Kerberos authentication must be enabled for the Sentry web server to restrict who can access the debug webpage for the Sentry service. To enable:
      <!-- Set Kerberos authentication properties -->
      <property>
      <name>sentry.service.web.authentication.type</name>
      <value>KERBEROS</value>
      </property>
      
      <property>
      <name>sentry.service.web.authentication.kerberos.principal</name>
      <value>HTTP/<fully.qualified.domain.name>@YOUR-REALM</value>
      </property>
      
      <property>
      <name>sentry.service.web.authentication.kerberos.keytab</name>
      <value>/path/to/keytab/file</value>
      </property>
      
      <!-- Define comma-separated list of users allowed to connect to the web server --> 
      <property>
      <name>sentry.service.web.authentication.allow.connect.users</name>
      <value>user_a,user_b</value>
      </property>
  6. Click Save Changes to commit the changes.