Sunday, April 15, 2018

Enabling hive Authorization in Qubole

Once the Hive authorization is enabled in qubole we need to mange the users and permission by hive authentication,  following are the some of the commands which will be used for the same.

1. Listing the Current Roles

Set role admin;
show roles

2. Create the roles

CREATE ROLE <role_name>;
Creates a new role. Only the admin role has privilege for this.

Set role admin;
Create role sysadmin;

3. Grant Role to users

GRANT ROLE <role_name> TO USER <user_name>
Set role admin;
Grant Role sysadmin to user rahul ;

4. Revoke a role from user

REVOKE ROLE <role_name> FROM USER <user_name>;

Set role admin;
REVOKE Role sysadmin from user rahul;

5. List  Roles attached to a user


Set role admin;
show role grant user `rahul`;

6. List Users under a role


Set role admin;

7. Assign Role access to tables

Sample Permission
SELECT privilege: It provides read access to an object (table).
INSERT privilege: It provides ability for adding data to an object (table).
UPDATE privilege: It provides ability for running UPDATE queries on an object (table).
DELETE privilege: It provides ability for deleting data in an object (table).
ALL privilege: It provides all privileges. In other words, this privilege gets translated into all the above privileges.

GRANT <Permission> ON <table_name> TO ROLE <role_name>;

Grant all on default.testtable to role sysadmin

8. View Role/user Permissions on tables

Check all users who have been granted with a specific role

SHOW GRANT USER <user_name> ON <table_name|All>;
SHOW GRANT ROLE <user_name> ON <table_name|All>;

SHOW GRANT user analytics on all

Saturday, March 31, 2018

Parsing Value from a Json Field in Qubole.

When the data in one of the Filed in the hive env is in Json format and when we need to extract the value out of the Json we can use the following commands

get_json_object(column_name, '$.keyvalue')

The column name is : jdata and json the Column is as followes.

    "Foo": "ABC",
    "Bar": "20090101100000",
    "Quux": {
        "QuuxId": 1234,
        "QuuxName": "Sam"

if we have to extract ABC : get_json_object(jdata, '$.Foo') 

Friday, February 16, 2018

Azure VPN Gateway with Cisco ASA using Routing

When we configure the Azure VPN Gateway with Cisco ASA there will be issue realted to routing type so we need to enable UsePolicyBasedTrafficSelectors in the Azure Connection to Solve the issue .

$RG1          = "****************"
$Connection16 = "****************"

$connection6  = Get-AzureRmVirtualNetworkGatewayConnection -Name $Connection16 -ResourceGroupName $RG1

$newpolicy6   = New-AzureRmIpsecPolicy -IkeEncryption AES256 -IkeIntegrity SHA384 -DhGroup DHGroup24 -IpsecEncryption AES256 -IpsecIntegrity SHA1 -PfsGroup PFS24 -SALifeTimeSeconds 28800 -SADataSizeKilobytes 4608000

Set-AzureRmVirtualNetworkGatewayConnection -VirtualNetworkGatewayConnection $connection6 -IpsecPolicies $newpolicy6

Set-AzureRmVirtualNetworkGatewayConnection -VirtualNetworkGatewayConnection $connection6 -IpsecPolicies $newpolicy6 -UsePolicyBasedTrafficSelectors $True

PS Azure:\> $connection6.UsePolicyBasedTrafficSelectors



PS Azure:\> $connection6.IpsecPolicies

Docker Management using Portainer

mkdir -p /mnt/docker
yum install -y rsync

* * * * * rsync -avzh /mnt/docker/ root@dm01:/mnt/docker/
* * * * * rsync -avzh /mnt/docker/ root@dm02:/mnt/docker/
* * * * * rsync -avzh /mnt/docker/ root@dm03:/mnt/docker/
* * * * * rsync -avzh /mnt/docker/ root@dm04:/mnt/docker/

Install Portainer with a persistent container
mkdir -p /mnt/docker/portainer/data

docker pull portainer/portainer
docker service create \
    --name portainer \
    --publish 9090:9000 \
    --constraint 'node.role == manager' \
    --mount type=bind,src=/mnt/shared/portainer,dst=/data \
    --mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
    portainer/portainer \
   -H unix:///var/run/docker.sock

[root@dm01 ~]#