from:"lisao"

incubator-hawq-docs git commit: create external table - correct formatting error

2017-07-21 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/master 776ede0e5 -> 39cd81475


create external table - correct formatting error


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/39cd8147
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/39cd8147
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/39cd8147

Branch: refs/heads/master
Commit: 39cd814753136cb8b925aec68dca0907ac20b276
Parents: 776ede0
Author: Lisa Owen 
Authored: Fri Jul 21 12:19:59 2017 -0700
Committer: Lisa Owen 
Committed: Fri Jul 21 12:19:59 2017 -0700

--
 markdown/reference/sql/CREATE-EXTERNAL-TABLE.html.md.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/39cd8147/markdown/reference/sql/CREATE-EXTERNAL-TABLE.html.md.erb
--
diff --git a/markdown/reference/sql/CREATE-EXTERNAL-TABLE.html.md.erb 
b/markdown/reference/sql/CREATE-EXTERNAL-TABLE.html.md.erb
index c458cae..8cb661b 100644
--- a/markdown/reference/sql/CREATE-EXTERNAL-TABLE.html.md.erb
+++ b/markdown/reference/sql/CREATE-EXTERNAL-TABLE.html.md.erb
@@ -183,7 +183,7 @@ For writable external tables, specifies the URI location of 
the `gpfdist` proces
 
 With two `gpfdist` locations listed as in the above example, half of the 
segments would send their output data to the `data1.out` file and the other 
half to the `data2.out` file.
 
-For the `pxf` protocol, the `LOCATION` string specifies the HDFS NameNode 
\ and the \ of the PXF service, the location of the data, and the 
PXF profile or Java classes used to convert the data between storage format and 
HAWQ format. If the \ is omitted, the \ is taken to be the 
logical name for the high availability Nameservice, and the \ is the 
value of the `pxf_service_port` configuration parameter, 51200 by default. The 
URL parameters `FRAGMENTER`, `ACCESSOR`, and `RESOLVER` are the names of PXF 
plug-ins (Java classes) that convert between the external data format and HAWQ 
data format. The `FRAGMENTER` parameter is only used with readable external 
tables. PXF allows combinations of these parameters to be configured as 
profiles so that a single `PROFILE` parameter can be specified to access 
external data, for example `?PROFILE=Hive`. Additional \` can 
be added to the LOCATION URI to further describe the external data format or st
 orage options. For details about the plug-ins and profiles provided with PXF 
and information about creating custom plug-ins for other data sources see 
[Using PXF with Unmanaged Data](../../pxf/HawqExtensionFrameworkPXF.html).
+For the `pxf` protocol, the `LOCATION` string specifies the HDFS NameNode 
\ and the \ of the PXF service, the location of the data, and the 
PXF profile or Java classes used to convert the data between storage format and 
HAWQ format. If the \ is omitted, the \ is taken to be the 
logical name for the high availability Nameservice, and the \ is the 
value of the `pxf_service_port` configuration parameter, 51200 by default. The 
URL parameters `FRAGMENTER`, `ACCESSOR`, and `RESOLVER` are the names of PXF 
plug-ins (Java classes) that convert between the external data format and HAWQ 
data format. The `FRAGMENTER` parameter is only used with readable external 
tables. PXF allows combinations of these parameters to be configured as 
profiles so that a single `PROFILE` parameter can be specified to access 
external data, for example `?PROFILE=Hive`. Additional \s can 
be added to the LOCATION URI to further describe the external data format or sto
 rage options. For details about the plug-ins and profiles provided with PXF 
and information about creating custom plug-ins for other data sources see 
[Using PXF with Unmanaged Data](../../pxf/HawqExtensionFrameworkPXF.html).
 
 EXECUTE '\' ON ...  
 Allowed for readable web external tables or writable external tables only. 
For readable web external tables, specifies the OS command to be executed by 
the segment instances. The \ can be a single OS command or a script. 
If \ executes a script, that script must reside in the same location 
on all of the segment hosts and be executable by the HAWQ superuser (`gpadmin`).

incubator-hawq-docs git commit: pxf jdbc profile - enhance INTERVAL discussion

2017-07-12 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/master abea80853 -> f6d40aaca


pxf jdbc profile - enhance INTERVAL discussion


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/f6d40aac
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/f6d40aac
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/f6d40aac

Branch: refs/heads/master
Commit: f6d40aaca08e78d208a7ac8192ebf88a3564bec4
Parents: abea808
Author: Lisa Owen 
Authored: Wed Jul 12 09:18:48 2017 -0600
Committer: Lisa Owen 
Committed: Wed Jul 12 09:18:48 2017 -0600

--
 markdown/pxf/JdbcPXF.html.md.erb | 2 ++
 1 file changed, 2 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/f6d40aac/markdown/pxf/JdbcPXF.html.md.erb
--
diff --git a/markdown/pxf/JdbcPXF.html.md.erb b/markdown/pxf/JdbcPXF.html.md.erb
index 337de66..9135e2b 100644
--- a/markdown/pxf/JdbcPXF.html.md.erb
+++ b/markdown/pxf/JdbcPXF.html.md.erb
@@ -87,6 +87,8 @@ Example JDBC \ connection string:
 
_DRIVER=com.mysql.jdbc.Driver_URL=jdbc:mysql://:/testdb=user1=changeme
 ```
 
+When specifying the `PARTITION_BY` option, tune the `INTERVAL` value and unit 
based upon the optimal number of JDBC connections to the target database and 
the optimal distribution of fragments across HAWQ segments. The `INTERVAL` low 
boundary is driven by the number of HAWQ segments 
(`default_hash_table_bucket_number`), while the high boundary is driven by the 
acceptable number of JDBC connections to the target database. `INTERVAL` 
settings influence the number of fragments, and should ideally not be set too 
high nor too low. Testing with multiple values may help you select the optimal 
settings. 
+
 Example JDBC \ substrings identifying partitioning parameters:
 
 ``` pre

incubator-hawq-docs git commit: use ANALYZE command, not operation

2017-06-01 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/master aaa7ebba5 -> a9fcece43


use ANALYZE command, not operation


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/a9fcece4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/a9fcece4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/a9fcece4

Branch: refs/heads/master
Commit: a9fcece4308e51a5c1bc55b70ce3b3ef3305c5df
Parents: aaa7ebb
Author: Lisa Owen 
Authored: Thu Jun 1 10:49:14 2017 -0700
Committer: Lisa Owen 
Committed: Thu Jun 1 10:49:14 2017 -0700

--
 markdown/pxf/HBasePXF.html.md.erb  | 2 +-
 markdown/pxf/JsonPXF.html.md.erb   | 2 +-
 markdown/reference/sql/ANALYZE.html.md.erb | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/a9fcece4/markdown/pxf/HBasePXF.html.md.erb
--
diff --git a/markdown/pxf/HBasePXF.html.md.erb 
b/markdown/pxf/HBasePXF.html.md.erb
index 90dacf3..4341de3 100644
--- a/markdown/pxf/HBasePXF.html.md.erb
+++ b/markdown/pxf/HBasePXF.html.md.erb
@@ -53,7 +53,7 @@ The HBase profile is equivalent to the following PXF 
parameters:
 -   Accessor=org.apache.hawq.pxf.plugins.hbase.HBaseAccessor
 -   Resolver=org.apache.hawq.pxf.plugins.hbase.HBaseResolver
 
-**Note**: `ANALYZE` operations are not supported on external tables you create 
with the `HBase` profile.
+**Note**: The `ANALYZE` command is not supported on external tables you create 
with the `HBase` profile.
 
 ## Column Mapping
 

http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/a9fcece4/markdown/pxf/JsonPXF.html.md.erb
--
diff --git a/markdown/pxf/JsonPXF.html.md.erb b/markdown/pxf/JsonPXF.html.md.erb
index e22a75c..c56c28e 100644
--- a/markdown/pxf/JsonPXF.html.md.erb
+++ b/markdown/pxf/JsonPXF.html.md.erb
@@ -176,7 +176,7 @@ JSON-plug-in-specific keywords and values used in the 
`CREATE EXTERNAL TABLE` ca
 | FORMAT| The `FORMAT` clause must specify `CUSTOM`. |
 | FORMATTER| The JSON `CUSTOM` format supports only the built-in 
`pxfwritable_import` `FORMATTER`. |
 
-**Note**: `ANALYZE` operations are not supported on external tables you create 
with the `Json` profile.
+**Note**: The `ANALYZE` command is not supported on external tables you create 
with the `Json` profile.
 
 ### Example 1 
 

http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/a9fcece4/markdown/reference/sql/ANALYZE.html.md.erb
--
diff --git a/markdown/reference/sql/ANALYZE.html.md.erb 
b/markdown/reference/sql/ANALYZE.html.md.erb
index 98fadd8..779fd7c 100644
--- a/markdown/reference/sql/ANALYZE.html.md.erb
+++ b/markdown/reference/sql/ANALYZE.html.md.erb
@@ -75,7 +75,7 @@ When `pxf_stat_max_fragments` is false, `ANALYZE` outputs a 
message to warn that
 
 There may be situations where the remote statistics retrieval could fail to 
perform a task on a PXF table. For example, if a PXF Java component is down, 
the remote statistics retrieval might not occur, and the database transaction 
would not succeed. In these cases, the statistics remain with the default 
external table values.
 
-**Note**: `ANALYZE` operations are not supported on PXF external tables 
created with the `HBase` or `Json` profiles.
+**Note**: The `ANALYZE` command is not supported on PXF external tables 
created with the `HBase` or `Json` profiles.
 
 ## Examples

incubator-hawq-docs git commit: remove graffle files

2017-05-30 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/master 18ee9446d -> 6b42b34f9


remove graffle files


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/6b42b34f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/6b42b34f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/6b42b34f

Branch: refs/heads/master
Commit: 6b42b34f97b9c805df8761cd700a2b2c82b5819a
Parents: 18ee944
Author: Lisa Owen 
Authored: Tue May 30 15:06:10 2017 -0700
Committer: Lisa Owen 
Committed: Tue May 30 15:06:10 2017 -0700

--
 markdown/images/source/gporca.graffle| Bin 2814 -> 0 bytes
 markdown/images/source/hawq_hcatalog.graffle | Bin 2967 -> 0 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/6b42b34f/markdown/images/source/gporca.graffle
--
diff --git a/markdown/images/source/gporca.graffle 
b/markdown/images/source/gporca.graffle
deleted file mode 100644
index fb835d5..000
Binary files a/markdown/images/source/gporca.graffle and /dev/null differ

http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/6b42b34f/markdown/images/source/hawq_hcatalog.graffle
--
diff --git a/markdown/images/source/hawq_hcatalog.graffle 
b/markdown/images/source/hawq_hcatalog.graffle
deleted file mode 100644
index f46bfb2..000
Binary files a/markdown/images/source/hawq_hcatalog.graffle and /dev/null differ

incubator-hawq-docs git commit: policy doc - built-in func warning, revise hdfs/hive considers

2017-04-07 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/develop a3ebec2d8 -> e85f3a49e


policy doc - built-in func warning, revise hdfs/hive considers


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/e85f3a49
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/e85f3a49
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/e85f3a49

Branch: refs/heads/develop
Commit: e85f3a49ec1721c6f08567b782d537a691b5928e
Parents: a3ebec2
Author: Lisa Owen 
Authored: Fri Apr 7 15:24:12 2017 -0700
Committer: Lisa Owen 
Committed: Fri Apr 7 17:41:31 2017 -0700

--
 markdown/ranger/ranger-policy-creation.html.md.erb | 15 +--
 1 file changed, 9 insertions(+), 6 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/e85f3a49/markdown/ranger/ranger-policy-creation.html.md.erb
--
diff --git a/markdown/ranger/ranger-policy-creation.html.md.erb 
b/markdown/ranger/ranger-policy-creation.html.md.erb
index 5bd12b4..ec78c35 100644
--- a/markdown/ranger/ranger-policy-creation.html.md.erb
+++ b/markdown/ranger/ranger-policy-creation.html.md.erb
@@ -319,10 +319,13 @@ Make note of the following considerations when employing 
Ranger authorization fo
 
 - `CREATE LANGUAGE` commands (superuser-only) issued for non-built-in 
languages (pljava, plpython, ..) require the `usage` permission for the `c` 
language.
 
-- If Ranger is enabled for Hive authorization in your HAWQ cluster:
--  Create Hive policy(s) providing the user `pxf` access to any Hive 
tables you want to expose via PXF HCatalog integration or HAWQ PXF external 
tables.
-- The HAWQ policies providing access to PXF HCatalog integration must 
identify database `hcatalog`, schema ``, and table 
`` resources.  These privileges are required in addition to 
any Hive policies for user `pxf` when Ranger is enabled for Hive authorization.
+- Using built-in functions may generate the message:  âWARNING: usage 
privilege of namespace \ is required.â This message is 
displayed even though the usage permission on \ is not actually 
required to execute the built-in function.
 
-- If you have enabled Ranger authorization for HDFS in your HAWQ cluster:
--  Create an HDFS policy(s) providing user `gpadmin` access to the HDFS 
HAWQ filespace.
--  If you plan to use PXF external tables to read and write HDFS data, 
create HDFS policies providing user `pxf` access to the HDFS files backing your 
PXF external tables.
+- When Ranger authorization is enabled for HDFS in your HAWQ cluster:
+- The HDFS `xasecure.add-hadoop-authorization` property determines whether 
or not HDFS access controls are used as a fallback when no policy exists for a 
given HDFS resource. HAWQ access to HDFS is not affected when the 
`xasecure.add-hadoop-authorization` property is set to `true`. When this 
property is set to `false`, you must define HDFS Ranger policies permitting the 
`gadmin` HAWQ user read/write/execute access to the HAWQ HDFS filespace. 
+- Access to HDFS-backed PXF external tables is not affected by the 
`xasecure.add-hadoop-authorization` property value, since the `pxf` user is a 
member of the `hdfs` superuser group.
+
+- Hive Ranger policies cannot control PXF access to Hive tables.
+-  When Ranger authorization is enabled for HAWQ, the `gpadmin` user has 
access permissions to all Hive tables exposed through PXF external tables and 
HCatalog integration.
+- Other HAWQ users may gain access to Hive-backed PXF external tables when 
provided `usage-schema` and `create` permissions on the `public` or any private 
schema. To restrict this access, selectively assign permissions to the `pxf` 
protocol. 
+- HCatalog access to Hive tables is restricted by default when Ranger 
authorization is enabled for HAWQ; you must create policies to explicitly allow 
this access.

incubator-hawq-docs git commit: hawq_rm_return_percent_on_overcommit clarification

2017-04-07 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/develop 975ef85d8 -> a3ebec2d8


hawq_rm_return_percent_on_overcommit clarification


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/a3ebec2d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/a3ebec2d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/a3ebec2d

Branch: refs/heads/develop
Commit: a3ebec2d865b67eb4a292ab6bbacf11c3fe6e3b1
Parents: 975ef85
Author: Lisa Owen 
Authored: Fri Apr 7 09:46:58 2017 -0700
Committer: Lisa Owen 
Committed: Fri Apr 7 09:46:58 2017 -0700

--
 markdown/reference/guc/parameter_definitions.html.md.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/a3ebec2d/markdown/reference/guc/parameter_definitions.html.md.erb
--
diff --git a/markdown/reference/guc/parameter_definitions.html.md.erb 
b/markdown/reference/guc/parameter_definitions.html.md.erb
index 1f94c5a..70416d6 100644
--- a/markdown/reference/guc/parameter_definitions.html.md.erb
+++ b/markdown/reference/guc/parameter_definitions.html.md.erb
@@ -2043,7 +2043,7 @@ Amount of time, in seconds, before idle resources are 
returned to YARN.
 
 ## hawq\_rm\_return\_percent\_on\_overcommit
 
-Determines how many containers the global resource manager should return to 
the global resource manager (YARN for example.) This configuration only applies 
when HAWQ's YARN queue is busy, and HAWQ makes the YARN queue overuse its 
resources. The default value is 10, which means HAWQ will return 10% of 
acquired YARN containers by pausing the allocation of resources to HAWQ queries.
+Determines how many containers HAWQ should return to the global resource 
manager (YARN for example.) This configuration only applies when HAWQ's YARN 
queue is busy, and HAWQ makes the YARN queue overuse its resources. The default 
value is 10, which means HAWQ will return 10% of acquired YARN containers by 
pausing the allocation of resources to HAWQ queries.
 
 In a typical deployment, you do not need to modify the default value of this 
parameter.

incubator-hawq-docs git commit: update rps port value range to valid port number

2017-04-06 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/develop 6391858bb -> bd6ce7830


update rps port value range to valid port number


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/bd6ce783
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/bd6ce783
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/bd6ce783

Branch: refs/heads/develop
Commit: bd6ce78308edc0bcf595ca0e9b2ff459cdde9122
Parents: 6391858
Author: Lisa Owen 
Authored: Thu Apr 6 11:18:05 2017 -0700
Committer: Lisa Owen 
Committed: Thu Apr 6 11:18:05 2017 -0700

--
 markdown/reference/guc/parameter_definitions.html.md.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/bd6ce783/markdown/reference/guc/parameter_definitions.html.md.erb
--
diff --git a/markdown/reference/guc/parameter_definitions.html.md.erb 
b/markdown/reference/guc/parameter_definitions.html.md.erb
index 43a8d8a..1f94c5a 100644
--- a/markdown/reference/guc/parameter_definitions.html.md.erb
+++ b/markdown/reference/guc/parameter_definitions.html.md.erb
@@ -2145,7 +2145,7 @@ Identifies the port on which the HAWQ Ranger Plug-in 
Service runs. The `hawq_rps
 
 | Value Range | 
Default | Set Classifications |
 
|-|-|-|
-| 1-65535 | 8432 | master, reload |
+| valid port number | 8432 | master, reload |
 
 
 ## hawq\_segment\_address\_port

incubator-hawq-docs git commit: update plugin output to use hosts from invocation

2017-03-31 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/develop bb7086214 -> 187f22431


update plugin output to use hosts from invocation


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/187f2243
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/187f2243
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/187f2243

Branch: refs/heads/develop
Commit: 187f22431ce64da95a8e6172d68d451e2ae6e3c1
Parents: bb70862
Author: Lisa Owen 
Authored: Fri Mar 31 13:41:14 2017 -0700
Committer: Lisa Owen 
Committed: Fri Mar 31 13:41:14 2017 -0700

--
 markdown/ranger/ranger-integration-config.html.md.erb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/187f2243/markdown/ranger/ranger-integration-config.html.md.erb
--
diff --git a/markdown/ranger/ranger-integration-config.html.md.erb 
b/markdown/ranger/ranger-integration-config.html.md.erb
index a274158..3da8e78 100644
--- a/markdown/ranger/ranger-integration-config.html.md.erb
+++ b/markdown/ranger/ranger-integration-config.html.md.erb
@@ -73,16 +73,16 @@ To use HAWQ Ranger integration, install a compatible Hadoop 
distribution and Apa
 ``` bash
 gpadmin@master$ cd /usr/local/hawq/ranger/bin
 gpadmin@master$ ./enable-ranger-plugin.sh -r ranger_host:6080 -u admin -p 
admin -h hawq_master:5432 -w gpadmin -q gpadmin
-RANGER URL  = localhost:6080
+RANGER URL  = ranger_host:6080
 RANGER User = admin
 RANGER Password = [*]
-HAWQ HOST = localhost
+HAWQ HOST = hawq_master
 HAWQ PORT = 5432
 HAWQ User = gpadmin
 HAWQ Password = [***]
 HAWQ service definition was not found in Ranger Admin, creating it by 
uploading /usr/local/hawq_2_2_0_0/ranger/etc/ranger-servicedef-hawq.json
 HAWQ service instance was not found in Ranger Admin, creating it.
-Updated POLICY_MGR_URL to http://localhost:6080 in 
/usr/local/hawq_2_2_0_0/ranger/etc/rps.properties
+Updated POLICY_MGR_URL to http://ranger_host:6080 in 
/usr/local/hawq_2_2_0_0/ranger/etc/rps.properties
 Updated default value of JAVA_HOME to /usr/jdk64/jdk1.8.0_77 in 
/usr/local/hawq_2_2_0_0/ranger/etc/rps.properties
 ```

incubator-hawq-docs git commit: overview - include link to config doc, add polling prop name

2017-03-31 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/develop f9f7d151b -> bb7086214


overview - include link to config doc, add polling prop name


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/bb708621
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/bb708621
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/bb708621

Branch: refs/heads/develop
Commit: bb7086214c9d25e7ea0cf2f07294d297f90b97e7
Parents: f9f7d15
Author: Lisa Owen 
Authored: Fri Mar 31 13:26:11 2017 -0700
Committer: Lisa Owen 
Committed: Fri Mar 31 13:26:11 2017 -0700

--
 markdown/ranger/ranger-overview.html.md.erb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/bb708621/markdown/ranger/ranger-overview.html.md.erb
--
diff --git a/markdown/ranger/ranger-overview.html.md.erb 
b/markdown/ranger/ranger-overview.html.md.erb
index 55ef691..ef223e8 100644
--- a/markdown/ranger/ranger-overview.html.md.erb
+++ b/markdown/ranger/ranger-overview.html.md.erb
@@ -27,11 +27,11 @@ HAWQ supports using Apache Ranger for authorizing user 
access to HAWQ resources.
 ## Policy Management Architecture
 Each HAWQ installation includes a Ranger plug-in service to support Ranger 
Policy management. The Ranger plug-in service implements the Ranger REST API to 
bridge all requests between the Ranger Policy Manager and a HAWQ instance. 
 
-HAWQ also provides a JAR library that enables the Ranger Policy Manager to 
lookup HAWQ metadata (the names of databases, schemas, tables, and so forth) to 
populate the user interface and assist in creating new policies. This JAR uses 
a JDBC connection to HAWQ, and requires a one-time registration with the Ranger 
Policy Manager. 
+HAWQ also provides a JAR library that enables the Ranger Policy Manager to 
lookup HAWQ metadata (the names of databases, schemas, tables, and so forth) to 
populate the user interface and assist in creating new policies. This JAR uses 
a JDBC connection to HAWQ, and requires a one-time registration with the Ranger 
Policy Manager. See [Configuring HAWQ to use Ranger Policy 
Management](ranger-integration-config.html).
 
-A single configuration parameter, `hawq_acl_type` determines whether HAWQ 
defers all policy management to Ranger via the plug-in service, or whether HAWQ 
handles authorization natively using catalog tables. By default, HAWQ uses SQL 
commands to create all access policies, and the policy information is stored in 
catalog tables.  When you enable Ranger integration for policy management, any 
authorization policies that you have configured in HAWQ using SQL no longer 
apply to your installation; you must create new policies using the Ranger 
interface. See [Creating HAWQ Authorization Policies in 
Ranger](ranger-policy-creation.html)
+A single configuration parameter, `hawq_acl_type` determines whether HAWQ 
defers all policy management to Ranger via the plug-in service, or whether HAWQ 
handles authorization natively using catalog tables. By default, HAWQ uses SQL 
commands to create all access policies, and the policy information is stored in 
catalog tables.  When you enable Ranger integration for policy management, any 
authorization policies that you have configured in HAWQ using SQL no longer 
apply to your installation; you must create new policies using the Ranger 
interface. See [Creating HAWQ Authorization Policies in 
Ranger](ranger-policy-creation.html).
 
-The Ranger plug-in service caches Ranger policies locally on each HAWQ node to 
avoid unnecessary round trips between the HAWQ node and the Ranger Policy 
Manager server. You can use the configuration parameter `that` to control how 
frequently the plug-in service contacts the Ranger Policy Manager to refresh 
cached policies. See [Changing the Frequency of Policy 
Caching](ranger-integration-config.html#caching).
+The Ranger plug-in service caches Ranger policies locally on each HAWQ node to 
avoid unnecessary round trips between the HAWQ node and the Ranger Policy 
Manager server. You can use the configuration property 
`ranger.plugin.hawq.policy.pollIntervalMs` to control how frequently the 
plug-in service contacts the Ranger Policy Manager to refresh cached policies. 
See [Changing the Frequency of Policy 
Caching](ranger-integration-config.html#caching).
 
 ## Limitations of Ranger Policy Management
 Neither Kerberos authentication nor SSL encryption is supported between a HAWQ 
node and the Ranger plug-in service, or between the plug-in service and the 
Ranger Policy Manager.

incubator-hawq-docs git commit: policy doc - unique ids for sections

2017-03-29 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/feature/ranger-integration 0b8a4dbb5 -> 68c25b5b7


policy doc - unique ids for sections


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/68c25b5b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/68c25b5b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/68c25b5b

Branch: refs/heads/feature/ranger-integration
Commit: 68c25b5b77649ba8c8d24d55d2e3b6b1dca2a7a8
Parents: 0b8a4db
Author: Lisa Owen 
Authored: Wed Mar 29 16:35:44 2017 -0700
Committer: Lisa Owen 
Committed: Wed Mar 29 16:35:44 2017 -0700

--
 markdown/ranger/ranger-policy-creation.html.md.erb | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/68c25b5b/markdown/ranger/ranger-policy-creation.html.md.erb
--
diff --git a/markdown/ranger/ranger-policy-creation.html.md.erb 
b/markdown/ranger/ranger-policy-creation.html.md.erb
index 9523c77..c66f5ba 100644
--- a/markdown/ranger/ranger-policy-creation.html.md.erb
+++ b/markdown/ranger/ranger-policy-creation.html.md.erb
@@ -105,7 +105,7 @@ Ranger evaluates policies from most to least restrictive, 
searching for a policy
 Refer to the [Ranger User Guide ??apache or 
hortonworks??](https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.0/bk_Ranger_User_Guide/bk_Ranger_User_Guide-20160301.pdf)
 and [Deny-conditions and excludes in Ranger 
policies](https://cwiki.apache.org/confluence/display/RANGER/Deny-conditions+and+excludes+in+Ranger+policies)
 for detailed information on the Ranger Admin UI and Ranger policy evaluation.
 
 
-##  HAWQ Policy Definition
+##  HAWQ Policy Definition
 
 When configuring a HAWQ-Ranger authorization policy, you:
 
@@ -162,7 +162,7 @@ You may identify one or more users and/or groups to which 
to provide or deny acc
 | User | \ | The user(s) to which you want to provide or deny 
access. All users sync'd from \ or explicitly registered 
via the Ranger Admin UI are available in the picklist.  |
 
 
-  Identifying Permissions
+  Identifying Permissions
 
 You can assign users/groups the following permissions when allowing or denying 
access to specific HAWQ resources:
 
@@ -196,7 +196,7 @@ It may take a collection of policies to provide access to a 
specific HAWQ databa
 MORE HERE
 
 
-###  Wildcarding in HAWQ Policies
+###  Wildcarding in HAWQ Policies
 
 When defining a HAWQ policy, wildcarding (`*`) a leaf node resource will scope 
the policy at two levels:
 
@@ -349,7 +349,7 @@ specifying these permissions:
 | create | CREATE TABLE ... TABLESPACE |  GRANT CREATE ON \ 
TO \ |
 
 
-###  Policies for Protocol Operations
+###  Policies for Protocol Operations
 
 ??gpfdist(s) and http protocols - hawq-native or ranger? super-user?

incubator-hawq-docs git commit: move create cast w/o function to hawq-native list

2017-03-29 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/feature/ranger-integration 847a79955 -> 6ef62dabf


move create cast w/o function to hawq-native list


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/6ef62dab
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/6ef62dab
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/6ef62dab

Branch: refs/heads/feature/ranger-integration
Commit: 6ef62dabf59900aee5a12f2d683840e006c1d183
Parents: 847a799
Author: Lisa Owen 
Authored: Wed Mar 29 13:53:20 2017 -0700
Committer: Lisa Owen 
Committed: Wed Mar 29 13:53:30 2017 -0700

--
 markdown/ranger/ranger-policy-creation.html.md.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/6ef62dab/markdown/ranger/ranger-policy-creation.html.md.erb
--
diff --git a/markdown/ranger/ranger-policy-creation.html.md.erb 
b/markdown/ranger/ranger-policy-creation.html.md.erb
index f3b73f6..9523c77 100644
--- a/markdown/ranger/ranger-policy-creation.html.md.erb
+++ b/markdown/ranger/ranger-policy-creation.html.md.erb
@@ -54,6 +54,7 @@ HAWQ *always* employs its native authorization for operations 
on its catalog. HA
 
 - operations on HAWQ catalog
 - HAWQ catalog-related built-in functions
+- `CREATE CAST` command when function is NULL
 - `CREATE DATABASE`, `DROP DATABASE`, `createdb`, `dropdb`
 - `hawq filespace`
 - `CREATE`, `DROP`, or `ALTER` commands for resource queues
@@ -71,7 +72,6 @@ When Ranger is enabled, HAWQ-Ranger authorization is employed 
for access to user
 
 In cases where an operation requires super-user privileges, HAWQ first 
performs a super-user check, then requests the Ranger access check. Those 
operations requiring super-user checks include:
 
-- `CREATE CAST` command when function is NULL
 - `CREATE`, `DROP`, or `ALTER` commands that involve a foreign-data wrapper
 - `CREATE LANGUAGE`, `DROP LANGUAGE` for non-built-in languages
 - `CREATE FUNCTION` command for untrusted languages.

incubator-hawq-docs git commit: hawq state ref page - add ranger status to info

2017-03-28 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/feature/ranger-integration d981a9596 -> a886ae32c


hawq state ref page - add ranger status to info


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/a886ae32
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/a886ae32
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/a886ae32

Branch: refs/heads/feature/ranger-integration
Commit: a886ae32c93c1130fd1611254ddd656c3dd783ff
Parents: d981a95
Author: Lisa Owen 
Authored: Tue Mar 28 16:04:50 2017 -0700
Committer: Lisa Owen 
Committed: Tue Mar 28 16:04:50 2017 -0700

--
 markdown/reference/cli/admin_utilities/hawqstate.html.md.erb | 1 +
 1 file changed, 1 insertion(+)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/a886ae32/markdown/reference/cli/admin_utilities/hawqstate.html.md.erb
--
diff --git a/markdown/reference/cli/admin_utilities/hawqstate.html.md.erb 
b/markdown/reference/cli/admin_utilities/hawqstate.html.md.erb
index e56ecd1..a8c505f 100644
--- a/markdown/reference/cli/admin_utilities/hawqstate.html.md.erb
+++ b/markdown/reference/cli/admin_utilities/hawqstate.html.md.erb
@@ -43,6 +43,7 @@ The `hawq state` utility displays information about a running 
HAWQ instance. A H
 -   Master and segment configuration information (hosts, data directories, 
etc.).
 -   The ports used by the system.
 -   Whether a standby master is present, and if it is active.
+-   Whether Ranger authorization is enabled for HAWQ, and if so, the status of 
the HAWQ Ranger Plug-in Service.
 
 ## Options

incubator-hawq-docs git commit: initial checkin of policy doc; includes referenced img

2017-03-28 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/feature/ranger-integration 70693401a -> d981a9596


initial checkin of policy doc; includes referenced img


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/d981a959
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/d981a959
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/d981a959

Branch: refs/heads/feature/ranger-integration
Commit: d981a95960b1b06879aa1e47e6e394d0ed40352b
Parents: 7069340
Author: Lisa Owen 
Authored: Tue Mar 28 15:48:44 2017 -0700
Committer: Lisa Owen 
Committed: Tue Mar 28 15:48:44 2017 -0700

--
 markdown/images/hawqpolicydetails.png   | Bin 0 -> 165359 bytes
 .../ranger/ranger-policy-creation.html.md.erb   | 486 +++
 2 files changed, 486 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/d981a959/markdown/images/hawqpolicydetails.png
--
diff --git a/markdown/images/hawqpolicydetails.png 
b/markdown/images/hawqpolicydetails.png
new file mode 100644
index 000..4c7945f
Binary files /dev/null and b/markdown/images/hawqpolicydetails.png differ

http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/d981a959/markdown/ranger/ranger-policy-creation.html.md.erb
--
diff --git a/markdown/ranger/ranger-policy-creation.html.md.erb 
b/markdown/ranger/ranger-policy-creation.html.md.erb
index 16573fb..f3b73f6 100644
--- a/markdown/ranger/ranger-policy-creation.html.md.erb
+++ b/markdown/ranger/ranger-policy-creation.html.md.erb
@@ -20,3 +20,489 @@ KIND, either express or implied.  See the License for the
 specific language governing permissions and limitations
 under the License.
 -->
+
+Ranger secures your Hadoop services, providing a centralized console to manage 
user access to the data in your HAWQ cluster.
+
+Native HAWQ authorization provides SQL standard authorization at the database 
and table level for specific users/roles using `GRANT` and `REVOKE` SQL 
commands. HAWQ integration with Ranger provides policy-based authorization, 
enabling you to identify the conditions under which a user and/or group can 
access individual HAWQ resources, including the operations permitted on those 
resources. 
+
+**Note**: The HAWQ `GRANT` and `REVOKE` operations are not permitted when 
Ranger authorization is enabled for HAWQ; you must configure all user and 
object access through Ranger policies.
+
+You will configure HAWQ-Ranger authorization through the Ranger Administrative 
UI, which you can access at `http://:6080`.
+
+
+## User/Role Mapping
+
+When configuring your HAWQ cluster, you identify the HAWQ database objects to 
which you want specific users to have access. This configuration is required 
for both HAWQ-Native and HAWQ-Ranger authorization. 
+
+You create HAWQ users with the `createuser` command line utility or `CREATE 
ROLE` SQL command. These HAWQ users may or may not reflect an underlying 
operating system user.
+
+Ranger includes a `UserSync` process to synchronize users and groups on the 
\. You can sync users and groups from the operating system 
(default), a file, or from LDAP/AD services. Once the sync source is 
identified, Ranger `UserSync` automatically detects new users provisioned on 
the \.
+
+If your HAWQ cluster includes HAWQ-only roles (i.e. roles with no associated 
OS user), you must manually configure a Ranger user for each such role. You 
would use the Ranger Admin UI **Settings > Users/Groups** page for this purpose.
+
+
+
+## HAWQ Authorization
+
+
+###  pg_hba.conf
+The `pg_hba.conf` file on the HAWQ master node identifies the users you permit 
to access the HAWQ cluster, and the hosts from which the access may be 
initiated. This authentication is the first line of defense for both 
HAWQ-Native and HAWQ-Ranger authorization.
+
+
+###  HAWQ-Native Authorization
+HAWQ *always* employs its native authorization for operations on its catalog. 
HAWQ also uses only native authorization for the following HAWQ operations, 
*even when Ranger is enabled*. These operations are available to superusers and 
may be available those non-admin users to which access was specifically 
configured:
+
+- operations on HAWQ catalog
+- HAWQ catalog-related built-in functions
+- `CREATE DATABASE`, `DROP DATABASE`, `createdb`, `dropdb`
+- `hawq filespace`
+- `CREATE`, `DROP`, or `ALTER` commands for resource queues
+- `CREATE ROLE`, `DROP ROLE`, `SET ROLE`, `createuser`, `dropuser`
+- `CREATE TABLESPACE`, `DROP TABLESPACE` (Ranger does manage authorization for 
creating tables and

incubator-hawq-docs git commit: identify hawq service def in place after run enable script

2017-03-27 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/feature/ranger-integration 458524cc7 -> d84723fae


identify hawq service def in place after run enable script


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/d84723fa
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/d84723fa
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/d84723fa

Branch: refs/heads/feature/ranger-integration
Commit: d84723fae8eec60ec62bf9f9cd0ddce61674cabd
Parents: 458524c
Author: Lisa Owen 
Authored: Mon Mar 27 09:07:27 2017 -0700
Committer: Lisa Owen 
Committed: Mon Mar 27 09:07:27 2017 -0700

--
 markdown/ranger/ranger-integration-config.html.md.erb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/d84723fa/markdown/ranger/ranger-integration-config.html.md.erb
--
diff --git a/markdown/ranger/ranger-integration-config.html.md.erb 
b/markdown/ranger/ranger-integration-config.html.md.erb
index 2031fae..6a6a4b3 100644
--- a/markdown/ranger/ranger-integration-config.html.md.erb
+++ b/markdown/ranger/ranger-integration-config.html.md.erb
@@ -63,14 +63,14 @@ The following procedures describe each configuration 
activity.
 enable-ranger-plugin.sh -r : -u 
 -p  -h : -w  
-q 
 ```
 
-Log in to the HAWQ master node as the `gpadmin` user and execute the 
`enable-ranger-plugin.sh` script. For example:
+Log in to the HAWQ master node as the `gpadmin` user and execute the 
`enable-ranger-plugin.sh` script. Ensure \ identifies the fully 
qualified domain name of the HAWQ master node. For example:
 
 ``` bash
 gpadmin@master$ cd /usr/local/hawq/ranger/bin
 gpadmin@master$ ./enable-ranger-plugin.sh -r ranger_host:6080 -u admin -p 
admin -h hawq_master:5432 -w gpadmin -q gpadmin
 ```
-
-Ensure \ identifies the fully qualified domain name of the 
HAWQ master node.
+
+When the script completes, the default HAWQ service definition is 
registered in the Ranger Admin UI. This service definition is named `hawq`.
 
 6. Edit the `pg_hba.conf` file on the HAWQ master node to configure HAWQ 
access for \ on the \. For example, you would 
add an entry similar to the following for the example `enable-ranger-plugin.sh` 
call above:

incubator-hawq-docs git commit: add warning to enable/disable

2017-03-25 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/feature/ranger-integration b3511b36e -> 458524cc7


add warning to enable/disable


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/458524cc
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/458524cc
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/458524cc

Branch: refs/heads/feature/ranger-integration
Commit: 458524cc785c4668a90abdac3107f79b5966296c
Parents: b3511b3
Author: Lisa Owen 
Authored: Sat Mar 25 16:55:13 2017 -0700
Committer: Lisa Owen 
Committed: Sat Mar 25 16:55:13 2017 -0700

--
 markdown/ranger/ranger-integration-config.html.md.erb | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/458524cc/markdown/ranger/ranger-integration-config.html.md.erb
--
diff --git a/markdown/ranger/ranger-integration-config.html.md.erb 
b/markdown/ranger/ranger-integration-config.html.md.erb
index 34e1536..2031fae 100644
--- a/markdown/ranger/ranger-integration-config.html.md.erb
+++ b/markdown/ranger/ranger-integration-config.html.md.erb
@@ -87,7 +87,11 @@ The following procedures describe each configuration 
activity.
 7. To validate connectivity between Ranger and HAWQ, access the Ranger Admin 
UI in Ambari, click the edit icon associated with the `hawq` service 
definition. Ensure that the Active Status is set to Enabled, and click the 
**Test Connection** button. You should receive a message that Ranger connected 
succesfully.  If it fails to connect, edit your HAWQ connectivity properties 
directly in the Ranger Admin UI and re-test the connection.
 
 
-## Step 2: Configure HAWQ to Use Ranger Policy Management
+## Step 2: Configure HAWQ to Use Ranger Policy Management
+
+The default Ranger service definition for HAWQ assigns the HAWQ user 
(typically `gpadmin`) all privileges to all objects. 
+
+**Warning**: If you enable HAWQ-Ranger authorization with only the default 
HAWQ service policies defined, other HAWQ users will have no privileges, even 
for HAWQ objects (databases, tables) that they own.
 
 1. Select the **HAWQ** Service, and then select the **Configs** tab.
 2. Select the **Advanced** tab, and then expand **Custom hawq-site**.

incubator-hawq-docs git commit: move some config info from policy to integ doc

2017-03-25 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/feature/ranger-integration b479fcfe0 -> b3511b36e


move some config info from policy to integ doc


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/b3511b36
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/b3511b36
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/b3511b36

Branch: refs/heads/feature/ranger-integration
Commit: b3511b36e07c8053d16ba99efc666302335e06fb
Parents: b479fcf
Author: Lisa Owen 
Authored: Sat Mar 25 16:41:35 2017 -0700
Committer: Lisa Owen 
Committed: Sat Mar 25 16:41:35 2017 -0700

--
 markdown/ranger/ranger-integration-config.html.md.erb | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/b3511b36/markdown/ranger/ranger-integration-config.html.md.erb
--
diff --git a/markdown/ranger/ranger-integration-config.html.md.erb 
b/markdown/ranger/ranger-integration-config.html.md.erb
index b0684ec..34e1536 100644
--- a/markdown/ranger/ranger-integration-config.html.md.erb
+++ b/markdown/ranger/ranger-integration-config.html.md.erb
@@ -19,7 +19,17 @@ software distributed under the License is distributed on an
 KIND, either express or implied.  See the License for the
 specific language governing permissions and limitations
 under the License.
--->
+-->
+
+Your HAWQ 2.2.0 installation includes the following HAWQ-related Ranger 
components:
+
+- Ranger Administrative UI
+- HAWQ Ranger Plug-in Service
+
+The Ranger Administrative UI is installed when you install HDP. You configure 
the Ranger service itself through Ambari. You configure HAWQ-Ranger 
authorization policies through the Ranger Administrative UI, which you can 
access at `http://:6080`. 
+
+Installing or upgrading to HAWQ 2.2.0 installs the HAWQ Ranger Plug-in 
Service, but neither configures nor registers the plug-in.  
+
 In order to use Ranger for managing HAWQ authentication events, you must first 
install and register several HAWQ JAR files on the Ranger Administration host. 
This is a one-time configuration that establishes connectivity to your HAWQ 
cluster from the Ranger Administration host. After you have installed the JAR 
files, you enable or disable Ranger integration in HAWQ by setting the 
`hawq_acl_type` configuration parameter.
 
 The following procedures describe each configuration activity.

incubator-hawq-docs git commit: add pg_hba.conf config for ranger node, formatting updates

2017-03-25 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/feature/ranger-integration 72203286c -> b479fcfe0


add pg_hba.conf config for ranger node, formatting updates


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/b479fcfe
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/b479fcfe
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/b479fcfe

Branch: refs/heads/feature/ranger-integration
Commit: b479fcfe0f156222ae3505cf8c2889346336f900
Parents: 7220328
Author: Lisa Owen 
Authored: Sat Mar 25 15:39:34 2017 -0700
Committer: Lisa Owen 
Committed: Sat Mar 25 15:39:34 2017 -0700

--
 .../ranger-integration-config.html.md.erb   | 64 ++--
 1 file changed, 44 insertions(+), 20 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/b479fcfe/markdown/ranger/ranger-integration-config.html.md.erb
--
diff --git a/markdown/ranger/ranger-integration-config.html.md.erb 
b/markdown/ranger/ranger-integration-config.html.md.erb
index afc78e8..b0684ec 100644
--- a/markdown/ranger/ranger-integration-config.html.md.erb
+++ b/markdown/ranger/ranger-integration-config.html.md.erb
@@ -25,33 +25,57 @@ In order to use Ranger for managing HAWQ authentication 
events, you must first i
 The following procedures describe each configuration activity.
 
 ## Step 1: Install Ranger Connectivity to HAWQ
-1. `ssh` into the Ranger Administration host as a user with root privileges:
-``` bash
-$ ssh root@
-root@ranger-admin-host$
-```
-2. Create the directory for the HAWQ JAR files:
+1. `ssh` into the Ranger Administration host as a user with root privileges:
+
 ``` bash
-root@ranger-admin-host$ cd 
/usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/classes/ranger-plugins
-root@ranger-admin-host$ mkdir hawq
+$ ssh root@
+root@ranger-admin-node$ 
 ```
-3. Copy the necessary HAWQ JAR files (`postgresql-9.1-901-1.jdbc4.jar` and 
`ranger-plugin-admin-2.2.0.0.jar`) from a HAWQ node to the new directory:
+2. Create the directory for the HAWQ JAR files:
+
 ``` bash
-root@ranger-admin-host$ scp :/usr/local/hawq/ranger/lib/*.jar 
./hawq
+root@ranger-admin-node$ cd 
/usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/classes/ranger-plugins
+root@ranger-admin-node$ mkdir hawq
 ```
-4. Change the ownership of the new folder and JAR files to the `ranger` user:
+3. Copy the necessary HAWQ JAR files (`postgresql-9.1-901-1.jdbc4.jar` and 
`ranger-plugin-admin-2.2.0.0.jar`) from the HAWQ master node to the new 
directory:
+
 ``` bash
-root@ranger-admin-host$ chown -R ranger:ranger hawq
+root@ranger-admin-node$ scp :/usr/local/hawq/ranger/lib/*.jar 
./hawq
 ```
-5. From a HAWQ node as the `gpadmin` user, execute the 
`enable-ranger-plugin.sh` script to configure connectivity to your HAWQ 
cluster. The command has the syntax:
+4. Change the ownership of the new folder and JAR files to the `ranger` user:
+
 ``` bash
-/usr/local/hawq/ranger/bin/enable-ranger-plugin.sh -r 
: -u  -p  -h 
: -w  -q 
+root@ranger-admin-node$ chown -R ranger:ranger hawq
 ```
-   For example:
-   ``` bash
-   gpadmin@hawq-node$ /usr/local/hawq/ranger/bin/enable-ranger-plugin.sh -r 
ranger_host:6080 -u admin -p admin -h hawq_host:5432 -w gpadmin -q gpadmin
-   ```
-6. To validate connectivity between Ranger and HAWQ, access the Ranger Admin 
UI in Ambari and select the HAWQ service.  Ensure that the Active Status is set 
to Enabled, and click `Test Connection`. You should receive a message that 
Ranger connected succesfully.  If it fails to connect, edit your HAWQ 
connectivity properties directly in the Ranger Admin UI re-test the connection.
+5. The `enable-ranger-plugin.sh` script configures Ranger connectivity to your 
HAWQ cluster. The command has the syntax:
+
+``` pre
+enable-ranger-plugin.sh -r : -u 
 -p  -h : -w  
-q 
+```
+
+Log in to the HAWQ master node as the `gpadmin` user and execute the 
`enable-ranger-plugin.sh` script. For example:
+
+``` bash
+gpadmin@master$ cd /usr/local/hawq/ranger/bin
+gpadmin@master$ ./enable-ranger-plugin.sh -r ranger_host:6080 -u admin -p 
admin -h hawq_master:5432 -w gpadmin -q gpadmin
+```
+
+Ensure \ identifies the fully qualified domain name of the 
HAWQ master node.
+
+6. Edit the `pg_hba.conf` file on the HAWQ master node to configure HAWQ 
access for \ on the \. For example, you would 
add an entry similar to the following for the example `enable-ranger-plugin.sh` 
call above:
+
+``` bash
+host  all gpadminranger_host/32   trust

incubator-hawq-docs git commit: add title: keyword to titles

2017-03-22 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/feature/ranger-integration 0eb9661ad -> db0d4ca3e


add title: keyword to titles


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/db0d4ca3
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/db0d4ca3
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/db0d4ca3

Branch: refs/heads/feature/ranger-integration
Commit: db0d4ca3e70c9c972c68a92cad86072d14f154a4
Parents: 0eb9661
Author: Lisa Owen 
Authored: Wed Mar 22 10:28:49 2017 -0700
Committer: Lisa Owen 
Committed: Wed Mar 22 10:28:49 2017 -0700

--
 markdown/ranger/ranger-auditing.html.md.erb   | 2 +-
 markdown/ranger/ranger-integration-config.html.md.erb | 4 ++--
 markdown/ranger/ranger-overview.html.md.erb   | 2 +-
 markdown/ranger/ranger-policy-creation.html.md.erb| 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/db0d4ca3/markdown/ranger/ranger-auditing.html.md.erb
--
diff --git a/markdown/ranger/ranger-auditing.html.md.erb 
b/markdown/ranger/ranger-auditing.html.md.erb
index 63d8db2..cc0cd14 100644
--- a/markdown/ranger/ranger-auditing.html.md.erb
+++ b/markdown/ranger/ranger-auditing.html.md.erb
@@ -1,5 +1,5 @@
 ---
-Auditing Authorization Events
+title: Auditing Authorization Events
 ---

incubator-hawq-docs git commit: update step identifiers to b and c

2017-03-10 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/develop 8a8bb7137 -> 5206950f4


update step identifiers to b and c


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/5206950f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/5206950f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/5206950f

Branch: refs/heads/develop
Commit: 5206950f474dfa4974e57a46abfb310a64900204
Parents: 8a8bb71
Author: Lisa Owen 
Authored: Fri Mar 10 12:47:27 2017 -0800
Committer: Lisa Owen 
Committed: Fri Mar 10 13:33:05 2017 -0800

--
 markdown/admin/ambari-admin.html.md.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/5206950f/markdown/admin/ambari-admin.html.md.erb
--
diff --git a/markdown/admin/ambari-admin.html.md.erb 
b/markdown/admin/ambari-admin.html.md.erb
index 901840a..ba69a7d 100644
--- a/markdown/admin/ambari-admin.html.md.erb
+++ b/markdown/admin/ambari-admin.html.md.erb
@@ -403,7 +403,7 @@ There may be circumstances, such as during dynamic cluster 
expansion, when you m
 gpadmin@master$ hawq config -c  -v 
 ```
 
-Perform Steps 2 and 3 for each configuration parameter you set or 
updated via Ambari.
+Perform Steps b and c for each configuration parameter you set or 
updated via Ambari.
 
 3. Reload the HAWQ configuration; this operation does not restart the cluster:

incubator-hawq-docs git commit: fix typeo

2017-02-22 Thread lisao

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/develop c277b272d -> 31fa58542


fix typeo


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/31fa5854
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/31fa5854
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/31fa5854

Branch: refs/heads/develop
Commit: 31fa5854202f2883c804c8ca295ecb10ab42581a
Parents: c277b27
Author: Lisa Owen 
Authored: Wed Feb 22 09:44:15 2017 -0800
Committer: Lisa Owen 
Committed: Wed Feb 22 09:47:07 2017 -0800

--
 markdown/reference/cli/admin_utilities/hawqregister.html.md.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/31fa5854/markdown/reference/cli/admin_utilities/hawqregister.html.md.erb
--
diff --git a/markdown/reference/cli/admin_utilities/hawqregister.html.md.erb 
b/markdown/reference/cli/admin_utilities/hawqregister.html.md.erb
index a89d2e9..b5711f3 100644
--- a/markdown/reference/cli/admin_utilities/hawqregister.html.md.erb
+++ b/markdown/reference/cli/admin_utilities/hawqregister.html.md.erb
@@ -58,7 +58,7 @@ The client machine where `hawq register` is executed must 
meet the following con
 
 ## Description
 
-`hawq register` is a utility that loads and registers existing data files or 
folders in HDFS into HAWQ internal tables, allowing HAWQ to directly read the 
data and use internal table processing for operations such as transactions and 
high perforance, without needing to load or copy it. Data from the file or 
directory specified by \ is loaded into the appropriate HAWQ 
table directory in HDFS and the utility updates the corresponding HAWQ metadata 
for the files. 
+`hawq register` is a utility that loads and registers existing data files or 
folders in HDFS into HAWQ internal tables, allowing HAWQ to directly read the 
data and use internal table processing for operations such as transactions and 
high performance, without needing to load or copy it. Data from the file or 
directory specified by \ is loaded into the appropriate HAWQ 
table directory in HDFS and the utility updates the corresponding HAWQ metadata 
for the files. 
 
 You can use `hawq register` to:

incubator-hawq-docs git commit: create external table - correct formatting error

incubator-hawq-docs git commit: pxf jdbc profile - enhance INTERVAL discussion

incubator-hawq-docs git commit: use ANALYZE command, not operation

incubator-hawq-docs git commit: remove graffle files

incubator-hawq-docs git commit: policy doc - built-in func warning, revise hdfs/hive considers

incubator-hawq-docs git commit: hawq_rm_return_percent_on_overcommit clarification

incubator-hawq-docs git commit: update rps port value range to valid port number

incubator-hawq-docs git commit: update plugin output to use hosts from invocation

incubator-hawq-docs git commit: overview - include link to config doc, add polling prop name

incubator-hawq-docs git commit: policy doc - unique ids for sections

incubator-hawq-docs git commit: move create cast w/o function to hawq-native list

incubator-hawq-docs git commit: hawq state ref page - add ranger status to info

incubator-hawq-docs git commit: initial checkin of policy doc; includes referenced img

incubator-hawq-docs git commit: identify hawq service def in place after run enable script

incubator-hawq-docs git commit: add warning to enable/disable

incubator-hawq-docs git commit: move some config info from policy to integ doc

incubator-hawq-docs git commit: add pg_hba.conf config for ranger node, formatting updates

incubator-hawq-docs git commit: add title: keyword to titles

incubator-hawq-docs git commit: update step identifiers to b and c

incubator-hawq-docs git commit: fix typeo

20 matches

Site Navigation

Mail list logo

Footer information