...
Install/Configure Ranger HBase Plugin:
Ranger HBase plugin integrates with HBase to enforce authorization policies. To verify that, first Apache HBase needs to be installed. If not already installed, follow below steps. Ranger will work only with HBase version 0.99.2 or above.
- Build Hbase > 0.99.2 (0.99.2RC0 is used for this document)
- cd ~/dev && mkdir hbase-trunk && cd hbase-trunk/
- git clone https://github.com/apache/hbase.git
- cd hbase && git checkout 0.99.2RC0
- mvn clean compile install package -DskipTests=true assembly:single
- Untar the build Hbase assembly to /usr/local directory
- cd /usr/local && cp /root/dev/hbase-trunk/hbase/hbase-assembly/target/hbase-0.99.2-bin.tar.gz .
- tar xzf hbase-0.99.2-bin.tar.gz
- sudo ln -s hbase-0.99.2 hbase
- cd hbase
- Now follow the instructions in Apache HBase site to configure in Pseudo mode. http://hbase.apache.org/book/getting_started.html
Now let's follow the below steps to install/configure Ranger HBase plugin.
- Start by extracting binaries at the appropriate place.
cd /usr/local
sudo tar zxf ~/dev/ranger/target/ranger-0.4.0-hbase-plugin.tar.gz
sudo ln -s ranger-0.4.0-hbase-plugin ranger-hbase-plugin
cd ranger-hbase-plugin - Now let’s edit the install.properties file. Here are the relevant lines that you should edit:
POLICY_MGR_URL=http://localhost:6080
REPOSITORY_NAME=hbasedev
XAAUDIT.DB.HOSTNAME=localhost
XAAUDIT.DB.DATABASE_NAME=ranger
XAAUDIT.DB.USER_NAME=rangerlogger
XAAUDIT.DB.PASSWORD=rangerlogger - Now enable the hbase-plugin by running the enable-hbase-plugin.sh command (Remember to set JAVA_HOME)
cd /usr/local/ranger-hbase-plugin
./enable-hbase-plugin.sh - Now edit the xasecure-audit.xml file.
- cd /usr/local/hbase/conf
- Change the xasecure-audit.xml file. Make sure the JDBC properties are correct.
<property> <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name>
<value>jdbc:mysql://localhost/ranger</value>
</property>
<property>
<name>xasecure.audit.jpa.javax.persistence.jdbc.user</name>
<value>rangerlogger</value>
</property>
<property> <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name>
<value>rangerlogger</value>
</property> - Once these changes are done Restart HBase. This should start the association of ranger-hbase-plugin with HBase.
- You can verify by logging into the Ranger Admin Web interface -> Audit Tab -> Agents
...
Install/Configure Ranger Knox Plugin:
...
Ranger Knox plugin integrates with Knox to enforce authorization policies. To verify that, first Apache Knox needs to be installed. If not already installed, follow below steps.
Let’s download and install apache Knox from Apache Mirrors. http://mirrors.koehn.com/apache/knox/0.5.0/
cd /usr/local
sudo tar zxf ~/dev/knox-0.5.0.tar.gz
sudo ln -s knox-0.5.0 knox
cd knox- Now follow the instructions in Apache Knox site to configure Knox Gateway/LDAP. Knox Install Instructions
Now let's follow the below steps to install/configure Ranger Knox plugin.
- Start by extracting binaries at the appropriate place.
cd /usr/local
sudo tar zxf ~/dev/ranger/target/ranger-0.4.0-knox-plugin.tar.gz
sudo ln -s ranger-0.4.0-knox-plugin ranger-knox-plugin
cd ranger-knox-plugin - Now let’s edit the install.properties file. Here are the relevant lines that you should edit:
POLICY_MGR_URL=http://localhost:6080
REPOSITORY_NAME=knoxdev
KNOX_HOME=/usr/local/knox
XAAUDIT.DB.HOSTNAME=localhost
XAAUDIT.DB.DATABASE_NAME=ranger
XAAUDIT.DB.USER_NAME=rangerlogger
XAAUDIT.DB.PASSWORD=rangerlogger - Now enable the knox-plugin by running the enable-knox-plugin.sh command (Remember to set JAVA_HOME)
cd /usr/local/ranger-knox-plugin
./enable-knox-plugin.sh - Now edit the xasecure-audit.xml file.
- cd /usr/local/knox/conf
- Change the xasecure-audit.xml file. Make sure the JDBC properties are correct.
<property> <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name>
<value>jdbc:mysql://localhost/ranger</value>
</property>
<property>
<name>xasecure.audit.jpa.javax.persistence.jdbc.user</name>
<value>rangerlogger</value>
</property>
<property> <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name>
<value>rangerlogger</value>
</property> - Once these changes are done Restart Knox (Gateway/LDAP). This should start the association of ranger-knox-plugin with Knox.
- You can verify by logging into the Ranger Admin Web interface -> Audit Tab -> Agents
Install/Configure Ranger Storm Plugin:
...