...
JDK 7+ needs to be installed.
- MySQL (5.6+) or ORACLE DB (11g+) for Policy/Audit DB.
- DB server can be installed on the same host. Or Ranger services need to have access to DB server host
- For production, ensure appropriate capacity planning is done for the database size
- Maven. If not installed, please follow below steps
wget http://mirrors.gigenet.com/apache/maven/maven-3/3.0.5/binaries/apache-maven-3.0.5-bin.tar.gz
su -c "tar -zxvf apache-maven-3.0.5-bin.tar.gz -C /opt/"
su -c "vi /etc/profile.d/maven.sh" # Add the following lines to maven.sh
export M2_HOME=/opt/apache-maven-3.0.5
export M2=$M2_HOME/bin
export PATH=$M2:$PATH
Now test your install of Maven. Logout of the system and then log back into it. Enter the following command:
- mvn -version
- Ranger Admin process requires approximately 1.5GB of RAM
Building Ranger from source:
...
Install/Configure Ranger Admin:
What is done here?
- Ranger Admin bits are laid out
- Database and database users for Ranger Admin policy store and Ranger Audit database are created.
- Ranger Admin properties are configured
- Ranger Admin startup service files are created and updated
Steps
Lay down the binaries into appropriate places.
cd /usr/local
sudo tar zxf ~/dev/ranger/target/ranger-0.4.0-admin.tar.gz
- sudo ln -s ranger-0.4.0-admin ranger-admin
- Open cd ranger-admin and open install.properties using your text editor (e.g. vi install.properties in ranger root folder)
- Verify the root password that you had picked while installing mysql. I had chosen root so the relevant section in my install.properties file looks as follows
- db_root_user=root
- db_root_password=root
db_host=localhost
- The install process would create a couple of users in the database for storing administration and audit information, pick passwords for those too. With my choices here’s how the relevant sections in the install.properties file look now.
- # DB UserId used for the XASecure information Ranger Policy Store schema
# - db_name=ranger
- db_user=rangeradmin
- db_password=rangeradmin
- # DB UserId for storing auditlog infromation
- #
- audit_db_name=ranger
- audit_db_user=rangerlogger
- audit_db_password=rangerlogger
- # DB UserId used for the XASecure information Ranger Policy Store schema
- Ranger allows you to get different authentication modes but for now let’s just leave rest of the things in install.properties file as they are.
Once all the required properties are updated, execute the below scripts to install ranger admin service.
Execute : ./setup.sh
Execute : ./set_globals.shCreate a valid symlink in /usr/bin/ for start/stop of ranger admin
cd /usr/bin
ln -sf /usr/local/ranger-admin/ews/start-ranger-admin.sh ranger-admin-start
ln -sf /usr/local/ranger-admin/ews/stop-ranger-admin.sh ranger-admin-stopUpdate ranger-admin service file to link to the start and stop scripts
vim /etc/init.d/ranger-admin ( Update the Start and Stop commands to point to the created symlinks )Start the Ranger Admin
service ranger-admin startYou can verify by visiting the external URL of the server using browser, for example :
http://<Host Address>:6080/- Logs are in ews/logs folder. The path is relative to where you have installed ranger-admin. Check xa_portal.log and catalina.out files for ERROR and WARN log messages
Install/Configure Ranger User Sync:
- Start by extracting out binaries at the appropriate place.
cd /usr/local
sudo tar zxf ~/dev/ranger/target/ranger-0.4.0-usersync.tar.gz
sudo ln -s ranger-0.4.0-usersync ranger-usersync
sudo mkdir -p /var/log/ranger-usersync
sudo chown ranger /var/log/ranger-usersync; sudo chgrp ranger /var/log/ranger-usersync
cd ranger-usersync - Now let’s edit the install.properties file. Here are the relevant lines that you should edit:
POLICY_MGR_URL=http://localhost:6080
SYNC_SOURCE=unix
logdir=/var/log/ranger/usersync - Now install the usersync by running the setup command
export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-amd64 ./setup.sh create a valid symlink in /usr/bin/ for start/stop of ranger usersync
cd /usr/bin
ln -sf /usr/local/ranger-usersync/start.sh ranger-usersync-start
ln -sf /usr/local/ranger-admin/ews/stop.sh ranger-usersync-stopupdate ranger-usersync service file to link to the start and stop scripts
vim /etc/init.d/ranger-usersync ( Update the Start and Stop commands to point to the created symlinks )
Start the Ranger Usersync
service ranger-usersync startYou can verify by looking at the users tab in Ranger Admin. Unix host users should be sync'ed to ranger.
- Logs are in logs folder. It is relative to the location where ranger-usersync was installed. Look for usersync.log file for User Sync related errors and auth.log for remote login errors.
...