Table of Contents | ||||
---|---|---|---|---|
|
...
Overview
This document details the steps involved in Installing latest version of Apache Incubator Ranger independently on RHEL / Ubuntu / SUSE / Debian OS.
Ranger Admin support on Apache Components
Component name | Version | Reference |
---|---|---|
HDFS | 2.7.0 | https://hadoop.apache.org/releases.html |
HIVE | 1.2.0 | https://hive.apache.org/downloads.html |
HBase | 1.1.0.1 | http://hbase.apache.org/ |
Knox | 0.6.0 | https://knox.apache.org/ |
Storm | 0.10.0beta1 | https://storm.apache.org/downloads.html |
Yarn | 2.7.0 | http://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/YARN.html |
Zookeeper | 3.4.6 | https://zookeeper.apache.org/releases.html |
Prerequisites
...
Installation of Ranger includes the following. Plan to install and configure in the same order.
Ranger Admin Portal - This is the UI portal and RESTful server for managing policies, users and groups. It also contains the UI interface for Audit queries and adhoc reports.
Ranger UserSync - This is a standalone server with dual purpose. It is used to synchronize the users/groups from Unix system or LDAP into RangerAdmin. This standalone process can be also used as an authentication server for RangerAdmin to use the linux user/password for login into RangerAdmin.
Ranger KMS - This service provides key management for Hadoop HDFS Encryption (TDE). It is highly scalable and provides access control and auditing. This service is optional and only needed if you are planning to use HDFS TDE.
Component Plugins - Ranger provides authorization and auditing for the following Apache projects. Apache Ranger version 0.5.x is compatible with only the component versions mentioned below. You need to install and enable the plugins for only does components you want enable Ranger Authorization and Auditing.
Component name | Version | Reference |
---|---|---|
HDFS | 2.7.0 | https://hadoop.apache.org/releases.html |
HIVE | 1.2.0 | https://hive.apache.org/downloads.html |
HBase | 1.1.0.1 | http://hbase.apache.org/ |
Knox | 0.6.0 | http://knox.apache.org/ |
Solr | 5.2.1 | http://lucene.apache.org/solr/ |
Storm | 0.10.0beta1 | https://storm.apache.org/downloads.html |
YARN | 2.7.0 | http://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/YARN.html |
Dependent Services: Refer to Prerequisites section
Prerequisites
Product | Vendors | Purpose |
---|---|---|
JDK | OpenJDK 1.7 SunJDK 1.7 | Run RangerAdmin and RangerKMS |
RDBMS | MySQL 5.7+ Oracle - latest Postgres - latest SQL Server - latest |
|
Solr | Apache Solr - 5.2.1+ |
|
HDFS | Apache HDFS - 2.7+ |
|
Kerberos | MIT Microsoft AD | Even though not mandatory for installing and using Ranger, it is strongly recommended to enable Kerberos in your Hadoop. This ensures all requests are authenticated, which is very important for authorization and auditing. Without Kerberos, users would you be able to impersonate other users and workaround any authorization policies |
Installation Instructions
Since Apache Ranger is still an incubating project, binary distribution is still not available. To install Apache Ranger, you will need to build from source. The below instructions is to build on RHEL or CentOS 6+ Linux server.
Preparing to install
You need to login as root or will need "sudo" access to install some of the build tools.
Install Maven
Required to build the project
Code Block | ||
---|---|---|
| ||
cd /usr/local
# Download maven latest distribution tar from apache maven site
# https://maven.apache.org/download.cgi
tar -xvf apache-maven-<Version>-bin.tar.gz
export M2_HOME=/usr/local/apache-maven-<Version>
export M2=$M2_HOME/bin
export PATH=$M2:$PATH
#Now to test your install of Maven, enter the following command
mvn -version |
Install git
Required to download the source code from Apache Ranger git repository
Code Block | ||
---|---|---|
| ||
yum install git |
Install gcc
This is optional and required if you are using your Linux /etc/passwd to authenticate to login into Ranger Admin. It is not required if you are using RangerAdmin local user/password or LDAP for authentication.
Code Block | ||
---|---|---|
| ||
yum install gcc |
Install MySQL
Ranger support MySQL, Oracle, MS SQL and PostGress RDBMS. Please refer to official installation from the vendor site. This section gives quick instructions about how to install MySQL. For full detail please refer to http://dev.mysql.com/doc/mysql-yum-repo-quick-guide/en.
If you using RedHat or CentOS, find out the version of your distribution
Code Block | ||
---|---|---|
| ||
$ cat /etc/issue
CentOS release 6.6 (Final)
Kernel \r on an \m
|
Go to the this site http://dev.mysql.com/downloads/repo/yum and download the release package for your platform.
Code Block | ||
---|---|---|
| ||
sudo rpm -Uvh platform-and-version-specific-package-name.rpm
#Example
sudo rpm -Uvh mysql-community-release-el6-5.noarch.rpm
yum repolist all | grep mysql
yum repolist enabled | grep mysql
mysql-connectors-community MySQL Connectors Community 14
mysql-tools-community MySQL Tools Community 25
mysql56-community MySQL 5.6 Community Server 180
#By default 5.6 is enabled. If you want to install 5.7, then please refer to the document to enable it
sudo yum install mysql-community-server
/usr/bin/mysql_secure_installation |
Build Ranger Admin from source
Clone the ranger source code
Code Block | ||
---|---|---|
| ||
mkdir ~/dev
cd ~/dev
git clone https://github.com/apache/incubator-ranger.git |
Build the source
Code Block | ||
---|---|---|
| ||
cd ~/dev/incubator-ranger
export MAVEN_OPTS="-Xmx512M"
export JAVA_HOME=<Java Installation Directory>
#e.g. export JAVA_HOME=/usr/lib/jvm/java
#Make sure your java version is 1.7.x
$JAVA_HOME/bin/java -version
java version "1.7.0_79"
OpenJDK Runtime Environment (rhel-2.5.5.3.el6_6-x86_64 u79-b14)
OpenJDK 64-Bit Server VM (build 24.79-b02, mixed mode)
export PATH=$JAVA_HOME/bin:$PATH
mvn clean compile package assembly:assembly install
ls target/*.tar.gz
ranger-0.5.0-admin.tar.gz ranger-0.5.0-kms.tar.gz ranger-0.5.0-storm-plugin.tar.gz ranger-0.5.0-hbase-plugin.tar.gz ranger-0.5.0-knox-plugin.tar.gz ranger-0.5.0-usersync.tar.gz ranger-0.5.0-hdfs-plugin.tar.gz ranger-0.5.0-migration-util.tar.gz ranger-0.5.0-yarn-plugin.tar.gz ranger-0.5.0-hive-plugin.tar.gz ranger-0.5.0-solr-plugin.tar.gz ranger-0.5.0-kafka-plugin.tar.gz ranger-0.5.0-src.tar.gz
|
Verify all the tar files under the target directory:
B. Install latest version of Database MySQL/ ORACLE/ Postgres/ SQL Server
Installation Instructions
Preparing to install
Install Maven
Code Block | ||
---|---|---|
| ||
cd /usr/local
# Download maven latest distribution tar from apache maven site
tar -xvf apache-maven-<Version>-bin.tar.gz
export M2_HOME=/usr/local/apache-maven-<Version>
export M2=$M2_HOME/bin
export PATH=$M2:$PATH
#Now to test your install of Maven, enter the following command
mvn -version |
Install git
Code Block | ||
---|---|---|
| ||
yum install git |
Install gcc and export JAVA_HOME
Code Block | ||
---|---|---|
| ||
yum search gcc # Select the appropriate gcc and do 'yum install gcc'
export JAVA_HOME=<Java Installation Directory> |
Build Ranger Admin from source
Clone the ranger source code
Code Block | ||
---|---|---|
| ||
mkdir ~/dev
cd ~/dev
git clone https://github.com/apache/incubator-ranger.git |
Build the source
Code Block | ||
---|---|---|
| ||
cd incubator-ranger
export MAVEN_OPTS="-Xmx512M"
mvn clean compile package assembly:assembly install |
...
Install Steps for Ranger Policy Admin on RHEL/CentOS
...
Lay down the build into appropriate
...
places.
Code Block | ||
---|---|---|
| ||
cd /usr/local sudo tar zxvf ~/dev/incubatorincubator-ranger/target/ranger-00.5.0-adminadmin.tar.gz sudo ln -s ranger-00.5.0-adminadmin ranger-adminadmin cd /usr/local/ranger-admin |
Install and configure Solr or SolrCloud
Ranger stores audit logs in Solr. The RangerAdmin UI depends on Solr for running adhoc queries on audit logs. Please refer to the following link to install and configure Solr.
2. Update the install.properties
2.1 Configure database properties. For MySQL, you will need to use b. Verify the root password that you had picked while installing mysql. I had chosen root so the relevant section in my install.properties file looks as follows:
Code Block | ||
---|---|---|
| ||
db_root_user=root db_root_password=root db_host=localhost |
...
Code Block | ||
---|---|---|
| ||
ranger-adminadmin start |
h. The ranger-admin script supports the following options:
Note |
---|
Start the Ranger Admin service : ranger-admin start Stop the Ranger Admin service : ranger-admin admin stop Restart the Ranger Admin service : ranger-admin restart |
...
Code Block | ||
---|---|---|
| ||
cd /usr/local sudo tar zxvf ~/dev/ incubatorincubator-ranger/target/ranger-00.5.0-usersync.tar.gz sudo ln -s ranger-0.5.0-usersync ranger-usersync sudo mkdir -p /var/log/ranger-usersync sudo chown ranger /var/log/rangerranger-usersync sudo chgrp ranger /var/log/rangerranger-usersync |
Edit the install.properties file and fill out relevant information.
...
Code Block | ||
---|---|---|
| ||
export JAVA_HOME=<pathToJavaHome> ./setup.sh After installing ranger usersync, follow the same steps to start/stop services of usersync work. ./ranger-usersyncusersync-services.sh start |
h. The ranger-usersync script supports the following options:
...
Code Block | ||
---|---|---|
| ||
sudo yum install java-11.7.0-openjdk-devel |
- Make a note of the location where you installed Apache Hadoop. Here I assume that you have installed it in
...
Code Block | ||
---|---|---|
| ||
sudo useradd --home-dir /var/hadoop --createcreate-homehome --shell /bin/bash --user-group hadoop |
Note |
---|
If you get the group exists error, try the following command: |
...