Summary
In order to install Ranger in kerberized environment, user will have to enable kerberos on the cluster where Ranger is to be installed. Once, cluster is kerberized, user will have to create principals for each Ranger service and then follow below given steps to install Ranger.
...
Installation Steps for Ranger-Admin
Untar the ranger-<verison>-admin.tar.gz
-> tar zxf ranger-<version>-admin.tar.gz
Change directory to ranger-<version>-admin
-> cd ranger-<version>-admin
Edit install.properties (Enter appropriate values for the below given properties)
db_root_user= db_root_password= db_host= db_name= db_user= db_password= policymgr_external_url=http://<FQDN_OF_Ranger_Admin_Cluster>:6080 authentication_method=UNIX or LDAP or AD spnego_principal=HTTP/<FQDN_OF_Ranger_Admin_Cluster>@<REALM> spnego_keytab=<HTTP keytab path> token_valid=30 cookie_domain=<FQDN_OF_Ranger_Admin_Cluster> cookie_path=/ admin_principal=rangeradmin/<FQDN_OF_Ranger_Admin_Cluster>@<REALM> admin_keytab=<rangeradmin keytab path> lookup_principal=rangerlookup/<FQDN_OF_Ranger_Admin_Cluster>@<REALM> lookup_keytab=<rangerlookup keytab path> hadoop_conf=/etc/hadoop/conf |
Note: If kerberos server and admin are on different host then copy the keytab on admin host and assign permission to “ranger” user
scp the rangeradmin keytab file to the respective path of another host
chown ranger <rangeradmin keytab path>
chmod 400 <rangeradmin keytab path>
Run setup
./setup.sh
Start Ranger admin server
- ./ranger-admin-services.sh start
...