Versions Compared

Old Version 32

changes.mady.by.user Gautam Borad

Saved on

compared with

New Version 33

changes.mady.by.user Gautam Borad

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


Installation Steps for Ranger-Admin

  1. Untar the ranger-<verison>-admin.tar.gz

    -> tar zxf ranger-<version>-admin.tar.gz

  2. Change directory to ranger-<version>-admin

    -> cd ranger-<version>-admin

  3.  Edit install.properties (Enter appropriate values for the below given properties)

 

db_root_user=

db_root_password=

db_host=


db_name=

db_user=

db_password=


policymgr_external_url=http://<FQDN_OF_Ranger_Admin_Cluster>:6080

authentication_method=UNIX or LDAP or AD


spnego_principal=HTTP/<FQDN_OF_Ranger_Admin_Cluster>@<REALM>

spnego_keytab=<HTTP keytab path>

token_valid=30

cookie_domain=<FQDN_OF_Ranger_Admin_Cluster>

cookie_path=/

admin_principal=rangeradmin/<FQDN_OF_Ranger_Admin_Cluster>@<REALM>

admin_keytab=<rangeradmin keytab path>

lookup_principal=rangerlookup/<FQDN_OF_Ranger_Admin_Cluster>@<REALM>

lookup_keytab=<rangerlookup keytab path>

hadoop_conf=/etc/hadoop/conf

Note: If kerberos server and admin are on different host then copy the keytab on admin host and assign permission to “ranger” user

  • scp the rangeradmin keytab file to the respective path of another host
  • chown ranger <rangeradmin keytab path>
  • chmod 400 <rangeradmin keytab path>

4. Run setup   

    -> ./setup.sh

5. Start Ranger admin server 

    -> ./ranger-admin-services.sh start 

Installation Steps for Ranger-Usersync

  1. Untar the ranger-<verison>-usersync.tar.gz

    -> tar zxf ranger-<version>-usersync.tar.gz

  2. Change directory to ranger-<version>-usersync

    -> cd ranger-<version>-usersync

  3.  Edit install.properties (Enter appropriate values for the below given properties)

 

POLICY_MGR_URL =http://<FQDN_OF_Ranger_Admin_Cluster>:6080

usersync_principal=rangerusersync/<FQDN>@<REALM>

usersync_keytab=<rangerusersync keytab path>

hadoop_conf=/etc/hadoop/conf

Note: If kerberos server and usersync are on different host then copy the keytab on usersync host and assign permission to “ranger” user

  • scp the rangerusersync keytab file to the respective path of another host
  • chown ranger <rangeusersync keytab path>
  • chmod 400 <rangerusersync keytab path>

4. Run setup   

   -> ./setup.sh

5. Start Usersync server

   ->  ./ranger-usersync-services.sh start 

Installation Steps for Ranger-Tagsync

  1. Untar the ranger-<verison>-tagsync.tar.gz

    -> tar zxf ranger-<version>-tagsync.tar.gz

  2. Change directory to ranger-<version>-tagsync

    -> cd ranger-<version>-tagsync

  3.  Edit install.properties (Enter appropriate values for the below given properties)

 

 

TAGADMIN_ENDPOINT =http://<FQDN_OF_Ranger_Admin_Cluster>:6080

 

tagsync_principal=rangertagsync/<FQDN>@<REALM>

 

tagsync_keytab=<rangertagsync keytab path>

 

hadoop_conf=/etc/hadoop/conf

TAG_SOURCE= (either 'atlas' or 'file' or 'atlasrest')

Note: If kerberos server and tagsync are on different host then copy the keytab on tagsync host and assign permission to “ranger” user

  • scp the rangertagsync keytab file to the respective path of another host
  • chown ranger <rangetagsync keytab path>
  • chmod 400 <rangertagsync keytab path>

4. Run setup   

   -> ./setup.sh

5. Start Ranger tagsync server 

   -> ./ranger-tagsync-services.sh start

Installation Steps for Ranger-KMS

  1. Untar the ranger-<verison>-SNAPSHOT-kms.tar.gz

    -> tar zxf ranger-<version>-SNAPSHOT-kms.tar.gz

  2. Change directory to ranger-<version>-SNAPSHOT-kms

    -> Cd ranger-<version>-SNAPSHOT-kms

  3.  Edit install.properties (Enter appropriate values for the below given properties)

 

  

KMS_MASTER_KEY_PASSWD=<Master Key Password>

 

kms_principal=rangerkms/<FQDN of ranger kms host>@<REALM>

 

kms_keytab=<ranger kms keytab path>

 

hadoop_conf=<hadoop core-site.xml path>

POLICY_MGR_URL=http://<FQDN of ranger admin host>:6080

Note: if kerberos server and Ranger KMS are on different host then copy the keytab on Ranger KMS host and assign permission to “kms” user

  • scp the rangerkms keytab file to the respective path
  • chown ranger <rangekms keytab path>
  • chmod 400 <rangerkms keytab path>

4. Run setup   

   -> ./setup.sh

5. Follow other setup required for kerberized cluster like creating keytab adding proxy user

6. Start Ranger tagsync server 

   -> ./ranger-kms start

Installing Ranger Plugins Manually

Installing/Enabling Ranger HDFS plugin:

 

  1. We’ll start by extracting our build at the appropriate place

    -> copy ranger-<version>-SNAPSHOT-hdfs-plugin.tar.gz to nameNode host in /usr/hdp/<hdp-version>/ directory 

    -> cd ranger-<version>-SNAPSHOT-hdfs-plugin

  2.  Untar the ranger-<verison>-SNAPSHOT-SNAPSHOT-hdfs-plugin.tar.gz 

    ->cd ranger-<version>-SNAPSHOT-hdfs-plugin

  3. Edit the install.properties file.  Here are the relevant lines that you should edit:

    -> POLICY_MGR_URL=http://<FQDN of ranger admin host>:6080

    -> REPOSITORY_NAME=hadoopdev

    -> Audit info (Solr/HDFS options available)

  4. Enable the HDFS plugin by running the below commands

    -> export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk.x86_64

    -> ./enable-hdfs-plugin.sh

  5. After enabling plugin, follow the below steps to stop/start namenode.

    ->su hdfs -c "/usr/hdp/current/hadoop-client/sbin/hadoop-daemon.sh stop namenode"

    ->su hdfs -c "/usr/hdp/current/hadoop-client/sbin/hadoop-daemon.sh start namenode"

  6. Create the default repo for HDFS with proper configuration. 

    -> In Custom repo config add component user (eg. hdfs) as value for below properties

    1. policy.download.auth.users OR policy.grantrevoke.auth.users

    2. tag.download.auth.users

  7. You can verify the plugin is communicating to ranger admin in Audit->plugins tab.

Installing/Enabling Ranger HIVE plugin:

  1. We’ll start by extracting our build at the appropriate place

    -> copy ranger-<version>-SNAPSHOT-hive-plugin.tar.gz to hiveServer2 host in /usr/hdp/<hdp-version>/ directory

    -> cd /usr/hdp/<hdp-version>

  2.  Untar the ranger-<verison>-SNAPSHOT-SNAPSHOT-hive-plugin.tar.gz

    -> cd ranger-<version>-SNAPSHOT-hive-plugin

  3. Edit the install.properties file.  Here are the relevant lines that you should edit:

    -> POLICY_MGR_URL=http://<FQDN of ranger admin host>:6080

    -> REPOSITORY_NAME=hivedev

    -> Audit info (Solr/HDFS options available)

  4. Enable the Hive plugin by running the below commands

    -> export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk.x86_64

    -> ./enable-hive-plugin.sh

  5. After enabling plugin, follow the below steps to stop/start hiveserver2.

    -> ps -aux | grep hive | grep -i hiveserver2 | awk '{print $1,$2}' | grep hive | awk '{print $2}' | xargs kill >/dev/null 2>&1

    -> su hive -c "nohup /usr/hdp/current/hive-server2/bin/hiveserver2 -hiveconf hive.metastore.uris="" -hiveconf hive.log.dir=/var/log/hive -hiveconf hive.log.file=hiveserver2.log >/var/log/hive/hiveserver2.out 2> /var/log/hive/hiveserver2err.log &"

  6.  Create the default repo for Hive with proper configuration

    -> In Custom repo config add component user (eg. hive) as value for below properties

    1.  policy.grantrevoke.auth.users

    2. tag.download.auth.users

  7. You can verify the plugin is communicating to ranger admin in Audit->plugins tab.

 


Installing/Enabling Ranger HBASE plugin

Installing/Enabling Ranger YARN plugin

Installing/Enabling Ranger KNOX plugin 

Installing/Enabling Ranger STORM plugin 

Installing/Enabling Ranger KAFKA plugin