Note | ||
---|---|---|
| ||
Please refer to Apache Ranger 0.5.0 Installation |
Table of Contents
Note | ||
---|---|---|
| ||
Please refer to Apache Ranger 0.5.0 Installation |
Summary
This document details the steps involved in installing and configuring Apache Ranger.
...
Get the ranger source
mkdir ~/dev
cd ~/dev
git clone -b master git@githubranger-0.4 git@github.com:apache/incubator-ranger.git ranger
Now build the source
cd ranger
export MAVEN_OPTS="-Xmx512M"
yum search gcc and Install gcc (yum install gcc.x86_64)
mvn clean compile package assembly:assembly
Verify all the tar files under target dir
ls -ltr *tar.gz
-rw-r--r-- 1 root root 15068844 Dec 1 04:30 ranger-0.4.0-hdfs-plugin.tar.gz
-rw-r--r-- 1 root root 14480716 Dec 1 04:30 ranger-0.4.0-hive-plugin.tar.gz
-rw-r--r-- 1 root root 14349626 Dec 1 04:30 ranger-0.4.0-hbase-plugin.tar.gz
-rw-r--r-- 1 root root 17763192 Dec 1 04:30 ranger-0.4.0-knox-plugin.tar.gz
-rw-r--r-- 1 root root 21243470 Dec 1 04:31 ranger-0.4.0-storm-plugin.tar.gz
-rw-r--r-- 1 root root 126143540 Dec 1 04:31 ranger-0.4.0-admin.tar.gz
-rw-r--r-- 1 root root 7677999 Dec 1 04:31 ranger-0.4.0-usersync.tar.gz
...
Start by extracting out binaries at the appropriate place.
cd /usr/local
sudo tar zxf ~/dev/ranger/target/ranger-0.4.0-usersync.tar.gz
sudo ln -s ranger-0.4.0-usersync ranger-usersync
sudo mkdir -p /var/log/ranger-usersync
sudo chown ranger /var/log/ranger-usersync; sudo chgrp ranger /var/log/ranger-usersync
cd ranger-usersync
Now let’s edit the install.properties file. Here are the relevant lines that you should edit:
POLICY_MGR_URL=http://localhost:6080 (This should point to the server where Ranger Admin has been installed)
SYNC_SOURCE=unix (This assumes that the user from the linux/unix system will be synchronized) [TBD - Link to configure LDAP]. If you want to use LDAP users, you can find here how to Configure Ranger UserSync for LDAP
logdir=/var/log/ranger/usersync
Now install the usersync by running the setup command
export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-amd64 (Change this to your Java install folder)
./setup.sh
create a valid symlink in /usr/bin/ for start/stop of ranger usersync
cd /usr/bin
ln -sf /usr/local/ranger-usersync/start.sh ranger-usersync-start
ln -sf /usr/local/ranger-admin/ews/stop.sh ranger-usersync-stopupdate ranger-usersync service file to link to the start and stop scripts
vim /etc/init.d/ranger-usersync ( Update the Start and Stop commands to point to the created symlinks )
Start the Ranger Usersync
service ranger-usersync startYou can verify by looking at the users tab in Ranger Admin. Unix host users should be sync'ed to ranger.
Logs are in logs folder. It is relative to the location where ranger-usersync was installed. Look for usersync.log file for User Sync related errors and auth.log for remote login errors.
...
- Create a repository in Ranger Policy Manager. E.g. "knoxdev". The same name needs to be configured during plugin setup
- Set the URL as https://knox_host:8443/gateway/admin/api/v1/topologies (Replace the knox_host with your fully qualified host name)
- Extract binaries at the appropriate place.
cd /usr/local
sudo tar zxf ~/dev/ranger/target/ranger-0.4.0-knox-plugin.tar.gz
sudo ln -s ranger-0.4.0-knox-plugin ranger-knox-plugin
cd ranger-knox-plugin - Now let’s edit the install.properties file. Here are the relevant lines that you should edit:
POLICY_MGR_URL=http://localhost:6080
REPOSITORY_NAME=knoxdev
KNOX_HOME=/usr/local/knox
XAAUDIT.DB.HOSTNAME=localhost
XAAUDIT.DB.DATABASE_NAME=ranger
XAAUDIT.DB.USER_NAME=rangerlogger
XAAUDIT.DB.PASSWORD=rangerlogger - Now enable the knox-plugin by running the enable-knox-plugin.sh command (Remember to set JAVA_HOME)
cd /usr/local/ranger-knox-plugin
./enable-knox-plugin.sh - Now edit the xasecure-audit.xml file.
- cd /usr/local/knox/conf
- Put in /usr/<hadoop-installs>/<your version>/knox/ext/ a symbolic link to mysql-connector-java.jar
- Change the xasecure-audit.xml file. Make sure the JDBC properties are correct.
<property> <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name>
<value>jdbc:mysql://localhost/ranger</value>
</property>
<property>
<name>xasecure.audit.jpa.javax.persistence.jdbc.user</name>
<value>rangerlogger</value>
</property>
<property> <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name>
<value>rangerlogger</value>
</property> - Once these changes are done Restart Knox (Gateway/LDAP). This should start the association of ranger-knox-plugin with Knox.
- You can verify by logging into the Ranger Admin Web interface -> Audit Tab -> Agents
...