Versions Compared

Old Version 25

changes.mady.by.user Bosco

Saved on

compared with

New Version Current

changes.mady.by.user Alok Lal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note
titleThere is a newer release available

Please refer to Apache Ranger 0.5.0 Installation

 

Table of Contents

 

Note
titleThere is a newer release available

Please refer to Apache Ranger 0.5.0 Installation

Summary

This document details the steps involved in installing and configuring Apache Ranger. 

...

  1. Get the ranger source 

  2. Now build the source

    • cd ranger

    • export MAVEN_OPTS="-Xmx512M"

    • yum search gcc and Install gcc (yum install gcc.x86_64)

    • mvn clean compile package assembly:assembly

  3. Verify all the tar files under target dir

    ls -ltr *tar.gz
    -rw-r--r-- 1 root root 15068844 Dec 1 04:30 ranger-0.4.0-hdfs-plugin.tar.gz
    -rw-r--r-- 1 root root 14480716 Dec 1 04:30 ranger-0.4.0-hive-plugin.tar.gz
    -rw-r--r-- 1 root root 14349626 Dec 1 04:30 ranger-0.4.0-hbase-plugin.tar.gz
    -rw-r--r-- 1 root root 17763192 Dec 1 04:30 ranger-0.4.0-knox-plugin.tar.gz
    -rw-r--r-- 1 root root 21243470 Dec 1 04:31 ranger-0.4.0-storm-plugin.tar.gz
    -rw-r--r-- 1 root root 126143540 Dec 1 04:31 ranger-0.4.0-admin.tar.gz
    -rw-r--r-- 1 root root 7677999 Dec 1 04:31 ranger-0.4.0-usersync.tar.gz

...

  1. Start by extracting out binaries at the appropriate place. 

        cd /usr/local

        sudo tar zxf ~/dev/ranger/target/ranger-0.4.0-usersync.tar.gz

        sudo ln -s ranger-0.4.0-usersync ranger-usersync

        sudo mkdir -p /var/log/ranger-usersync

        sudo chown ranger /var/log/ranger-usersync; sudo chgrp ranger /var/log/ranger-usersync

        cd ranger-usersync

  2. Now let’s edit the install.properties file. Here are the relevant lines that you should edit:

         POLICY_MGR_URL=http://localhost:6080 (This should point to the server where Ranger Admin has been installed)

         SYNC_SOURCE=unix (This assumes that the user from the linux/unix system will be synchronized)  [TBD - Link to configure LDAP]. If you want to use LDAP users, you can find here how to Configure Ranger UserSync for LDAP 

         logdir=/var/log/ranger/usersync

  3. Now install the usersync by running the setup command

         export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-amd64 (Change this to your Java install folder)

         ./setup.sh

  4. create a valid symlink in /usr/bin/ for start/stop of ranger usersync
         cd /usr/bin
         ln -sf /usr/local/ranger-usersync/start.sh ranger-usersync-start
         ln -sf /usr/local/ranger-admin/ews/stop.sh ranger-usersync-stop

  5. update ranger-usersync service file to link to the start and stop scripts 

         vim /etc/init.d/ranger-usersync ( Update the Start and Stop commands to point to the created symlinks )

  6. Start the Ranger Usersync
          service ranger-usersync start

  7. You can verify by looking at the users tab in Ranger Admin. Unix host users should be sync'ed to ranger.

  8. Logs are in logs folder. It is relative to the location where ranger-usersync was installed. Look for usersync.log file for User Sync related errors and auth.log for remote login errors.

...

  • Create a repository in Ranger Policy Manager. E.g. "knoxdev". The same name needs to be configured during plugin setup
  • Extract binaries at the appropriate place.
              cd /usr/local
              sudo tar zxf ~/dev/ranger/target/ranger-0.4.0-knox-plugin.tar.gz
              sudo ln -s ranger-0.4.0-knox-plugin ranger-knox-plugin
              cd ranger-knox-plugin
  • Now let’s edit the install.properties file. Here are the relevant lines that you should edit:
              POLICY_MGR_URL=http://localhost:6080
              REPOSITORY_NAME=knoxdev
              KNOX_HOME=/usr/local/knox
              XAAUDIT.DB.HOSTNAME=localhost
              XAAUDIT.DB.DATABASE_NAME=ranger
              XAAUDIT.DB.USER_NAME=rangerlogger
              XAAUDIT.DB.PASSWORD=rangerlogger
  • Now enable the knox-plugin by running the enable-knox-plugin.sh command (Remember to set JAVA_HOME)
              cd /usr/local/ranger-knox-plugin
              ./enable-knox-plugin.sh
  • Now edit the xasecure-audit.xml file.
    • cd /usr/local/knox/conf
    • Put in /usr/<hadoop-installs>/<your version>/knox/ext/ a symbolic link to mysql-connector-java.jar
    • Change the xasecure-audit.xml file. Make sure the JDBC properties are correct.
                     <property> <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name>
                     <value>jdbc:mysql://localhost/ranger</value>
                     </property>
                     <property>
                     <name>xasecure.audit.jpa.javax.persistence.jdbc.user</name>
                     <value>rangerlogger</value>
                     </property>
                     <property> <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name>
                     <value>rangerlogger</value>
                     </property>

     

  • Once these changes are done Restart Knox (Gateway/LDAP). This should start the association of ranger-knox-plugin with Knox.
  • You can verify by logging into the Ranger Admin Web interface -> Audit Tab -> Agents

...