THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
sudo useradd --home-dir /var/hadoop --create-home --shell /bin/bash --user-group hadoop
sudo tar xzf hadoop-2.5.2.tar.gz -C /usr/local
cd /usr/local
sudo ln -s hadoop-2.5.2 hadoop
sudo chown hadoop -R hadoop hadoop-2.5.2
sudo chgrp hadoop -R hadoop hadoop-2.5.2
sudo su - hadoop
Now let's follow the below steps to install/configure Ranger HDFS plugin.
- Create a repository in Ranger Policy Manager. E.g. "local_hdfs". The same name needs to be configured during plugin setup
- Extract Start by extracting binaries at the appropriate place (/usr/local).
cd /usr/local
sudo tar zxf ~/dev/ranger/target/ranger-0.4.0-hdfs-plugin.tar.gz
sudo ln -s ranger-0.4.0-hdfs-plugin ranger-hdfs-plugin
cd ranger-hdfs-plugin - Now let’s edit the install.properties file. Here are the relevant lines that you should edit:
POLICY_MGR_URL=http://localhost:6080
REPOSITORY_NAME=local_hdfs
XAAUDIT.DB.HOSTNAME=localhost
XAAUDIT.DB.DATABASE_NAME=ranger
XAAUDIT.DB.USER_NAME=rangerlogger
XAAUDIT.DB.PASSWORD=rangerlogger (Change password as it was set during Ranger Admin install) - Now enable the hdfs-plugin by running the enable-hdfs-plugin.sh command (Remember to set JAVA_HOME)
- Create a symlink as conf dir of hadoop linking to hadoop conf dir
- cd /usr/local/hadoop
- ln -s /usr/local/hadoop/etc/hadoop conf
- Enable Ranger HDFS plugin
- export
- echo “export HADOOP_HOME=/usr/local/hadoop” >> /etc/bashrc
- hadoop
- cd /usr/local/ranger-hdfs-plugin
- ./enable-hdfs-plugin.sh
- Copy all the jar files from ${hadoop_home}/lib
- cp /usr/local/hadoop/lib/* /usr/local/hadoop/share/hadoop/hdfs/lib/
- Create a symlink as conf dir of hadoop linking to hadoop conf dir
- Now edit the xasecure-audit.xml file.
- cd /usr/local/hadoop/conf
- change the xasecure-audit.xml file to look like the below. Make sure the JDBC properties are correct.
<property> <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name>
<value>jdbc:mysql://localhost/ranger</value>
</property>
<property>
<name>xasecure.audit.jpa.javax.persistence.jdbc.user</name>
<value>rangerlogger</value>
</property>
<property> <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name>
<value>rangerlogger</value>
</property>
- Once these changes are done Restart Hadoop namenode. This should start the association of ranger-hdfs-plugin with hadoop.
- You can verify by logging into the Ranger Admin Web interface -> Audit -> Agents
- Now HDFS resources will be authorized via Ranger policies.
...
Now let's follow the below steps to install/configure Ranger Hive plugin.
- Create a repository in Ranger Policy Manager. E.g. "hivedev". The same name needs to be configured during plugin setup
- Extract Start by extracting binaries at the appropriate place.
cd /usr/local
sudo tar zxf ~/dev/ranger/target/ranger-0.4.0-hive-plugin.tar.gz
sudo ln -s ranger-0.4.0-hive-plugin ranger-hive-plugin
cd ranger-hive-plugin - Now let’s edit the install.properties file. Here are the relevant lines that you should edit:
POLICY_MGR_URL=http://localhost:6080
REPOSITORY_NAME=hivedev
XAAUDIT.DB.HOSTNAME=localhost
XAAUDIT.DB.DATABASE_NAME=ranger
XAAUDIT.DB.USER_NAME=rangerlogger
XAAUDIT.DB.PASSWORD=rangerlogger - Now enable the hive-plugin by running the enable-hive-plugin.sh command (Remember to set JAVA_HOME)
cd /usr/local/ranger-hive-plugin
./enable-hive-plugin.sh - Now edit the xasecure-audit.xml file.
- cd /usr/local/hive/conf
- Change the xasecure-audit.xml file. Make sure the JDBC properties are correct.
<property> <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name>
<value>jdbc:mysql://localhost/ranger</value>
</property>
<property>
<name>xasecure.audit.jpa.javax.persistence.jdbc.user</name>
<value>rangerlogger</value>
</property>
<property> <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name>
<value>rangerlogger</value>
</property> - Once these changes are done Restart hive. This should start the association of ranger-hive-plugin with hive.
- You can verify by logging into the Ranger Admin Web interface -> Audit Tab -> Agents
Install/Configure Ranger HBase Plugin:
Ranger HBase plugin integrates with HBase to enforce authorization policies. To verify that, first Apache HBase needs to be installed. If not already installed, follow below steps. Ranger will work only with HBase version 0.99.2 or above.
- Build Hbase > 0.99.2 (0.99.2RC0 is used for this document)
- cd ~/dev && mkdir hbase-trunk && cd hbase-trunk/
- git clone https://github.com/apache/hbase.git
- cd hbase && git checkout 0.99.2RC0
- mvn clean compile install package -DskipTests=true assembly:single
- Untar the build Hbase assembly to /usr/local directory
- cd /usr/local && cp /root/dev/hbase-trunk/hbase/hbase-assembly/target/hbase-0.99.2-bin.tar.gz .
- tar xzf hbase-0.99.2-bin.tar.gz
- sudo ln -s hbase-0.99.2 hbase
- cd hbase
- Now follow the instructions in Apache HBase site to configure in Pseudo mode. http://hbase.apache.org/book/getting_started.html
Now let's follow the below steps to install/configure Ranger HBase plugin.steps to install/configure Ranger HBase plugin.
- Create a repository in Ranger Policy Manager. E.g. "hbasedev". The same name needs to be configured during plugin setup
- Extract Start by extracting binaries at the appropriate place.
cd /usr/local
sudo tar zxf ~/dev/ranger/target/ranger-0.4.0-hbase-plugin.tar.gz
sudo ln -s ranger-0.4.0-hbase-plugin ranger-hbase-plugin
cd ranger-hbase-plugin - Now let’s edit the install.properties file. Here are the relevant lines that you should edit:
POLICY_MGR_URL=http://localhost:6080
REPOSITORY_NAME=hbasedev
XAAUDIT.DB.HOSTNAME=localhost
XAAUDIT.DB.DATABASE_NAME=ranger
XAAUDIT.DB.USER_NAME=rangerlogger
XAAUDIT.DB.PASSWORD=rangerlogger - Now enable the hbase-plugin by running the enable-hbase-plugin.sh command (Remember to set JAVA_HOME)
cd /usr/local/ranger-hbase-plugin
./enable-hbase-plugin.sh - Now edit the xasecure-audit.xml file.
- cd /usr/local/hbase/conf
- Change the xasecure-audit.xml file. Make sure the JDBC properties are correct.
<property> <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name>
<value>jdbc:mysql://localhost/ranger</value>
</property>
<property>
<name>xasecure.audit.jpa.javax.persistence.jdbc.user</name>
<value>rangerlogger</value>
</property>
<property> <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name>
<value>rangerlogger</value>
</property> - Once these changes are done Restart HBase. This should start the association of ranger-hbase-plugin with HBase.
- You can verify by logging into the Ranger Admin Web interface -> Audit Tab -> Agents
...
Now let's follow the below steps to install/configure Ranger Knox plugin.
- Create a repository in Ranger Policy Manager. E.g. "knoxdev". The same name needs to be configured during plugin setup
- Extract Start by extracting binaries at the appropriate place.
cd /usr/local
sudo tar zxf ~/dev/ranger/target/ranger-0.4.0-knox-plugin.tar.gz
sudo ln -s ranger-0.4.0-knox-plugin ranger-knox-plugin
cd ranger-knox-plugin - Now let’s edit the install.properties file. Here are the relevant lines that you should edit:
POLICY_MGR_URL=http://localhost:6080
REPOSITORY_NAME=knoxdev
KNOX_HOME=/usr/local/knox
XAAUDIT.DB.HOSTNAME=localhost
XAAUDIT.DB.DATABASE_NAME=ranger
XAAUDIT.DB.USER_NAME=rangerlogger
XAAUDIT.DB.PASSWORD=rangerlogger - Now enable the knox-plugin by running the enable-knox-plugin.sh command (Remember to set JAVA_HOME)
cd /usr/local/ranger-knox-plugin
./enable-knox-plugin.sh - Now edit the xasecure-audit.xml file.
- cd /usr/local/knox/conf
- Change the xasecure-audit.xml file. Make sure the JDBC properties are correct.
<property> <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name>
<value>jdbc:mysql://localhost/ranger</value>
</property>
<property>
<name>xasecure.audit.jpa.javax.persistence.jdbc.user</name>
<value>rangerlogger</value>
</property>
<property> <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name>
<value>rangerlogger</value>
</property> - Once these changes are done Restart Knox (Gateway/LDAP). This should start the association of ranger-knox-plugin with Knox.
- You can verify by logging into the Ranger Admin Web interface -> Audit Tab -> Agents
...
Now let's follow the below steps to install/configure Ranger Storm Plugin.
Create a repository in Ranger Policy Manager. E.g. "stormdev". The same name needs to be configured during plugin setup
cd /usr/local
sudo tar zxf ~/dev/ranger/target/ranger-0.4.0-storm-plugin.tar.gz
sudo ln -s ranger-0.4.0-storm-plugin ranger-storm-plugin
- cd ranger-storm-plugin
...