...
JDK 7+ needs to be installed. Both OpenJDK and Oracle JDK are supported.
- MySQL (5.6+) or ORACLE DB (11g+) for Policy/Audit DB. <TBD: Link on database settings for Ranger>
- DB server can be installed on the same host. Or Ranger services need to have access to DB server host
- For production, ensure appropriate capacity planning is done for the database size
- Maven. If not installed, please follow below steps
wget http://mirrors.gigenet.com/apache/maven/maven-3/3.0.5/binaries/apache-maven-3.0.5-bin.tar.gz (Use different mirror if needed)
su -c "tar -zxvf apache-maven-3.0.5-bin.tar.gz -C /opt/"
su -c "vi /etc/profile.d/maven.sh" # Add the following lines to maven.sh
export M2_HOME=/opt/apache-maven-3.0.5
export M2=$M2_HOME/bin
export PATH=$M2:$PATH
Now test your install of Maven. Logout of the system and then log back into it. Enter the following command:
- mvn -version
- Ranger Admin process requires approximately 1.5GB of RAM
...
Lay down the binaries into appropriate places.
cd /usr/local
sudo tar zxf ~/dev/ranger/target/ranger-0.4.0-admin.tar.gz
- sudo ln -s ranger-0.4.0-admin ranger-admin
- cd ranger-admin and open install.properties using your text editor (e.g. vi install.properties)
- Verify the root password that you had picked while installing mysql. I had chosen root so the relevant section in my install.properties file looks as follows
- db_root_user=root
- db_root_password=root
db_host=localhost
- The install process would create a couple of users in the database for storing administration and audit information, pick passwords for those too. With my choices here’s how the relevant sections in the install.properties file look now.
- # DB information Ranger Policy Store schema
# - db_name=ranger
- db_user=rangeradmin
- db_password=rangeradmin
- # DB UserId for storing auditlog infromation
- #
- audit_db_name=ranger (Note the database details used here. This is needed while configuring plugins in later steps)
- audit_db_user=rangerlogger
- audit_db_password=rangerlogger
- # DB information Ranger Policy Store schema
- Ranger allows you to get different authentication modes but for now let’s just leave rest of the things in install.properties file as they are.
Once all the required properties are updated, execute the below scripts to install ranger admin service.
Execute : ./setup.sh (This will configure the properties)
Execute : ./set_globals.sh (This will create the soft links and other folders for logs, etc)Create a valid symlink in /usr/bin/ for start/stop of ranger admin
cd /usr/bin
ln -sf /usr/local/ranger-admin/ews/start-ranger-admin.sh ranger-admin-start
ln -sf /usr/local/ranger-admin/ews/stop-ranger-admin.sh ranger-admin-stopUpdate ranger-admin service file to link to the start and stop scripts
vim /etc/init.d/ranger-admin ( Update the Start and Stop commands to point to the created symlinks )Start the Ranger Admin
service ranger-admin startYou can verify by visiting the external URL of the server using browser, for example :
http://<Host Address>:6080/- Logs are in ews/logs folder. The path is relative to where you have installed ranger-admin. Check xa_portal.log and catalina.out files for ERROR and WARN log messages
...
- Ranger Admin authentication can be configured to use LDAP or Linux system. Consider configuring one of them in production environment. TBD: Provide link to configure LDAP or Linux for authentication
- Review database capacity for Audit database. It can Review database capacity for Audit database. It can grow dramatically in HBase or high volume environment. TBD: Provide link DB capacity planning
Install/Configure Ranger User Sync
What is done here?
Ranger UserSync bits are laid out
Configure Ranger UserSync to synchronize with LDAP/AD or Unix system.
Configure Ranger UserSync to be the authentication server for Linux users (optional)
Other Ranger UserSync properties are configured
Ranger UserSync startup service files are created and updated
Steps
- Start by extracting out binaries at the appropriate place.
cd /usr/local
sudo tar zxf ~/dev/ranger/target/ranger-0.4.0-usersync.tar.gz
sudo ln -s ranger-0.4.0-usersync ranger-usersync
sudo mkdir -p /var/log/ranger-usersync
sudo chown ranger /var/log/ranger-usersync; sudo chgrp ranger /var/log/ranger-usersync
cd ranger-usersync - Now let’s edit the install.properties file. Here are the relevant lines that you should edit:
POLICY_MGR_URL=http://localhost:6080//localhost:6080 (This should point to the server where Ranger Admin has been installed)
SYNC_SOURCE=unix (This assumes that the user from the linux/unix system will be synchronized) [TBD - Link to configure LDAP]
logdir=/var/log/ranger/usersync - Now install the usersync by running the setup command
export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-amd64 (Change this to your Java install folder)
./setup.sh create a valid symlink in /usr/bin/ for start/stop of ranger usersync
cd /usr/bin
ln -sf /usr/local/ranger-usersync/start.sh ranger-usersync-start
ln -sf /usr/local/ranger-admin/ews/stop.sh ranger-usersync-stopupdate ranger-usersync service file to link to the start and stop scripts
vim /etc/init.d/ranger-usersync ( Update the Start and Stop commands to point to the created symlinks )
Start the Ranger Usersync
service ranger-usersync startYou can verify by looking at the users tab in Ranger Admin. Unix host users should be sync'ed to ranger.
- Logs are in logs folder. It is relative to the location where ranger-usersync was installed. Look for usersync.log file for User Sync related errors and auth.log for remote login errors.
Next Steps
- If you are using LDAP or AD, then you will have to configure using to synchronize with LDAP/AD
Install/Configure Ranger HDFS Plugin
...