Ranger部署

恩慈4个月前技术文章120

安装前准备

1.1. 创建用户和用户组

groupadd ranger

useradd -g ranger ranger

1.2. 数据库配置

mysql -uroot -p -hxxx.xxx.xxx.13

 

创建数据库

create database ranger;

grant all privileges on ranger.* to ranger@'%' identified by '1qaz!QAZ';

 

安装ranger

1.3. 安装Ranger-admin

1.3.1. 解压安装包

tar -zxf ranger-2.4.0-admin.tar.gz -C /opt/

ln -s /opt/ranger-2.4.0-admin /opt/ranger-admin

1.3.2. 修改配置文件

vi /opt/ranger-admin/install.properties

 

PYTHON_COMMAND_INVOKER=python3

DB_FLAVOR=MYSQL

SQL_CONNECTOR_JAR=/opt/ranger-admin/mysql-connector-java.jar

db_root_user=root

db_root_password=1qaz!QAZ

db_host=xxx.xxx.xxx.13:3306

db_ssl_enabled=false

db_ssl_required=false

db_ssl_verifyServerCertificate=false

db_ssl_auth_type=2-way

javax_net_ssl_keyStore=

javax_net_ssl_keyStorePassword=

javax_net_ssl_trustStore=

javax_net_ssl_trustStorePassword=

javax_net_ssl_trustStore_type=jks

javax_net_ssl_keyStore_type=jks

db_ssl_certificate_file=

db_name=ranger

db_user=ranger

db_password=1qaz!QAZ

is_override_db_connection_string=false

db_override_connection_string=

rangerAdmin_password=Admin@123

rangerTagsync_password=Admin@123

rangerUsersync_password=Admin@123

keyadmin_password=Admin@123

audit_store=solr

audit_elasticsearch_urls=

audit_elasticsearch_port=

audit_elasticsearch_protocol=

audit_elasticsearch_user=

audit_elasticsearch_password=

audit_elasticsearch_index=

audit_elasticsearch_bootstrap_enabled=true

audit_solr_urls=https://xxx.xxx.xxx.222:8983/solr/ranger_audits

audit_solr_user=

audit_solr_password=

audit_solr_zookeepers=DPS2-DA-qas3:2181,DPS2-DA-qas4:2181,DPS2-DA-qas5:2181/ranger_audits

audit_solr_collection_name=ranger_audits

audit_solr_config_name=ranger_audits

audit_solr_configset_location=

audit_solr_no_shards=1

audit_solr_no_replica=1

audit_solr_max_shards_per_node=1

audit_solr_acl_user_list_sasl=solr,infra-solr

audit_solr_bootstrap_enabled=true

audit_cloudwatch_region=

audit_cloudwatch_log_group=

audit_cloudwatch_log_stream_prefix=

policymgr_external_url=http://localhost:6080

policymgr_http_enabled=true

policymgr_https_keystore_file=

policymgr_https_keystore_keyalias=rangeradmin

policymgr_https_keystore_password=

policymgr_supportedcomponents=

unix_user=ranger

unix_user_pwd=ranger

unix_group=ranger

authentication_method=NONE

remoteLoginEnabled=true

authServiceHostName=localhost

authServicePort=5151

ranger_unixauth_keystore=keystore.jks

ranger_unixauth_keystore_password=password

ranger_unixauth_truststore=cacerts

ranger_unixauth_truststore_password=changeit

xa_ldap_url=

xa_ldap_userDNpattern=

xa_ldap_groupSearchBase=

xa_ldap_groupSearchFilter=

xa_ldap_groupRoleAttribute=

xa_ldap_base_dn=

xa_ldap_bind_dn=

xa_ldap_bind_password=

xa_ldap_referral=

xa_ldap_userSearchFilter=

xa_ldap_ad_domain=

xa_ldap_ad_url=

xa_ldap_ad_base_dn=

xa_ldap_ad_bind_dn=

xa_ldap_ad_bind_password=

xa_ldap_ad_referral=

xa_ldap_ad_userSearchFilter=

spnego_principal=

spnego_keytab=

token_valid=30

cookie_domain=

cookie_path=/

admin_principal=

admin_keytab=

lookup_principal=

lookup_keytab=

hadoop_conf=/opt/hadoop/etc/hadoop

sso_enabled=false

sso_providerurl=https://127.0.0.1:8443/gateway/knoxsso/api/v1/websso

sso_publickey=

RANGER_ADMIN_LOG_DIR=$PWD

RANGER_ADMIN_LOGBACK_CONF_FILE=

RANGER_PID_DIR_PATH=/var/run/ranger

XAPOLICYMGR_DIR=$PWD

app_home=$PWD/ews/webapp

TMPFILE=$PWD/.fi_tmp

LOGFILE=$PWD/logfile

LOGFILES="$LOGFILE"

JAVA_BIN='java'

JAVA_VERSION_REQUIRED='1.8'

JAVA_ORACLE='Java(TM) SE Runtime Environment'

ranger_admin_max_heap_size=1g

PATCH_RETRY_INTERVAL=120

STALE_PATCH_ENTRY_HOLD_TIME=10

mysql_core_file=db/mysql/optimized/current/ranger_core_db_mysql.sql

mysql_audit_file=db/mysql/xa_audit_db.sql

oracle_core_file=db/oracle/optimized/current/ranger_core_db_oracle.sql

oracle_audit_file=db/oracle/xa_audit_db_oracle.sql

postgres_core_file=db/postgres/optimized/current/ranger_core_db_postgres.sql

postgres_audit_file=db/postgres/xa_audit_db_postgres.sql

sqlserver_core_file=db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql

sqlserver_audit_file=db/sqlserver/xa_audit_db_sqlserver.sql

sqlanywhere_core_file=db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql

sqlanywhere_audit_file=db/sqlanywhere/xa_audit_db_sqlanywhere.sql

cred_keystore_filename=$app_home/WEB-INF/classes/conf/.jceks/rangeradmin.jceks

1.3.3. 创建文件并修改权限

chown ranger:ranger /opt/ranger-admin

1.3.4. 初始化

sh /opt/ranger-admin/setup.sh

sh /opt/ranger-admin/set_globals.sh

 

cp /opt/hadoop/etc/hadoop/core-site.xml /opt/ranger-admin/conf

1.3.5. 启动服务

su - ranger

ranger-admin start

1.4. Ranger-usersync部署

1.4.1. 解压安装包

tar -zxf ranger-2.4.0-usersync.tar.gz -C /opt/

ln -s /opt/ranger-2.4.0-usersync /opt/ranger-usersync

 

1.4.2. 修改配置文件

vim /opt/ranger-usersync/install.properties

 

内容如下:

ranger_base_dir = /etc/ranger

POLICY_MGR_URL = http://xxx.xxx.xxx.222:6080

SYNC_SOURCE = unix

MIN_UNIX_USER_ID_TO_SYNC = 500

MIN_UNIX_GROUP_ID_TO_SYNC = 500

SYNC_INTERVAL =

unix_user=ranger

unix_group=ranger

rangerUsersync_password=Admin@123

usersync_principal=

usersync_keytab=

hadoop_conf=/etc/hadoop/conf

CRED_KEYSTORE_FILENAME=/etc/ranger/usersync/conf/rangerusersync.jceks

AUTH_SSL_ENABLED=false

AUTH_SSL_KEYSTORE_FILE=/etc/ranger/usersync/conf/cert/unixauthservice.jks

AUTH_SSL_KEYSTORE_PASSWORD=UnIx529p

AUTH_SSL_TRUSTSTORE_FILE=

AUTH_SSL_TRUSTSTORE_PASSWORD=

ROLE_ASSIGNMENT_LIST_DELIMITER = &

USERS_GROUPS_ASSIGNMENT_LIST_DELIMITER = :

USERNAME_GROUPNAME_ASSIGNMENT_LIST_DELIMITER = ,

GROUP_BASED_ROLE_ASSIGNMENT_RULES =

SYNC_LDAP_URL =

SYNC_LDAP_BIND_DN =

SYNC_LDAP_BIND_PASSWORD =

SYNC_LDAP_DELTASYNC =

SYNC_LDAP_SEARCH_BASE =

SYNC_LDAP_USER_SEARCH_BASE =

SYNC_LDAP_USER_SEARCH_SCOPE = sub

SYNC_LDAP_USER_OBJECT_CLASS = person

SYNC_LDAP_USER_SEARCH_FILTER =

SYNC_LDAP_USER_NAME_ATTRIBUTE = cn

SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = memberof,ismemberof

SYNC_LDAP_USERNAME_CASE_CONVERSION=lower

SYNC_LDAP_GROUPNAME_CASE_CONVERSION=lower

logdir=logs

USERSYNC_PID_DIR_PATH=/var/run/ranger

SYNC_GROUP_SEARCH_ENABLED=

SYNC_GROUP_USER_MAP_SYNC_ENABLED=

SYNC_GROUP_SEARCH_BASE=

SYNC_GROUP_SEARCH_SCOPE=

SYNC_GROUP_OBJECT_CLASS=

SYNC_LDAP_GROUP_SEARCH_FILTER=

SYNC_GROUP_NAME_ATTRIBUTE=

SYNC_GROUP_MEMBER_ATTRIBUTE_NAME=

SYNC_PAGED_RESULTS_ENABLED=

SYNC_PAGED_RESULTS_SIZE=

SYNC_LDAP_REFERRAL =ignore

JVM_METRICS_ENABLED=

JVM_METRICS_FILENAME=

JVM_METRICS_FILEPATH=

JVM_METRICS_FREQUENCY_TIME_IN_MILLIS=

1.4.3. 修改权限

chown ranger:ranger /opt/ranger-usersync/

1.4.4. 初始化

sh /opt/ranger-usersync/setup.sh

1.4.5. 启动服务

 ranger-usersync start

 


返回列表

上一篇:Ldap高可用部署

下一篇:ranger审计Solr部署

相关文章

Doris集群部署

一、部署Doris集群1.部署doris服务(1)下载Doris            登陆地址https://doris.apache.org/download            选择需要下载的...

PostgreSQL 锁等待排查

PostgreSQL 锁等待排查

说明在数据库中,常用 锁 和 MVCC 来保障事务的一致性及提高并发性。锁问题的定位和排查也是数据库运维人员必会的技能,本篇文章介绍 PostgreSQL 如何排查定位锁堵塞问题。1. Postgre...

Flume抽取到kafka数据对比测试

Flume抽取到kafka数据对比测试

一、前言同一台机器两个flume进程抽取同一个目录下日志到kafka,对比kafka中数据量二、创建测试topic1、主集群创建topic --tes3kafka-topics --create --...

Trino资源组配置

Trino资源组配置

1 概述Presto作为一个大数据场景下的交互式查询引擎,当使用达到一定规模,就会更多考虑资源分配问题,即保障重要任务优先获取资源。Presto资源组: Presto的资源组机制,是从资源分配的角度...

MySQL性能优化(九)range和ref

MySQL性能优化(九)range和ref

有的时候,我们会遇到这样的情况:明明有索引,明明有更好的执行计划,但是优化器并没有选择这个最优的执行计划。优化器可能会选择并非最优的索引,可能选择并非最优的数据访问方式。下面是一个真实的例子:一个例子...

Linux高并发FastCGI优化

nginx中FastCGI相关参数优化:1)这个指令为FastCGI缓存指定一个路径,目录结构等级,关键字区域存储时间和非活动删除时间。fastcgi_cache_path /usr/local/ng...

发表评论    

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

©Copyrights 2016-2022 YUNCHE 浙ICP备2021017017号