Ranger部署

恩慈11个月前技术文章461

安装前准备

1.1. 创建用户和用户组

groupadd ranger

useradd -g ranger ranger

1.2. 数据库配置

mysql -uroot -p -hxxx.xxx.xxx.13

 

创建数据库

create database ranger;

grant all privileges on ranger.* to ranger@'%' identified by '1qaz!QAZ';

 

安装ranger

1.3. 安装Ranger-admin

1.3.1. 解压安装包

tar -zxf ranger-2.4.0-admin.tar.gz -C /opt/

ln -s /opt/ranger-2.4.0-admin /opt/ranger-admin

1.3.2. 修改配置文件

vi /opt/ranger-admin/install.properties

 

PYTHON_COMMAND_INVOKER=python3

DB_FLAVOR=MYSQL

SQL_CONNECTOR_JAR=/opt/ranger-admin/mysql-connector-java.jar

db_root_user=root

db_root_password=1qaz!QAZ

db_host=xxx.xxx.xxx.13:3306

db_ssl_enabled=false

db_ssl_required=false

db_ssl_verifyServerCertificate=false

db_ssl_auth_type=2-way

javax_net_ssl_keyStore=

javax_net_ssl_keyStorePassword=

javax_net_ssl_trustStore=

javax_net_ssl_trustStorePassword=

javax_net_ssl_trustStore_type=jks

javax_net_ssl_keyStore_type=jks

db_ssl_certificate_file=

db_name=ranger

db_user=ranger

db_password=1qaz!QAZ

is_override_db_connection_string=false

db_override_connection_string=

rangerAdmin_password=Admin@123

rangerTagsync_password=Admin@123

rangerUsersync_password=Admin@123

keyadmin_password=Admin@123

audit_store=solr

audit_elasticsearch_urls=

audit_elasticsearch_port=

audit_elasticsearch_protocol=

audit_elasticsearch_user=

audit_elasticsearch_password=

audit_elasticsearch_index=

audit_elasticsearch_bootstrap_enabled=true

audit_solr_urls=https://xxx.xxx.xxx.222:8983/solr/ranger_audits

audit_solr_user=

audit_solr_password=

audit_solr_zookeepers=DPS2-DA-qas3:2181,DPS2-DA-qas4:2181,DPS2-DA-qas5:2181/ranger_audits

audit_solr_collection_name=ranger_audits

audit_solr_config_name=ranger_audits

audit_solr_configset_location=

audit_solr_no_shards=1

audit_solr_no_replica=1

audit_solr_max_shards_per_node=1

audit_solr_acl_user_list_sasl=solr,infra-solr

audit_solr_bootstrap_enabled=true

audit_cloudwatch_region=

audit_cloudwatch_log_group=

audit_cloudwatch_log_stream_prefix=

policymgr_external_url=http://localhost:6080

policymgr_http_enabled=true

policymgr_https_keystore_file=

policymgr_https_keystore_keyalias=rangeradmin

policymgr_https_keystore_password=

policymgr_supportedcomponents=

unix_user=ranger

unix_user_pwd=ranger

unix_group=ranger

authentication_method=NONE

remoteLoginEnabled=true

authServiceHostName=localhost

authServicePort=5151

ranger_unixauth_keystore=keystore.jks

ranger_unixauth_keystore_password=password

ranger_unixauth_truststore=cacerts

ranger_unixauth_truststore_password=changeit

xa_ldap_url=

xa_ldap_userDNpattern=

xa_ldap_groupSearchBase=

xa_ldap_groupSearchFilter=

xa_ldap_groupRoleAttribute=

xa_ldap_base_dn=

xa_ldap_bind_dn=

xa_ldap_bind_password=

xa_ldap_referral=

xa_ldap_userSearchFilter=

xa_ldap_ad_domain=

xa_ldap_ad_url=

xa_ldap_ad_base_dn=

xa_ldap_ad_bind_dn=

xa_ldap_ad_bind_password=

xa_ldap_ad_referral=

xa_ldap_ad_userSearchFilter=

spnego_principal=

spnego_keytab=

token_valid=30

cookie_domain=

cookie_path=/

admin_principal=

admin_keytab=

lookup_principal=

lookup_keytab=

hadoop_conf=/opt/hadoop/etc/hadoop

sso_enabled=false

sso_providerurl=https://127.0.0.1:8443/gateway/knoxsso/api/v1/websso

sso_publickey=

RANGER_ADMIN_LOG_DIR=$PWD

RANGER_ADMIN_LOGBACK_CONF_FILE=

RANGER_PID_DIR_PATH=/var/run/ranger

XAPOLICYMGR_DIR=$PWD

app_home=$PWD/ews/webapp

TMPFILE=$PWD/.fi_tmp

LOGFILE=$PWD/logfile

LOGFILES="$LOGFILE"

JAVA_BIN='java'

JAVA_VERSION_REQUIRED='1.8'

JAVA_ORACLE='Java(TM) SE Runtime Environment'

ranger_admin_max_heap_size=1g

PATCH_RETRY_INTERVAL=120

STALE_PATCH_ENTRY_HOLD_TIME=10

mysql_core_file=db/mysql/optimized/current/ranger_core_db_mysql.sql

mysql_audit_file=db/mysql/xa_audit_db.sql

oracle_core_file=db/oracle/optimized/current/ranger_core_db_oracle.sql

oracle_audit_file=db/oracle/xa_audit_db_oracle.sql

postgres_core_file=db/postgres/optimized/current/ranger_core_db_postgres.sql

postgres_audit_file=db/postgres/xa_audit_db_postgres.sql

sqlserver_core_file=db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql

sqlserver_audit_file=db/sqlserver/xa_audit_db_sqlserver.sql

sqlanywhere_core_file=db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql

sqlanywhere_audit_file=db/sqlanywhere/xa_audit_db_sqlanywhere.sql

cred_keystore_filename=$app_home/WEB-INF/classes/conf/.jceks/rangeradmin.jceks

1.3.3. 创建文件并修改权限

chown ranger:ranger /opt/ranger-admin

1.3.4. 初始化

sh /opt/ranger-admin/setup.sh

sh /opt/ranger-admin/set_globals.sh

 

cp /opt/hadoop/etc/hadoop/core-site.xml /opt/ranger-admin/conf

1.3.5. 启动服务

su - ranger

ranger-admin start

1.4. Ranger-usersync部署

1.4.1. 解压安装包

tar -zxf ranger-2.4.0-usersync.tar.gz -C /opt/

ln -s /opt/ranger-2.4.0-usersync /opt/ranger-usersync

 

1.4.2. 修改配置文件

vim /opt/ranger-usersync/install.properties

 

内容如下:

ranger_base_dir = /etc/ranger

POLICY_MGR_URL = http://xxx.xxx.xxx.222:6080

SYNC_SOURCE = unix

MIN_UNIX_USER_ID_TO_SYNC = 500

MIN_UNIX_GROUP_ID_TO_SYNC = 500

SYNC_INTERVAL =

unix_user=ranger

unix_group=ranger

rangerUsersync_password=Admin@123

usersync_principal=

usersync_keytab=

hadoop_conf=/etc/hadoop/conf

CRED_KEYSTORE_FILENAME=/etc/ranger/usersync/conf/rangerusersync.jceks

AUTH_SSL_ENABLED=false

AUTH_SSL_KEYSTORE_FILE=/etc/ranger/usersync/conf/cert/unixauthservice.jks

AUTH_SSL_KEYSTORE_PASSWORD=UnIx529p

AUTH_SSL_TRUSTSTORE_FILE=

AUTH_SSL_TRUSTSTORE_PASSWORD=

ROLE_ASSIGNMENT_LIST_DELIMITER = &

USERS_GROUPS_ASSIGNMENT_LIST_DELIMITER = :

USERNAME_GROUPNAME_ASSIGNMENT_LIST_DELIMITER = ,

GROUP_BASED_ROLE_ASSIGNMENT_RULES =

SYNC_LDAP_URL =

SYNC_LDAP_BIND_DN =

SYNC_LDAP_BIND_PASSWORD =

SYNC_LDAP_DELTASYNC =

SYNC_LDAP_SEARCH_BASE =

SYNC_LDAP_USER_SEARCH_BASE =

SYNC_LDAP_USER_SEARCH_SCOPE = sub

SYNC_LDAP_USER_OBJECT_CLASS = person

SYNC_LDAP_USER_SEARCH_FILTER =

SYNC_LDAP_USER_NAME_ATTRIBUTE = cn

SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = memberof,ismemberof

SYNC_LDAP_USERNAME_CASE_CONVERSION=lower

SYNC_LDAP_GROUPNAME_CASE_CONVERSION=lower

logdir=logs

USERSYNC_PID_DIR_PATH=/var/run/ranger

SYNC_GROUP_SEARCH_ENABLED=

SYNC_GROUP_USER_MAP_SYNC_ENABLED=

SYNC_GROUP_SEARCH_BASE=

SYNC_GROUP_SEARCH_SCOPE=

SYNC_GROUP_OBJECT_CLASS=

SYNC_LDAP_GROUP_SEARCH_FILTER=

SYNC_GROUP_NAME_ATTRIBUTE=

SYNC_GROUP_MEMBER_ATTRIBUTE_NAME=

SYNC_PAGED_RESULTS_ENABLED=

SYNC_PAGED_RESULTS_SIZE=

SYNC_LDAP_REFERRAL =ignore

JVM_METRICS_ENABLED=

JVM_METRICS_FILENAME=

JVM_METRICS_FILEPATH=

JVM_METRICS_FREQUENCY_TIME_IN_MILLIS=

1.4.3. 修改权限

chown ranger:ranger /opt/ranger-usersync/

1.4.4. 初始化

sh /opt/ranger-usersync/setup.sh

1.4.5. 启动服务

 ranger-usersync start

 


返回列表

上一篇:Ldap高可用部署

下一篇:ranger审计Solr部署

相关文章

MapReduce工作机制解析

MapReduce工作机制解析

一、MapTask工作机制主要可以分为Read阶段,Map阶段,Collect阶段,Spill阶段(1)Read阶段:MapTask通过InputFormat获得的RecordReader,从输入In...

Kafka 手动调整分区副本存储

Kafka 手动调整分区副本存储

              在生产环境中,每台服务器的配置和性能不一致,但是Kafka只会根据自己的代码规则创建对应的分区副本,就会导致个别服务器存储压力较大。所有需要手动调整分区副本的存储。测试:创...

rabbitmq-监控告警

rabbitmq-监控告警

插件安装rabbitmq_prometheus这个插件包含在RabbitMQ3.9.x版本中。与所有的插件一样,必须启用它才能使用;在node1,node2,node3 三台机器上执行如下命令:rab...

Prometheus与Zabbix的对比

一、Prometheus与Zabbix的对比对比项PrometheusZabbixPrometheus优势Zabbix优势管理二进制文件启动LNMP+编译轻量级Server,便于迁移和维护-配置配置文...

Keepalived 高可用解决方案

Keepalived 高可用解决方案

Keepalived 起初是为 LVS 设计的,专门用来监控集群系统中各个服务节点的状态,后来有加入 VRRP 的功能,VRRP 是 Virtual Router Redundancy protoco...

MySQL运维实战(5.3) MySQL数据乱码的一些情况

MySQL运维实战(5.3) MySQL数据乱码的一些情况

表数据乱码当数据的真实编码和相关参数(常见的包括character_set_client, character_set_result, 字段的编码,终端的编码)不一致时,会产生乱码。测试1 - 表中的...

发表评论    

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

©Copyrights 2016-2022 YUNCHE 浙ICP备2021017017号