Ranger部署

恩慈1年前技术文章671

安装前准备

1.1. 创建用户和用户组

groupadd ranger

useradd -g ranger ranger

1.2. 数据库配置

mysql -uroot -p -hxxx.xxx.xxx.13

 

创建数据库

create database ranger;

grant all privileges on ranger.* to ranger@'%' identified by '1qaz!QAZ';

 

安装ranger

1.3. 安装Ranger-admin

1.3.1. 解压安装包

tar -zxf ranger-2.4.0-admin.tar.gz -C /opt/

ln -s /opt/ranger-2.4.0-admin /opt/ranger-admin

1.3.2. 修改配置文件

vi /opt/ranger-admin/install.properties

 

PYTHON_COMMAND_INVOKER=python3

DB_FLAVOR=MYSQL

SQL_CONNECTOR_JAR=/opt/ranger-admin/mysql-connector-java.jar

db_root_user=root

db_root_password=1qaz!QAZ

db_host=xxx.xxx.xxx.13:3306

db_ssl_enabled=false

db_ssl_required=false

db_ssl_verifyServerCertificate=false

db_ssl_auth_type=2-way

javax_net_ssl_keyStore=

javax_net_ssl_keyStorePassword=

javax_net_ssl_trustStore=

javax_net_ssl_trustStorePassword=

javax_net_ssl_trustStore_type=jks

javax_net_ssl_keyStore_type=jks

db_ssl_certificate_file=

db_name=ranger

db_user=ranger

db_password=1qaz!QAZ

is_override_db_connection_string=false

db_override_connection_string=

rangerAdmin_password=Admin@123

rangerTagsync_password=Admin@123

rangerUsersync_password=Admin@123

keyadmin_password=Admin@123

audit_store=solr

audit_elasticsearch_urls=

audit_elasticsearch_port=

audit_elasticsearch_protocol=

audit_elasticsearch_user=

audit_elasticsearch_password=

audit_elasticsearch_index=

audit_elasticsearch_bootstrap_enabled=true

audit_solr_urls=https://xxx.xxx.xxx.222:8983/solr/ranger_audits

audit_solr_user=

audit_solr_password=

audit_solr_zookeepers=DPS2-DA-qas3:2181,DPS2-DA-qas4:2181,DPS2-DA-qas5:2181/ranger_audits

audit_solr_collection_name=ranger_audits

audit_solr_config_name=ranger_audits

audit_solr_configset_location=

audit_solr_no_shards=1

audit_solr_no_replica=1

audit_solr_max_shards_per_node=1

audit_solr_acl_user_list_sasl=solr,infra-solr

audit_solr_bootstrap_enabled=true

audit_cloudwatch_region=

audit_cloudwatch_log_group=

audit_cloudwatch_log_stream_prefix=

policymgr_external_url=http://localhost:6080

policymgr_http_enabled=true

policymgr_https_keystore_file=

policymgr_https_keystore_keyalias=rangeradmin

policymgr_https_keystore_password=

policymgr_supportedcomponents=

unix_user=ranger

unix_user_pwd=ranger

unix_group=ranger

authentication_method=NONE

remoteLoginEnabled=true

authServiceHostName=localhost

authServicePort=5151

ranger_unixauth_keystore=keystore.jks

ranger_unixauth_keystore_password=password

ranger_unixauth_truststore=cacerts

ranger_unixauth_truststore_password=changeit

xa_ldap_url=

xa_ldap_userDNpattern=

xa_ldap_groupSearchBase=

xa_ldap_groupSearchFilter=

xa_ldap_groupRoleAttribute=

xa_ldap_base_dn=

xa_ldap_bind_dn=

xa_ldap_bind_password=

xa_ldap_referral=

xa_ldap_userSearchFilter=

xa_ldap_ad_domain=

xa_ldap_ad_url=

xa_ldap_ad_base_dn=

xa_ldap_ad_bind_dn=

xa_ldap_ad_bind_password=

xa_ldap_ad_referral=

xa_ldap_ad_userSearchFilter=

spnego_principal=

spnego_keytab=

token_valid=30

cookie_domain=

cookie_path=/

admin_principal=

admin_keytab=

lookup_principal=

lookup_keytab=

hadoop_conf=/opt/hadoop/etc/hadoop

sso_enabled=false

sso_providerurl=https://127.0.0.1:8443/gateway/knoxsso/api/v1/websso

sso_publickey=

RANGER_ADMIN_LOG_DIR=$PWD

RANGER_ADMIN_LOGBACK_CONF_FILE=

RANGER_PID_DIR_PATH=/var/run/ranger

XAPOLICYMGR_DIR=$PWD

app_home=$PWD/ews/webapp

TMPFILE=$PWD/.fi_tmp

LOGFILE=$PWD/logfile

LOGFILES="$LOGFILE"

JAVA_BIN='java'

JAVA_VERSION_REQUIRED='1.8'

JAVA_ORACLE='Java(TM) SE Runtime Environment'

ranger_admin_max_heap_size=1g

PATCH_RETRY_INTERVAL=120

STALE_PATCH_ENTRY_HOLD_TIME=10

mysql_core_file=db/mysql/optimized/current/ranger_core_db_mysql.sql

mysql_audit_file=db/mysql/xa_audit_db.sql

oracle_core_file=db/oracle/optimized/current/ranger_core_db_oracle.sql

oracle_audit_file=db/oracle/xa_audit_db_oracle.sql

postgres_core_file=db/postgres/optimized/current/ranger_core_db_postgres.sql

postgres_audit_file=db/postgres/xa_audit_db_postgres.sql

sqlserver_core_file=db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql

sqlserver_audit_file=db/sqlserver/xa_audit_db_sqlserver.sql

sqlanywhere_core_file=db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql

sqlanywhere_audit_file=db/sqlanywhere/xa_audit_db_sqlanywhere.sql

cred_keystore_filename=$app_home/WEB-INF/classes/conf/.jceks/rangeradmin.jceks

1.3.3. 创建文件并修改权限

chown ranger:ranger /opt/ranger-admin

1.3.4. 初始化

sh /opt/ranger-admin/setup.sh

sh /opt/ranger-admin/set_globals.sh

 

cp /opt/hadoop/etc/hadoop/core-site.xml /opt/ranger-admin/conf

1.3.5. 启动服务

su - ranger

ranger-admin start

1.4. Ranger-usersync部署

1.4.1. 解压安装包

tar -zxf ranger-2.4.0-usersync.tar.gz -C /opt/

ln -s /opt/ranger-2.4.0-usersync /opt/ranger-usersync

 

1.4.2. 修改配置文件

vim /opt/ranger-usersync/install.properties

 

内容如下:

ranger_base_dir = /etc/ranger

POLICY_MGR_URL = http://xxx.xxx.xxx.222:6080

SYNC_SOURCE = unix

MIN_UNIX_USER_ID_TO_SYNC = 500

MIN_UNIX_GROUP_ID_TO_SYNC = 500

SYNC_INTERVAL =

unix_user=ranger

unix_group=ranger

rangerUsersync_password=Admin@123

usersync_principal=

usersync_keytab=

hadoop_conf=/etc/hadoop/conf

CRED_KEYSTORE_FILENAME=/etc/ranger/usersync/conf/rangerusersync.jceks

AUTH_SSL_ENABLED=false

AUTH_SSL_KEYSTORE_FILE=/etc/ranger/usersync/conf/cert/unixauthservice.jks

AUTH_SSL_KEYSTORE_PASSWORD=UnIx529p

AUTH_SSL_TRUSTSTORE_FILE=

AUTH_SSL_TRUSTSTORE_PASSWORD=

ROLE_ASSIGNMENT_LIST_DELIMITER = &

USERS_GROUPS_ASSIGNMENT_LIST_DELIMITER = :

USERNAME_GROUPNAME_ASSIGNMENT_LIST_DELIMITER = ,

GROUP_BASED_ROLE_ASSIGNMENT_RULES =

SYNC_LDAP_URL =

SYNC_LDAP_BIND_DN =

SYNC_LDAP_BIND_PASSWORD =

SYNC_LDAP_DELTASYNC =

SYNC_LDAP_SEARCH_BASE =

SYNC_LDAP_USER_SEARCH_BASE =

SYNC_LDAP_USER_SEARCH_SCOPE = sub

SYNC_LDAP_USER_OBJECT_CLASS = person

SYNC_LDAP_USER_SEARCH_FILTER =

SYNC_LDAP_USER_NAME_ATTRIBUTE = cn

SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = memberof,ismemberof

SYNC_LDAP_USERNAME_CASE_CONVERSION=lower

SYNC_LDAP_GROUPNAME_CASE_CONVERSION=lower

logdir=logs

USERSYNC_PID_DIR_PATH=/var/run/ranger

SYNC_GROUP_SEARCH_ENABLED=

SYNC_GROUP_USER_MAP_SYNC_ENABLED=

SYNC_GROUP_SEARCH_BASE=

SYNC_GROUP_SEARCH_SCOPE=

SYNC_GROUP_OBJECT_CLASS=

SYNC_LDAP_GROUP_SEARCH_FILTER=

SYNC_GROUP_NAME_ATTRIBUTE=

SYNC_GROUP_MEMBER_ATTRIBUTE_NAME=

SYNC_PAGED_RESULTS_ENABLED=

SYNC_PAGED_RESULTS_SIZE=

SYNC_LDAP_REFERRAL =ignore

JVM_METRICS_ENABLED=

JVM_METRICS_FILENAME=

JVM_METRICS_FILEPATH=

JVM_METRICS_FREQUENCY_TIME_IN_MILLIS=

1.4.3. 修改权限

chown ranger:ranger /opt/ranger-usersync/

1.4.4. 初始化

sh /opt/ranger-usersync/setup.sh

1.4.5. 启动服务

 ranger-usersync start

 


返回列表

上一篇:Ldap高可用部署

下一篇:ranger审计Solr部署

相关文章

PG初识

PG数据库是一种典型的C/S模型应用,不同的客户端通过TCP/IP进行连接、每个连接启动一个fork进程(多进程数据库)。一、pg逻辑架构1.1 pg与MySQL异同对比逻辑架构postgresMyS...

flink单task多slot调优

flink单task多slot调优

1. 单taskmanager多slot的设置方法方式一:在配置文件中配置taskmanager.numberOfTaskSlots,通过修改提交任务的客户端配置文件中的配置flink-co...

xtrabackup全量备份恢复操作

xtrabackup全量备份恢复操作

一、核实环境1、核实服务器环境cat /etc/centos-release2、核实数据库版本随着Percona XtraBackup 8.0 的推出,Percona XtraBackup 2.4将继...

Hadoop配置LZO压缩

Hadoop配置LZO压缩

hadoop-lzo编译Hadoop支持LZO0. 环境准备maven(下载安装,配置环境变量,修改sitting.xml加阿里云镜像)gcc-c++zlib-develautoconfautomak...

HDFS分层存储(一)

1、介绍Hadoop分布式文件系统支持在HDFS中的各种存储类型。现在,您可以为DataNode数据目录指定不同的存储类型,这样可以根据数据使用频率优化数据使用并降低成本。例如需要频繁使用的数据,可以...

Trino部署

安装前准备1.1. 创建用户和用户组groupadd trinouseradd -g hadoop trino1.2. 配置环境变量1.2.1. 配置系统环境变量/etc/profileexport...

发表评论    

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

©Copyrights 2016-2022 YUNCHE 浙ICP备2021017017号