什么是Ranger
大数据集群细粒度权限管理。可以隔离Kafka Topic级别、Hive行级别。通过为集群给每个组件安装插件来实现。
CDP和HDP两大产品平台自带Ranger组件。自建Apache集群的话,要我们自己在所需的组件安装Ranger插件,并在集群中启动Ranger服务。Ranger一般配合LDAP、Kerberos一起使用。
安装
https://cloud.tencent.com/developer/article/1492423
Kafka
装了Ranger的Kafka在开Kerberos的情况下,引擎不需要改造。直接安装Kerberos传进来的参数就行。
https://github.com/apache/ranger/blob/master/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerTopicCreationTest.java
Kafka LDAP
https://docs.cloudera.com/runtime/7.2.1/kafka-securing/topics/kafka-secure-ldap-client.html
security.protocol=SASL_SSL
sasl.mechanism=PLAIN
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
username="alice" \
password="alice-secret";
sasl.mechanism=PLAIN
security.protocol=SASL_PLAINTEXT
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule
required username="client" password="client-secret";
原理
https://www.codenong.com/cs106505018/
https://blog.csdn.net/tototuzuoquan/article/details/106505018