什么是Ranger

大数据集群细粒度权限管理。可以隔离Kafka Topic级别、Hive行级别。通过为集群给每个组件安装插件来实现。
CDP和HDP两大产品平台自带Ranger组件。自建Apache集群的话,要我们自己在所需的组件安装Ranger插件,并在集群中启动Ranger服务。Ranger一般配合LDAP、Kerberos一起使用。

安装

https://cloud.tencent.com/developer/article/1492423

Kafka

装了Ranger的Kafka在开Kerberos的情况下,引擎不需要改造。直接安装Kerberos传进来的参数就行。
https://github.com/apache/ranger/blob/master/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerTopicCreationTest.java

Kafka LDAP

https://docs.cloudera.com/runtime/7.2.1/kafka-securing/topics/kafka-secure-ldap-client.html

  1. security.protocol=SASL_SSL
  2. sasl.mechanism=PLAIN
  3. sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
  4. username="alice" \
  5. password="alice-secret";
  1. sasl.mechanism=PLAIN
  2. security.protocol=SASL_PLAINTEXT
  3. sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule
  4. required username="client" password="client-secret";

原理

https://www.codenong.com/cs106505018/
https://blog.csdn.net/tototuzuoquan/article/details/106505018