准备
保证你的主机有以下软件:
JDK
Maven
Git
Python 2.7(Python3会报错)
MySQL
下载与编译
Ranger没有提供编译好的二进制安装包,我们需要自己下载并使用Maven进行编译。
官网下载地址
解压至指定文件夹
tar -zxvf apache-ranger-2.0.0.tar.gz -C /opt/
cd apache-ranger-2.0.0
修改pom.xml文件,搜索 hadoop.version定位,在这一段里面可以修改组件版本,我们修改使其符合自己组件的版本。
<hadoop.version>3.1.3</hadoop.version>
<ozone.version>0.4.0-alpha</ozone.version>
<hamcrest.all.version>1.3</hamcrest.all.version>
<hbase.version>2.0.2</hbase.version>
<hive.version>3.1.2</hive.version>
保存退出。
进行编译前,建议给Maven配置国内仓库,因为Ranger下会有很多插件,编译的量很大,如果不配置国内仓库,编译会非常缓慢。
编译:
mvn clean compile package assembly:assembly install -DskipTests -Drat.skip=true
安装
安装 ranger-admin
解压到指定目录并修改安装配置文件:
tar -zxvf ranger-2.0.0-admin.tar.gz -C /opt/ranger
cd /opt/ranger/ranger-2.0.0-admin
vim install.properties
#------------------------- DB CONFIG - BEGIN ----------------------------------
# Uncomment the below if the DBA steps need to be run separately
#setup_mode=SeparateDBA
PYTHON_COMMAND_INVOKER=python
#DB_FLAVOR=MYSQL|ORACLE|POSTGRES|MSSQL|SQLA
DB_FLAVOR=MYSQL
#
#
# Location of DB client library (please check the location of the jar file)
# 确保mysql connector已配置,没有的话去官网下载
SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
# DB password for the DB admin user-id
# **************************************************************************
# ** If the password is left empty or not-defined here,
# ** it will try with blank password during installation process
# **************************************************************************
# mysql root用户、密码、主机
db_root_user=root
db_root_password=password
db_host=localhost
# DB UserId used for the Ranger schema
#会以下面的信息建一个ranger的库
#
db_name=ranger
db_user=ranger
db_password=Ranger_1234
# change password. Password for below mentioned users can be changed only once using this property.
#PLEASE NOTE :: Password should be minimum 8 characters with min one alphabet and one numeric.
rangerAdmin_password=Ranger_1234
rangerTagsync_password=Ranger_1234
rangerUsersync_password=Ranger_1234
keyadmin_password=Ranger_1234
#------------------------- DB CONFIG - END ----------------------------------
#
# ------- PolicyManager CONFIG ----------------
#
# admin 的url
policymgr_external_url=http://localhost:6080
policymgr_http_enabled=true
policymgr_https_keystore_file=
policymgr_https_keystore_keyalias=rangeradmin
policymgr_https_keystore_password=Ranger_1234
进行setup
./setup.sh
可能会遇到以下问题:
ERROR 1418 (HY000): This function has none of DETERMINISTIC, NO SQL,or READS SQL DATA in its declaration and binary logging is enabled(you might want to use the less safe log_bin_trust_function_creators variable)
解决办法
注意python版本,需要Python2 不能用Python3,否则报错。
启动Ranger控制台:
./ews/ranger-admin-services.sh start
安装 ranger-usersync
ranger-usersync是用户同步插件,支持从unix系统或者LDAP中同步用户到ranger中进行权限管控。
解压插件到指定目录并修改安装配置文件
tar -zxvf ranger-2.0.0-usersync.tar.gz -C /opt/ranger
cd /opt/ranger/ranger-2.0.0-usersync
vim install.properties
#配置ranger admin的地址
POLICY_MGR_URL = http://localhost:6080
#同步源系统类型
SYNC_SOURCE = unix
#同步间隔时间 单位分钟 unix默认5 ldap 默认360
SYNC_INTERVAL = 5
#usersync程序运行的用户和用户组
unix_user=ranger
unix_group=ranger
#修改rangerusersync用户的密码。注意,此密码应与Ranger admin中install.properties的rangerusersync_password相同。
rangerUsersync_password=Ranger_1234
初始化并启动服务:
./setup.sh
./ranger-usersync-services.sh start
安装 ranger-hdfs-plugin
把安装包分发给hadoop集群的所有主机
tar -zxvf ranger-2.0.0-hdfs-plugin.tar.gz -C /opt/ranger
cd /opt/ranger/ranger-2.0.0-hdfs-plugin
vim install.properties
# policy manager url 及 rang admin地址
POLICY_MGR_URL=http://localhost:6080
#resource name 相当于集群唯一的标识,后面在控制台配置插件时使用
REPOSITORY_NAME=hadoopdev
# hadoop的安装目录
COMPONENT_INSTALL_DIR_NAME=/opt/bigdata/hadoop/
激活插件
./enable-hdfs-plugin.sh
安装ranger-hdfs-plugin
只需要在装有hiveserver2的主机上安装此插件
tar -zxvf ranger-2.0.0-hive-plugin.tar.gz -C /opt/ranger
cd /opt/ranger/ranger-2.0.0-hive-plugin
vim install.properties
# policy manager url 及 rang admin地址
POLICY_MGR_URL=http://localhost:6080
#resource name 相当于集群唯一的标识,后面在控制台配置插件时使用
REPOSITORY_NAME=hive
# hive的安装目录
COMPONENT_INSTALL_DIR_NAME=/opt/bigdata/hadoop/
激活插件
./enable-hive-plugin.sh
Reference
https://www.cnblogs.com/swordfall/p/11887317.html
https://blog.csdn.net/weixin_38586230/article/details/105725346?utm_medium=distribute.pc_relevant.none-task-blog-BlogCommendFromMachineLearnPai2-1.nonecase&depth_1-utm_source=distribute.pc_relevant.none-task-blog-BlogCommendFromMachineLearnPai2-1.nonecase