How to enable Ranger Admin High Availability
It is useful to enable Ranger Admin High availability, since, it would help in having access to Policy Manager even if one of the Ranger Admin is down. This document provides steps to enable Ranger Admin HA [High Availability] using an example. To configure Ranger Admin HA, it is also required to configure Load Balancing in Linux.
Example Setup Details
Component | Hostname | IP Address |
---|---|---|
Ambari Server | hiveenv.hwxblr.com | 10.0.1.26 |
Existing Ranger Admin Node | hn1.hwxblr.com | 10.0.1.27 |
New Ranger Admin Node | hn2.hwxblr.com | 10.0.1.29 |
Load Balancer Node | hn3.hwxblr.com | 10.0.1.28 |
Version details for the Example
# hadoop version
Hadoop 2.7.1.2.3.2.0-2950
Subversion git@github.com:hortonworks/hadoop.git -r 5cc60e0003e33aa98205f18bccaeaf36cb193c1c
Compiled by jenkins on 2015-09-30T18:08Z
Compiled with protoc 2.5.0
From source with checksum 69a3bf8c667267c2c252a54fbbf23d
This command was run using /usr/hdp/2.3.2.0-2950/hadoop/lib/hadoop-common-2.7.1.2.3.2.0-2950.jar
# uname -a
Linux hn1.hwxblr.com 3.10.0-327.13.1.el7.x86_64 #1 SMP Thu Mar 31 16:04:38 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/redhat-release
CentOS release 6.7 (Final)
Pre-requisites
1. If this is a fresh installation of Ranger, follow Installing Ranger Over Ambari and complete Ranger Service installation with one Ranger Admin, for example, on node hn1.hwxblr.com
2. If this is an existing installation, Cluster should have only one Ranger Admin component installed. If there are more than one installed, they need to be removed using Ambari API’s.
3. Complete Load balancing configuration for Linux as described in the below article . In the following example, load balancer is installed in hn3.hwxblr.com at port number 6080.
4. The load balancer node should not have any Ranger components installed.
Load balancing configuration for Linux
HAProxy is not available by default in CentOS and RedHat. To enable HAProxy in the Linux system, following steps could be done:
1. HAProxy is installed by EPEL RPM. Add the following RPM’s to repository:
CentOS/RHEL 5 , 32 bit:
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
CentOS/RHEL 5 , 64 bit:
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
CentOS/RHEL 6 , 32 bit:
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
CentOS/RHEL 6 , 64 bit:
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
2. Install HAProxy
# yum install haproxy
3. Starting the HAProxy server:
# service haproxy start
4. To make the HAProxy service persist through reboots
# chkconfig haproxy on
5. To reload the Service post changes to haproxy.cfg
# service haproxy reload
6. Configure haproxy.cfg in the Load Balancing Node haproxy.cfg should have the entries to resolve load balancer node to the Ranger Admin nodes. Consider for example the configurations in the Environment table above, the entries in /etc/haproxy/haproxy.cfg would be as follows:
#---------------------------------------------------------------------
# round robin balancing between Ranger HA
#---------------------------------------------------------------------
frontend haproxy
bind 10.0.1.28:6080
reqadd X-Forwarded-Proto:\ http
default_backend ranger_ha
backend ranger_ha 10.0.1.28:6080
balance roundrobin
mode http
stats enable
stats hide-version
stats uri /stats
stats realm Haproxy\ Statistics
stats auth haproxy:redhat
option httpchk
option httpclose
option forwardfor
cookie LB insert
server hn1.hwxblr.com 10.0.1.27:6080 cookie A check
server hn2.hwxblr.com 10.0.1.29:6080 check
Configuring Ranger Admin HA
1. Use Ambari Ranger-configs to update the Policy Manager external URL to point to the load balancer URL in the Ranger Settings. This would update all Ranger Admin clients (Ranger UserSync and Ranger plug-ins). For example,
2. Save the above and Restart Ranger services as suggested by Ambari.
3. In Ambari Ranger Services, click on Service Actions and choose Enable Ranger Admin HA.
4. In the Wizard provide the Load balancer external URL, for example, http://hn3.hwxblr.com:6080
5. Select additional Ranger Admin, for example hn2.hwxblr.com.
6. Proceed with Installation.
7. Once the installation completes, the two Ranger Admin’s would be displayed in Ambari Ranger-Server page and Service Action would have Enable Ranger Admin HA greyed out.
8. To access the Ranger console, invoke the Load Balancer URL:Port, for example, http://hn3.hwxblr.com:6080
Test Ranger Admin HA
As per the configuration above, the load balancer would look up the two Ranger Admin nodes configured in a round robin fashion and resolve to the one which is alive.
To test, bring down one of the two Ranger Admin nodes alternatively and invoke the Load Balancer URL, for example, bring down node hn1.hwxblr.com and attempt to view the Policy Manager Console using the Load balancer URL: http://hn3.hwxblr.com:6080
REFERENCE
Configuring Ranger Configuration High Availability







