Tag : ranger-installation

Apache Ranger installation and Configuration in HDP2.2

Apache Ranger installation and Configuration in HDP2.2

 

In this tutorial I am going to cover how to install and configure Ranger on hortonworks hadoop platform 2.2.

 

What is Ranger?

 

It provides central security policy administration in a Hadoop environment. It covers 3 aspects:

 

Authentication : by the Apache Knox Gateway via the HTTP/REST API

Authorization : Fine-grained access control provides flexibility in defining policies on:

  1. folder and file level, via HDFS
  2. database, table and column level, via Hive
  3. table, column family and column level, via HBase

 

Audit          : Controls access into the system via extensive user access auditing in HDFS, Hive and HBase

 

Installation and Configuration:

 

Let us first see what are the available Ranger packages (optional)

Note – plugins below with orange colour are currently available for ranger.

[root@hdpcm ~]# yum search ranger

Loaded plugins: fastestmirror, priorities, security

Loading mirror speeds from cached hostfile

* base: centos.bytenet.in

* extras: centos.bytenet.in

* updates: centos.bytenet.in

================================================================= N/S Matched: ranger =================================================================

ranger.noarch : ranger HDP virtual package

ranger-admin.noarch : ranger-admin HDP virtual package

ranger-debuginfo.noarch : ranger-debuginfo HDP virtual package

ranger-hbase-plugin.noarch : ranger-hbase-plugin HDP virtual package

ranger-hdfs-plugin.noarch : ranger-hdfs-plugin HDP virtual package

ranger-hive-plugin.noarch : ranger-hive-plugin HDP virtual package

ranger-knox-plugin.noarch : ranger-knox-plugin HDP virtual package

ranger-storm-plugin.noarch : ranger-storm-plugin HDP virtual package

ranger-usersync.noarch : ranger-usersync HDP virtual package

ranger_2_2_0_0_2041-admin.x86_64 : Web Interface for Ranger

ranger_2_2_0_0_2041-debuginfo.x86_64 : Debug information for package ranger_2_2_0_0_2041

ranger_2_2_0_0_2041-hbase-plugin.x86_64 : ranger plugin for hbase

ranger_2_2_0_0_2041-hdfs-plugin.x86_64 : ranger plugin for hdfs

ranger_2_2_0_0_2041-hive-plugin.x86_64 : ranger plugin for hive

ranger_2_2_0_0_2041-knox-plugin.x86_64 : ranger plugin for knox

ranger_2_2_0_0_2041-storm-plugin.x86_64 : ranger plugin for storm

ranger_2_2_0_0_2041-usersync.x86_64 : Synchronize User/Group information from Corporate LD/AD or Unix

 

Name and summary matches only, use “search all” for everything.

 

Now let us start –

Step 1: Go ahead and install Ranger

  1. yum install ranger-admin
  2. yum install ranger-usersync
  3. yum install ranger-hdfs-plugin
  4. yum install ranger-hive-plugin
  5. set JAVA_HOME

 

export JAVA_HOME=/usr/jdk64/jdk1.7.0_67 (substitute this with jdk path on your system)

echo “export JAVA_HOME=/usr/jdk64/jdk1.7.0_67″ >> ~/.bashrc

 

Step2: Set up the ranger admin UI

 

We need to run the setup script present at “/usr/hdp/current/ranger-admin” location. It will –

 

  1. add ranger user and group.
  2. set up ranger DB (Please ensure you know your MySQL root password since it will ask for it while setting up the ranger DB)
  3. create rangeradmin and rangerlogger MySQL users with appropriate grants.

 

Besides MySQL root password, whenever it prompts for password for setting up ranger and audit DB, please enter ‘hortonworks’ or anything else you wish. Just remember it for future use.

 

[root@hdpcm ranger-admin]# pwd

/usr/hdp/current/ranger-admin

 

[root@hdpcm ranger-admin]# ./setup.sh

[2015/03/31 15:58:41]:   ——— Running XASecure PolicyManager Web Application Install Script ———

[2015/03/31 15:58:41]: [I] uname=Linux

[2015/03/31 15:58:41]: [I] hostname=hdpcm.dm.com

[2015/03/31 15:58:41]: [I] DB_FLAVOR=MYSQL

~

~

~

Installation of XASecure PolicyManager Web Application is completed.

 

Step 3: Start ranger-admin service

 

[root@hdpcm ews]# pwd

/usr/hdp/current/ranger-admin/ews

 

[root@hdpcm ews]# sh start-ranger-admin.sh

Apache Ranger Admin has started

[root@hdpcm ews]#

 

Logs available at : /usr/hdp/current/ranger-admin/ews/logs

 

Step 4: Setup up ranger-usersync

By default it will sync UNIX users to the Ranger UI. You can also sync it with LDAP. This article syncs UNIX users.

 

  1. Edit /usr/hdp/current/ranger-usersync/install.properties file.
  2. Update “POLICY_MGR_URL” to point to your ranger host:

POLICY_MGR_URL = http://<IP of your Ranger host>:6080

 

Now run /usr/hdp/current/ranger-usersync/setup.sh

 

Step 5: Start the ranger-usersync service

 

[root@hdpcm ranger-usersync]# pwd

/usr/hdp/current/ranger-usersync

 

[root@hdpcm ranger-usersync]# sh start.sh

Starting UnixAuthenticationService

UnixAuthenticationService has started successfully.

 

Congratulations!! You have installed and configured Ranger successfully :)

 

Now Login to the Ranger Web UI by hitting below URL:

http://<ranger-host>:6080

 

Default password for admin user is “admin”. Once you login you can change this admin password via profile settings

 

1

 

Once you log in successfully, you will see below page:

 

2

 

In next article, I will discuss more about setting up policies for HDFS/Hive etc. via Ranger. Stay tuned for more updates! :-)

 

Please feel free to comment or email me if you have any questions or doubts.

facebooktwittergoogle_plusredditpinterestlinkedinmailby feather