文章目录
- 一、编译ranger(node12)
- 二、安装前环境准备(node12)
- 三、安装RangerAdmin(node12)(root)
- 五、Ranger Hive-plugin(node10)
- 六、Ranger Hdfs-plugin(node10、11)
- 七、Ranger Hbase-plugin(所有)
- 八、Ranger Yarn-plugin(node10、11)
一、编译ranger(node12)
-
需要编译的包,我都已经在我上传的资源包https://download.csdn.net/download/weixin_40496191/87358396
-
安装依赖软件:yum -y install wget git gcc gcc-c++ make autoconf automake libtool sharutils asciidoc xmlto cmake unzip zip
-
安装jdk1.8
-
安装maven
1)创建文件夹并且进入:mkdir /home/hadoop/maven -->cd /home/hadoop/maven
2)下载:wget https://archive.apache.org/dist/maven/maven-3/3.3.9/binaries/apache-maven-3.3.9-bin.tar.gz
3)解压:tar -zxvf apache-maven-3.3.9-bin.tar.gz
4)配置环境变量:vi /etc/profile
export MAVEN_HOME=/home/hadoop/maven/apache-maven-3.3.9 export PATH=${PATH}:${MAVEN_HOME}/bin:/usr/local/python3/bin
5)刷新环境变量:source /etc/profile
6)测试:mvn -version
7)设置仓库:vi /home/hadoop/maven/apache-maven-3.3.9/conf/settings.xml
-
安装python(root用户)
1)环境设置:yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel libffi-devel
2)创建文件夹并且进入:mkdir /home/hadoop/python–>cd /home/hadoop/python3)下载:wget https://www.python.org/ftp/python/3.7.1/Python-3.7.1.tgz
4)解压:tar -xvf Python-3.7.1.tgz
5)创建目录: mkdir -p /usr/local/python3
6)进入目录:cd /home/hadoop/python/Python-3.7.1
7)安装:./configure --prefix=/usr/local/python3
8)编译:make
9)编译成功后,编译安装:make install
10)检查python3.7的编译器:/usr/local/python3/bin/python3.7
11)建立Python3和pip3的软链:ln -s /usr/local/python3/bin/python3 /usr/bin/python3、ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3
12)配置环境变量:vi /etc/profile
export PATH=$PATH:$HOME/bin:/usr/local/python3/bin
13)刷新环境变量(root用户和hadoop用户):source /etc/profile
14) python3测试
-
上传包至/home/hadoop/ranger
-
解压:tar -xvf apache-ranger-2.2.0.tar.gz
-
编译:mvn clean install -DskipTests -Denforcer.skip=true
-
在target底下找到ranger-2.2.0-admin.tar.gz包,即为服务安装包。包括其他需要使用的插件包也在此目录底下!
-
供参考
JDK8 用于运行RangerAdmin、RangerKMS Python2.7 用于Ranger自动化安装 Git 用于Ranger编译 Maven3.6 用于Ranger编译 RDMS 用于存储授权策略,存储Ranger用户/组,存储审核日志 Solr(可选) 存储日志 Kerberos(可选) 确保所有请求都被认证
二、安装前环境准备(node12)
- 上传相关包到/home/hadoop/rpm
- 安装:rpm -Uvh --force --nodeps *.rpm
- 安装python(见第一步)
- 安装mysql,需要安装在跟ranger同一台服务器。可以使用之前hadoop集群安装的mysql
三、安装RangerAdmin(node12)(root)
-
新建文件夹:mkdir /opt/Solr
-
进入:cd /opt/Solr
-
上传solr-8.3.0.tgz包
-
解压:tar -xvf solr-8.3.0.tgz
-
新建文件夹:mkdir /opt/RangerAdmin
-
进入:cd /opt/RangerAdmin
-
上传ranger-2.2.0-admin.tar.gz包
-
解压:tar -xvf ranger-2.2.0-admin.tar.gz
-
创建数据库和用户
mysql -uroot -pffcsict123
CREATE DATABASE ranger DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
grant all privileges on ranger.* to ranger@‘%’ identified by ‘ffcsict123’;
set GLOBAL max_connections=1000;
报错:Your password does not satisfy the current policy requirements
解决:密码过于简单,可以设置复杂点,也可以降低密码复杂度:set global validate_password_policy=LOW;
11. 修改配置文件:vi /opt/RangerAdmin/ranger-2.2.0-admin/contrib/solr_for_audit_setup/install.properties
```java
#配置JAVA路径
JAVA_HOME=/opt/jdk/jdk1.8.0_291
#审计日志保存的最大天数,默认为90天
MAX_AUDIT_RETENTION_DAYS=90
#联网下载,默认为false
SOLR_INSTALL=false
solr安装目录
SOLR_INSTALL_FOLDER=/opt/Solr/solr-8.3.0
solr对接ranger的服务
SOLR_RANGER_HOME=/opt/Solr/solr-8.3.0/ranger_audit_server
solr连接ranger的端口
SOLR_RANGER_PORT=6083
solr部署模式
SOLR_DEPLOYMENT=standalone
solr数据存储目录
SOLR_RANGER_DATA_FOLDER=/opt/Solr/solr-8.3.0/ranger_audit_server/data
solr单机部署,故为空
SOLR_ZK=
```
12. 上传驱动包到/opt/RangerAdmin/ranger-2.2.0-admin:mysql-connector-java-5.1.31.jar
13. vi /opt/RangerAdmin/ranger-2.2.0-admin/install.properties
```java
#mysql驱动
SQL_CONNECTOR_JAR=/opt/RangerAdmin/ranger-2.2.0-admin/mysql-connector-java-5.1.35.jar
#mysql的主机名和root用户的用户名密码
db_root_user=root
db_root_password=ffcsict123
db_host=localhost
#ranger需要的数据库名和用户信息,需要和之前创建的信息要一一对应
db_name=ranger
db_user=ranger
db_password=ffcsict123
#其他ranger admin需要的用户密码(最少8个字符)
rangerAdmin_password=ffcsict123
rangerTagsync_password=ffcsict123
rangerUsersync_password=ffcsict123
keyadmin_password=ffcsict123
#ranger存储审计日志的路径和url,默认为solr
audit_store=solr
audit_solr_urls=http://node12:6083/solr/ranger_audits
#策略管理器的url,rangeradmin安装在哪台机器,主机名就为对应的主机名
policymgr_external_url=http://node12:6080
#启动ranger admin进程的linux用户信息
unix_user=hadoop
unix_user_pwd=ffcsict123
unix_group=hadoop
#hadoop的配置文件目录
hadoop_conf=/home/hadoop/module/hadoop-3.2.2/etc/hadoop
```
14. 初始化solr安装脚本(root用户):
```java
cd /opt/RangerAdmin/ranger-2.2.0-admin/contrib/solr_for_audit_setup/
./setup.sh
```
15. 启动单机版solr:/opt/Solr/solr-8.3.0/ranger_audit_server/scripts/start_solr.sh
16. 登陆网页查看是否启动成功:http://192.168.248.12:6083/solr/#/
17. 日志查看:cat /opt/Solr/solr-8.3.0/ranger_audit_server/install_notes.txt
18. 初始化ranger-admin脚本(需要使用root用户)
ps1:需要保证当前节点有mysql驱动包
ps2:需要python3环境
```java
cd /opt/RangerAdmin/ranger-2.2.0-admin
./setup.sh
```
19. 修改conf目录配置文件:vi /opt/RangerAdmin/ranger-2.2.0-admin/ews/webapp/WEB-INF/classes/conf/ranger-admin-site.xml
```jvava
<property>
<name>ranger.jpa.jdbc.password</name>
<value>ffcsict123</value>
<description />
</property>
<property>
<name>ranger.service.host</name>
<value>node12</value>
</property>
```
20. 启动ranger-admin:ranger-admin start
21. 登陆网页查看是否启动成功:http://192.168.248.12:6080 admin/ffcsict123
## 四、安装RangerUsersync(node12)
RangerUsersync作为Ranger提供的一个管理模块,可以将Linux机器上的用户和组信息同步到RangerAdmin的数据库中进行管理!
1. 新建文件夹:mkdir /opt/RangerUsersync
2. 进入:cd /opt/RangerUsersync
3. 上传之前编译后的包:ranger-2.2.0-usersync.tar.gz
4. 解压:tar -xvf ranger-2.2.0-usersync.tar.gz
5. 修改配置文件:vi /opt/RangerUsersync/ranger-2.2.0-usersync/install.properties
```java
#rangeradmin的url
POLICY_MGR_URL =http://node12:6080
#同步间隔时间,单位(分钟)
SYNC_INTERVAL = 1
#运行此进程的linux用户
unix_user=hadoop
unix_group=hadoop
#rangerUserSync的用户密码,参考rangeradmin中install.properties的配置
rangerUsersync_password=ffcsict123
#hadoop的配置文件目录
hadoop_conf=/home/hadoop/module/hadoop-3.2.2/etc/hadoop
-
初始化ranger-usersync脚本(root用户)
cd /opt/RangerUsersync/ranger-2.2.0-usersync/ ./setup.sh
-
修改conf配置文件:vi /etc/ranger/usersync/conf/ranger-ugsync-site.xml
ps:默认参数ranger.usersync.enabled为false,不同步用户,如果需要同步用户则改为true
<property> <name>ranger.usersync.enabled</name> <value>true</value> </property>
-
查看ranger用户
-
启动ranger-usersync:ranger-usersync start
-
再次查看ranger用户
成功!
五、Ranger Hive-plugin(node10)
ps:需要跟hive同一台,如果多台考虑配置多次
-
新建文件夹:mkdir /home/hadoop/RangerHive
-
进入:cd /home/hadoop/RangerHive
-
上传之前编译后的包:ranger-2.2.0-hive-plugin.tar.gz
-
解压:tar -xvf ranger-2.2.0-hive-plugin.tar.gz
-
修改配置:vi /home/hadoop/RangerHive/ranger-2.2.0-hive-plugin/inistall.propreties
#策略管理器的url地址 POLICY_MGR_URL=http://node12:6080 #组件名称可以自定义 REPOSITORY_NAME=rangerhive #hive的安装目录 COMPONENT_INSTALL_DIR_NAME=/home/hadoop/module/hive #hive组件的启动用户 CUSTOM_USER=hadoop #hive组件启动用户所属组 CUSTOM_GROUP=hadoop
-
将hive配置文件软连接到Ranger Hive-plugin目录下:ln -s /home/hadoop/module/hive/conf /home/hadoop/RangerHive/ranger-2.2.0-hive-plugin
-
拷贝jar包:
cp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/htrace-core4-4.1.0-incubating.jar /home/hadoop/RangerHive/ranger-2.2.0-hive-plugin/install/lib
-
使用root用户启动Ranger Hive-plugin(root用户)
cd /home/hadoop/RangerHive/ranger-2.2.0-hive-plugin ./enable-hive-plugin.sh #关闭 ./disable-hive-plugin.sh
-
会在hive的conf目录下生成配置文件hiveserver2-site.xml,重启hiveserver2生效
六、Ranger Hdfs-plugin(node10、11)
ps:需要跟namenode同一台,如果多台考虑配置多次
-
新建文件夹:mkdir /home/hadoop/RangerHdfs
-
进入:cd /home/hadoop/RangerHdfs
-
上传之前编译后的包:ranger-2.2.0-hdfs-plugin.tar.gz
-
解压:tar -xvf ranger-2.2.0-hdfs-plugin.tar.gz
-
修改配置:vi /home/hadoop/RangerHdfs/ranger-2.2.0-hdfs-plugin/inistall.propreties
#策略管理器的url地址 POLICY_MGR_URL=http://node12:6080 #组件名称可以自定义 REPOSITORY_NAME=rangerhdfs #hdfs的安装目录 COMPONENT_INSTALL_DIR_NAME=/home/hadoop/module/hadoop-3.2.2 #hdfs组件的启动用户 CUSTOM_USER=hadoop #hdfs组件启动用户所属组 CUSTOM_GROUP=hadoop
-
创建软连接:ln -s /home/hadoop/module/hadoop-3.2.2/etc/hadoop /home/hadoop/RangerHdfs/ranger-2.2.0-hdfs-plugin/conf
-
拷贝jar包
cp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/htrace-core4-4.1.0-incubating.jar /home/hadoop/RangerHdfs/ranger-2.2.0-hdfs-plugin/install/lib cp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/commons-lang3-3.7.jar /home/hadoop/RangerHdfs/ranger-2.2.0-hdfs-plugin/install/lib cp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/commons-compress-1.19.jar /home/hadoop/RangerHdfs/ranger-2.2.0-hdfs-plugin/install/lib
-
启动Ranger Hive-plugin(root用户)
cd /home/hadoop/RangerHdfs/ranger-2.2.0-hdfs-plugin ./enable-hdfs-plugin.sh #关闭 ./disable-hdfs-plugin.sh 还需要删除hadoop配置文件中ranger相关的配置文件,并且删除hdfs-site.xml中插件添加的相关配置。
-
使用hadoop用户,限制根目录只允许当前用户访问操作:hdfs dfs -chmod 700 /
-
重启hdfs生效
七、Ranger Hbase-plugin(所有)
ps:所有的服务器都需要,因为查询表走的是Hmaster,但是查询数据及其他相关操作走的是HRegionServer
-
新建文件夹:mkdir /home/hadoop/RangerHbase
-
进入:cd /home/hadoop/RangerHbase
-
上传之前编译后的包:ranger-2.2.0-hbase-plugin.tar.gz
-
解压:tar -xvf ranger-2.2.0-hbase-plugin.tar.gz
-
修改配置:vi /home/hadoop/RangerHbase/ranger-2.2.0-hbase-plugin/install.properties
#策略管理器的url地址 POLICY_MGR_URL=http://node12:6080 #组件名称可以自定义 REPOSITORY_NAME=rangerhbase #hdfs的安装目录 COMPONENT_INSTALL_DIR_NAME=/home/hadoop/hbase/hbase-2.1.0 XAAUDIT.SOLR.ENABLE=true XAAUDIT.SOLR.URL=http://node12:6083/solr/ranger_audits #hdfs组件的启动用户 CUSTOM_USER=hadoop #hdfs组件启动用户所属组 CUSTOM_GROUP=hadoop
-
创建软连接:ln -s /home/hadoop/hbase/hbase-2.1.0/conf /home/hadoop/RangerHbase/ranger-2.2.0-hbase-plugin/conf
-
拷贝jar包
cp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/commons-lang3-3.7.jar /home/hadoop/RangerHbase/ranger-2.2.0-hbase-plugin/install/lib cp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/commons-compress-1.19.jar /home/hadoop/RangerHbase/ranger-2.2.0-hbase-plugin/install/lib
-
拷贝hbase-protocol-2.3.5.jar包到/home/hadoop/hbase/hbase-2.1.0/lib,并且移除原来的hbase-protocol-2.1.0.jar
-
启动Ranger Hbase-plugin(root用户)
cd /home/hadoop/RangerHbase/ranger-2.2.0-hbase-plugin ./enable-hbase-plugin.sh #关闭 ./disable-hdfs-plugin.sh 还需要删除hadoop配置文件中ranger相关的配置文件,并且删除hdfs-site.xml中插件添加的相关配置。
-
赋权:chown -R hadoop /opt、chmod 755 /home/hadoop -R
-
重启hbase生效
八、Ranger Yarn-plugin(node10、11)
ps:需要跟resourceManager同一台,如果多台考虑配置多次
-
新建文件夹:mkdir /home/hadoop/RangerYarn
-
进入:cd /home/hadoop/RangerYarn
-
上传之前编译后的包:ranger-2.2.0-yarn-plugin.tar.gz
-
解压:tar -xvf ranger-2.2.0-yarn-plugin.tar.gz
-
修改配置:vi /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin/inistall.propreties
POLICY_MGR_URL=http://node12:6080 REPOSITORY_NAME=rangeryarn COMPONENT_INSTALL_DIR_NAME=/home/hadoop/module/hadoop-3.2.2 CUSTOM_USER=hadoop CUSTOM_GROUP=hadoop
-
创建软连接:ln -s /home/hadoop/module/hadoop-3.2.2/etc/hadoop /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin/conf
-
拷贝jar包
cp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/slf4j-api-1.7.25.jar /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin/install/lib cp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/slf4j-log4j12-1.7.25.jar /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin/install/lib cp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/log4j-1.2.17.jar /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin/install/lib cp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/commons-lang3-3.7.jar /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin/install/lib cp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/htrace-core4-4.1.0-incubating.jar /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin/install/lib cp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/commons-compress-1.19.jar /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin/install/lib
-
启动Ranger Hive-plugin(root用户)
cd /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin ./enable-yarn-plugin.sh #关闭 ./disable-yarn-plugin.sh 还需要删除hadoop配置文件中ranger相关的配置文件,并且删除yarn-site.xml中插件添加的相关配置。
-
修改配置文件:vi /home/hadoop/module/hadoop-3.2.2/etc/hadoop/ranger-yarn-security.xml,添加配置
<property> <name>ranger.add-yarn-authorization</name> <value>false</value> </property>
-
重启yarn生效