847-505-9933 | +91 20 66446300 info@datametica.com

Apache Ranger installation and Configuration in HDP2.2

In this tutorial, I am going to cover how to install and configure Ranger on hortonworks hadoop platform 2.2.

What is Ranger?

It provides central security policy administration in a Hadoop environment. It covers 3 aspects:

Authentication : by the Apache Knox Gateway via the HTTP/REST API
Authorization : Fine-grained access control provides flexibility in defining policies on:
1. folder and file level, via HDFS
2. database, table and column level, via Hive
3. table, column family and column level, via HBase

Audit : Controls access into the system via extensive user access auditing in HDFS, Hive and HBase

Installation and Configuration:

Let us first see what are the available Ranger packages (optional)

[root@hdpcm ~]# yum search ranger
Loaded plugins: fastestmirror, priorities, security
Loading mirror speeds from cached hostfile
* base: centos.bytenet.in
* extras: centos.bytenet.in
* updates: centos.bytenet.in
================================================================= N/S Matched: ranger =================================================================
ranger.noarch : ranger HDP virtual package
ranger-admin.noarch : ranger-admin HDP virtual package
ranger-debuginfo.noarch : ranger-debuginfo HDP virtual package
ranger-hbase-plugin.noarch : ranger-hbase-plugin HDP virtual package
ranger-hdfs-plugin.noarch : ranger-hdfs-plugin HDP virtual package
ranger-hive-plugin.noarch : ranger-hive-plugin HDP virtual package
ranger-knox-plugin.noarch : ranger-knox-plugin HDP virtual package
ranger-storm-plugin.noarch : ranger-storm-plugin HDP virtual package
ranger-usersync.noarch : ranger-usersync HDP virtual package
ranger_2_2_0_0_2041-admin.x86_64 : Web Interface for Ranger
ranger_2_2_0_0_2041-debuginfo.x86_64 : Debug information for package ranger_2_2_0_0_2041
ranger_2_2_0_0_2041-hbase-plugin.x86_64 : ranger plugin for hbase
ranger_2_2_0_0_2041-hdfs-plugin.x86_64 : ranger plugin for hdfs
ranger_2_2_0_0_2041-hive-plugin.x86_64 : ranger plugin for hive
ranger_2_2_0_0_2041-knox-plugin.x86_64 : ranger plugin for knox
ranger_2_2_0_0_2041-storm-plugin.x86_64 : ranger plugin for storm
ranger_2_2_0_0_2041-usersync.x86_64 : Synchronize User/Group information from Corporate LD/AD or Unix

Name and summary matches only, use “search all” for everything.

Now let us start
Step 1: Go ahead and install Ranger
1. yum install ranger-admin
2. yum install ranger-usersync
3. yum install ranger-hdfs-plugin
4. yum install ranger-hive-plugin
5. set JAVA_HOME

export JAVA_HOME=/usr/jdk64/jdk1.7.0_67 (substitute this with jdk path on your system)
echo “export JAVA_HOME=/usr/jdk64/jdk1.7.0_67″ >> ~/.bashrc
Step2: Set up the ranger admin UI

We need to run the setup script present at “/usr/hdp/current/ranger-admin” location. It will –

1. add ranger user and group.
2. set up ranger DB (Please ensure you know your MySQL root password since it will ask for it while setting up the ranger DB)
3. create rangeradmin and rangerlogger MySQL users with appropriate grants.

Besides MySQL root password, whenever it prompts for password for setting up ranger and audit DB, please enter ‘hortonworks’ or anything else you wish. Just remember it for future use.

[root@hdpcm ranger-admin]# pwd
/usr/hdp/current/ranger-admin

[root@hdpcm ranger-admin]# ./setup.sh
[2015/03/31 15:58:41]: ——— Running XASecure PolicyManager Web Application Install Script ———
[2015/03/31 15:58:41]: [I] uname=Linux
[2015/03/31 15:58:41]: [I] hostname=hdpcm.dm.com
[2015/03/31 15:58:41]: [I] DB_FLAVOR=MYSQL
~
~
~
Installation of XASecure PolicyManager Web Application is completed.

Step 3: Start ranger-admin service

[root@hdpcm ews]# pwd
/usr/hdp/current/ranger-admin/ews

[root@hdpcm ews]# sh start-ranger-admin.sh
Apache Ranger Admin has started
[root@hdpcm ews]#

Logs available at : /usr/hdp/current/ranger-admin/ews/logs

Step 4: Setup up ranger-usersync
By default it will sync UNIX users to the Ranger UI. You can also sync it with LDAP. This article syncs UNIX users.

1. Edit /usr/hdp/current/ranger-usersync/install.properties file.
2. Update “POLICY_MGR_URL” to point to your ranger host:
POLICY_MGR_URL = http://IP of your Ranger host:6080

Now run /usr/hdp/current/ranger-usersync/setup.sh

Step 5: Start the ranger-usersync service

[root@hdpcm ranger-usersync]# pwd
/usr/hdp/current/ranger-usersync

[root@hdpcm ranger-usersync]# sh start.sh
Starting UnixAuthenticationService
UnixAuthenticationService has started successfully.

Congratulations!! You have installed and configured Ranger successfully :)

Now Login to the Ranger Web UI by hitting below URL:

http://ranger-host:6080

Default password for admin user is “admin”. Once you login you can change this admin password via profile settings
Arti 1

Once you log in successfully, you will see below page:
Arti2

In next article, I will discuss more about setting up policies for HDFS/Hive etc. via Ranger. Stay tuned for more updates! :-)

By Arti Wadhwani

Leave a Comment

POST COMMENT Back to Top
*
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.