0
0

开源大数据集群部署(十三)Ranger 集成Trino

作者:櫰木

1、安装ranger trino插件

在trino的coordinator节点部署

  • 解压ranger-2.3.0-trino-plugin.tar.gz
[[email protected] ]#tar -zxvf ranger-2.3.0-trino-plugin.tar.gz -C /opt
  • 配置ranger trino插件文件install.properties,内容如下 :
# Licensed to the Apache Software Foundation (ASF) under one or more# contributor license agreements.  See the NOTICE file distributed with# this work for additional information regarding copyright ownership.# The ASF licenses this file to You under the Apache License, Version 2.0# (the "License"); you may not use this file except in compliance with# the License.  You may obtain a copy of the License at##     http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an "AS IS" BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License.## Location of Policy Manager URL## Example:# POLICY_MGR_URL=http://policymanager.xasecure.net:6080#POLICY_MGR_URL=http://hd1.dtstack.com:6080/
 
## This is the repository name created within policy manager## Example:# REPOSITORY_NAME=trinodev#REPOSITORY_NAME=trinodev
 
# Configure INSTALL_ENV=docker if running trino in docker environment#INSTALL_ENV=docker## Name of the directory where the component's lib and conf directory exist.# This location should be relative to the parent of the directory containing# the plugin installation files.#COMPONENT_INSTALL_DIR_NAME=/opt/trino
 
# Enable audit logs to SolrXAAUDIT.SUMMARY.ENABLE=false
#Example#XAAUDIT.SOLR.ENABLE=true#XAAUDIT.SOLR.URL=http://localhost:6083/solr/ranger_audits#XAAUDIT.SOLR.ZOOKEEPER=#XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/trino/audit/solr/spoolXAAUDIT.SOLR.ENABLE=false
XAAUDIT.SOLR.URL=http://hd1.dtstack.com:8983/solr/ranger_audits
XAAUDIT.SOLR.USER=NONE
XAAUDIT.SOLR.PASSWORD=NONE
XAAUDIT.SOLR.ZOOKEEPER=hd1:2181,hd2:2181,hd3:2181/ranger_audits
XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/trino/audit/solr/spool
 
# Enable audit logs to ElasticSearch#Example#XAAUDIT.ELASTICSEARCH.ENABLE=true#XAAUDIT.ELASTICSEARCH.URL=localhost#XAAUDIT.ELASTICSEARCH.INDEX=auditXAAUDIT.ELASTICSEARCH.ENABLE=false
XAAUDIT.ELASTICSEARCH.URL=NONE
XAAUDIT.ELASTICSEARCH.USER=NONE
XAAUDIT.ELASTICSEARCH.PASSWORD=NONE
XAAUDIT.ELASTICSEARCH.INDEX=NONE
XAAUDIT.ELASTICSEARCH.PORT=NONE
XAAUDIT.ELASTICSEARCH.PROTOCOL=NONE
 
# Enable audit logs to HDFS#Example#XAAUDIT.HDFS.ENABLE=true#XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.example.com:8020/ranger/audit#  If using Azure Blob Storage#XAAUDIT.HDFS.HDFS_DIR=wasb[s]://<containername>@<accountname>.blob.core.windows.net/<path>#XAAUDIT.HDFS.HDFS_DIR=wasb://[email protected]/ranger/audit#XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/trino/audit/hdfs/spoolXAAUDIT.HDFS.ENABLE=false
XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit
XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/trino/audit/hdfs/spool
 
# Following additional propertis are needed When auditing to Azure Blob Storage via HDFS# Get these values from your /etc/hadoop/conf/core-site.xml#XAAUDIT.HDFS.HDFS_DIR=wasb[s]://<containername>@<accountname>.blob.core.windows.net/<path>XAAUDIT.HDFS.AZURE_ACCOUNTNAME=__REPLACE_AZURE_ACCOUNT_NAME
XAAUDIT.HDFS.AZURE_ACCOUNTKEY=__REPLACE_AZURE_ACCOUNT_KEY
XAAUDIT.HDFS.AZURE_SHELL_KEY_PROVIDER=__REPLACE_AZURE_SHELL_KEY_PROVIDER
XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
 
#Log4j Audit ProviderXAAUDIT.LOG4J.ENABLE=false
XAAUDIT.LOG4J.IS_ASYNC=false
XAAUDIT.LOG4J.ASYNC.MAX.QUEUE.SIZE=10240XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS=30000XAAUDIT.LOG4J.DESTINATION.LOG4J=true
XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER=xaaudit
 
# Enable audit logs to Amazon CloudWatch Logs#Example#XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=true#XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=ranger_audits#XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM={instance_id}#XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=/var/log/hive/audit/amazon_cloudwatch/spoolXAAUDIT.AMAZON_CLOUDWATCH.ENABLE=false
XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=NONE
XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=NONE
XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=NONE
XAAUDIT.AMAZON_CLOUDWATCH.REGION=NONE
 
# End of V3 properties##  Audit to HDFS Configuration## If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens# that start with __REPLACE__ with appropriate values#  XAAUDIT.HDFS.IS_ENABLED=true#  XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%#  XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/trino/audit#  XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/trino/audit/archive## Example:#  XAAUDIT.HDFS.IS_ENABLED=true#  XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://namenode.example.com:8020/ranger/audit/%app-type%/%time:yyyyMMdd%#  XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=/var/log/trino/audit#  XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=/var/log/trino/audit/archive#XAAUDIT.HDFS.IS_ENABLED=false
XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/trino/audit
XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/trino/audit/archive
 
XAAUDIT.HDFS.DESTINTATION_FILE=%hostname%-audit.log
XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log
XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10#Solr Audit ProviderXAAUDIT.SOLR.IS_ENABLED=false
XAAUDIT.SOLR.MAX_QUEUE_SIZE=1XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000XAAUDIT.SOLR.SOLR_URL=http://localhost:6083/solr/ranger_audits
 
# End of V2 properties## SSL Client Certificate Information## Example:# SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks# SSL_KEYSTORE_PASSWORD=none# SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks# SSL_TRUSTSTORE_PASSWORD=none## You do not need use SSL between agent and security admin tool, please leave these sample value as it is.#SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
SSL_TRUSTSTORE_PASSWORD=changeit
 
## Custom component user# CUSTOM_COMPONENT_USER=<custom-user># keep blank if component user is defaultCUSTOM_USER=trino
 
 
## Custom component group# CUSTOM_COMPONENT_GROUP=<custom-group># keep blank if component group is defaultCUSTOM_GROUP=hadoop

2、初始化插件

[[email protected] ranger-2.3.0-trno-plugin]# ./enable-trnio-plugin.sh

在这里插入图片描述

4、验证插件是否生效

通过查看/opt/trino/etc/access-control.properties。
添加

access-control.name=ranger
ranger.principal=trino/[email protected]
ranger.keytab=/etc/security/keytab/trino.keytab

软链core-site.xml到trino的etc目录下

ln-s /opt/hadoop/etc/hadoop/core-site.xml core-site.xml

在这里插入图片描述

5、Ranger web界面配置trino

访问地址:http://hd2.dtstack.com:6080/

用户密码:admin/rangerAdmin123

在这里插入图片描述
username 对应值:trino
jdbc.driverClassName对应值:io.trino.jdbc.TrinoDriver
jdbc.url对应值:jdbc:trino://hd1.dtstack.com:18080/catalog
tag.download.auth.users:trino
policy.download.auth.users:trino
在这里插入图片描述
点解测试连接
在这里插入图片描述
显示连接成功,配置正确,保存退出。
在这里插入图片描述
点击主页刚添加的trino
在这里插入图片描述
至此,ranger集成trino完成
Trino 用户策略授权。以test用户为例
首先需要添加对应的catalog权限
在这里插入图片描述
在这里插入图片描述
添加tableschema权限
在这里插入图片描述
在这里插入图片描述
添加用户表的权限
在这里插入图片描述
在这里插入图片描述
进行验证
trino-cli --server hd1.dtstack.com:18080 --catalog=hive --schema=test --user test
在这里插入图片描述
在这里插入图片描述
更多技术信息请查看云掣官网https://yunche.pro/?t=yrgw

标签: 开源 大数据
本文转载自: https://blog.csdn.net/weixin_43756308/article/details/136364842
版权归原作者 云掣YUNCHE 所有, 如有侵权,请联系我们删除。
登录后发布评论

“开源大数据集群部署(十三)Ranger 集成Trino”的评论:

还没有评论
关于作者
...
overfit同步小助手
文章同步
相关阅读

网络安全法-网络运行安全

使用selenium/drissionpage时如何阻止chrome自动跳转http到https

docker desktop 里部署的Open WebUI 管理员密码忘记了的处理方法

在ubuntu20.04中搭建onsite比赛运行环境

利用开源的低代码表单设计器FcDesigner高效管理和渲染复杂表单结构

Kafka学习笔记

【前端】浏览器输入url到页面呈现发生了什么?

文章导航