作者:櫰木
在hd1.dtstack.com主机上执行
在hmaster和back master上进行安装和执行
- 解压ranger-2.3.0-hbase-plugin
[[email protected] ranger-plugin]# cd /root/bigdata[[email protected] ranger-plugin]# tar -zvxf ranger-2.3.0-hbase-plugin -C /opt
- 配置ranger hbase插件的install.properties
[[email protected] ranger-2.3.0-hbase-plugin]# cat >install.properties<<EOF# Licensed to the Apache Software Foundation (ASF) under one or more# contributor license agreements. See the NOTICE file distributed with# this work for additional information regarding copyright ownership.# The ASF licenses this file to You under the Apache License, Version 2.0# (the "License"); you may not use this file except in compliance with# the License. You may obtain a copy of the License at## http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an "AS IS" BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License.## Location of Policy Manager URL ## Example:# POLICY_MGR_URL=http://policymanager.xasecure.net:6080#
POLICY_MGR_URL=http://hd1.dtstack.com:6080## This is the repository name created within policy manager## Example:# REPOSITORY_NAME=hbasedev#
REPOSITORY_NAME=hbasedev
## HBase configuration directory## Example:# COMPONENT_INSTALL_DIR_NAME=/var/local/hbase-1.1.5#
COMPONENT_INSTALL_DIR_NAME=/opt/hbase
# AUDIT configuration with V3 properties#Should audit be summarized at source
XAAUDIT.SUMMARY.ENABLE=true# Enable audit logs to Solr#Example#XAAUDIT.SOLR.ENABLE=true#XAAUDIT.SOLR.URL=http://localhost:6083/solr/ranger_audits#XAAUDIT.SOLR.ZOOKEEPER=#XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hbase/audit/solr/spool#XAAUDIT.SOLR.ENABLE=false#XAAUDIT.SOLR.URL=http://hd1.dtstack.com:8983/solr/ranger_audits#XAAUDIT.SOLR.USER=NONE#XAAUDIT.SOLR.PASSWORD=NONE#XAAUDIT.SOLR.ZOOKEEPER=hd1:2181,hd2:2181,hd3:2181/ranger_audits#XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/hdfs/audit/solr/spool# Enable audit logs to ElasticSearch#Example#XAAUDIT.ELASTICSEARCH.ENABLE=true#XAAUDIT.ELASTICSEARCH.URL=localhost#XAAUDIT.ELASTICSEARCH.INDEX=audit
XAAUDIT.ELASTICSEARCH.ENABLE=false
XAAUDIT.ELASTICSEARCH.URL=NONE
XAAUDIT.ELASTICSEARCH.USER=NONE
XAAUDIT.ELASTICSEARCH.PASSWORD=NONE
XAAUDIT.ELASTICSEARCH.INDEX=NONE
XAAUDIT.ELASTICSEARCH.PORT=NONE
XAAUDIT.ELASTICSEARCH.PROTOCOL=NONE
# Enable audit logs to HDFS#Example#XAAUDIT.HDFS.ENABLE=true#XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.example.com:8020/ranger/audit# If using Azure Blob Storage#XAAUDIT.HDFS.HDFS_DIR=wasb[s]://<containername>@<accountname>.blob.core.windows.net/<path>#XAAUDIT.HDFS.HDFS_DIR=wasb://[email protected]/ranger/audit#XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/hbase/audit/hdfs/spool
XAAUDIT.HDFS.ENABLE=false
XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit
XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/hbase/audit/hdfs/spool
# Following additional propertis are needed When auditing to Azure Blob Storage via HDFS# Get these values from your /etc/hadoop/conf/core-site.xml#XAAUDIT.HDFS.HDFS_DIR=wasb[s]://<containername>@<accountname>.blob.core.windows.net/<path>
XAAUDIT.HDFS.AZURE_ACCOUNTNAME=__REPLACE_AZURE_ACCOUNT_NAME
XAAUDIT.HDFS.AZURE_ACCOUNTKEY=__REPLACE_AZURE_ACCOUNT_KEY
XAAUDIT.HDFS.AZURE_SHELL_KEY_PROVIDER=__REPLACE_AZURE_SHELL_KEY_PROVIDER
XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
#Log4j Audit Provider
XAAUDIT.LOG4J.ENABLE=false
XAAUDIT.LOG4J.IS_ASYNC=false
XAAUDIT.LOG4J.ASYNC.MAX.QUEUE.SIZE=10240
XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS=30000
XAAUDIT.LOG4J.DESTINATION.LOG4J=true
XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER=xaaudit
# Enable audit logs to Amazon CloudWatch Logs#Example#XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=true#XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=ranger_audits#XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM={instance_id}#XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=/var/log/hive/audit/amazon_cloudwatch/spool
XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=false
XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=NONE
XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=NONE
XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=NONE
XAAUDIT.AMAZON_CLOUDWATCH.REGION=NONE
# End of V3 properties## Audit to HDFS Configuration## If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens# that start with __REPLACE__ with appropriate values# XAAUDIT.HDFS.IS_ENABLED=true# XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%# XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/hbase/audit/%app-type%# XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/hbase/audit/archive/%app-type%## Example:# XAAUDIT.HDFS.IS_ENABLED=true# XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://namenode.example.com:8020/ranger/audit/%app-type%/%time:yyyyMMdd%# XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=/var/log/hbase/audit/%app-type%# XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=/var/log/hbase/audit/archive/%app-type%#
XAAUDIT.HDFS.IS_ENABLED=false
XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/hbase/audit/%app-type%
XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/hbase/audit/archive/%app-type%
XAAUDIT.HDFS.DESTINTATION_FILE=%hostname%-audit.log
XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900
XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400
XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60
XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log
XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60
XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600
XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10#Solr Audit Provider
XAAUDIT.SOLR.IS_ENABLED=false
XAAUDIT.SOLR.MAX_QUEUE_SIZE=1
XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000
XAAUDIT.SOLR.SOLR_URL=http://localhost:6083/solr/ranger_audits# End of V2 properties## SSL Client Certificate Information## Example:# SSL_KEYSTORE_FILE_PATH=/etc/hbase/conf/ranger-plugin-keystore.jks# SSL_KEYSTORE_PASSWORD=none# SSL_TRUSTSTORE_FILE_PATH=/etc/hbase/conf/ranger-plugin-truststore.jks# SSL_TRUSTSTORE_PASSWORD=none## You do not need use SSL between agent and security admin tool, please leave these sample value as it is.#
SSL_KEYSTORE_FILE_PATH=/etc/hbase/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/hbase/conf/ranger-plugin-truststore.jks
SSL_TRUSTSTORE_PASSWORD=changeit
## Should HBase GRANT/REVOKE update XA policies?## Example:# UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true# UPDATE_XAPOLICIES_ON_GRANT_REVOKE=false#
UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true## Custom component user# CUSTOM_COMPONENT_USER=<custom-user># keep blank if component user is default
CUSTOM_USER=hbase
## Custom component group# CUSTOM_COMPONENT_GROUP=<custom-group># keep blank if component group is default
CUSTOM_GROUP=hadoop
EOF
- 初始化ranger hbase
[[email protected] ranger-2.3.0-hbase-plugin]# ./enable-hbase-plugin.sh
- 重启hbase服务
[[email protected]~]$ sh stop-habse.sh
[[email protected]~]$ sh start-habse.sh
- Ranger admin页面配置hbase
访问地址:http://hd1.dtstack.com:6080/
用户密码:admin/rangerAdmin123
测试连通性,连接成功后保存即可
#在core-site.xml查看此参数
hadoop.security.authentication: Kerberos
在hbase-site.xml中查看此参数
hbase.master.kerberos.principal:hbase/[email protected]
hbase.zookeeper.property.clientPort: 2181
hbase.zookeeper.quorum: hd1.dtstack.com,hd2.dtstack.com,hd3.dtstack.com
zookeeper.znode.parent : /hbase11
#下载策略
policy.download.auth.users: hdfs
更多技术信息请查看云掣官网https://yunche.pro/?t=yrgw
本文转载自: https://blog.csdn.net/weixin_43756308/article/details/136445522
版权归原作者 云掣YUNCHE 所有, 如有侵权,请联系我们删除。
版权归原作者 云掣YUNCHE 所有, 如有侵权,请联系我们删除。