文章目录
一、编译ranger(node12)
- 需要编译的包,我都已经在我上传的资源包https://download.csdn.net/download/weixin_40496191/87358396
- 安装依赖软件:yum -y install wget git gcc gcc-c++ make autoconf automake libtool sharutils asciidoc xmlto cmake unzip zip
- 安装jdk1.8
- 安装maven1)创建文件夹并且进入:mkdir /home/hadoop/maven -->cd /home/hadoop/maven2)下载:wget https://archive.apache.org/dist/maven/maven-3/3.3.9/binaries/apache-maven-3.3.9-bin.tar.gz3)解压:tar -zxvf apache-maven-3.3.9-bin.tar.gz4)配置环境变量:vi /etc/profile
export MAVEN_HOME=/home/hadoop/maven/apache-maven-3.3.9export PATH=${PATH}:${MAVEN_HOME}/bin:/usr/local/python3/bin
5)刷新环境变量:source /etc/profile6)测试:mvn -version7)设置仓库:vi /home/hadoop/maven/apache-maven-3.3.9/conf/settings.xml - 安装python(root用户)1)环境设置:yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel libffi-devel 2)创建文件夹并且进入:mkdir /home/hadoop/python–>cd /home/hadoop/python3)下载:wget https://www.python.org/ftp/python/3.7.1/Python-3.7.1.tgz4)解压:tar -xvf Python-3.7.1.tgz5)创建目录: mkdir -p /usr/local/python36)进入目录:cd /home/hadoop/python/Python-3.7.17)安装:./configure --prefix=/usr/local/python38)编译:make9)编译成功后,编译安装:make install10)检查python3.7的编译器:/usr/local/python3/bin/python3.711)建立Python3和pip3的软链:ln -s /usr/local/python3/bin/python3 /usr/bin/python3、ln -s /usr/local/python3/bin/pip3 /usr/bin/pip312)配置环境变量:vi /etc/profile
export PATH=$PATH:$HOME/bin:/usr/local/python3/bin
13)刷新环境变量(root用户和hadoop用户):source /etc/profile14) python3测试 - 上传包至/home/hadoop/ranger
- 解压:tar -xvf apache-ranger-2.2.0.tar.gz
- 编译:mvn clean install -DskipTests -Denforcer.skip=true
- 在target底下找到ranger-2.2.0-admin.tar.gz包,即为服务安装包。包括其他需要使用的插件包也在此目录底下!
- 供参考
JDK8 用于运行RangerAdmin、RangerKMSPython2.7 用于Ranger自动化安装Git 用于Ranger编译Maven3.6 用于Ranger编译RDMS 用于存储授权策略,存储Ranger用户/组,存储审核日志Solr(可选) 存储日志Kerberos(可选) 确保所有请求都被认证
二、安装前环境准备(node12)
- 上传相关包到/home/hadoop/rpm
- 安装:rpm -Uvh --force --nodeps *.rpm
- 安装python(见第一步)
- 安装mysql,需要安装在跟ranger同一台服务器。可以使用之前hadoop集群安装的mysql
三、安装RangerAdmin(node12)(root)
- 新建文件夹:mkdir /opt/Solr
- 进入:cd /opt/Solr
- 上传solr-8.3.0.tgz包
- 解压:tar -xvf solr-8.3.0.tgz
- 新建文件夹:mkdir /opt/RangerAdmin
- 进入:cd /opt/RangerAdmin
- 上传ranger-2.2.0-admin.tar.gz包
- 解压:tar -xvf ranger-2.2.0-admin.tar.gz
- 创建数据库和用户
mysql -uroot -pffcsict123
CREATE DATABASE ranger DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
grant all privileges on ranger.* to ranger@‘%’ identified by ‘ffcsict123’;
set GLOBAL max_connections=1000;
报错:Your password does not satisfy the current policy requirements
解决:密码过于简单,可以设置复杂点,也可以降低密码复杂度:set global validate_password_policy=LOW;
11. 修改配置文件:vi /opt/RangerAdmin/ranger-2.2.0-admin/contrib/solr_for_audit_setup/install.properties
```java
#配置JAVA路径
JAVA_HOME=/opt/jdk/jdk1.8.0_291
#审计日志保存的最大天数,默认为90天
MAX_AUDIT_RETENTION_DAYS=90
#联网下载,默认为false
SOLR_INSTALL=false
solr安装目录
SOLR_INSTALL_FOLDER=/opt/Solr/solr-8.3.0
solr对接ranger的服务
SOLR_RANGER_HOME=/opt/Solr/solr-8.3.0/ranger_audit_server
solr连接ranger的端口
SOLR_RANGER_PORT=6083
solr部署模式
SOLR_DEPLOYMENT=standalone
solr数据存储目录
SOLR_RANGER_DATA_FOLDER=/opt/Solr/solr-8.3.0/ranger_audit_server/data
solr单机部署,故为空
SOLR_ZK=
上传驱动包到/opt/RangerAdmin/ranger-2.2.0-admin:mysql-connector-java-5.1.31.jar
vi /opt/RangerAdmin/ranger-2.2.0-admin/install.properties
#mysql驱动
SQL_CONNECTOR_JAR=/opt/RangerAdmin/ranger-2.2.0-admin/mysql-connector-java-5.1.35.jar
#mysql的主机名和root用户的用户名密码
db_root_user=root
db_root_password=ffcsict123
db_host=localhost
#ranger需要的数据库名和用户信息,需要和之前创建的信息要一一对应
db_name=ranger
db_user=ranger
db_password=ffcsict123
#其他ranger admin需要的用户密码(最少8个字符)
rangerAdmin_password=ffcsict123
rangerTagsync_password=ffcsict123
rangerUsersync_password=ffcsict123
keyadmin_password=ffcsict123
#ranger存储审计日志的路径和url,默认为solr
audit_store=solr
audit_solr_urls=http://node12:6083/solr/ranger_audits
#策略管理器的url,rangeradmin安装在哪台机器,主机名就为对应的主机名
policymgr_external_url=http://node12:6080
#启动ranger admin进程的linux用户信息
unix_user=hadoop
unix_user_pwd=ffcsict123
unix_group=hadoop
#hadoop的配置文件目录
hadoop_conf=/home/hadoop/module/hadoop-3.2.2/etc/hadoop
- 初始化solr安装脚本(root用户):
cd /opt/RangerAdmin/ranger-2.2.0-admin/contrib/solr_for_audit_setup/
./setup.sh
启动单机版solr:/opt/Solr/solr-8.3.0/ranger_audit_server/scripts/start_solr.sh
登陆网页查看是否启动成功:http://192.168.248.12:6083/solr/#/
日志查看:cat /opt/Solr/solr-8.3.0/ranger_audit_server/install_notes.txt
初始化ranger-admin脚本(需要使用root用户)
ps1:需要保证当前节点有mysql驱动包
ps2:需要python3环境
cd /opt/RangerAdmin/ranger-2.2.0-admin
./setup.sh
- 修改conf目录配置文件:vi /opt/RangerAdmin/ranger-2.2.0-admin/ews/webapp/WEB-INF/classes/conf/ranger-admin-site.xml
<property>
<name>ranger.jpa.jdbc.password</name>
<value>ffcsict123</value>
<description />
</property>
<property>
<name>ranger.service.host</name>
<value>node12</value>
</property>
启动ranger-admin:ranger-admin start
登陆网页查看是否启动成功:http://192.168.248.12:6080 admin/ffcsict123
四、安装RangerUsersync(node12)
RangerUsersync作为Ranger提供的一个管理模块,可以将Linux机器上的用户和组信息同步到RangerAdmin的数据库中进行管理!
新建文件夹:mkdir /opt/RangerUsersync
进入:cd /opt/RangerUsersync
上传之前编译后的包:ranger-2.2.0-usersync.tar.gz
解压:tar -xvf ranger-2.2.0-usersync.tar.gz
修改配置文件:vi /opt/RangerUsersync/ranger-2.2.0-usersync/install.properties
#rangeradmin的url
POLICY_MGR_URL =http://node12:6080
#同步间隔时间,单位(分钟)
SYNC_INTERVAL = 1
#运行此进程的linux用户
unix_user=hadoop
unix_group=hadoop
#rangerUserSync的用户密码,参考rangeradmin中install.properties的配置
rangerUsersync_password=ffcsict123
#hadoop的配置文件目录
hadoop_conf=/home/hadoop/module/hadoop-3.2.2/etc/hadoop
- 初始化ranger-usersync脚本(root用户)
cd /opt/RangerUsersync/ranger-2.2.0-usersync/./setup.sh
- 修改conf配置文件:vi /etc/ranger/usersync/conf/ranger-ugsync-site.xmlps:默认参数ranger.usersync.enabled为false,不同步用户,如果需要同步用户则改为true
<property><name>ranger.usersync.enabled</name><value>true</value></property>
- 查看ranger用户
- 启动ranger-usersync:ranger-usersync start
- 再次查看ranger用户成功!
五、Ranger Hive-plugin(node10)
ps:需要跟hive同一台,如果多台考虑配置多次
- 新建文件夹:mkdir /home/hadoop/RangerHive
- 进入:cd /home/hadoop/RangerHive
- 上传之前编译后的包:ranger-2.2.0-hive-plugin.tar.gz
- 解压:tar -xvf ranger-2.2.0-hive-plugin.tar.gz
- 修改配置:vi /home/hadoop/RangerHive/ranger-2.2.0-hive-plugin/inistall.propreties
#策略管理器的url地址POLICY_MGR_URL=http://node12:6080#组件名称可以自定义REPOSITORY_NAME=rangerhive#hive的安装目录COMPONENT_INSTALL_DIR_NAME=/home/hadoop/module/hive#hive组件的启动用户CUSTOM_USER=hadoop#hive组件启动用户所属组CUSTOM_GROUP=hadoop
- 将hive配置文件软连接到Ranger Hive-plugin目录下:ln -s /home/hadoop/module/hive/conf /home/hadoop/RangerHive/ranger-2.2.0-hive-plugin
- 拷贝jar包:
cp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/htrace-core4-4.1.0-incubating.jar /home/hadoop/RangerHive/ranger-2.2.0-hive-plugin/install/lib
- 使用root用户启动Ranger Hive-plugin(root用户)
cd /home/hadoop/RangerHive/ranger-2.2.0-hive-plugin./enable-hive-plugin.sh #关闭./disable-hive-plugin.sh
- 会在hive的conf目录下生成配置文件hiveserver2-site.xml,重启hiveserver2生效
六、Ranger Hdfs-plugin(node10、11)
ps:需要跟namenode同一台,如果多台考虑配置多次
- 新建文件夹:mkdir /home/hadoop/RangerHdfs
- 进入:cd /home/hadoop/RangerHdfs
- 上传之前编译后的包:ranger-2.2.0-hdfs-plugin.tar.gz
- 解压:tar -xvf ranger-2.2.0-hdfs-plugin.tar.gz
- 修改配置:vi /home/hadoop/RangerHdfs/ranger-2.2.0-hdfs-plugin/inistall.propreties
#策略管理器的url地址POLICY_MGR_URL=http://node12:6080#组件名称可以自定义REPOSITORY_NAME=rangerhdfs#hdfs的安装目录COMPONENT_INSTALL_DIR_NAME=/home/hadoop/module/hadoop-3.2.2#hdfs组件的启动用户CUSTOM_USER=hadoop#hdfs组件启动用户所属组CUSTOM_GROUP=hadoop
- 创建软连接:ln -s /home/hadoop/module/hadoop-3.2.2/etc/hadoop /home/hadoop/RangerHdfs/ranger-2.2.0-hdfs-plugin/conf
- 拷贝jar包
cp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/htrace-core4-4.1.0-incubating.jar /home/hadoop/RangerHdfs/ranger-2.2.0-hdfs-plugin/install/libcp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/commons-lang3-3.7.jar /home/hadoop/RangerHdfs/ranger-2.2.0-hdfs-plugin/install/libcp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/commons-compress-1.19.jar /home/hadoop/RangerHdfs/ranger-2.2.0-hdfs-plugin/install/lib
- 启动Ranger Hive-plugin(root用户)
cd /home/hadoop/RangerHdfs/ranger-2.2.0-hdfs-plugin./enable-hdfs-plugin.sh #关闭./disable-hdfs-plugin.sh还需要删除hadoop配置文件中ranger相关的配置文件,并且删除hdfs-site.xml中插件添加的相关配置。
- 使用hadoop用户,限制根目录只允许当前用户访问操作:hdfs dfs -chmod 700 /
- 重启hdfs生效
七、Ranger Hbase-plugin(所有)
ps:所有的服务器都需要,因为查询表走的是Hmaster,但是查询数据及其他相关操作走的是HRegionServer
- 新建文件夹:mkdir /home/hadoop/RangerHbase
- 进入:cd /home/hadoop/RangerHbase
- 上传之前编译后的包:ranger-2.2.0-hbase-plugin.tar.gz
- 解压:tar -xvf ranger-2.2.0-hbase-plugin.tar.gz
- 修改配置:vi /home/hadoop/RangerHbase/ranger-2.2.0-hbase-plugin/install.properties
#策略管理器的url地址POLICY_MGR_URL=http://node12:6080#组件名称可以自定义REPOSITORY_NAME=rangerhbase#hdfs的安装目录COMPONENT_INSTALL_DIR_NAME=/home/hadoop/hbase/hbase-2.1.0XAAUDIT.SOLR.ENABLE=trueXAAUDIT.SOLR.URL=http://node12:6083/solr/ranger_audits#hdfs组件的启动用户CUSTOM_USER=hadoop#hdfs组件启动用户所属组CUSTOM_GROUP=hadoop
- 创建软连接:ln -s /home/hadoop/hbase/hbase-2.1.0/conf /home/hadoop/RangerHbase/ranger-2.2.0-hbase-plugin/conf
- 拷贝jar包
cp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/commons-lang3-3.7.jar /home/hadoop/RangerHbase/ranger-2.2.0-hbase-plugin/install/libcp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/commons-compress-1.19.jar /home/hadoop/RangerHbase/ranger-2.2.0-hbase-plugin/install/lib
- 拷贝hbase-protocol-2.3.5.jar包到/home/hadoop/hbase/hbase-2.1.0/lib,并且移除原来的hbase-protocol-2.1.0.jar
- 启动Ranger Hbase-plugin(root用户)
cd /home/hadoop/RangerHbase/ranger-2.2.0-hbase-plugin./enable-hbase-plugin.sh #关闭./disable-hdfs-plugin.sh还需要删除hadoop配置文件中ranger相关的配置文件,并且删除hdfs-site.xml中插件添加的相关配置。
- 赋权:chown -R hadoop /opt、chmod 755 /home/hadoop -R
- 重启hbase生效
八、Ranger Yarn-plugin(node10、11)
ps:需要跟resourceManager同一台,如果多台考虑配置多次
- 新建文件夹:mkdir /home/hadoop/RangerYarn
- 进入:cd /home/hadoop/RangerYarn
- 上传之前编译后的包:ranger-2.2.0-yarn-plugin.tar.gz
- 解压:tar -xvf ranger-2.2.0-yarn-plugin.tar.gz
- 修改配置:vi /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin/inistall.propreties
POLICY_MGR_URL=http://node12:6080REPOSITORY_NAME=rangeryarnCOMPONENT_INSTALL_DIR_NAME=/home/hadoop/module/hadoop-3.2.2CUSTOM_USER=hadoopCUSTOM_GROUP=hadoop
- 创建软连接:ln -s /home/hadoop/module/hadoop-3.2.2/etc/hadoop /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin/conf
- 拷贝jar包
cp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/slf4j-api-1.7.25.jar /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin/install/libcp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/slf4j-log4j12-1.7.25.jar /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin/install/libcp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/log4j-1.2.17.jar /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin/install/libcp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/commons-lang3-3.7.jar /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin/install/libcp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/htrace-core4-4.1.0-incubating.jar /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin/install/libcp /home/hadoop/module/hadoop-3.2.2/share/hadoop/common/lib/commons-compress-1.19.jar /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin/install/lib
- 启动Ranger Hive-plugin(root用户)
cd /home/hadoop/RangerYarn/ranger-2.2.0-yarn-plugin./enable-yarn-plugin.sh #关闭./disable-yarn-plugin.sh还需要删除hadoop配置文件中ranger相关的配置文件,并且删除yarn-site.xml中插件添加的相关配置。
- 修改配置文件:vi /home/hadoop/module/hadoop-3.2.2/etc/hadoop/ranger-yarn-security.xml,添加配置
<property><name>ranger.add-yarn-authorization</name><value>false</value></property>
- 重启yarn生效
版权归原作者 懒惰の天真热 所有, 如有侵权,请联系我们删除。