RANGER-4898: docker setup updated to use kerberos authentication

Author: mneethiraj

dev-support/ranger-docker/.env

@@ -8,9 +8,9 @@ BUILD_OPTS=
 # DockerHub Ranger Base Image
 RANGER_BASE_IMAGE=apache/ranger-base
 # Java version used to run Ranger and dependent services is present as suffix: -8, valid values for suffix: -8, -11, -17
-RANGER_BASE_VERSION=20250707-1-8
+RANGER_BASE_VERSION=20251023-1-8
 # Java version used to build Apache Ranger is present as suffix: -8, valid values for suffix: -8, -11, -17
-RANGER_BASE_BUILD_VERSION=20250707-1-8
+RANGER_BASE_BUILD_VERSION=20251023-1-8
 RANGER_VERSION=3.0.0-SNAPSHOT
 
 # Hadoop Configuration
@@ -53,6 +53,14 @@ SOLR_VERSION=8.11.2
 # Zookeeper Configuration
 ZK_VERSION=3.8.4
 
+# Kerberos
+KERBEROS_ENABLED=true
+KERBEROS_REALM=EXAMPLE.COM
+KERBEROS_KDC_HOST=ranger-kdc.example.com
+KERBEROS_MASTER_PASSWORD=rangerR0cks!
+KERBEROS_ADMIN_PRINCIPAL=admin/admin
+KERBEROS_ADMIN_PASSWORD=rangerR0cks!
+
 # Database Versions
 POSTGRES_VERSION=13.16
 MARIADB_VERSION=10.6

dev-support/ranger-docker/Dockerfile.ranger

@@ -29,6 +29,9 @@ COPY ./dist/ranger-${RANGER_VERSION}-admin.tar.gz /home/ranger/dist/
 COPY ./scripts/ranger.sh                                         ${RANGER_SCRIPTS}/
 COPY ./scripts/ranger-admin-install-${RANGER_DB_TYPE}.properties ${RANGER_SCRIPTS}/ranger-admin-install.properties
 COPY ./scripts/create-ranger-services.py                         ${RANGER_SCRIPTS}/
+COPY ./scripts/core-site.xml                                     ${RANGER_SCRIPTS}/
+COPY ./scripts/create_principal_and_keytab.sh                    ${RANGER_SCRIPTS}/
+COPY ./config/kdc/krb5.conf                                      /etc/krb5.conf
 
 RUN    tar xvfz /home/ranger/dist/ranger-${RANGER_VERSION}-admin.tar.gz --directory=${RANGER_HOME} \
     && ln -s ${RANGER_HOME}/ranger-${RANGER_VERSION}-admin ${RANGER_HOME}/admin \
@@ -37,7 +40,7 @@ RUN    tar xvfz /home/ranger/dist/ranger-${RANGER_VERSION}-admin.tar.gz --direct
     && mkdir -p /var/run/ranger \
     && mkdir -p /var/log/ranger \
     && chown -R ranger:ranger ${RANGER_HOME}/admin/ ${RANGER_SCRIPTS}/ /var/run/ranger/ /var/log/ranger/ \
-    && chmod 755 ${RANGER_SCRIPTS}/ranger.sh \
+    && chmod 755 ${RANGER_SCRIPTS}/ranger.sh ${RANGER_SCRIPTS}/create_principal_and_keytab.sh \
     && mkdir -p /usr/share/java/
 
 FROM ranger AS ranger_postgres

dev-support/ranger-docker/Dockerfile.ranger-hadoop

@@ -33,8 +33,14 @@ COPY ./downloads/apache-tez-${TEZ_VERSION}-bin.tar.gz        /home/ranger/dist/
 COPY ./scripts/ranger-hadoop-setup.sh                   /home/ranger/scripts/
 COPY ./scripts/ranger-hadoop.sh                         /home/ranger/scripts/
 COPY ./scripts/ranger-hadoop-mkdir.sh                   /home/ranger/scripts/
+COPY ./scripts/ranger-hadoop-healthcheck.sh             /home/ranger/scripts/
 COPY ./scripts/ranger-hdfs-plugin-install.properties    /home/ranger/scripts/
 COPY ./scripts/ranger-yarn-plugin-install.properties    /home/ranger/scripts/
+COPY ./scripts/core-site.xml                            /home/ranger/scripts/
+COPY ./scripts/hdfs-site.xml                            /home/ranger/scripts/
+COPY ./scripts/yarn-site.xml                            /home/ranger/scripts/
+COPY ./scripts/create_principal_and_keytab.sh           /home/ranger/scripts/
+COPY ./config/kdc/krb5.conf                             /etc/krb5.conf
 
 RUN tar xvfz /home/ranger/dist/hadoop-${HADOOP_VERSION}.tar.gz --directory=/opt/ && \
     ln -s /opt/hadoop-${HADOOP_VERSION} /opt/hadoop && \
@@ -51,6 +57,10 @@ RUN tar xvfz /home/ranger/dist/hadoop-${HADOOP_VERSION}.tar.gz --directory=/opt/
     rm -f /home/ranger/dist/ranger-${YARN_PLUGIN_VERSION}-yarn-plugin.tar.gz && \
     cp -f /home/ranger/scripts/ranger-yarn-plugin-install.properties /opt/ranger/ranger-yarn-plugin/install.properties && \
     chmod 744 ${RANGER_SCRIPTS}/ranger-hadoop-setup.sh ${RANGER_SCRIPTS}/ranger-hadoop.sh ${RANGER_SCRIPTS}/ranger-hadoop-mkdir.sh && \
+    useradd -g hadoop -ms /bin/bash healthcheck && \
+    chmod 744 ${RANGER_SCRIPTS}/ranger-hadoop-healthcheck.sh && \
+    chmod 755 ${RANGER_SCRIPTS}/create_principal_and_keytab.sh && \
+    chown healthcheck:hadoop ${RANGER_SCRIPTS}/ranger-hadoop-healthcheck.sh && \
     chown hdfs:hadoop ${RANGER_SCRIPTS}/ranger-hadoop-mkdir.sh
 
 RUN apt-get update && \

dev-support/ranger-docker/Dockerfile.ranger-hbase

@@ -30,6 +30,9 @@ COPY ./scripts/ranger-hbase-setup.sh                     /home/ranger/scripts/
 COPY ./scripts/ranger-hbase.sh                           /home/ranger/scripts/
 COPY ./scripts/ranger-hbase-plugin-install.properties    /home/ranger/scripts/
 COPY ./scripts/hbase-site.xml                            /home/ranger/scripts/
+COPY ./scripts/core-site.xml                             /home/ranger/scripts/
+COPY ./scripts/create_principal_and_keytab.sh            /home/ranger/scripts/
+COPY ./config/kdc/krb5.conf                              /etc/krb5.conf
 
 RUN tar xvfz /home/ranger/dist/hbase-${HBASE_VERSION}-bin.tar.gz --directory=/opt/ && \
     ln -s /opt/hbase-${HBASE_VERSION} /opt/hbase && \
@@ -38,6 +41,7 @@ RUN tar xvfz /home/ranger/dist/hbase-${HBASE_VERSION}-bin.tar.gz --directory=/op
     ln -s /opt/ranger/ranger-${HBASE_PLUGIN_VERSION}-hbase-plugin /opt/ranger/ranger-hbase-plugin && \
     rm -f /home/ranger/dist/ranger-${HBASE_PLUGIN_VERSION}-hbase-plugin.tar.gz && \
     cp -f /home/ranger/scripts/ranger-hbase-plugin-install.properties /opt/ranger/ranger-hbase-plugin/install.properties && \
+    chmod 755 ${RANGER_SCRIPTS}/create_principal_and_keytab.sh && \
     chmod 744 ${RANGER_SCRIPTS}/ranger-hbase-setup.sh ${RANGER_SCRIPTS}/ranger-hbase.sh
 
 RUN apt-get update && \

dev-support/ranger-docker/Dockerfile.ranger-hive

@@ -39,6 +39,9 @@ COPY ./scripts/ranger-hive-setup.sh                     /home/ranger/scripts/
 COPY ./scripts/ranger-hive.sh                           /home/ranger/scripts/
 COPY ./scripts/ranger-hive-plugin-install.properties    /home/ranger/scripts/
 COPY ./scripts/hive-site-${RANGER_DB_TYPE}.xml          /home/ranger/scripts/hive-site.xml
+COPY ./scripts/core-site.xml                            /home/ranger/scripts/
+COPY ./scripts/create_principal_and_keytab.sh           /home/ranger/scripts/
+COPY ./config/kdc/krb5.conf                             /etc/krb5.conf
 
 RUN cd /opt && tar xzf /home/ranger/dist/apache-hive-${HIVE_VERSION}-bin.tar.gz && \
     ln -s /opt/apache-hive-${HIVE_VERSION}-bin /opt/hive && \
@@ -56,6 +59,7 @@ RUN cd /opt && tar xzf /home/ranger/dist/apache-hive-${HIVE_VERSION}-bin.tar.gz
     ln -s /opt/ranger/ranger-${HIVE_PLUGIN_VERSION}-hive-plugin /opt/ranger/ranger-hive-plugin && \
     rm -f /home/ranger/dist/ranger-${HIVE_PLUGIN_VERSION}-hive-plugin.tar.gz && \
     cp -f /home/ranger/scripts/ranger-hive-plugin-install.properties /opt/ranger/ranger-hive-plugin/install.properties && \
+    chmod 755 ${RANGER_SCRIPTS}/create_principal_and_keytab.sh && \
     chmod 744 ${RANGER_SCRIPTS}/ranger-hive-setup.sh ${RANGER_SCRIPTS}/ranger-hive.sh
 
 ENV HIVE_HOME=/opt/hive

dev-support/ranger-docker/Dockerfile.ranger-kafka

@@ -29,6 +29,10 @@ COPY ./downloads/kafka_2.12-${KAFKA_VERSION}.tgz               /home/ranger/dist
 COPY ./scripts/ranger-kafka-setup.sh                     /home/ranger/scripts/
 COPY ./scripts/ranger-kafka.sh                           /home/ranger/scripts/
 COPY ./scripts/ranger-kafka-plugin-install.properties    /home/ranger/scripts/
+COPY ./scripts/kafka-server-jaas.conf                    /home/ranger/scripts/
+COPY ./scripts/core-site.xml                             /home/ranger/scripts/
+COPY ./scripts/create_principal_and_keytab.sh            /home/ranger/scripts/
+COPY ./config/kdc/krb5.conf                              /etc/krb5.conf
 
 RUN tar xvfz /home/ranger/dist/kafka_2.12-${KAFKA_VERSION}.tgz --directory=/opt/ && \
     ln -s /opt/kafka_2.12-${KAFKA_VERSION} /opt/kafka && \
@@ -37,9 +41,9 @@ RUN tar xvfz /home/ranger/dist/kafka_2.12-${KAFKA_VERSION}.tgz --directory=/opt/
     ln -s /opt/ranger/ranger-${KAFKA_PLUGIN_VERSION}-kafka-plugin /opt/ranger/ranger-kafka-plugin && \
     rm -f /home/ranger/dist/ranger-${KAFKA_PLUGIN_VERSION}-kafka-plugin.tar.gz && \
     cp -f /home/ranger/scripts/ranger-kafka-plugin-install.properties /opt/ranger/ranger-kafka-plugin/install.properties && \
+    chmod 755 ${RANGER_SCRIPTS}/create_principal_and_keytab.sh && \
     chmod 744 ${RANGER_SCRIPTS}/ranger-kafka-setup.sh ${RANGER_SCRIPTS}/ranger-kafka.sh
 
-
 ENV KAFKA_HOME=/opt/kafka
 ENV PATH=/usr/java/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/kafka/bin
 

dev-support/ranger-docker/Dockerfile.ranger-kdc

@@ -0,0 +1,42 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG RANGER_BASE_JAVA_VERSION=8
+
+FROM eclipse-temurin:${RANGER_BASE_JAVA_VERSION}-jdk-jammy
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV REALM=EXAMPLE.COM
+ENV KDC_HOST=kdc.example.com
+ENV ADMIN_PRINCIPAL=admin/admin
+ENV ADMIN_PASSWORD=rangerR0cks!
+ENV MASTER_PASSWORD=rangerR0cks!
+
+# Install Kerberos components
+RUN apt-get update && \
+    apt-get install -y krb5-kdc krb5-admin-server krb5-user && \
+    rm -rf /var/lib/apt/lists/*
+
+# Copy configuration files
+COPY config/kdc/krb5.conf /etc/krb5.conf
+COPY config/kdc/kdc.conf /etc/krb5kdc/kdc.conf
+COPY config/kdc/kadm5.acl /etc/krb5kdc/kadm5.acl
+COPY config/kdc/entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+EXPOSE 88/tcp 88/udp 749/tcp
+
+ENTRYPOINT ["/entrypoint.sh"]

dev-support/ranger-docker/Dockerfile.ranger-kms

@@ -27,6 +27,9 @@ COPY ./dist/ranger-${KMS_VERSION}-kms.tar.gz                   /home/ranger/dist
 
 COPY ./scripts/ranger-kms.sh                                   ${RANGER_SCRIPTS}/
 COPY ./scripts/ranger-kms-install-${RANGER_DB_TYPE}.properties ${RANGER_SCRIPTS}/ranger-kms-install.properties
+COPY ./scripts/core-site.xml                                   ${RANGER_SCRIPTS}/
+COPY ./scripts/create_principal_and_keytab.sh                  ${RANGER_SCRIPTS}/
+COPY ./config/kdc/krb5.conf                                    /etc/krb5.conf
 
 RUN tar xvfz /home/ranger/dist/ranger-${KMS_VERSION}-kms.tar.gz --directory=${RANGER_HOME} && \
     ln -s ${RANGER_HOME}/ranger-${KMS_VERSION}-kms ${RANGER_HOME}/kms && \
@@ -40,6 +43,7 @@ RUN tar xvfz /home/ranger/dist/ranger-${KMS_VERSION}-kms.tar.gz --directory=${RA
     ln -s /etc/init.d/ranger-kms /etc/rc3.d/K90ranger-kms && \
     ln -s ${RANGER_HOME}/kms/ranger-kms-services.sh /usr/bin/ranger-kms-services.sh && \
     chown -R rangerkms:ranger ${RANGER_HOME}/kms/ ${RANGER_SCRIPTS}/ /var/run/ranger_kms/ /var/log/ranger/ /etc/ranger && \
+    chmod 755 ${RANGER_SCRIPTS}/create_principal_and_keytab.sh && \
     chmod 744 ${RANGER_SCRIPTS}/ranger-kms.sh
 
 FROM ranger-kms AS ranger_postgres

dev-support/ranger-docker/Dockerfile.ranger-knox

@@ -31,6 +31,8 @@ COPY ./scripts/ranger-knox.sh                           /home/ranger/scripts/
 COPY ./scripts/ranger-knox-plugin-install.properties    /home/ranger/scripts/
 COPY ./scripts/ranger-knox-expect.py                    /home/ranger/scripts/
 COPY ./scripts/ranger-knox-sandbox.xml                  /home/ranger/scripts/
+COPY ./scripts/create_principal_and_keytab.sh           /home/ranger/scripts/
+COPY ./config/kdc/krb5.conf                             /etc/krb5.conf
 
 RUN tar xvfz /home/ranger/dist/knox-${KNOX_VERSION}.tar.gz --directory=/opt/ && \
     ln -s /opt/knox-${KNOX_VERSION} /opt/knox && \
@@ -40,6 +42,7 @@ RUN tar xvfz /home/ranger/dist/knox-${KNOX_VERSION}.tar.gz --directory=/opt/ &&
     rm -f /home/ranger/dist/ranger-${KNOX_PLUGIN_VERSION}-knox-plugin.tar.gz && \
     cp -f /home/ranger/scripts/ranger-knox-plugin-install.properties /opt/ranger/ranger-knox-plugin/install.properties && \
     cp -f /home/ranger/scripts/ranger-knox-sandbox.xml /opt/knox/conf/topologies/sandbox.xml && \
+    chmod 755 ${RANGER_SCRIPTS}/create_principal_and_keytab.sh && \
     chmod 744 ${RANGER_SCRIPTS}/ranger-knox-setup.sh ${RANGER_SCRIPTS}/ranger-knox.sh ${RANGER_SCRIPTS}/ranger-knox-expect.py
 
 ENV KNOX_HOME=/opt/knox

dev-support/ranger-docker/Dockerfile.ranger-solr

@@ -19,8 +19,18 @@ FROM solr:${SOLR_VERSION}
 
 # Copy audit config set
 USER 0
-RUN  mkdir -p /opt/solr/server/solr/configsets/ranger_audits/conf
+RUN  mkdir -p /opt/solr/server/solr/configsets/ranger_audits/conf /home/ranger/scripts
 COPY config/solr-ranger_audits/* /opt/solr/server/solr/configsets/ranger_audits/conf/
+COPY config/solr-jaas.conf /opt/solr/server/etc/jaas.conf
+COPY config/solr-security.json /var/solr/data/security.json
 RUN chown -R solr:solr /opt/solr/server/solr/configsets/ranger_audits/
 
-USER solr
+RUN apt update && DEBIAN_FRONTEND="noninteractive" apt-get install -y krb5-user
+
+COPY scripts/ranger-solr.sh                 /home/ranger/scripts/
+COPY scripts/create_principal_and_keytab.sh /home/ranger/scripts/
+COPY config/kdc/krb5.conf                   /etc/krb5.conf
+RUN chmod +x /home/ranger/scripts/ranger-solr.sh /home/ranger/scripts/create_principal_and_keytab.sh
+
+ENTRYPOINT [ "/home/ranger/scripts/ranger-solr.sh" ]
+CMD ["solr-foreground"]