Skip to content

Commit 4573f13

Browse files
mneethirajmneethiraj
committed
RANGER-5373: apache#3 
1 parent 7eba338 commit 4573f13

17 files changed

+165
-53
lines changed

dev-support/ranger-docker/Dockerfile.ranger

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ COPY ./dist/ranger-${RANGER_VERSION}-admin.tar.gz /home/ranger/dist/
2929
COPY ./scripts/ranger.sh ${RANGER_SCRIPTS}/
3030
COPY ./scripts/ranger-admin-install-${RANGER_DB_TYPE}.properties ${RANGER_SCRIPTS}/ranger-admin-install.properties
3131
COPY ./scripts/create-ranger-services.py ${RANGER_SCRIPTS}/
32-
COPY ./scripts/core-site-kerberos.xml ${RANGER_SCRIPTS}/
32+
COPY ./scripts/core-site.xml ${RANGER_SCRIPTS}/
3333

3434
RUN tar xvfz /home/ranger/dist/ranger-${RANGER_VERSION}-admin.tar.gz --directory=${RANGER_HOME} \
3535
&& ln -s ${RANGER_HOME}/ranger-${RANGER_VERSION}-admin ${RANGER_HOME}/admin \

dev-support/ranger-docker/Dockerfile.ranger-hadoop

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,9 @@ COPY ./scripts/ranger-hadoop.sh /home/ranger/scripts/
3333
COPY ./scripts/ranger-hadoop-mkdir.sh /home/ranger/scripts/
3434
COPY ./scripts/ranger-hdfs-plugin-install.properties /home/ranger/scripts/
3535
COPY ./scripts/ranger-yarn-plugin-install.properties /home/ranger/scripts/
36+
COPY ./scripts/core-site.xml /home/ranger/scripts/
37+
COPY ./scripts/hdfs-site.xml /home/ranger/scripts/
38+
COPY ./scripts/yarn-site.xml /home/ranger/scripts/
3639

3740
RUN tar xvfz /home/ranger/dist/hadoop-${HADOOP_VERSION}.tar.gz --directory=/opt/ && \
3841
ln -s /opt/hadoop-${HADOOP_VERSION} /opt/hadoop && \

dev-support/ranger-docker/Dockerfile.ranger-kms

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ COPY ./dist/ranger-${KMS_VERSION}-kms.tar.gz /home/ranger/dist
2626

2727
COPY ./scripts/ranger-kms.sh ${RANGER_SCRIPTS}/
2828
COPY ./scripts/ranger-kms-install-${RANGER_DB_TYPE}.properties ${RANGER_SCRIPTS}/ranger-kms-install.properties
29-
COPY ./scripts/core-site-kerberos.xml ${RANGER_SCRIPTS}/
29+
COPY ./scripts/core-site.xml ${RANGER_SCRIPTS}/
3030

3131
RUN tar xvfz /home/ranger/dist/ranger-${KMS_VERSION}-kms.tar.gz --directory=${RANGER_HOME} && \
3232
ln -s ${RANGER_HOME}/ranger-${KMS_VERSION}-kms ${RANGER_HOME}/kms && \

dev-support/ranger-docker/Dockerfile.ranger-tagsync

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ COPY ./dist/ranger-${TAGSYNC_VERSION}-tagsync.tar.gz /home/ranger/dist/
2626
COPY ./scripts/ranger-tagsync.sh ${RANGER_SCRIPTS}/
2727
COPY ./scripts/ranger-tagsync-install.properties ${RANGER_SCRIPTS}/
2828
COPY ./scripts/ranger-tagsync-tags.json ${RANGER_SCRIPTS}/
29-
COPY ./scripts/core-site-kerberos.xml ${RANGER_SCRIPTS}/
29+
COPY ./scripts/core-site.xml ${RANGER_SCRIPTS}/
3030

3131
RUN tar xvfz /home/ranger/dist/ranger-${TAGSYNC_VERSION}-tagsync.tar.gz --directory=${RANGER_HOME} && \
3232
ln -s ${RANGER_HOME}/ranger-${TAGSYNC_VERSION}-tagsync ${RANGER_HOME}/tagsync && \

dev-support/ranger-docker/Dockerfile.ranger-usersync

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ COPY ./dist/ranger-${USERSYNC_VERSION}-usersync.tar.gz /home/ranger/dist/
2626
COPY ./scripts/ranger-usersync.sh ${RANGER_SCRIPTS}/
2727
COPY ./scripts/ranger-usersync-install.properties ${RANGER_SCRIPTS}/
2828
COPY ./scripts/ugsync-file-source.csv ${RANGER_SCRIPTS}/
29-
COPY ./scripts/core-site-kerberos.xml ${RANGER_SCRIPTS}/
29+
COPY ./scripts/core-site.xml ${RANGER_SCRIPTS}/
3030

3131
RUN tar xvfz /home/ranger/dist/ranger-${USERSYNC_VERSION}-usersync.tar.gz --directory=${RANGER_HOME} && \
3232
ln -s ${RANGER_HOME}/ranger-${USERSYNC_VERSION}-usersync ${RANGER_HOME}/usersync && \

dev-support/ranger-docker/scripts/core-site-kerberos.xml

Lines changed: 0 additions & 11 deletions
This file was deleted.

dev-support/ranger-docker/scripts/core-site.xml

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
<?xml version="1.0"?>
2+
<configuration>
3+
<property>
4+
<name>fs.defaultFS</name>
5+
<value>hdfs://ranger-hadoop:9000</value>
6+
</property>
7+
<property>
8+
<name>hadoop.security.authentication</name>
9+
<value>kerberos</value>
10+
</property>
11+
<property>
12+
<name>hadoop.security.auth_to_local</name>
13+
<value>
14+
RULE:[2:$1/$2@$0]([ndj]n/.*@EXAMPLE\.COM)s/.*/hdfs/
15+
RULE:[2:$1/$2@$0]([rn]m/.*@EXAMPLE\.COM)s/.*/yarn/
16+
RULE:[2:$1/$2@$0](jhs/.*@EXAMPLE\.COM)s/.*/mapred/
17+
DEFAULT
18+
</value>
19+
</property>
20+
</configuration>

dev-support/ranger-docker/scripts/create-ranger-services.py

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,27 +18,42 @@ def service_not_exists(service):
1818
'fs.default.name': 'hdfs://ranger-hadoop:9000',
1919
'hadoop.security.authentication': 'simple',
2020
'hadoop.security.authorization': 'true',
21+
'policy.download.auth.users': 'hdfs',
22+
'tag.download.auth.users': 'hdfs',
23+
'userstore.download.auth.users': 'hdfs',
2124
'ranger.plugin.hdfs.policy.refresh.synchronous':'true'}})
2225

2326
hive = RangerService({'name': 'dev_hive', 'type': 'hive',
2427
'configs': {'username': 'hive', 'password': 'hive',
2528
'jdbc.driverClassName': 'org.apache.hive.jdbc.HiveDriver',
2629
'jdbc.url': 'jdbc:hive2://ranger-hive:10000',
2730
'hadoop.security.authorization': 'true',
31+
'policy.download.auth.users': 'hive',
32+
'tag.download.auth.users': 'hive',
33+
'userstore.download.auth.users': 'hive',
2834
'ranger.plugin.hive.policy.refresh.synchronous':'true'}})
2935

3036
kafka = RangerService({'name': 'dev_kafka', 'type': 'kafka',
3137
'configs': {'username': 'kafka', 'password': 'kafka',
3238
'zookeeper.connect': 'ranger-zk.rangernw:2181',
39+
'policy.download.auth.users': 'kafka',
40+
'tag.download.auth.users': 'kafka',
41+
'userstore.download.auth.users': 'kafka',
3342
'ranger.plugin.kafka.policy.refresh.synchronous':'true'}})
3443

3544
knox = RangerService({'name': 'dev_knox', 'type': 'knox',
3645
'configs': {'username': 'knox', 'password': 'knox', 'knox.url': 'https://ranger-knox:8443',
46+
'policy.download.auth.users': 'knox',
47+
'tag.download.auth.users': 'knox',
48+
'userstore.download.auth.users': 'knox',
3749
'ranger.plugin.knox.policy.refresh.synchronous':'true'}})
3850

3951
yarn = RangerService({'name': 'dev_yarn', 'type': 'yarn',
4052
'configs': {'username': 'yarn', 'password': 'yarn',
4153
'yarn.url': 'http://ranger-hadoop:8088',
54+
'policy.download.auth.users': 'yarn',
55+
'tag.download.auth.users': 'yarn',
56+
'userstore.download.auth.users': 'yarn',
4257
'ranger.plugin.yarn.policy.refresh.synchronous':'true'}})
4358

4459
hbase = RangerService({'name': 'dev_hbase', 'type': 'hbase',
@@ -49,11 +64,17 @@ def service_not_exists(service):
4964
'hbase.zookeeper.property.clientPort': '2181',
5065
'hbase.zookeeper.quorum': 'ranger-zk',
5166
'zookeeper.znode.parent': '/hbase',
67+
'policy.download.auth.users': 'hbase',
68+
'tag.download.auth.users': 'hbase',
69+
'userstore.download.auth.users': 'hbase',
5270
'ranger.plugin.hbase.policy.refresh.synchronous':'true'}})
5371

5472
kms = RangerService({'name': 'dev_kms', 'type': 'kms',
5573
'configs': {'username': 'keyadmin', 'password': 'rangerR0cks!',
5674
'provider': 'http://ranger-kms:9292',
75+
'policy.download.auth.users': 'rangerkms',
76+
'tag.download.auth.users': 'rangerkms',
77+
'userstore.download.auth.users': 'rangerkms',
5778
'ranger.plugin.kms.policy.refresh.synchronous':'true'}})
5879

5980
trino = RangerService({'name': 'dev_trino',
@@ -63,6 +84,9 @@ def service_not_exists(service):
6384
'password': 'trino',
6485
'jdbc.driverClassName': 'io.trino.jdbc.TrinoDriver',
6586
'jdbc.url': 'jdbc:trino://ranger-trino:8080',
87+
'policy.download.auth.users': 'trino',
88+
'tag.download.auth.users': 'trino',
89+
'userstore.download.auth.users': 'trino',
6690
'ranger.plugin.trino.policy.refresh.synchronous':'true'
6791
}})
6892

@@ -72,6 +96,9 @@ def service_not_exists(service):
7296
'configs': {'username': 'hdfs', 'password': 'hdfs',
7397
'ozone.om.http-address': 'http://om:9874',
7498
'hadoop.security.authentication': 'simple',
99+
'policy.download.auth.users': 'ozone',
100+
'tag.download.auth.users': 'ozone',
101+
'userstore.download.auth.users': 'ozone',
75102
'ranger.plugin.ozone.policy.refresh.synchronous':'true'}})
76103

77104
services = [hdfs, yarn, hive, hbase, kafka, knox, kms, trino, ozone]

dev-support/ranger-docker/scripts/hdfs-site.xml

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
2+
<configuration>
3+
<property>
4+
<name>dfs.replication</name>
5+
<value>1</value>
6+
</property>
7+
<property>
8+
<name>dfs.webhdfs.enabled</name>
9+
<value>true</value>
10+
</property>
11+
<property>
12+
<name>dfs.permissions.enabled</name>
13+
<value>true</value>
14+
</property>
15+
<property>
16+
<name>dfs.permissions</name>
17+
<value>true</value>
18+
</property>
19+
<property>
20+
<name>dfs.namenode.inode.attributes.provider.class</name>
21+
<value>org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer</value>
22+
</property>
23+
<property>
24+
<name>dfs.permissions.ContentSummary.subAccess</name>
25+
<value>true</value>
26+
</property>
27+
<property>
28+
<name>dfs.block.access.token.enable</name>
29+
<value>true</value>
30+
</property>
31+
<property>
32+
<name>dfs.namenode.kerberos.principal</name>
33+
<value>nn/[email protected]</value>
34+
</property>
35+
<property>
36+
<name>dfs.namenode.keytab.file</name>
37+
<value>/opt/hadoop/keytabs/nn.keytab</value>
38+
</property>
39+
<property>
40+
<name>dfs.namenode.kerberos.internal.spnego.principal</name>
41+
<value>HTTP/[email protected]</value>
42+
</property>
43+
<property>
44+
<name>dfs.datanode.kerberos.principal</name>
45+
<value>dn/[email protected]</value>
46+
</property>
47+
<property>
48+
<name>dfs.datanode.keytab.file</name>
49+
<value>/opt/hadoop/keytabs/dn.keytab</value>
50+
</property>
51+
<property>
52+
<name>dfs.web.authentication.kerberos.principal</name>
53+
<value>HTTP/[email protected]</value>
54+
</property>
55+
<property>
56+
<name>dfs.web.authentication.kerberos.keytab</name>
57+
<value>/opt/hadoop/keytabs/HTTP.keytab</value>
58+
</property>
59+
</configuration>

dev-support/ranger-docker/scripts/ranger-hadoop-mkdir.sh

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,9 @@
1717
# limitations under the License.
1818

1919
# setup directories for Ranger audits
20+
21+
kinit -kt /opt/hadoop/keytabs/nn.keytab nn/[email protected]
22+
2023
${HADOOP_HOME}/bin/hdfs dfs -mkdir -p /ranger/audit/hdfs
2124
${HADOOP_HOME}/bin/hdfs dfs -mkdir -p /ranger/audit/yarn
2225
${HADOOP_HOME}/bin/hdfs dfs -mkdir -p /ranger/audit/hbaseMaster
@@ -42,3 +45,5 @@ ${HADOOP_HOME}/bin/hdfs dfs -mkdir -p /user/hive/warehouse
4245
${HADOOP_HOME}/bin/hdfs dfs -mkdir -p /tmp/hive
4346
${HADOOP_HOME}/bin/hdfs dfs -chown -R hive:hadoop /tmp/hive /user/hive
4447
${HADOOP_HOME}/bin/hdfs dfs -chmod 777 /tmp/hive
48+
49+
kdestroy

0 commit comments

Comments
 (0)