1、下载
$ git clone https://github.com/apache/incubator-ranger.git
$ cd incubator-ranger
$ git checkout ranger-1.2
2、编译
$ mvn -DskipTests -Drat.skip=true -DskipJSTests clean compile package install assembly:assembly
3、编译信息
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] ranger 1.2.1-SNAPSHOT .............................. SUCCESS [07:00 min]
[INFO] Jdbc SQL Connector ................................. SUCCESS [ 3.229 s]
[INFO] Credential Support ................................. SUCCESS [ 14.198 s]
[INFO] Audit Component .................................... SUCCESS [ 9.687 s]
[INFO] Common library for Plugins ......................... SUCCESS [ 19.403 s]
[INFO] Installer Support Component ........................ SUCCESS [ 2.016 s]
[INFO] Credential Builder ................................. SUCCESS [ 4.841 s]
[INFO] Embedded Web Server Invoker ........................ SUCCESS [ 13.930 s]
[INFO] Key Management Service ............................. SUCCESS [ 45.056 s]
[INFO] ranger-plugin-classloader .......................... SUCCESS [ 2.182 s]
[INFO] HBase Security Plugin Shim ......................... SUCCESS [ 49.759 s]
[INFO] HBase Security Plugin .............................. SUCCESS [ 24.498 s]
[INFO] Hdfs Security Plugin ............................... SUCCESS [ 19.434 s]
[INFO] Hive Security Plugin ............................... SUCCESS [04:39 min]
[INFO] Knox Security Plugin Shim .......................... SUCCESS [ 23.849 s]
[INFO] Knox Security Plugin ............................... SUCCESS [01:08 min]
[INFO] Storm Security Plugin .............................. SUCCESS [ 4.668 s]
[INFO] YARN Security Plugin ............................... SUCCESS [ 2.544 s]
[INFO] Ranger Util ........................................ SUCCESS [ 2.381 s]
[INFO] Unix Authentication Client ......................... SUCCESS [ 1.765 s]
[INFO] Security Admin Web Application ..................... SUCCESS [03:01 min]
[INFO] KAFKA Security Plugin .............................. SUCCESS [ 4.767 s]
[INFO] SOLR Security Plugin ............................... SUCCESS [ 42.351 s]
[INFO] NiFi Security Plugin ............................... SUCCESS [ 6.621 s]
[INFO] NiFi Registry Security Plugin ...................... SUCCESS [ 3.525 s]
[INFO] Unix User Group Synchronizer ....................... SUCCESS [ 7.384 s]
[INFO] Ldap Config Check Tool ............................. SUCCESS [ 1.686 s]
[INFO] Unix Authentication Service ........................ SUCCESS [ 2.098 s]
[INFO] KMS Security Plugin ................................ SUCCESS [ 3.788 s]
[INFO] Tag Synchronizer ................................... SUCCESS [ 22.308 s]
[INFO] Hdfs Security Plugin Shim .......................... SUCCESS [ 2.260 s]
[INFO] Hive Security Plugin Shim .......................... SUCCESS [ 7.933 s]
[INFO] YARN Security Plugin Shim .......................... SUCCESS [ 2.252 s]
[INFO] Storm Security Plugin shim ......................... SUCCESS [ 3.111 s]
[INFO] KAFKA Security Plugin Shim ......................... SUCCESS [ 1.854 s]
[INFO] SOLR Security Plugin Shim .......................... SUCCESS [ 3.691 s]
[INFO] Atlas Security Plugin Shim ......................... SUCCESS [ 5.567 s]
[INFO] KMS Security Plugin Shim ........................... SUCCESS [ 2.710 s]
[INFO] ranger-examples .................................... SUCCESS [ 0.124 s]
[INFO] Ranger Examples - Conditions and ContextEnrichers .. SUCCESS [ 2.853 s]
[INFO] Ranger Examples - SampleApp ........................ SUCCESS [ 0.901 s]
[INFO] Ranger Examples - Ranger Plugin for SampleApp ...... SUCCESS [ 1.698 s]
[INFO] Ranger Tools ....................................... SUCCESS [ 3.603 s]
[INFO] Atlas Security Plugin .............................. SUCCESS [ 3.616 s]
[INFO] Sqoop Security Plugin .............................. SUCCESS [ 3.269 s]
[INFO] Sqoop Security Plugin Shim ......................... SUCCESS [ 1.694 s]
[INFO] Kylin Security Plugin .............................. SUCCESS [ 5.179 s]
[INFO] Kylin Security Plugin Shim ......................... SUCCESS [ 2.039 s]
[INFO] Unix Native Authenticator 1.2.1-SNAPSHOT ........... SUCCESS [ 1.415 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 22:27 min
[INFO] Finished at: 2019-09-03T16:31:34+08:00
[INFO] ------------------------------------------------------------------------
4、构建的包:
5、安装
1) ranger-admin
$ tar zxvf ranger-1.2.1-SNAPSHOT-admin.tar.gz
$ cd ranger-1.2.1-SNAPSHOT-admin/
$ vim install.properties
文件内容如下:
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file provides a list of the deployment variables for the Policy Manager Web Application
#
#------------------------- DB CONFIG - BEGIN ----------------------------------
# Uncomment the below if the DBA steps need to be run separately
setup_mode=SeparateDBA
PYTHON_COMMAND_INVOKER=python
#DB_FLAVOR=MYSQL|ORACLE|POSTGRES|MSSQL|SQLA
DB_FLAVOR=MYSQL
#
#
# Location of DB client library (please check the location of the jar file)
#
#SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar
#SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
#SQL_CONNECTOR_JAR=/usr/share/java/postgresql.jar
#SQL_CONNECTOR_JAR=/usr/share/java/sqljdbc4.jar
#SQL_CONNECTOR_JAR=/opt/sqlanywhere17/java/sajdbc4.jar
SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
#
# DB password for the DB admin user-id
# **************************************************************************
# ** If the password is left empty or not-defined here,
# ** it will try with blank password during installation process
# **************************************************************************
#
#db_root_user=root|SYS|postgres|sa|dba
#db_host=host:port # for DB_FLAVOR=MYSQL|POSTGRES|SQLA|MSSQL #for example: db_host=localhost:3306
#db_host=host:port:SID # for DB_FLAVOR=ORACLE #for SID example: db_host=localhost:1521:ORCL
#db_host=host:port/ServiceName # for DB_FLAVOR=ORACLE #for Service example: db_host=localhost:1521/XE
db_root_user=root
db_root_password=root
db_host=localhost
#SSL config
db_ssl_enabled=false
db_ssl_required=false
db_ssl_verifyServerCertificate=false
#db_ssl_auth_type=1-way|2-way, where 1-way represents standard one way ssl authentication and 2-way represents mutual ssl authentication
db_ssl_auth_type=2-way
javax_net_ssl_keyStore=
javax_net_ssl_keyStorePassword=
javax_net_ssl_trustStore=
javax_net_ssl_trustStorePassword=
#
# DB UserId used for the Ranger schema
#
db_name=ranger
db_user=root
db_password=root
# change password. Password for below mentioned users can be changed only once using this property.
#PLEASE NOTE :: Password should be minimum 8 characters with min one alphabet and one numeric.
rangerAdmin_password=
rangerTagsync_password=
rangerUsersync_password=
keyadmin_password=
#Source for Audit Store. Currently only solr is supported.
# * audit_store is solr
#audit_store=solr
# * audit_solr_url URL to Solr. E.g. http://:6083/solr/ranger_audits
#audit_solr_urls=
#audit_solr_user=
#audit_solr_password=
#audit_solr_zookeepers=
#------------------------- DB CONFIG - END ----------------------------------
#
# ------- PolicyManager CONFIG ----------------
#
policymgr_external_url=http://localhost:6080
policymgr_http_enabled=true
policymgr_https_keystore_file=
policymgr_https_keystore_keyalias=rangeradmin
policymgr_https_keystore_password=
#Add Supported Components list below separated by semi-colon, default value is empty string to support all components
#Example : policymgr_supportedcomponents=hive,hbase,hdfs
policymgr_supportedcomponents=
#
# ------- PolicyManager CONFIG - END ---------------
#
#
# ------- UNIX User CONFIG ----------------
#
unix_user=ranger
unix_user_pwd=ranger
unix_group=ranger
#
# ------- UNIX User CONFIG - END ----------------
#
#
#
# UNIX authentication service for Policy Manager
#
# PolicyManager can authenticate using UNIX username/password
# The UNIX server specified here as authServiceHostName needs to be installed with ranger-unix-ugsync package.
# Once the service is installed on authServiceHostName, the UNIX username/password from the host can be used to login into policy manager
#
# ** The installation of ranger-unix-ugsync package can be installed after the policymanager installation is finished.
#
#LDAP|ACTIVE_DIRECTORY|UNIX|NONE
authentication_method=NONE
remoteLoginEnabled=true
authServiceHostName=localhost
authServicePort=5151
ranger_unixauth_keystore=keystore.jks
ranger_unixauth_keystore_password=password
ranger_unixauth_truststore=cacerts
ranger_unixauth_truststore_password=changeit
####LDAP settings - Required only if have selected LDAP authentication ####
#
# Sample Settings
#
#xa_ldap_url=ldap://127.0.0.1:389
#xa_ldap_userDNpattern=uid={0},ou=users,dc=xasecure,dc=net
#xa_ldap_groupSearchBase=ou=groups,dc=xasecure,dc=net
#xa_ldap_groupSearchFilter=(member=uid={0},ou=users,dc=xasecure,dc=net)
#xa_ldap_groupRoleAttribute=cn
#xa_ldap_base_dn=dc=xasecure,dc=net
#xa_ldap_bind_dn=cn=admin,ou=users,dc=xasecure,dc=net
#xa_ldap_bind_password=
#xa_ldap_referral=follow|ignore
#xa_ldap_userSearchFilter=(uid={0})
xa_ldap_url=
xa_ldap_userDNpattern=
xa_ldap_groupSearchBase=
xa_ldap_groupSearchFilter=
xa_ldap_groupRoleAttribute=
xa_ldap_base_dn=
xa_ldap_bind_dn=
xa_ldap_bind_password=
xa_ldap_referral=
xa_ldap_userSearchFilter=
####ACTIVE_DIRECTORY settings - Required only if have selected AD authentication ####
#
# Sample Settings
#
#xa_ldap_ad_domain=xasecure.net
#xa_ldap_ad_url=ldap://127.0.0.1:389
#xa_ldap_ad_base_dn=dc=xasecure,dc=net
#xa_ldap_ad_bind_dn=cn=administrator,ou=users,dc=xasecure,dc=net
#xa_ldap_ad_bind_password=
#xa_ldap_ad_referral=follow|ignore
#xa_ldap_ad_userSearchFilter=(sAMAccountName={0})
xa_ldap_ad_domain=
xa_ldap_ad_url=
xa_ldap_ad_base_dn=
xa_ldap_ad_bind_dn=
xa_ldap_ad_bind_password=
xa_ldap_ad_referral=
xa_ldap_ad_userSearchFilter=
#------------ Kerberos Config -----------------
spnego_principal=
spnego_keytab=
token_valid=30
cookie_domain=
cookie_path=/
admin_principal=
admin_keytab=
lookup_principal=
lookup_keytab=
hadoop_conf=/etc/hadoop/conf
#
#-------- SSO CONFIG - Start ------------------
#
sso_enabled=false
sso_providerurl=https://127.0.0.1:8443/gateway/knoxsso/api/v1/websso
sso_publickey=
#
#-------- SSO CONFIG - END ------------------
# Custom log directory path
RANGER_ADMIN_LOG_DIR=$PWD
# PID file path
RANGER_PID_DIR_PATH=/var/run/ranger
# ################# DO NOT MODIFY ANY VARIABLES BELOW #########################
#
# --- These deployment variables are not to be modified unless you understand the full impact of the changes
#
################################################################################
XAPOLICYMGR_DIR=$PWD
app_home=$PWD/ews/webapp
TMPFILE=$PWD/.fi_tmp
LOGFILE=$PWD/logfile
LOGFILES="$LOGFILE"
JAVA_BIN='java'
JAVA_VERSION_REQUIRED='1.8'
JAVA_ORACLE='Java(TM) SE Runtime Environment'
ranger_admin_max_heap_size=1g
#retry DB and Java patches after the given time in seconds.
PATCH_RETRY_INTERVAL=120
STALE_PATCH_ENTRY_HOLD_TIME=10
#mysql_create_user_file=${PWD}/db/mysql/create_dev_user.sql
mysql_core_file=db/mysql/optimized/current/ranger_core_db_mysql.sql
mysql_audit_file=db/mysql/xa_audit_db.sql
#mysql_asset_file=${PWD}/db/mysql/reset_asset.sql
#oracle_create_user_file=${PWD}/db/oracle/create_dev_user_oracle.sql
oracle_core_file=db/oracle/optimized/current/ranger_core_db_oracle.sql
oracle_audit_file=db/oracle/xa_audit_db_oracle.sql
#oracle_asset_file=${PWD}/db/oracle/reset_asset_oracle.sql
#
postgres_core_file=db/postgres/optimized/current/ranger_core_db_postgres.sql
postgres_audit_file=db/postgres/xa_audit_db_postgres.sql
#
sqlserver_core_file=db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
sqlserver_audit_file=db/sqlserver/xa_audit_db_sqlserver.sql
#
sqlanywhere_core_file=db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
sqlanywhere_audit_file=db/sqlanywhere/xa_audit_db_sqlanywhere.sql
cred_keystore_filename=$app_home/WEB-INF/classes/conf/.jceks/rangeradmin.jceks
初始化ranger-admin:
$ ./setup.sh
2019-09-03 17:07:02,351 --------- Running Ranger PolicyManager Web Application Install Script ---------
2019-09-03 17:07:02,355 [I] uname=Linux
2019-09-03 17:07:02,359 [I] hostname=***
2019-09-03 17:07:02,366 [I] DB_FLAVOR=MYSQL
2019-09-03 17:07:02,370 [I] Audit source=2019-09-03 17:07:01,892 [e] 'audit_store' not found in /opt/ranger/ranger-1.2.1-snapshot-admin/install.properties file while getting....!!
2019-09-03 17:07:02,374 [I] Checking distribution name..
2019-09-03 17:07:02,384 [I] Found distribution : CentOS
2019-09-03 17:07:02,386 [I] check if command /usr/java/jdk1.8.0_172/bin/java exists
2019-09-03 17:07:02,388 [I] '/usr/java/jdk1.8.0_172/bin/java' command found
2019-09-03 17:07:02,481 [I] Checking MYSQL CONNECTOR FILE : /usr/share/java/mysql-connector-java.jar
2019-09-03 17:07:02,482 [I] MYSQL CONNECTOR FILE : /usr/share/java/mysql-connector-java.jar file found
2019-09-03 17:07:02,484 [I] Setting up UNIX user : ranger and group: ranger
2019-09-03 17:07:02,562 [I] Creating new user and adding to group
2019-09-03 17:07:02,726 [I] Setting up UNIX user : ranger and group: ranger DONE
......
2019-09-03 17:07:21,106 [JISQL] /usr/java/jdk1.8.0_172/bin/java -cp /usr/share/java/mysql-connector-java.jar:/opt/ranger-1.2/ranger-1.2.1-SNAPSHOT-admin/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://localhost/ranger -u 'root' -p '********' -noheader -trim -c \; -query "select 1;"
Tue Sep 03 17:07:21 CST 2019 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
2019-09-03 17:07:21,514 [I] Checking connection passed.
Installation of Ranger PolicyManager Web Application is completed.
启动ranger-admin:
$ ranger-admin start
Starting Apache Ranger Admin Service
Apache Ranger Admin Service with pid 57390 has started.
$ netstat -anpl | grep 57390
tcp6 0 0 :::6080 :::* LISTEN 57390/java
tcp6 0 0 127.0.0.1:50278 127.0.0.1:3306 ESTABLISHED 57390/java
tcp6 0 0 127.0.0.1:50284 127.0.0.1:3306 ESTABLISHED 57390/java
tcp6 0 0 127.0.0.1:50286 127.0.0.1:3306 ESTABLISHED 57390/java
tcp6 0 0 127.0.0.1:50280 127.0.0.1:3306 ESTABLISHED 57390/java
tcp6 0 0 127.0.0.1:50282 127.0.0.1:3306 ESTABLISHED 57390/java
unix 2 [ ] STREAM CONNECTED 11585753 57390/java
验证:http://[ip]:6080
使用admin/admin 登录即可。