Also available as:
loading table of contents...

Setting up Database Users Without Sharing DBA Credentials

If do not wish to provide system Database Administrator (DBA) account details to the Ambari Ranger installer, you can use the Python script to create Ranger DB database users without exposing DBA account information to the Ambari Ranger installer. You can then run the normal Ambari Ranger installation without specify a DBA user name and password.

To create Ranger DB users using the script:

  1. Download the Ranger rpm using the yum install command.

    yum install ranger-admin
  2. You should see one file named in the /usr/hdf/current/ranger-admin directory.

  3. Get the script reviewed internally and verify that your DBA is authorized to run the script.

  4. Execute the script by running the following command:

  5. Pass all values required in the argument. These should include db flavor, JDBC jar, db host, db name, db user, and other parameters.

    • If you would prefer not to pass runtime arguments via the command prompt, you can update the /usr/hdf/current/ranger-admin/ file and then run:

    • python -q

      When you specify the -q option, the script will read all required information from the file

    • You can use the -d option to run the script in "dry" mode. Running the script in dry mode causes the script to generate a database script.

      python -d /tmp/generated-script.sql

      Anyone can run the script, but it is recommended that the system DBA run the script in dry mode. In either case, the system DBA should review the generated script, but should only make minor adjustments to the script, for example, change the location of a particular database file. No major changes should be made that substantially alter the script -- otherwise the Ranger install may fail.

      The system DBA must then run the generated script.

  6. Run the Ranger Ambari install procedure, but set Setup Database and Database User to No in the Ranger Admin section of the Customize Services page.