3.1. Install the Ranger Policy Manager

  1. Make sure the HDP 2.2 repository is added to your site's list of yum repositories.

    If it has not yet been added, add it now by performing the following steps:

    • For RHEL/Centos6/Oracle LINUX 6:

      wget -nv http://public-repo-1.hortonworks.com/HDP/centos6/2.x/GA/2.2.0.0/hdp.repo -O /etc/yum.repos.d/hdp.repo

    • For Ubuntu 12.04:

      apt-get update wget http://public-repo-1.hortonworks.com/HDP/ubuntu12/2.x/GA/2.2.0.0/hdp.list -O /etc/apt/sources.list.d/hdp.list

    • For Debian 6:

      apt-get update wget http://public-repo-1.hortonworks.com/HDP/debian6/2.x/GA/2.2.0.0/hdp.list -O /etc/apt/sources.list.d/hdp.list

  2. Find the Ranger Policy Admin software:

    yum search ranger

  3. Install the Ranger Policy Admin software:

    yum install ranger_2_2_0_0_2041-admin

  4. In the Ranger Policy Administration installation directory, update the install.properties file:

    • Go to the installation directory:

      cd /usr/hdp/2.2.0.0-<version>/ranger-admin/

    • Edit the following install.properties entries:

       

      Table 13.1. install.properties Entries

      Configuration Property

      Default/Example Value

      Required?

      Ranger Policy Database

      DB_FLAVOR Specifies the type of database used for audit logging (MYSQL,ORACLE)

      MYSQL (default)

      Y

      SQL_CONNECTOR_JAR Path to SQL connector JAR. DB driver location for Mysql, If Oracle db is used, copy the oracle jdbc driver to file, /usr/share/java/ojdbc6.jar ** In Windows, only Mysql is supported.

      /usr/share/java/mysql-connector-java.jar (default)

      Y

      db_root_user database username who has privileges for creating database schemas and users

      root (default)

      Y

      db_root_password database password for the "db_root_user"

      rootPassW0Rd

      Y

      db_host Hostname of the ranger policy database server

      localhost

      Y

      db_name Ranger Policy database name

      ranger (default)

      Y

      db_user db username used for performing all policy mgmt operation from policy admin tool

      rangeradmin (default)

      Y

      db_password database password for the "db_user"

      RangerAdminPassW0Rd

      Y

      Ranger Audit Database

      audit_db_name Ranger audit database name - This can be different database in the same database server mentioned above

      ranger_audit (default)

      Y

      audit_db_user Ranger audit database name - This can be different database in the same database server mentione

      rangerlogger (default)

      Y

      audit_db_password database password for the "audit_db_user"

      RangerLoggerPassW0Rd

      Y

      Policy Admin Tool Config

      policymgr_external_url URL used within Policy Admin tool when a link to its own page is generated in the Policy Admin Tool website

      http://localhost:6080 (default) http://myexternalhost.xasecure.net:6080N

      policymgr_http_enabled Enables/disables HTTP protocol for downloading policies by Ranger plug-ins

      true (default)

      Y

      unix_user UNIX user who runs the Policy Admin Tool process

      ranger (default) (default)

      Y

      unix_group UNIX group associated with the UNIX user who runs the Policy Admin Tool process

      ranger (default)

      Y

      Policy Admin Tool Authentication

      authentication_method

      Authentication Method used to log in to the Policy Admin Tool.

      NONE -- only users created within the Policy Admin Tool may log in

      UNIX -- allows UNIX userid authentication using the UNIX authentication service (see below)

      LDAP -- allows Corporate LDAP authentication (see below)

      ACTIVE_DIRECTORY -- allows authentication using an Active Directory

      none (default)

      Y

      UNIX Authentication Service

      remoteLoginEnabled Flag to enable/disable remote Login via Unix Authentication Mode

      true (default)

      Y, if UNIX authentication_method is selected

      authServiceHostName Server Name (or ip-addresss) where ranger-usersync module is running (along with Unix Authentication Service)

      localhost (default) myunixhost.domain.com

      Y, if UNIX authentication_method is selected

      authServicePort Port Number where ranger-usersync module Is running Unix Authentication Service

      5151 (default)

      Y, if UNIX authentication_method is selected

      LDAP Authentication

      xa_ldap_url URL for the LDAP service

      ldap://71.127.43.33:389

      Y, if LDAP authentication_method is selectedd

      xa_ldap_userDNpattern LDAP DN Pattern used to uniquely locate the login user

      uid={0},ou=users,dc=xasecure,dc=net

      Y, if LDAP authentication_method is selectedd

      xa_ldap_groupSearchBase LDAP Base node location to get all groups associated with login user

      ou=groups,dc=xasecure,dc=net

      Y, if LDAP authentication_method is selectedd

      xa_ldap_groupSearchFilter LDAP search filter used to retrieve groups for the login user

      (member=uid={0},ou=users, dc=xasecure,dc=net)

      Y, if LDAP authentication_method is selectedd

      xa_ldap_groupRoleAttribute Attribute used to retrieve the group names from the group search filters

      cn

      Y, if LDAP authentication_method is selectedd

      Active Directory Authentication

      xa_ldap_ad_domain Active Directory Domain Name used for AD login

      xasecure.net

      Y, if ACTIVE_DIRECTORY authentication_method is selectedd

      xa_ldap_ad_url Active Directory LDAP URL for authentication of user

      ldap://ad.xasecure.net:389

      Y, if ACTIVE_DIRECTORY authentication_method is selectedd


  5. Check the JAVA_HOME environment variable. If it has not yet been set, enter:

    export JAVA_HOME=<path of installed jdk version folder>


loading table of contents...