Install the Ranger Policy Manager
Make sure the HDP 2.2 repository is added to your site's list of yum repositories.
If it has not yet been added, add it now by performing the following steps:
For RHEL/Centos6/Oracle LINUX 6:
wget -nv http://public-repo-1.hortonworks.com/HDP/centos6/2.x/GA/2.2.9.0/hdp.repo -O /etc/yum.repos.d/hdp.repo
For Ubuntu 12.04:
apt-get update wget http://public-repo-1.hortonworks.com/HDP/ubuntu12/2.x/GA/2.2.9.0/hdp.list -O /etc/apt/sources.list.d/hdp.list
For Debian 6:
apt-get update wget http://public-repo-1.hortonworks.com/HDP/debian6/2.x/GA/2.2.9.0/hdp.list -O /etc/apt/sources.list.d/hdp.list
Find the Ranger Policy Admin software:
yum search ranger
Install the Ranger Policy Admin software:
yum install ranger_2_2_9_0_$VERSION-admin
In the Ranger Policy Administration installation directory, update the install.properties file:
Go to the installation directory:
cd /usr/hdp/2.2.9.0-$VERSION/ranger-admin/
Edit the following install.properties entries:
Table 13.1. install.properties Entries
Configuration Property
Default/Example Value
Required?
Ranger Policy Database
DB_FLAVOR Specifies the type of database used for audit logging (MYSQL,ORACLE)
MYSQL (default)
Y
SQL_CONNECTOR_JAR Path to SQL connector JAR. DB driver location for Mysql, If Oracle db is used, copy the oracle jdbc driver to file, /usr/share/java/ojdbc6.jar ** In Windows, only Mysql is supported.
/usr/share/java/mysql-connector-java.jar (default)
Y
db_root_user database username who has privileges for creating database schemas and users
root (default)
Y
db_root_password database password for the "db_root_user"
rootPassW0Rd
Y
db_host Hostname of the ranger policy database server
localhost
Y
db_name Ranger Policy database name
ranger (default)
Y
db_user db username used for performing all policy mgmt operation from policy admin tool
rangeradmin (default)
Y
db_password database password for the "db_user"
RangerAdminPassW0Rd
Y
Ranger Audit Database
audit_db_name Ranger audit database name - This can be different database in the same database server mentioned above
ranger_audit (default)
Y
audit_db_user Ranger audit database name - This can be different database in the same database server mentione
rangerlogger (default)
Y
audit_db_password database password for the "audit_db_user"
RangerLoggerPassW0Rd
Y
Policy Admin Tool Config
policymgr_external_url URL used within Policy Admin tool when a link to its own page is generated in the Policy Admin Tool website
http://localhost:6080 (default) http://myexternalhost.xasecure.net:6080N
policymgr_http_enabled Enables/disables HTTP protocol for downloading policies by Ranger plugins
true (default)
Y
unix_user UNIX user who runs the Policy Admin Tool process
ranger (default) (default)
Y
unix_group UNIX group associated with the UNIX user who runs the Policy Admin Tool process
ranger (default)
Y
Policy Admin Tool Authentication
authentication_method
Authentication Method used to log in to the Policy Admin Tool.
NONE -- only users created within the Policy Admin Tool may log in
UNIX -- allows UNIX userid authentication using the UNIX authentication service (see below)
LDAP -- allows Corporate LDAP authentication (see below)
ACTIVE_DIRECTORY -- allows authentication using an Active Directory
none (default)
Y
UNIX Authentication Service
remoteLoginEnabled Flag to enable/disable remote Login via Unix Authentication Mode
true (default)
Y, if UNIX authentication_method is selected
authServiceHostName Server Name (or ip-addresss) where ranger-usersync module is running (along with Unix Authentication Service)
localhost (default) myunixhost.domain.com
Y, if UNIX authentication_method is selected
authServicePort Port Number where ranger-usersync module Is running Unix Authentication Service
5151 (default)
Y, if UNIX authentication_method is selected
LDAP Authentication
xa_ldap_url URL for the LDAP service
ldap://71.127.43.33:389
Y, if LDAP authentication_method is selectedd
xa_ldap_userDNpattern LDAP DN Pattern used to uniquely locate the login user
uid={0},ou=users,dc=xasecure,dc=net
Y, if LDAP authentication_method is selectedd
xa_ldap_groupSearchBase LDAP Base node location to get all groups associated with login user
ou=groups,dc=xasecure,dc=net
Y, if LDAP authentication_method is selectedd
xa_ldap_groupSearchFilter LDAP search filter used to retrieve groups for the login user
(member=uid={0},ou=users, dc=xasecure,dc=net)
Y, if LDAP authentication_method is selectedd
xa_ldap_groupRoleAttribute Attribute used to retrieve the group names from the group search filters
cn
Y, if LDAP authentication_method is selectedd
Active Directory Authentication
xa_ldap_ad_domain Active Directory Domain Name used for AD login
xasecure.net
Y, if ACTIVE_DIRECTORY authentication_method is selectedd
xa_ldap_ad_url Active Directory LDAP URL for authentication of user
ldap://ad.xasecure.net:389
Y, if ACTIVE_DIRECTORY authentication_method is selectedd
Check the JAVA_HOME environment variable. If it has not yet been set, enter:
export JAVA_HOME=<path of installed jdk version folder>