Install the Ranger Policy Manager
Make sure the HDP 2.4.0 repository is added to your site's list of yum repositories.
If it has not yet been added, add it now by performing the following steps:
For RHEL/Centos6/Oracle LINUX 6:
wget -nv http://public-repo-1.hortonworks.com/HDP/centos6/2.x/updates/2.4.0.0/hdp.repo -O /etc/yum.repos.d/hdp.repo
For Ubuntu 12.04:
apt-get update wget http://public-repo-1.hortonworks.com/HDP/ubuntu12/2.x/updates/2.4.0.0/hdp.list -O /etc/apt/sources.list.d/hdp.list
For Debian 6 (Deprecated):
HDP support for Debian 6 is deprecated with HDP 2.4.0. Future versions of HDP will no longer be supported on Debian 6.
apt-get update wget http://public-repo-1.hortonworks.com/HDP/debian6/2.x/updates/2.4.0.0/hdp.list -O /etc/apt/sources.list.d/hdp.list
Find the Ranger Policy Admin software:
yum search ranger
Install the Ranger Policy Admin software:
yum install ranger_<version>
In the Ranger Policy Administration installation directory, update the
install.properties
file:Go to the installation directory:
cd /usr/hdp/<version>/ranger-admin/
Edit the following install.properties entries:
Table 13.1. install.properties Entries
Configuration Property
Default/Example Value
Required?
Ranger Policy Database
DB_FLAVOR Specifies the type of database used (MYSQL,ORACLE,POSTGRES,MSSQL)
MYSQL (default)
Y
SQL_CONNECTOR_JAR Path to SQL connector jar of the DB Flavor selected. The value should be the absolute path including the jar name.
/usr/share/java/mysql-connector-java.jar (default)
/usr/share/java/postgresql.jar
/usr/share/java/sqljdbc4.jar
/usr/share/java/ojdbc6.jar
Y
db_root_user database username who has privileges for creating database schemas and users
root (default)
Y
db_root_password database password for the "db_root_user"
rootPassW0Rd
Y
db_host Hostname of the Ranger policy database server
localhost
Y
db_name Ranger Policy database name
ranger (default)
Y
db_user db username used for performing all policy mgmt operation from policy admin tool
rangeradmin (default)
Y
db_password database password for the "db_user"
RangerAdminPassW0Rd
Y
Ranger Audit Database
audit_db_name Ranger audit database name - This can be a different database in the same database server mentioned above
ranger_audit (default)
Y
audit_db_user Ranger audit database name - This can be a different database in the same database server mentioned
rangerlogger (default)
Y
audit_db_password database password for the "audit_db_user"
RangerLoggerPassW0Rd
Y
Policy Admin Tool Config
policymgr_external_url URL used within Policy Admin tool when a link to its own page is generated in the Policy Admin Tool website
http://localhost:6080 (default) http://myexternalhost.xasecure.net:6080N
policymgr_http_enabled Enables/disables HTTP protocol for downloading policies by Ranger plug-ins
true (default)
Y
unix_user UNIX user who runs the Policy Admin Tool process
ranger (default) (default)
Y
unix_group UNIX group associated with the UNIX user who runs the Policy Admin Tool process
ranger (default)
Y
Policy Admin Tool Authentication
authentication_method
Authentication Method used to log in to the Policy Admin Tool.
NONE -- only users created within the Policy Admin Tool may log in
UNIX -- allows UNIX userid authentication using the UNIX authentication service (see below)
LDAP -- allows Corporate LDAP authentication (see below)
ACTIVE_DIRECTORY -- allows authentication using an Active Directory
none (default)
Y
UNIX Authentication Service
remoteLoginEnabled Flag to enable/disable remote Login via Unix Authentication Mode
true (default)
Y, if UNIX authentication_method is selected
authServiceHostName Server Name (or ip-addresss) where ranger-usersync module is running (along with Unix Authentication Service)
localhost (default) myunixhost.domain.com
Y, if UNIX authentication_method is selected
authServicePort Port Number where ranger-usersync module is running Unix Authentication Service
5151 (default)
Y, if UNIX authentication_method is selected
LDAP Authentication
xa_ldap_url URL for the LDAP service
ldap://<ldapServer>:389
Y, if LDAP authentication_method is selected
xa_ldap_userDNpattern LDAP DN Pattern used to uniquely locate the login user
uid={0},ou=users,dc=xasecure,dc=net
Y, if LDAP authentication_method is selected
xa_ldap_groupSearchBase LDAP Base node location to get all groups associated with login user
ou=groups,dc=xasecure,dc=net
Y, if LDAP authentication_method is selected
xa_ldap_groupSearchFilter LDAP search filter used to retrieve groups for the login user
(member=uid={0},ou=users, dc=xasecure,dc=net)
Y, if LDAP authentication_method is selected
xa_ldap_groupRoleAttribute Attribute used to retrieve the group names from the group search filters
cn
Y, if LDAP authentication_method is selected
Active Directory Authentication
xa_ldap_ad_domain Active Directory Domain Name used for AD login
xasecure.net
Y, if ACTIVE_DIRECTORY authentication_method is selected
xa_ldap_ad_url Active Directory LDAP URL for authentication of user
ldap://ad.xasecure.net:389
Y, if ACTIVE_DIRECTORY authentication_method is selected
Check the JAVA_HOME environment variable. If it has not yet been set, enter:
export JAVA_HOME=<path of installed jdk version folder>