Hadoop Security Guide
Also available as:
PDF
loading table of contents...
Ranger Admin Settings
  1. On the Customize Services page, select the Ranger Admin tab, then use the DB Flavor drop-down to select the database type that you are using with Ranger.

  2. Enter the database server address in the Ranger DB Host box.

    Table 3.1. Ranger DB Host

    DB FlavorHostExample
    MySQL<HOST[:PORT]>

    c6401.ambari.apache.org

    or

    c6401.ambari.apache.org:3306

    Oracle<HOST:PORT:SID> c6401.ambari.apache.org:1521:ORCL
    <HOST:PORT/Service>c6401.ambari.apache.org:1521/XE
    PostgreSQL<HOST[:PORT]>

    c6401.ambari.apache.org

    or

    c6401.ambari.apache.org:5432

    MS SQL<HOST[:PORT]>

    c6401.ambari.apache.org

    or

    c6401.ambari.apache.org:1433

    SQLA<HOST[:PORT]>

    c6401.ambari.apache.org

    or

    c6401.ambari.apache.org:2638


  3. Ranger DB name -- The name of the Ranger Policy database, i.e. ranger_db. Please not that if you are using Oracle, you must specify the Oracle tablespace name here.

  4. Driver class name for a JDBC Ranger database -- the driver class name is automatically generated based on the selected DB Flavor. The table below lists the default driver class settings. Currently Ranger does not support any third party JDBC driver.

    Table 3.2. Driver Class Name

    DB FlavorDriver class name for a JDBC Ranger database
    MySQLcom.mysql.jdbc.Driver
    Oracleoracle.jdbc.driver.OracleDriver
    PostgreSQLorg.postgresql.Driver
    MS SQLcom.microsoft.sqlserver.jdbc.SQLServerDriver
    SQLAsap.jdbc4.sqlanywhere.IDriver

  5. Ranger DB username and Ranger DB Password -- Enter the user name and passwords for your Ranger database server. The following table describes these settings in more detail. You can use the MySQL database that was installed with Ambari, or an external MySQL, Oracle, PostgreSQL, MS SQL or SQL Anywhere database.

    Table 3.3. Ranger DB Username Settings

    PropertyDescriptionDefault ValueExample ValueRequired?
    Ranger DB usernameThe username for the Policy database.rangeradminrangeradminYes
    Ranger DB passwordThe password for the Ranger Policy database user. PassWORdYes

  6. JDBC connect string

    [Important]Important

    Currently the Ambari installer generates the JDBC connect string using the jdbc:oracle:thin:@//host:port/db_name format. You must replace the connection string as described in the following table:

    Table 3.4. JDBC Connect String

    DB FlavorSyntaxExample Value
    MySQLjdbc:mysql://DB_HOST:PORT/db_namejdbc:mysql://c6401.ambari.apache.org:3306/ranger_db
    Oracle

    For Oracle SID:

    jdbc:oracle:thin:@DB_HOST:PORT:SID

    jdbc:oracle:thin:@c6401.ambari.apache.org:1521:ORCL

    For Oracle Service Name:

    jdbc:oracle:thin:@//DB_HOST[:PORT][/ServiceName]

    jdbc:oracle:thin:@//c6401.ambari.apache.org:1521/XE
    PostgreSQLjdbc:postgresql://DB_HOST/db_namejdbc:postgresql://c6401.ambari.apache.org:5432/ranger_db
    MS SQLjdbc:sqlserver://DB_HOST;databaseName=db_namejdbc:sqlserver://c6401.ambari.apache.org:1433;databaseName=ranger_db
    SQLAjdbc:sqlanywhere:host=DB_HOST;database=db_namejdbc:sqlanywhere:host=c6401.ambari.apache.org:2638;database=ranger_db

  7. Setup Database and Database User

    • If set to Yes -- The Database Administrator (DBA) user name and password will need to be provided as described in the next step.

      [Note]Note

      Ranger does not store the DBA user name and password after setup. Therefore, you can clear these values in the Ambari UI after the Ranger setup is complete.

    • If set to No -- A No indicates that you do not wish to provide Database Administrator (DBA) account details to the Ambari Ranger installer. Setting this to No continues the Ranger installation process without providing DBA account details. In this case, you must perform the system database user setup as described in Setting up Database Users Without Sharing DBA Credentials, and then proceed with the installation.

      [Note]Note

      If No is selected and the UI still requires you to enter a user name and password in order to proceed, you can enter any value -- the values do not need to be the actual DBA user name and password.

  8. Database Administrator (DBA) username and Database Administrator (DBA) password -- The DBA username and password are set when the database server is installed. If you do not have this information, contact the database administrator who installed the database server.

    Table 3.5. DBA Credential Settings

    PropertyDescriptionDefault ValueExample ValueRequired?
    Database Administrator (DBA) usernameThe Ranger database user that has administrative privileges to create database schemas and users.rootrootYes
    Database Administrator (DBA) passwordThe root password for the Ranger database user. rootYes

    If the Oracle DB root user Role is SYSDBA, you must also specify that in the Database Administrator (DBA) username parameter. For example, if the DBA user name is orcl_root you must specify orcl_root AS SYSDBA.

    [Note]Note

    As mentioned in the note in the previous step, if Setup Database and Database User is set to No, a placeholder DBA username and password may still be required in order to continue with the Ranger installation.

    The following images show examples of the DB settings for each Ranger database type.

    [Note]Note

    To test the DB settings, click Test Connection. If a Ranger database has not been pre-installed, Test Connection will fail even for a valid configuration.

    MySQL

    Oracle -- if the Oracle instance is running with a Service name.

    Oracle -- if the Oracle instance is running with a SID.

    PostgreSQL

    MS SQL

    SQL Anywhere