Install the Ranger Policy Manager
Make sure the resource-based service is added to your site's list of available repositories.
If it has not yet been added, add it now by performing the following steps:
For RHEL6/Centos6/Oracle LINUX 6:
wget -nv http://public-repo-1.hortonworks.com/HDP/centos6/2.x/GA/2.5.6.0/hdp.repo -O /etc/yum.repos.d/hdp.repo
For Ubuntu
apt-get update wget http://public-repo-1.hortonworks.com/HDP/ubuntu<version>/2.x/GA/2.5.6.0/hdp.list -O /etc/apt/sources.list.d/hdp.list
For Debian
apt-get update wget http://public-repo-1.hortonworks.com/HDP/debian7/2.x/GA/2.5.6.0/hdp.list -O /etc/apt/sources.list.d/hdp.list
Find the Ranger Policy Admin software:
For RHEL/Centos/Oracle LINUX:
yum search ranger
For Ubuntu, Debian:
aptitude search ranger
Install the Ranger Policy Admin software:
yum install ranger_<version>
apt-get install <package_name>
In the Ranger Policy Administration installation directory, update the
install.properties
file:Go to the installation directory:
cd /usr/hdp/<version>/ranger-admin/
Edit the following install.properties entries:
Table 13.1. install.properties Entries
Configuration Property
Default/Example Value
Required?
Ranger Policy Database
DB_FLAVOR Specifies the type of database used (MYSQL,ORACLE,POSTGRES,MSSQL)
MYSQL (default)
Y
SQL_CONNECTOR_JAR Path to SQL connector jar of the DB Flavor selected. The value should be the absolute path including the jar name.
/usr/share/java/mysql-connector-java.jar (default)
/usr/share/java/postgresql.jar
/usr/share/java/sqljdbc4.jar
/usr/share/java/ojdbc6.jar
Y
db_root_user database username who has privileges for creating database schemas and users
root (default)
Y
db_root_password database password for the "db_root_user"
rootPassW0Rd
Y
db_host Hostname of the Ranger policy database server
localhost
Y
db_name Ranger Policy database name
ranger (default)
Y
db_user db username used for performing all policy mgmt operation from policy admin tool
rangeradmin (default)
Y
db_password database password for the "db_user"
RangerAdminPassW0Rd
Y
Ranger Audit
audit_solr_urls http://<solr_host>:8886/solr/ranger_audits
Y audit_solr_user Y audit_solr_password Y audit_solr_zookeepers Only required if SolrCloud is used. Policy Admin Tool Config
policymgr_external_url URL used within Policy Admin tool when a link to its own page is generated in the Policy Admin Tool website
http://localhost:6080 (default) http://myexternalhost.xasecure.net:6080N
policymgr_http_enabled Enables/disables HTTP protocol for downloading policies by Ranger plug-ins
true (default)
Y
unix_user UNIX user who runs the Policy Admin Tool process
ranger (default)
Y
unix_group UNIX group associated with the UNIX user who runs the Policy Admin Tool process
ranger (default)
Y
Policy Admin Tool Authentication
authentication_method
Authentication Method used to log in to the Policy Admin Tool.
NONE -- only users created within the Policy Admin Tool may log in
UNIX -- allows UNIX userid authentication using the UNIX authentication service (see below)
LDAP -- allows Corporate LDAP authentication (see below)
ACTIVE_DIRECTORY -- allows authentication using an Active Directory
none (default)
Y
UNIX Authentication Service
remoteLoginEnabled Flag to enable/disable remote Login via Unix Authentication Mode
true (default)
Y, if UNIX authentication_method is selected
authServiceHostName Server Name (or ip-addresss) where ranger-usersync module is running (along with Unix Authentication Service)
localhost (default) myunixhost.domain.com
Y, if UNIX authentication_method is selected
authServicePort Port Number where ranger-usersync module is running Unix Authentication Service
5151 (default)
Y, if UNIX authentication_method is selected
LDAP Authentication
xa_ldap_url URL for the LDAP service
ldap://<ldapServer>:389
Y, if LDAP authentication_method is selected
xa_ldap_userDNpattern LDAP DN Pattern used to uniquely locate the login user
uid={0},ou=users,dc=xasecure,dc=net
Y, if LDAP authentication_method is selected
xa_ldap_groupSearchBase LDAP Base node location to get all groups associated with login user
ou=groups,dc=xasecure,dc=net
Y, if LDAP authentication_method is selected
xa_ldap_groupSearchFilter LDAP search filter used to retrieve groups for the login user
(member=uid={0},ou=users, dc=xasecure,dc=net)
Y, if LDAP authentication_method is selected
xa_ldap_groupRoleAttribute Attribute used to retrieve the group names from the group search filters
cn
Y, if LDAP authentication_method is selected
Active Directory Authentication
xa_ldap_ad_domain Active Directory Domain Name used for AD login
xasecure.net
Y, if ACTIVE_DIRECTORY authentication_method is selected
xa_ldap_ad_url Active Directory LDAP URL for authentication of user
ldap://ad.xasecure.net:389
Y, if ACTIVE_DIRECTORY authentication_method is selected
Check the JAVA_HOME environment variable. If it has not yet been set, enter:
export JAVA_HOME=<path of installed jdk version folder>