Command Line Installation
Also available as:
PDF
loading table of contents...

Install the Ranger Policy Manager

  1. Make sure the resource-based service is added to your site's list of available repositories.

    If it has not yet been added, add it now by performing the following steps:

    • For RHEL6/Centos6/Oracle LINUX 6:

      wget -nv http://public-repo-1.hortonworks.com/HDP/centos6/2.x/GA/2.5.6.0/hdp.repo -O /etc/yum.repos.d/hdp.repo
    • For Ubuntu

      apt-get update wget http://public-repo-1.hortonworks.com/HDP/ubuntu<version>/2.x/GA/2.5.6.0/hdp.list -O /etc/apt/sources.list.d/hdp.list
    • For Debian

      apt-get update wget http://public-repo-1.hortonworks.com/HDP/debian7/2.x/GA/2.5.6.0/hdp.list -O /etc/apt/sources.list.d/hdp.list
  2. Find the Ranger Policy Admin software:

    1. For RHEL/Centos/Oracle LINUX:

      yum search ranger

    2. For Ubuntu, Debian:

      aptitude search ranger
  3. Install the Ranger Policy Admin software:

    yum install ranger_<version>
  4. apt-get install <package_name>

    In the Ranger Policy Administration installation directory, update the install.properties file:

    • Go to the installation directory:

      cd /usr/hdp/<version>/ranger-admin/
    • Edit the following install.properties entries:

      Table 13.1. install.properties Entries

      Configuration Property

      Default/Example Value

      Required?

      Ranger Policy Database

      DB_FLAVOR Specifies the type of database used (MYSQL,ORACLE,POSTGRES,MSSQL)

      MYSQL (default)

      Y

      SQL_CONNECTOR_JAR Path to SQL connector jar of the DB Flavor selected. The value should be the absolute path including the jar name.

      /usr/share/java/mysql-connector-java.jar (default)

      /usr/share/java/postgresql.jar

      /usr/share/java/sqljdbc4.jar

      /usr/share/java/ojdbc6.jar

      Y

      db_root_user database username who has privileges for creating database schemas and users

      root (default)

      Y

      db_root_password database password for the "db_root_user"

      rootPassW0Rd

      Y

      db_host Hostname of the Ranger policy database server

      localhost

      Y

      db_name Ranger Policy database name

      ranger (default)

      Y

      db_user db username used for performing all policy mgmt operation from policy admin tool

      rangeradmin (default)

      Y

      db_password database password for the "db_user"

      RangerAdminPassW0Rd

      Y

      Ranger Audit

      audit_solr_urls

      http://<solr_host>:8886/solr/ranger_audits

      Y
      audit_solr_user Y
      audit_solr_password Y
      audit_solr_zookeepers Only required if SolrCloud is used.

      Policy Admin Tool Config

       

      policymgr_external_url URL used within Policy Admin tool when a link to its own page is generated in the Policy Admin Tool website

      http://localhost:6080 (default) http://myexternalhost.xasecure.net:6080N

      policymgr_http_enabled Enables/disables HTTP protocol for downloading policies by Ranger plug-ins

      true (default)

      Y

      unix_user UNIX user who runs the Policy Admin Tool process

      ranger (default)

      Y

      unix_group UNIX group associated with the UNIX user who runs the Policy Admin Tool process

      ranger (default)

      Y

      Policy Admin Tool Authentication

      authentication_method

      Authentication Method used to log in to the Policy Admin Tool.

      NONE -- only users created within the Policy Admin Tool may log in

      UNIX -- allows UNIX userid authentication using the UNIX authentication service (see below)

      LDAP -- allows Corporate LDAP authentication (see below)

      ACTIVE_DIRECTORY -- allows authentication using an Active Directory

      none (default)

      Y

      UNIX Authentication Service

      remoteLoginEnabled Flag to enable/disable remote Login via Unix Authentication Mode

      true (default)

      Y, if UNIX authentication_method is selected

      authServiceHostName Server Name (or ip-addresss) where ranger-usersync module is running (along with Unix Authentication Service)

      localhost (default) myunixhost.domain.com

      Y, if UNIX authentication_method is selected

      authServicePort Port Number where ranger-usersync module is running Unix Authentication Service

      5151 (default)

      Y, if UNIX authentication_method is selected

      LDAP Authentication

      xa_ldap_url URL for the LDAP service

      ldap://<ldapServer>:389

      Y, if LDAP authentication_method is selected

      xa_ldap_userDNpattern LDAP DN Pattern used to uniquely locate the login user

      uid={0},ou=users,dc=xasecure,dc=net

      Y, if LDAP authentication_method is selected

      xa_ldap_groupSearchBase LDAP Base node location to get all groups associated with login user

      ou=groups,dc=xasecure,dc=net

      Y, if LDAP authentication_method is selected

      xa_ldap_groupSearchFilter LDAP search filter used to retrieve groups for the login user

      (member=uid={0},ou=users, dc=xasecure,dc=net)

      Y, if LDAP authentication_method is selected

      xa_ldap_groupRoleAttribute Attribute used to retrieve the group names from the group search filters

      cn

      Y, if LDAP authentication_method is selected

      Active Directory Authentication

      xa_ldap_ad_domain Active Directory Domain Name used for AD login

      xasecure.net

      Y, if ACTIVE_DIRECTORY authentication_method is selected

      xa_ldap_ad_url Active Directory LDAP URL for authentication of user

      ldap://ad.xasecure.net:389

      Y, if ACTIVE_DIRECTORY authentication_method is selected


  5. Check the JAVA_HOME environment variable. If it has not yet been set, enter:

    export JAVA_HOME=<path of installed jdk version folder>