Configure a Ranger DB: Amazon RDS
Ranger requires a relational database as its policy store. There are additional prerequisites for Amazon RDS-based databases due to how Amazon RDS is set up and managed.
- MySQL/MariaDB
- PostgreSQL
- Oracle
-
For MySQL/MariaDB, you must change the variable
log_bin_trust_function_creators
to1
during Ranger installation. From RDS Dashboard>Parameter group (on the left side of the page):-
Set the MySQL Server variable
log_bin_trust_function_creators
to1
. -
(Optional) After Ranger installation is complete, reset
log_bin_trust_function_creators
to its original setting. The variable is only required to be set to1
during Ranger installation.
-
Set the MySQL Server variable
-
For PostgreSQL, complete the prerequisites:
The Ranger database user in Amazon RDS PostgreSQL Server should be created before installing Ranger and should be granted an existing role which must have the role CREATEDB.
-
Using the master user account, log in to the Amazon RDS PostgreSQL
Server from master user account (created during RDS PostgreSQL instance
creation) and execute following commands:
CREATE USER $rangerdbuser WITH LOGIN PASSWORD 'password' GRANT $rangerdbuser to $postgresroot
Where$postgresroot
is the RDS PostgreSQL master user account (for example: postgresroot) and$rangerdbuser
is the Ranger database user name (for example: rangeradmin). -
If you are using Ranger KMS, execute the following commands:
CREATE USER $rangerkmsuser WITH LOGIN PASSWORD 'password' GRANT $rangerkmsuser to $postgresroot
Where$postgresroot
is the RDS PostgreSQL master user account (for example: postgresroot) and$rangerkmsuser
is the Ranger KMS user name (for example: rangerkms).
-
Using the master user account, log in to the Amazon RDS PostgreSQL
Server from master user account (created during RDS PostgreSQL instance
creation) and execute following commands:
-
For Oracle, due to limitations in Amazon RDS, the Ranger
database user and tablespace must be created manually and the required
privileges must be manually granted to the Ranger database user:
-
Log in to the RDS Oracle Server from the master user account (created
during RDS Oracle instance creation) and execute following
commands:
create user $rangerdbuser identified by “password”; GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO $rangerdbuser; create tablespace $rangerdb datafile size 10M autoextend on; alter user $rangerdbuser DEFAULT Tablespace $rangerdb;
Where $rangerdb is a actual Ranger database name (for example: ranger) and $rangerdbuser is Ranger database username (for example: rangeradmin). -
If you are using Ranger KMS, execute the following commands:
create user $rangerdbuser identified by “password”; GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO $rangerkmsuser; create tablespace $rangerkmsdb datafile size 10M autoextend on; alter user $rangerkmsuser DEFAULT Tablespace $rangerkmsdb;
Where $rangerkmsdb is a actual Ranger database name (for example: rangerkms) and $rangerkmsuser is Ranger database username (for example: rangerkms).
-
Log in to the RDS Oracle Server from the master user account (created
during RDS Oracle instance creation) and execute following
commands: