Installing Apache Ranger
Also available as:
PDF

Configure a Ranger DB: Amazon RDS

Ranger requires a relational database as its policy store. There are additional prerequisites for Amazon RDS-based databases due to how Amazon RDS is set up and managed.

Depending on your DB flavor, there are prerequisite steps to perform when using Amazon RDS. There are three ways to set up Hadoop group mapping:
  • MySQL/MariaDB
  • PostgreSQL
  • Oracle
  • For MySQL/MariaDB, you must change the variable log_bin_trust_function_creators to 1 during Ranger installation. From RDS Dashboard>Parameter group (on the left side of the page):
    1. Set the MySQL Server variable log_bin_trust_function_creators to 1.
    2. (Optional) After Ranger installation is complete, reset log_bin_trust_function_creators to its original setting. The variable is only required to be set to 1 during Ranger installation.
  • For PostgreSQL, complete the prerequisites:
    The Ranger database user in Amazon RDS PostgreSQL Server should be created before installing Ranger and should be granted an existing role which must have the role CREATEDB.
    1. Using the master user account, log in to the Amazon RDS PostgreSQL Server from master user account (created during RDS PostgreSQL instance creation) and execute following commands:
      CREATE USER $rangerdbuser WITH LOGIN PASSWORD 'password'
      GRANT $rangerdbuser to $postgresroot
      Where $postgresroot is the RDS PostgreSQL master user account (for example: postgresroot) and $rangerdbuser is the Ranger database user name (for example: rangeradmin).
    2. If you are using Ranger KMS, execute the following commands:
      CREATE USER $rangerkmsuser WITH LOGIN PASSWORD 'password'
      GRANT $rangerkmsuser to $postgresroot
      Where $postgresroot is the RDS PostgreSQL master user account (for example: postgresroot) and $rangerkmsuser is the Ranger KMS user name (for example: rangerkms).
  • For Oracle, due to limitations in Amazon RDS, the Ranger database user and tablespace must be created manually and the required privileges must be manually granted to the Ranger database user:
    1. Log in to the RDS Oracle Server from the master user account (created during RDS Oracle instance creation) and execute following commands:
      create user $rangerdbuser identified by “password”;
      GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO $rangerdbuser;
      create tablespace $rangerdb datafile size 10M autoextend on;
      alter user $rangerdbuser DEFAULT Tablespace $rangerdb;
      Where $rangerdb is a actual Ranger database name (for example: ranger) and $rangerdbuser is Ranger database username (for example: rangeradmin).
    2. If you are using Ranger KMS, execute the following commands:
      create user $rangerdbuser identified by “password”;
      GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO $rangerkmsuser;
      create tablespace $rangerkmsdb datafile size 10M autoextend on;
      alter user $rangerkmsuser DEFAULT Tablespace $rangerkmsdb;
      Where $rangerkmsdb is a actual Ranger database name (for example: rangerkms) and $rangerkmsuser is Ranger database username (for example: rangerkms).
“Start the Ranger Installation”