How to create Ranger DB users using the dba_script.py
script, without
sharing DBA credentials.
If do not wish to provide system Database Administrator
(DBA) account details to the Ambari Ranger installer, you can use the
dba_script.py
Python script to create Ranger DB database users without
exposing DBA account information to the Ambari Ranger installer. You can then run the
normal Ambari Ranger installation without specify a DBA user name and password.
-
Download the Ranger rpm using the yum install command.
yum install
ranger-kms
.
-
You should see one file named
dba_script.py
in the
/usr/hdp/current/ranger-admin
directory.
-
Get the script reviewed internally and verify that your DBA is authorized to run
the script.
-
Execute the script by running the following command:
python
dba_script.py
.
-
Pass all values required in the argument. These should include
db
flavor
, JDBC jar
, db host
, db
name
, db user
, and other parameters.
- If you would prefer not to pass runtime arguments via the command prompt, you
can update the
/usr/hdp/current/ranger-admin/install.properties
file and
then run: python dba_script.py -q
- When you specify the
-q
option, the script will read all
required information from the install.properties
file
- You can use the
-d
option to run the script in "dry" mode.
Running the script in dry mode causes the script to generate a database script:
python dba_script.py -d /tmp/generated-script.sql
Anyone
can run the script, but it is recommended that the system DBA run the script
in dry mode. In either case, the system DBA should review the generated
script, but should only make minor adjustments to the script, for example,
change the location of a particular database file. No major changes should
be made that substantially alter the script -- otherwise the Ranger install
may fail.
- The system DBA must then run the generated script.
-
Log in to the host where KMS is to be installed. Run the following commands to back
up files:
cp /var/lib/ambari-agent/cache/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py /var/lib/ambari-agent/cache/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py.bak
cp /var/lib/ambari-server/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py /var/lib/ambari-server/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py.bak
-
In both of the
kms.py
files copied in the previous step, find and
comment out the following line (shown here commented out):
#Execute(dba_setup, environment=env_dict, logoutput=True,
user=params.kms_user)
.
-
Run the Ranger Ambari install procedure, but set Setup Database and Database
User to No in the Ranger Admin section of the Customize Services
screen.