Installing Apache Ranger
Also available as:
PDF

Set up Database Users Without Sharing DBA Credentials

How to create Ranger DB users using the dba_script.py script, without sharing DBA credentials.

If do not wish to provide system Database Administrator (DBA) account details to the Ambari Ranger installer, you can use the dba_script.py Python script to create Ranger DB database users without exposing DBA account information to the Ambari Ranger installer. You can then run the normal Ambari Ranger installation without specify a DBA user name and password.
  1. Download the Ranger rpm using the yum install command.yum install ranger-kms.
  2. You should see one file named dba_script.py in the /usr/hdp/current/ranger-admin directory.
  3. Get the script reviewed internally and verify that your DBA is authorized to run the script.
  4. Execute the script by running the following command: python dba_script.py.
  5. Pass all values required in the argument. These should include db flavor, JDBC jar, db host, db name, db user, and other parameters.
    • If you would prefer not to pass runtime arguments via the command prompt, you can update the /usr/hdp/current/ranger-admin/install.properties file and then run: python dba_script.py -q
    • When you specify the -q option, the script will read all required information from the install.properties file
    • You can use the -d option to run the script in "dry" mode. Running the script in dry mode causes the script to generate a database script: python dba_script.py -d /tmp/generated-script.sql

      Anyone can run the script, but it is recommended that the system DBA run the script in dry mode. In either case, the system DBA should review the generated script, but should only make minor adjustments to the script, for example, change the location of a particular database file. No major changes should be made that substantially alter the script -- otherwise the Ranger install may fail.

    • The system DBA must then run the generated script.
  6. Log in to the host where KMS is to be installed. Run the following commands to back up files:
    cp /var/lib/ambari-agent/cache/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py /var/lib/ambari-agent/cache/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py.bak 
    cp /var/lib/ambari-server/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py /var/lib/ambari-server/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py.bak
  7. In both of the kms.py files copied in the previous step, find and comment out the following line (shown here commented out): #Execute(dba_setup, environment=env_dict, logoutput=True, user=params.kms_user).
  8. Run the Ranger Ambari install procedure, but set Setup Database and Database User to No in the Ranger Admin section of the Customize Services screen.