Apache Ranger 2.4.0 集成hadoop 3.X(Kerbos)

已于 2024-06-30 22:35:54 修改
阅读量937 收藏 16
点赞数 10
文章标签: apache hadoop 大数据
于 2024-06-30 21:52:50 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/guofei_ok/article/details/140082521
版权

1、安装Ranger

参照上一个文章

2、修改配置

把各种plugin转到统一目录(源码编译的target目录下拷贝过来),比如 tar zxvf ranger-2.4.0-hdfs-plugin.tar.gz

tar zxvf ranger-2.4.0-hdfs-plugin.tar.gz

vim install.properties

POLICY_MGR_URL==http://localhost:6080
REPOSITORY_NAME=hdfs_repo

COMPONENT_INSTALL_DIR_NAME=/BigData/run/hadoop

CUSTOM_USER=hadoop
CUSTOM_GROUP=hadoop

3、生效配置

./enable-hdfs-plugin.sh

出现下面关键字代表安装plugin成功,需要重启所有namenode服务

Ranger Plugin for hadoop has been enabled. Please restart hadoop to ensure that changes are effective.

4、 相关报错

4.1 hadoop common冲突

[root@tv3-hadoop-01 ranger-2.4.0-hdfs-plugin]# ./enable-hdfs-plugin.sh
Custom user and group is available, using custom user and group.
+ Sun Jun 30 16:22:24 CST 2024 : hadoop: lib folder=/BigData/run/hadoop/share/hadoop/hdfs/lib conf folder=/BigData/run/hadoop/etc/hadoop
+ Sun Jun 30 16:22:24 CST 2024 : Saving current config file: /BigData/run/hadoop/etc/hadoop/hdfs-site.xml to /BigData/run/hadoop/etc/hadoop/.hdfs-site.xml.20240630-162224 ...
+ Sun Jun 30 16:22:25 CST 2024 : Saving current config file: /BigData/run/hadoop/etc/hadoop/ranger-hdfs-audit.xml to /BigData/run/hadoop/etc/hadoop/.ranger-hdfs-audit.xml.20240630-162224 ...
+ Sun Jun 30 16:22:25 CST 2024 : Saving current config file: /BigData/run/hadoop/etc/hadoop/ranger-hdfs-security.xml to /BigData/run/hadoop/etc/hadoop/.ranger-hdfs-security.xml.20240630-162224 ...
+ Sun Jun 30 16:22:25 CST 2024 : Saving current config file: /BigData/run/hadoop/etc/hadoop/ranger-policymgr-ssl.xml to /BigData/run/hadoop/etc/hadoop/.ranger-policymgr-ssl.xml.20240630-162224 ...
+ Sun Jun 30 16:22:25 CST 2024 : Saving lib file: /BigData/run/hadoop/share/hadoop/hdfs/lib/ranger-hdfs-plugin-impl to /BigData/run/hadoop/share/hadoop/hdfs/lib/.ranger-hdfs-plugin-impl.20240630162225 ...
+ Sun Jun 30 16:22:25 CST 2024 : Saving lib file: /BigData/run/hadoop/share/hadoop/hdfs/lib/ranger-hdfs-plugin-shim-2.4.0.jar to /BigData/run/hadoop/share/hadoop/hdfs/lib/.ranger-hdfs-plugin-shim-2.4.0.jar.20240630162225 ...
+ Sun Jun 30 16:22:25 CST 2024 : Saving lib file: /BigData/run/hadoop/share/hadoop/hdfs/lib/ranger-plugin-classloader-2.4.0.jar to /BigData/run/hadoop/share/hadoop/hdfs/lib/.ranger-plugin-classloader-2.4.0.jar.20240630162225 ...
+ Sun Jun 30 16:22:25 CST 2024 : Saving current JCE file: /etc/ranger/hdfs_repo/cred.jceks to /etc/ranger/hdfs_repo/.cred.jceks.20240630162225 ...
Unable to store password in non-plain text format. Error: [SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/hadoop/thirdparty/com/google/common/collect/Interners
	at org.apache.hadoop.util.StringInterner.<clinit>(StringInterner.java:40)
	at org.apache.hadoop.conf.Configuration$Parser.handleEndElement(Configuration.java:3335)
	at org.apache.hadoop.conf.Configuration$Parser.parseNext(Configuration.java:3417)
	at org.apache.hadoop.conf.Configuration$Parser.parse(Configuration.java:3191)
	at org.apache.hadoop.conf.Configuration.loadResource(Configuration.java:3084)
	at org.apache.hadoop.conf.Configuration.loadResources(Configuration.java:3045)
	at org.apache.hadoop.conf.Configuration.loadProps(Configuration.java:2923)
	at org.apache.hadoop.conf.Configuration.getProps(Configuration.java:2905)
	at org.apache.hadoop.conf.Configuration.set(Configuration.java:1413)
	at org.apache.hadoop.conf.Configuration.set(Configuration.java:1385)
	at org.apache.ranger.credentialapi.CredentialReader.getDecryptedString(CredentialReader.java:55)
	at org.apache.ranger.credentialapi.buildks.createCredential(buildks.java:87)
	at org.apache.ranger.credentialapi.buildks.main(buildks.java:41)
Caused by: java.lang.ClassNotFoundException: org.apache.hadoop.thirdparty.com.google.common.collect.Interners
	at java.net.URLClassLoader.findClass(URLClassLoader.java:382)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
	... 13 more]
Exiting plugin installation

解决方案:

确保打包的pom.xml文件中的hadoop.version和ranger部署的hadoop环境版本保持一致(如果冲突,建议保留源码版本)

4.2 其他报错

Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/hadoop/thirdparty/com/google/common/base/Preconditions
	at org.apache.hadoop.conf.Configuration$DeprecationDelta.<init>(Configuration.java:430)
	at org.apache.hadoop.conf.Configuration$DeprecationDelta.<init>(Configuration.java:443)
	at org.apache.hadoop.conf.Configuration.<clinit>(Configuration.java:525)
	at org.apache.ranger.credentialapi.CredentialReader.getDecryptedString(CredentialReader.java:39)
	at org.apache.ranger.credentialapi.buildks.createCredential(buildks.java:87)
	at org.apache.ranger.credentialapi.buildks.main(buildks.java:41)
Caused by: java.lang.ClassNotFoundException: org.apache.hadoop.thirdparty.com.google.common.base.Preconditions
	at java.net.URLClassLoader.findClass(URLClassLoader.java:382)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
	... 6 more]

解决方案:

确保打包的pom.xml文件中的hadoop.version和ranger部署的hadoop环境版本保持一致(如果冲突,建议保留源码版本)

4.3 ranger 集成kerbos hadoop报错

2024-06-30 12:20:53,246 [timed-executor-pool-0] INFO [BaseClient.java:122] Init Login: using username/password
2024-06-30 12:20:53,282 [timed-executor-pool-0] ERROR [HdfsResourceMgr.java:49] <== HdfsResourceMgr.testConnection Error: Unable to login to Hadoop environment [hdfs_repo]
org.apache.ranger.plugin.client.HadoopException: Unable to login to Hadoop environment [hdfs_repo]
	at org.apache.ranger.plugin.client.BaseClient.createException(BaseClient.java:153)
	at org.apache.ranger.plugin.client.BaseClient.createException(BaseClient.java:149)
	at org.apache.ranger.plugin.client.BaseClient.login(BaseClient.java:140)
	at org.apache.ranger.plugin.client.BaseClient.<init>(BaseClient.java:61)
	at org.apache.ranger.services.hdfs.client.HdfsClient.<init>(HdfsClient.java:50)
	at org.apache.ranger.services.hdfs.client.HdfsClient.connectionTest(HdfsClient.java:217)
	at org.apache.ranger.services.hdfs.client.HdfsResourceMgr.connectionTest(HdfsResourceMgr.java:47)
	at org.apache.ranger.services.hdfs.RangerServiceHdfs.validateConfig(RangerServiceHdfs.java:74)
	at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:655)
	at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:642)
	at org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:603)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.io.IOException: Login failure for hadoop using password ****
	at org.apache.hadoop.security.SecureClientLogin.loginUserWithPassword(SecureClientLogin.java:82)
	at org.apache.ranger.plugin.client.BaseClient.login(BaseClient.java:123)
	... 12 common frames omitted
Caused by: javax.security.auth.login.LoginException: Client not found in Kerberos database (6) - CLIENT_NOT_FOUND
	at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:804)
	at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:596)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
	at org.apache.hadoop.security.SecureClientLogin.loginUserWithPassword(SecureClientLogin.java:79)
	... 13 common frames omitted
Caused by: sun.security.krb5.KrbException: Client not found in Kerberos database (6) - CLIENT_NOT_FOUND
	at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:82)
	at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:316)
	at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
	at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:766)
	... 26 common frames omitted
Caused by: sun.security.krb5.Asn1Exception: Identifier doesn't match expected value (906)
	at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
	at sun.security.krb5.internal.ASRep.init(ASRep.java:64)
	at sun.security.krb5.internal.ASRep.<init>(ASRep.java:59)
	at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:60)
	... 29 common frames omitted

如果ranger同时集成kerbos的话需要增加如下操作

增加证书

addprinc -randkey rangeradmin/tv3-hadoop-01@AB.ELONG.COM
addprinc -randkey rangerlookup/tv3-hadoop-01@AB.ELONG.COM
addprinc -randkey rangerusersync/tv3-hadoop-01@AB.ELONG.COM
addprinc -randkey HTTP/tv3-hadoop-01@AB.ELONG.COM

HTTP如果之前已经有了,可以不重新生成

导出证书

xst -k /BigData/run/hadoop/keytab/ranger.keytab rangeradmin/tv3-hadoop-01@AB.ELONG.COM rangerlookup/tv3-hadoop-01@AB.ELONG.COM rangerusersync/tv3-hadoop-01@AB.ELONG.COM HTTP/tv3-hadoop-01@AB.ELONG.COM

赋权限:

chown ranger:ranger /BigData/run/hadoop/keytab/ranger.keytab

进行证书初始化

su - ranger

kinit -kt /BigData/run/hadoop/keytab/ranger.keytab HTTP/$HOSTNAME@AB.ELONG.COM

kinit -kt /BigData/run/hadoop/keytab/ranger.keytab rangeradmin/$HOSTNAME@AB.ELONG.COM

kinit -kt /BigData/run/hadoop/keytab/ranger.keytab rangerlookup/$HOSTNAME@AB.ELONG.COM

kinit -kt /BigData/run/hadoop/keytab/ranger.keytab rangerusersync/$HOSTNAME@AB.ELONG.COM

安装前可以提前配置:

spnego_principal=HTTP/tv3-hadoop-01@AB.ELONG.COM

spnego_keytab=/BigData/run/hadoop/keytab/ranger.keytab

admin_principal=rangeradmin/tv3-hadoop-01@AB.ELONG.COM

admin_keytab=/BigData/run/hadoop/keytab/ranger.keytab

lookup_principal=rangerlookup/tv3-hadoop-01@AB.ELONG.COM

lookup_keytab=/BigData/run/hadoop/keytab/ranger.keytab

hadoop_conf=/BigData/run/hadoop/etc/hadoop/

ranger.service.host=tv3-hadoop-01

4.4 SSL 报错

2024-06-30 13:01:43,237 [timed-executor-pool-0] ERROR [HdfsResourceMgr.java:49] <== HdfsResourceMgr.testConnection Error: listFilesInternal: Unable to get listing of files for directory /null] from Hadoop environment [hdfs_repo].
org.apache.ranger.plugin.client.HadoopException: listFilesInternal: Unable to get listing of files for directory /null] from Hadoop environment [hdfs_repo].
	at org.apache.ranger.services.hdfs.client.HdfsClient.listFilesInternal(HdfsClient.java:138)
	at org.apache.ranger.services.hdfs.client.HdfsClient.access$000(HdfsClient.java:44)
	at org.apache.ranger.services.hdfs.client.HdfsClient$1.run(HdfsClient.java:167)
	at org.apache.ranger.services.hdfs.client.HdfsClient$1.run(HdfsClient.java:164)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at org.apache.ranger.services.hdfs.client.HdfsClient.listFiles(HdfsClient.java:170)
	at org.apache.ranger.services.hdfs.client.HdfsClient.connectionTest(HdfsClient.java:221)
	at org.apache.ranger.services.hdfs.client.HdfsResourceMgr.connectionTest(HdfsResourceMgr.java:47)
	at org.apache.ranger.services.hdfs.RangerServiceHdfs.validateConfig(RangerServiceHdfs.java:74)
	at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:655)
	at org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:642)
	at org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:603)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.io.IOException: DestHost:destPort tv3-hadoop-06:15820 , LocalHost:localPort tv3-hadoop-01/10.177.42.98:0. Failed on local exception: java.io.IOException: javax.security.sasl.SaslException: No common protection layer between client and server
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at org.apache.hadoop.net.NetUtils.wrapWithMessage(NetUtils.java:837)
	at org.apache.hadoop.net.NetUtils.wrapException(NetUtils.java:812)
	at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1566)
	at org.apache.hadoop.ipc.Client.call(Client.java:1508)
	at org.apache.hadoop.ipc.Client.call(Client.java:1405)
	at org.apache.hadoop.ipc.ProtobufRpcEngine2$Invoker.invoke(ProtobufRpcEngine2.java:234)
	at org.apache.hadoop.ipc.ProtobufRpcEngine2$Invoker.invoke(ProtobufRpcEngine2.java:119)
	at com.sun.proxy.$Proxy107.getListing(Unknown Source)
	at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getListing(ClientNamenodeProtocolTranslatorPB.java:687)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:422)
	at org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invokeMethod(RetryInvocationHandler.java:165)
	at org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invoke(RetryInvocationHandler.java:157)
	at org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invokeOnce(RetryInvocationHandler.java:95)
	at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:359)
	at com.sun.proxy.$Proxy108.getListing(Unknown Source)
	at org.apache.hadoop.hdfs.DFSClient.listPaths(DFSClient.java:1694)
	at org.apache.hadoop.hdfs.DFSClient.listPaths(DFSClient.java:1678)
	at org.apache.hadoop.hdfs.DistributedFileSystem.listStatusInternal(DistributedFileSystem.java:1093)
	at org.apache.hadoop.hdfs.DistributedFileSystem.access$600(DistributedFileSystem.java:144)
	at org.apache.hadoop.hdfs.DistributedFileSystem$24.doCall(DistributedFileSystem.java:1157)
	at org.apache.hadoop.hdfs.DistributedFileSystem$24.doCall(DistributedFileSystem.java:1154)
	at org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
	at org.apache.hadoop.hdfs.DistributedFileSystem.listStatus(DistributedFileSystem.java:1164)
	at org.apache.ranger.services.hdfs.client.HdfsClient.listFilesInternal(HdfsClient.java:83)
	... 16 common frames omitted
Caused by: java.io.IOException: javax.security.sasl.SaslException: No common protection layer between client and server
	at org.apache.hadoop.ipc.Client$Connection$1.run(Client.java:778)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1845)
	at org.apache.hadoop.ipc.Client$Connection.handleSaslConnectionFailure(Client.java:732)
	at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:835)
	at org.apache.hadoop.ipc.Client$Connection.access$3800(Client.java:413)
	at org.apache.hadoop.ipc.Client.getConnection(Client.java:1636)
	at org.apache.hadoop.ipc.Client.call(Client.java:1452)
	... 40 common frames omitted
Caused by: javax.security.sasl.SaslException: No common protection layer between client and server
	at com.sun.security.sasl.gsskerb.GssKrb5Client.doFinalHandshake(GssKrb5Client.java:251)
	at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:186)
	at org.apache.hadoop.security.SaslRpcClient.saslEvaluateToken(SaslRpcClient.java:481)
	at org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:423)
	at org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:622)
	at org.apache.hadoop.ipc.Client$Connection.access$2300(Client.java:413)
	at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:822)
	at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:818)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1845)
	at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:818)
	... 43 common frames omitted

解决方案:

hadoop.rpc.protection需要设置和集群保持一致,比如当前设置为

   <property>

     <name>hadoop.rpc.protection</name>

     <value>authentication</value>

     <description>authentication : authentication only (default); integrity : integrity check in addition to authentication; privacy : data encryption in addition to integrity</description>

   </property>

5、验证连接是否成功

Service Name    hdfs_repo
Display Name    hdfs_repo
Description    --
Active Status    Enabled
Tag Service    --
Username    hadoop
Password    *****
Namenode URL   hdfs://localhost:15820
Authorization Enabled    true
Authentication Type    kerberos
hadoop.security.auth_to_local    RULE:[2:$1@$0](hadoop@.*EXAMPLE.COM)s/.*/hadoop/         RULE:[2:$1@$0](HTTP@.*EXAMPLE.COM)s/.*/hadoop/         DEFAULT
dfs.datanode.kerberos.principal    hadoop/_HOST@CC.LOCAL
dfs.namenode.kerberos.principal    hadoop/_HOST@CC.LOCAL
dfs.secondary.namenode.kerberos.principal    --
RPC Protection Type    authentication
Common Name for Certificate    --
policy.download.auth.users    hadoop
tag.download.auth.users    hadoop
dfs.journalnode.kerberos.principal    hadoop/_HOST@CC.LOCAL

大数据之家
关注
  • 10
    点赞
  • 16
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
权限管理-Ranger的介绍和使用(集成Hive)
迷雾总会解
06-15 5941
Apache Ranger是一个Hadoop平台上的全方位数据安全管理框架,它可以为整个Hadoop生态系统提供全面的安全管理。随着企业业务的拓展,企业可能在多用户环境中运行多个工作任务,这就需要一个可以对安全策略进行集中管理,配置和监控用户访问的框架。Ranger由此产生!Ranger的官网:https://ranger.apache.org/RangerUsersync作为Ranger提供的一个管理模块,可以将Linux机器上的用户和组信息同步到RangerAdmin的数据库中进行管理。
hadoop+kerberos+ranger Api整理(六)
weixin_40496191的博客
01-02 1302
hadoop相关组件api
Hadoop(HDP)集群kerberos认证实现方案
蘑菇丁的专栏
03-08 6347
Hadoop(HDP)集群kerberos认证实现方案 !!出于安全问题,本文隐藏了部分系统名称及服务名称,修改了部分可能造成信息泄露的部分。部分配置为虚拟机配置文件副本,相关主机名称仅供参考。 !!本文适用于HDP部署了ambari平台的kerberos认证操作。其他环境供参考。 文档中相关图片不上传了。 部署环境:Hadoop2.7.3 HDP2.5.3 本文档参考了
Ranger-Hdfs插件安装
木木与呆呆的专栏
04-26 2474
Ranger-Hdfs插件ranger-0.6.0-hdfs-plugin安装到Hdfs的所有NameNode节点, 其他的DataNode节点不需要安装。 1. 登陆hdfs安装的用户,hdfs/zdh1234(用户组hadoop),获取安装包解压安装 tar –zxvf ranger-0.6.0-hdfs-plugin.tar.gz vi instal...
HDP中 Ranger 整合Kerberos进行细粒度的权限访问控制
康师傅没有眼泪
07-07 3870
一、Ranger 权限问题 1、 Ranger 是什么? ranger则是针对组件内的权限 ,比如HDFS的读写执行,Hive和Hbase的读写更新,yarn的队列资源使用权,目前ranger只支持 hdfs,hive,hbase,kafka,yarn等组件,针对于组和用户对资源的访问权限进行细粒度的控制。 2、遇到的问题 安装 Ambari 时安装了 Ranger 但是没有配置权限,所以出现了下面的问题: Error:Error while comiling statement: FAIL.
Centos7 + Apache Ranger 2.4.0 部署
snipercai的博客
08-30 3353
Centos7 + Apache Ranger 2.4.0 部署:Apache Ranger提供一个集中式安全管理框架, 并解决授权和审计。它可以对Hadoop生态的组件如HDFS、Yarn、Hive、Hbase等进行细粒度的数据访问控制。通过操作Ranger控制台,管理员可以轻松的通过配置策略来控制用户访问权限。
apache-ranger-2.4.0.tar.gz
最新发布
08-14
apache-ranger-2.4.0.tar.gz
Apache Ranger 2.4.0 编译管理包
06-13
Apache Ranger 2.4.0 中,编译管理包“ranger-2.4.0-admin.tar.gz”是核心组件,主要包含以下内容: 1. **Ranger Admin**: 这是Ranger的Web界面和后台服务,用于创建、管理和审计访问策略。管理员可以在这里定义...
Apache Ranger 2.4.0 编译插件包
06-13
ranger-tools.tar.gz presto-plugin.tar.gz ozone-plugin.tar.gz migration-util.tar.gz kylin-plugin.tar.gz knox-plugin.tar.gz kms.tar.gz kafka-plugin.tar.gz hive-plugin.tar.gz hdfs-plugin.tar.gz hbase-...
apache ranger-2.2.0-admin.tar.gz
03-17
1. **权限管理**:Apache Ranger 提供了一种集中式的权限模型,允许管理员定义精细的权限策略,如读、写、执行等操作,这些策略可应用于Hadoop、Hive、Kafka、Solr、HBase等大数据组件。通过创建角色和权限分配,...
ranger-1.2.0-hdfs-plugin.tar.gz
04-21
Ranger是HDP体系统中安全管理的重要一环。它提供了具体资源(如HBase中的具体表)权限管控、访问监控、数据加密的功能。ranger-1.2.0官方没有编译后的二进制tar包,而且编译的时间有点长,依赖的第三方库多,特意提供linux版本ranger-1.2.0的hdfs插件。
ApacheRanger剖析:Hadoop生态圈的安全管家
02-23
2016年,Hadoop迎来了自己十周岁生日。过去的十年,Hadoop雄霸武林盟主之位,号令天下,引领大数据技术生态不断发展...于是,Hadoop两大厂Cloudera和Hortonworks先后发起标准化运动,分别开源了Sentry和Ranger,在cen
Ranger-usersync安装失败
weixin_40578968的博客
08-03 1176
问题1: Credential ranger.usersync.policymgr.password has NOT been created. Mkdirs failed to create file:/usr/hdp/current/ranger-usersync/conf (exists=false, cwd=file:/var/lib/ambari-agent) 详细报错: Task Log: stderr: Traceback (most recent call last): Fi..
【已解决】Hive报错(com.google.common.base.Preconditions.checkArgument)
福贵儿的博客
03-27 3498
1.问题描述 在进行Hive数据库初始化的时候,报如下的错: [root@cm bin]# schematool -dbType mysql -initSchema SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/data/hive/lib/log4j-slf4j-impl-2.6.2.jar!/org/slf4j/impl/StaticLoggerBinder.clas.
使用flume时出现NoSuchMethodError: com.google.common.base.Preconditions.checkArgument
qq_35472225的博客
06-08 1151
使用flume时出现NoSuchMethodError: com.google.common.base.Preconditions.checkArgument flume是一个十分好用的数据采集框架,但对于新手来说,在使用过程中,很有可能会出现NoSuchMethodError: com.google.common.base.Preconditions.checkArgument这一错误,梳理了一下,大概有三种解决办法 一、环境变量未配置 在安装了flume的所有机器上,首先都需要配置hadoop环境变量
com.google.common.base.Preconditions
qq_35779815的博客
03-21 6413
前提条件 Guava提供了许多前置条件检查实用程序。我们强烈建议您静态导入这些内容。 每种方法都有三种变体: 没有额外的争论。抛出任何异常都没有错误消息。 一个额外的Object论点。抛出任何异常并显示错误消息 object.toString()。 一个额外的String参数,带有任意数量的附加Object 参数。这类似于printf,但对于GWT的兼容...
Spark 读写 Ceph S3入门学习总结
主要分享大数据相关的知识,如Spark、Hudi
09-29 646
主要总结了Spark读写Ceph S3文件的配置和代码示例,以及一些异常的解决方法,希望能对大家有所帮助。
用java 项目链接hbaes 容易出现的错误!
smileyboy2009的专栏
10-21 783
2014-10-21 16:08:37,580 WARN  [main] util.NativeCodeLoader (NativeCodeLoader.java:(62)) - Unable to load native-hadoop library for your platform... using builtin-java classes where applicable 2014-10
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值