Centos7.6 + Apache Ranger 2.4.0编译（docker方式）

目录

一、Ranger简介

1、组件列表

2、支持的数据引擎服务

二、主机环境准备

1、关闭防火墙

2、关闭SELINUX

3、安装docker

4、下载Ranger源码包

5、下载Maven安装包

三、编译Ranger源码

1、修改官方包中的build_ranger_using_docker.sh

2、运行脚本编译

3、编译检查

---

一、Ranger简介

Apache Ranger提供一个集中式安全管理框架, 并解决授权和审计。它可以对Hadoop生态的组件如HDFS、Yarn、Hive、Hbase等进行细粒度的数据访问控制。通过操作Ranger控制台,管理员可以轻松的通过配置策略来控制用户访问权限。

1、组件列表

#	Service Name	Listen Port	Core Ranger Service
1	ranger	6080/tcp	Y (ranger engine - 3.0.0-SNAPSHOT version)
2	ranger-postgres	5432/tcp	Y (ranger datastore)
3	ranger-solr	8983/tcp	Y (audit store)
4	ranger-zk	2181/tcp	Y (used by solr)
5	ranger-usersync	-	Y (user/group synchronization from Local Linux/Mac)
6	ranger-kms	9292/tcp	N (needed only for Encrypted Storage / TDE)
7	ranger-tagsync	-	N (needed only for Tag Based Policies to be sync from ATLAS)

2、支持的数据引擎服务

#	Service Name	Listen Port	Service Description
1	Hadoop	8088/tcp 9000/tcp	Apache Hadoop 3.3.0 Protected by Apache Ranger's Hadoop Plugin
2	HBase	16000/tcp 16010/tcp 16020/tcp 16030/tcp	Apache HBase 2.4.6 Protected by Apache Ranger's HBase Plugin
3	Hive	10000/tcp	Apache Hive 3.1.2 Protected by Apache Ranger's Hive Plugin
4	Kafka	6667/tcp	Apache Kafka 2.8.1 Protected by Apache Ranger's Kafka Plugin
5	Knox	8443/tcp	Apache Knox 1.4.0 Protected by Apache Ranger's Knox Plugin

二、主机环境准备

1、关闭防火墙

systemctl stop firewalld.service

systemctl disable firewalld.service

2、关闭SELINUX

sed -i.bak$DATE '/^SELINUX=/c SELINUX=disabled' /etc/selinux/config

setenforce 0

3、安装docker

yum install -y docker

systemctl start docker

systemctl enable docker

4、下载Ranger源码包

Apache Ranger官网没有可以直接部署的安装包，必须通过源码进行编译。

官网地址：Apache Ranger - Download Apache Ranger?

wget https://www.apache.org/dist/ranger/2.4.0/apache-ranger-2.4.0.tar.gz --no-check-certificate

5、下载Maven安装包

wget https://dlcdn.apache.org/maven/maven-3/3.9.4/binaries/apache-maven-3.9.4-bin.tar.gz --no-check-certificate

三、编译Ranger源码

1、修改官方包中的build_ranger_using_docker.sh

#!/bin/bash

Licensed to the Apache Software Foundation (ASF) under one or more

contributor license agreements. See the NOTICE file distributed with

this work for additional information regarding copyright ownership.

The ASF licenses this file to You under the Apache License, Version 2.0

(the "License"); you may not use this file except in compliance with

the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License

#This script creates the Docker image (if not already created) and runs maven in the container

#1. Install Docker

#2. Checkout Ranger source and go to the root directory

#3. Run this script. If host is linux, then run this script as "sudo $0 ..."

#4. If you are running on Mac, then you don't need to use "sudo"

#5. To delete the image, run "sudo docker rmi ranger_dev"

#Usage: sudo ./build_ranger_using_docker.sh -build_image mvn <build params>

#Example 1 (default no param): (mvn -Pall -DskipTests=true clean compile package install)

#Example 2 (Regular build): ./build_ranger_using_docker.sh mvn -Pall clean install -DskipTests=true

#Example 3 (Recreate Docker image): ./build_ranger_using_docker.sh mvn -Pall -build_image clean install -DskipTests=true

#Notes: To remove build image manually, run "docker rmi ranger_dev" or "sudo docker rmi ranger_dev"

default_command="mvn -Pall -DskipTests=true clean compile package install"

build_image=0

if "$1" = "-build_image" ; then

build_image=1

shift

fi

params=$*

if $# -eq 0 ; then

params=$default_command

fi

image_name="ranger_dev"

remote_home="$HOME"

container_name="--name ranger_build"

if ! -d security-admin ; then

echo "ERROR: Run the script from root folder of source. e.g. $HOME/git/ranger"

exit 1

fi

images=`docker images | cut -f 1 -d " "`

\[ $images =\~ $image_name ] && found_image=1 || build_image=1

if $build_image -eq 1 ; then

echo "Creating image $image_name ..."

docker rmi -f $image_name

docker build -t $image_name - <<Dockerfile

FROM centos:centos7.6.1810

RUN mkdir /tools

WORKDIR /tools

#Install default services

RUN yum install -y wget git gcc bzip2 fontconfig python3 java-1.8.0-openjdk-devel.x86_64

RUN ln -sf /usr/bin/python3 /usr/bin/python

ENV JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk/

ENV PATH JAVA_HOME/bin:PATH

RUN wget https://dlcdn.apache.org/maven/maven-3/3.9.4/binaries/apache-maven-3.9.4-bin.tar.gz --no-check-certificate

RUN tar xfz apache-maven-3.9.4-bin.tar.gz

RUN ln -sf /tools/apache-maven-3.9.4 /tools/maven

ENV PATH /tools/maven/bin:$PATH

ENV MAVEN_OPTS "-Xmx2048m -XX:MaxPermSize=512m"

RUN mkdir -p /scripts

RUN echo "#!/bin/bash" > /scripts/mvn.sh

RUN echo 'set -x; exec "\$@" ' >> /scripts/mvn.sh

RUN chmod -R 777 /scripts

RUN chmod -R 777 /tools

ENTRYPOINT "/scripts/mvn.sh"

Dockerfile

fi

src_folder=`pwd`

LOCAL_M2="$HOME/.m2"

mkdir -p $LOCAL_M2

set -x

docker run --rm -v "{src_folder}:/ranger" -w "/ranger" -v "{LOCAL_M2}:{remote_home}/.m2" container_name image_name params

说明：

考虑实验运行环境为centos7.6，且国内有部分外国源访问不到，所以做了一定修改和裁剪，本次实验中，使用root用户运行该脚本，容器内使用root用户进行编译操作。

1、原脚本的基础镜像为centos:lastest，其对应Centos 8.1，现修改为centos:centos7.6.1810；

2、原脚本安装jkd8时，使用AWS s3's docker-assets里的jdk-8u101-linux-x64.rpm，现修改为使用centos自带的openjdk1.8，即java-1.8.0-openjdk-devel.x86_64；

3、原脚本未安装python3，最终编译时会找不到python3包而报错，现增加安装python3，同时设置默认使用python3，即RUN ln -sf /usr/bin/python3 /usr/bin/python

4、原脚本安装maven时，使用ADD来获取apache-maven-3.6.3-bin.tar.gz并校验包，现修改为使用wget获得最新的apache-maven-3.9.4-bin.tar.gz，且不做额外的包正确性校验，即wget https://dlcdn.apache.org/maven/maven-3/3.9.4/binaries/apache-maven-3.9.4-bin.tar.gz --no-check-certificatewget

5、原脚本的启动脚本创建并使用了非root用户builder，但会与后面运行容器时映射本地卷组有权限限制，考虑到只是临时编译使用，剔除所有builder用户的内容，包含gosu安装、用户创建、用户判断等，只保留echo 'set -x; exec "\$@" ' >> /scripts/mvn.sh

6、原脚本中{remote_home}为空值，会将运行该脚本的用户Home下的.m2映射到容器内根目录的.m2，现修改为容器内工作用户的Home目录，即remote_home="HOME"

2、运行脚本编译

chmod +x build_ranger_using_docker.sh

./build_ranger_using_docker.sh

说明：

参照脚本使用说明

#Usage: sudo ./build_ranger_using_docker.sh -build_image mvn <build params>

#Example 1 (default no param): (mvn -Pall -DskipTests=true clean compile package install)

#Example 2 (Regular build): ./build_ranger_using_docker.sh mvn -Pall clean install -DskipTests=true

#Example 3 (Recreate Docker image): ./build_ranger_using_docker.sh mvn -Pall -build_image clean install -DskipTests=true

3、编译检查

INFO ------------------------------------------------------------------------

INFO Reactor Summary for ranger 2.4.0:

INFO

INFO\] ranger ............................................. SUCCESS \[ 12.567 s

INFO\] Jdbc SQL Connector ................................. SUCCESS \[ 13.553 s

INFO\] Credential Support ................................. SUCCESS \[ 14.914 s

INFO\] Audit Component .................................... SUCCESS \[01:09 min

INFO\] ranger-plugin-classloader .......................... SUCCESS \[ 9.662 s

INFO\] Common library for Plugins ......................... SUCCESS \[02:03 min

INFO\] ranger-intg ........................................ SUCCESS \[ 40.185 s

INFO\] Installer Support Component ........................ SUCCESS \[ 8.196 s

INFO\] Credential Builder ................................. SUCCESS \[ 12.157 s

INFO\] Embedded Web Server Invoker ........................ SUCCESS \[ 33.355 s

INFO\] Key Management Service ............................. SUCCESS \[01:40 min

INFO\] HBase Security Plugin Shim ......................... SUCCESS \[ 52.109 s

INFO\] HBase Security Plugin .............................. SUCCESS \[01:25 min

INFO\] Hdfs Security Plugin ............................... SUCCESS \[ 36.159 s

INFO\] Hive Security Plugin ............................... SUCCESS \[ 41.491 s

INFO\] Knox Security Plugin Shim .......................... SUCCESS \[ 9.255 s

INFO\] Knox Security Plugin ............................... SUCCESS \[ 21.750 s

INFO\] Storm Security Plugin .............................. SUCCESS \[ 16.017 s

INFO\] YARN Security Plugin ............................... SUCCESS \[ 13.554 s

INFO\] Ozone Security Plugin .............................. SUCCESS \[ 12.752 s

INFO\] Ranger Util ........................................ SUCCESS \[ 11.776 s

INFO\] Unix Authentication Client ......................... SUCCESS \[ 11.990 s

INFO\] User Group Synchronizer Util ....................... SUCCESS \[ 6.909 s

INFO\] Security Admin Web Application ..................... SUCCESS \[08:54 min

INFO\] KAFKA Security Plugin .............................. SUCCESS \[01:17 min

INFO\] SOLR Security Plugin ............................... SUCCESS \[01:18 min

INFO\] NestedStructure Security Plugin .................... SUCCESS \[ 24.474 s

INFO\] NiFi Security Plugin ............................... SUCCESS \[ 12.265 s

INFO\] NiFi Registry Security Plugin ...................... SUCCESS \[ 11.211 s

INFO\] Presto Security Plugin ............................. SUCCESS \[ 24.201 s

INFO\] Kudu Security Plugin ............................... SUCCESS \[ 14.920 s

INFO\] Unix User Group Synchronizer ....................... SUCCESS \[02:08 min

INFO\] Ldap Config Check Tool ............................. SUCCESS \[ 11.640 s

INFO\] Unix Authentication Service ........................ SUCCESS \[ 11.348 s

INFO\] KMS Security Plugin ................................ SUCCESS \[01:13 min

INFO\] Tag Synchronizer ................................... SUCCESS \[ 45.784 s

INFO\] Hdfs Security Plugin Shim .......................... SUCCESS \[ 9.535 s

INFO\] Hive Security Plugin Shim .......................... SUCCESS \[01:23 min

INFO\] YARN Security Plugin Shim .......................... SUCCESS \[ 42.092 s

INFO\] OZONE Security Plugin Shim ......................... SUCCESS \[ 23.710 s

INFO\] Storm Security Plugin shim ......................... SUCCESS \[ 10.665 s

INFO\] KAFKA Security Plugin Shim ......................... SUCCESS \[ 10.838 s

INFO\] SOLR Security Plugin Shim .......................... SUCCESS \[ 22.091 s

INFO\] Atlas Security Plugin Shim ......................... SUCCESS \[ 28.752 s

INFO\] KMS Security Plugin Shim ........................... SUCCESS \[ 52.920 s

INFO\] Presto Security Plugin Shim ........................ SUCCESS \[ 26.065 s

INFO\] ranger-examples .................................... SUCCESS \[ 0.272 s

INFO\] Ranger Examples - Conditions and ContextEnrichers .. SUCCESS \[ 11.692 s

INFO\] Ranger Examples - SampleApp ........................ SUCCESS \[ 5.863 s

INFO\] Ranger Examples - Ranger Plugin for SampleApp ...... SUCCESS \[ 10.167 s

INFO\] sample-client ...................................... SUCCESS \[ 11.777 s

INFO\] Apache Ranger Examples Distribution ................ SUCCESS \[ 6.742 s

INFO\] Ranger Tools ....................................... SUCCESS \[ 35.518 s

INFO\] Atlas Security Plugin .............................. SUCCESS \[ 41.615 s

INFO\] SchemaRegistry Security Plugin ..................... SUCCESS \[03:02 min

INFO\] Sqoop Security Plugin .............................. SUCCESS \[ 53.693 s

INFO\] Sqoop Security Plugin Shim ......................... SUCCESS \[ 14.680 s

INFO\] Kylin Security Plugin .............................. SUCCESS \[03:33 min

INFO\] Kylin Security Plugin Shim ......................... SUCCESS \[ 41.171 s

INFO\] Elasticsearch Security Plugin Shim ................. SUCCESS \[ 22.381 s

INFO\] Elasticsearch Security Plugin ...................... SUCCESS \[ 37.204 s

INFO\] Apache Ranger Distribution ......................... SUCCESS \[02:26 min

INFO\] Unix Native Authenticator .......................... SUCCESS \[ 4.438 s

INFO ------------------------------------------------------------------------

INFO BUILD SUCCESS

INFO ------------------------------------------------------------------------

INFO Total time: 49:17 min

INFO Finished at: 2023-08-07T10:43:31Z

INFO ------------------------------------------------------------------------

在target目录可以看到生成的程序包：

-rw-r--r-- 1 root root 579387182 Aug 7 18:42 ranger-2.4.0-admin.tar.gz

-rw-r--r-- 1 root root 43729654 Aug 7 18:43 ranger-2.4.0-atlas-plugin.tar.gz

-rw-r--r-- 1 root root 34172214 Aug 7 18:43 ranger-2.4.0-elasticsearch-plugin.tar.gz

-rw-r--r-- 1 root root 39122941 Aug 7 18:42 ranger-2.4.0-hbase-plugin.tar.gz

-rw-r--r-- 1 root root 37684529 Aug 7 18:42 ranger-2.4.0-hdfs-plugin.tar.gz

-rw-r--r-- 1 root root 37478412 Aug 7 18:42 ranger-2.4.0-hive-plugin.tar.gz

-rw-r--r-- 1 root root 56846325 Aug 7 18:42 ranger-2.4.0-kafka-plugin.tar.gz

-rw-r--r-- 1 root root 195376717 Aug 7 18:43 ranger-2.4.0-kms.tar.gz

-rw-r--r-- 1 root root 51454934 Aug 7 18:42 ranger-2.4.0-knox-plugin.tar.gz

-rw-r--r-- 1 root root 36625366 Aug 7 18:43 ranger-2.4.0-kylin-plugin.tar.gz

-rw-r--r-- 1 root root 34201 Aug 7 18:43 ranger-2.4.0-migration-util.tar.gz

-rw-r--r-- 1 root root 43393403 Aug 7 18:42 ranger-2.4.0-ozone-plugin.tar.gz

-rw-r--r-- 1 root root 57425250 Aug 7 18:43 ranger-2.4.0-presto-plugin.tar.gz

-rw-r--r-- 1 root root 16563346 Aug 7 18:43 ranger-2.4.0-ranger-tools.tar.gz

-rw-r--r-- 1 root root 36915 Aug 7 18:42 ranger-2.4.0-solr_audit_conf.tar.gz

-rw-r--r-- 1 root root 38256335 Aug 7 18:42 ranger-2.4.0-solr-plugin.tar.gz

-rw-r--r-- 1 root root 36860763 Aug 7 18:43 ranger-2.4.0-sqoop-plugin.tar.gz

-rw-r--r-- 1 root root 6376456 Aug 7 18:43 ranger-2.4.0-src.tar.gz

-rw-r--r-- 1 root root 51760282 Aug 7 18:42 ranger-2.4.0-storm-plugin.tar.gz

-rw-r--r-- 1 root root 31046503 Aug 7 18:42 ranger-2.4.0-tagsync.tar.gz

-rw-r--r-- 1 root root 20128101 Aug 7 18:42 ranger-2.4.0-usersync.tar.gz

-rw-r--r-- 1 root root 35792990 Aug 7 18:42 ranger-2.4.0-yarn-plugin.tar.gz

参考文档：

Ranger Installation Guide - Ranger - Apache Software Foundation