开源大数据集群部署(十二)Ranger 集成 hive

作者:櫰木

1、解压安装

在hd1.dtstack.com主机上执行(一般选择hiveserver2节点)

  • 解压ranger-2.3.0-hive-plugin.tar.gz
bash 复制代码
[root@hd1.dtstack.com software]#tar -zxvf ranger-2.3.0-hive-plugin.tar.gz
  • 修改install.properties配置
bash 复制代码
[root@hd1.dtstack.com ranger-2.3.0-hive-plugin]# vim install.properties
POLICY_MGR_URL=http://hd1.dtstack.com:6080/
REPOSITORY_NAME=hivedev
COMPONENT_INSTALL_DIR_NAME=/opt/hive
XAAUDIT.SOLR.ENABLE=true
XAAUDIT.SOLR.URL=http://hd1.dtstack.com:8983/solr/ranger_audits
XAAUDIT.SOLR.USER=NONE
XAAUDIT.SOLR.PASSWORD=NONE
XAAUDIT.SOLR.ZOOKEEPER=hd1:2181,hd2:2181,hd3:2181/ranger_audits
XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool
XAAUDIT.ELASTICSEARCH.ENABLE=false
XAAUDIT.ELASTICSEARCH.URL=NONE
XAAUDIT.ELASTICSEARCH.USER=NONE
XAAUDIT.ELASTICSEARCH.PASSWORD=NONE
XAAUDIT.ELASTICSEARCH.INDEX=NONE
XAAUDIT.ELASTICSEARCH.PORT=NONE
XAAUDIT.ELASTICSEARCH.PROTOCOL=NONE
XAAUDIT.HDFS.ENABLE=false
XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit
XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/hive/audit/hdfs/spool
XAAUDIT.HDFS.AZURE_ACCOUNTNAME=__REPLACE_AZURE_ACCOUNT_NAME
XAAUDIT.HDFS.AZURE_ACCOUNTKEY=__REPLACE_AZURE_ACCOUNT_KEY
XAAUDIT.HDFS.AZURE_SHELL_KEY_PROVIDER=__REPLACE_AZURE_SHELL_KEY_PROVIDER
XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
XAAUDIT.LOG4J.ENABLE=false
XAAUDIT.LOG4J.IS_ASYNC=false
XAAUDIT.LOG4J.ASYNC.MAX.QUEUE.SIZE=10240
XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS=30000
XAAUDIT.LOG4J.DESTINATION.LOG4J=true
XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER=xaaudit
XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=false
XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=NONE
XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=NONE
XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=NONE
XAAUDIT.AMAZON_CLOUDWATCH.REGION=NONE
XAAUDIT.HDFS.IS_ENABLED=false
XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/hive/audit/%app-type%
XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/hive/audit/archive/%app-type%
XAAUDIT.HDFS.DESTINTATION_FILE=%hostname%-audit.log
XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900
XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400
XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60
XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log
XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60
XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600
XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10
XAAUDIT.SOLR.IS_ENABLED=false
XAAUDIT.SOLR.MAX_QUEUE_SIZE=1
XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000
XAAUDIT.SOLR.SOLR_URL=http://localhost:6083/solr/ranger_audits
SSL_KEYSTORE_FILE_PATH=/etc/hive/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/hive/conf/ranger-plugin-truststore.jks
SSL_TRUSTSTORE_PASSWORD=changeit
UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true
CUSTOM_USER=hive
CUSTOM_GROUP=hadoop

2、hive初始化

bash 复制代码
[root@hd3.dtstack.com ranger-2.0.0-hive-plugin]# ./enable-hive-plugin.sh

初始化完成后会在/opt/apache-hive-3.1.2-bin/conf目录下生成5个文件

hiveserver2-site.xml文件内容如下:

bash 复制代码
[root@hd3.dtstack.com conf]# cat hiveserver2-site.xml

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<?xml-stylesheet type="text/xsl" href="configuration.xsl"?><!--

Licensed to the Apache Software Foundation (ASF) under one or more

contributor license agreements. See the NOTICE file distributed with

this work for additional information regarding copyright ownership.

The ASF licenses this file to You under the Apache License, Version 2.0

(the "License"); you may not use this file except in compliance with

the License. You may obtain a copy of the License at

 

http://www.apache.org/licenses/LICENSE-2.0

 

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.

--><configuration>

<property>

<name>hive.security.authorization.enabled</name>

<value>true</value>

</property>

<property>

<name>hive.security.authorization.manager</name>

<value>org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory</value>

</property>

<property>

<name>hive.security.authenticator.manager</name>

<value>org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator</value>

</property>

<property>

<name>hive.conf.restricted.list</name>

<value>hive.security.authorization.enabled,hive.security.authorization.manager,hive.security.authenticator.manager</value>

</property>

</configuration>

3、hive 重启

bash 复制代码
[root@hd3.dtstack.com apache-hive-3.1.2-bin]# sh stop.sh
[root@hd3.dtstack.com apache-hive-3.1.2-bin]# sh start.sh
[root@hadoop05 apache-hive-3.1.2-bin]# sh stop.sh
[root@hadoop05 apache-hive-3.1.2-bin]# sh start.sh

4、ranger admin页面配置

访问地址:http://hd2.dtstack.com:6080/

用户密码:admin/rangerAdmin123

参数配置说明:

bash 复制代码
jdbc.driverClassName:org.apache.hive.jdbc.HiveDriver
jdbc.url :jdbc:hive2://172.16.107.127:10000/default;principal=hive/hd3.dtstack.com@DTSTACK.COM
Add New Configurations:
tag.download.auth.users:hive,hdfs,impala,rangerlookup
policy.download.auth.users:hive,hdfs,impala,rangerlookup
policy.grantrevoke.auth.users:hive,hdfs,impala,rangerlookup
enable.hive.metastore.lookup:true
default.policy.users:hive,hdfs,impala,rangerlookup
hive.site.file.path:/opt/apache-hive-3.1.2-bin/conf/hive-site.xml


点击测试连接,连接成功后保存即可。

至此,ranger hive权限配置完成。

更多技术信息请查看云掣官网https://yunche.pro/?t=yrgw

相关推荐
cc5725026533 小时前
高考志愿填报:大数据相关专业到底怎么选?
大数据·高考
本旺3 小时前
Elasticsearch 前缀匹配性能优化实战,附4种方式即执行计划判别
大数据·elasticsearch·性能优化
hhzz4 小时前
Python大数据实战(十六):音乐推荐系统——基于协同过滤算法构建个性化歌单引擎
大数据·人工智能·python·数据挖掘·数据分析
zlinear数据采集卡5 小时前
从0到1硬核拆解:工业级数据采集卡的隔离设计与Modbus通信实战
arm开发·单片机·嵌入式硬件·fpga开发·开源
冬奇Lab6 小时前
每日一个开源项目(第153篇):AgentsView - 跨 30+ AI 编程工具的会话分析和费用追踪,本地优先,无需账号
人工智能·开源·ai编程
泛普软件6 小时前
工程合约管理软件具备哪些核心功能,解决合同结算各类纠纷难题
大数据·人工智能·区块链
Elastic 中国社区官方博客8 小时前
Elastic 在 Everest Group 企业搜索产品 PEAK Matrix® 评估 2026 中被评为领导者
大数据·运维·人工智能·elasticsearch·搜索引擎·ai·全文检索
一键生成网站8 小时前
开源AI政务大屏制作工具对比:国产化安全合规选型深度分析
人工智能·开源·政务·
龙石数据9 小时前
MySQL 全量同步到 Hive 怎么做?三步配置教程
数据库·hive·mysql·数据治理·数据中台