开源大数据集群部署(十二)Ranger 集成 hive

作者:櫰木

1、解压安装

在hd1.dtstack.com主机上执行(一般选择hiveserver2节点)

  • 解压ranger-2.3.0-hive-plugin.tar.gz
bash 复制代码
[root@hd1.dtstack.com software]#tar -zxvf ranger-2.3.0-hive-plugin.tar.gz
  • 修改install.properties配置
bash 复制代码
[root@hd1.dtstack.com ranger-2.3.0-hive-plugin]# vim install.properties
POLICY_MGR_URL=http://hd1.dtstack.com:6080/
REPOSITORY_NAME=hivedev
COMPONENT_INSTALL_DIR_NAME=/opt/hive
XAAUDIT.SOLR.ENABLE=true
XAAUDIT.SOLR.URL=http://hd1.dtstack.com:8983/solr/ranger_audits
XAAUDIT.SOLR.USER=NONE
XAAUDIT.SOLR.PASSWORD=NONE
XAAUDIT.SOLR.ZOOKEEPER=hd1:2181,hd2:2181,hd3:2181/ranger_audits
XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool
XAAUDIT.ELASTICSEARCH.ENABLE=false
XAAUDIT.ELASTICSEARCH.URL=NONE
XAAUDIT.ELASTICSEARCH.USER=NONE
XAAUDIT.ELASTICSEARCH.PASSWORD=NONE
XAAUDIT.ELASTICSEARCH.INDEX=NONE
XAAUDIT.ELASTICSEARCH.PORT=NONE
XAAUDIT.ELASTICSEARCH.PROTOCOL=NONE
XAAUDIT.HDFS.ENABLE=false
XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit
XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/hive/audit/hdfs/spool
XAAUDIT.HDFS.AZURE_ACCOUNTNAME=__REPLACE_AZURE_ACCOUNT_NAME
XAAUDIT.HDFS.AZURE_ACCOUNTKEY=__REPLACE_AZURE_ACCOUNT_KEY
XAAUDIT.HDFS.AZURE_SHELL_KEY_PROVIDER=__REPLACE_AZURE_SHELL_KEY_PROVIDER
XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
XAAUDIT.LOG4J.ENABLE=false
XAAUDIT.LOG4J.IS_ASYNC=false
XAAUDIT.LOG4J.ASYNC.MAX.QUEUE.SIZE=10240
XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS=30000
XAAUDIT.LOG4J.DESTINATION.LOG4J=true
XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER=xaaudit
XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=false
XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=NONE
XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=NONE
XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=NONE
XAAUDIT.AMAZON_CLOUDWATCH.REGION=NONE
XAAUDIT.HDFS.IS_ENABLED=false
XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/hive/audit/%app-type%
XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/hive/audit/archive/%app-type%
XAAUDIT.HDFS.DESTINTATION_FILE=%hostname%-audit.log
XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900
XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400
XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60
XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log
XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60
XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600
XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10
XAAUDIT.SOLR.IS_ENABLED=false
XAAUDIT.SOLR.MAX_QUEUE_SIZE=1
XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000
XAAUDIT.SOLR.SOLR_URL=http://localhost:6083/solr/ranger_audits
SSL_KEYSTORE_FILE_PATH=/etc/hive/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/hive/conf/ranger-plugin-truststore.jks
SSL_TRUSTSTORE_PASSWORD=changeit
UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true
CUSTOM_USER=hive
CUSTOM_GROUP=hadoop

2、hive初始化

bash 复制代码
[root@hd3.dtstack.com ranger-2.0.0-hive-plugin]# ./enable-hive-plugin.sh

初始化完成后会在/opt/apache-hive-3.1.2-bin/conf目录下生成5个文件

hiveserver2-site.xml文件内容如下:

bash 复制代码
[root@hd3.dtstack.com conf]# cat hiveserver2-site.xml

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<?xml-stylesheet type="text/xsl" href="configuration.xsl"?><!--

Licensed to the Apache Software Foundation (ASF) under one or more

contributor license agreements. See the NOTICE file distributed with

this work for additional information regarding copyright ownership.

The ASF licenses this file to You under the Apache License, Version 2.0

(the "License"); you may not use this file except in compliance with

the License. You may obtain a copy of the License at

 

http://www.apache.org/licenses/LICENSE-2.0

 

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.

--><configuration>

<property>

<name>hive.security.authorization.enabled</name>

<value>true</value>

</property>

<property>

<name>hive.security.authorization.manager</name>

<value>org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory</value>

</property>

<property>

<name>hive.security.authenticator.manager</name>

<value>org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator</value>

</property>

<property>

<name>hive.conf.restricted.list</name>

<value>hive.security.authorization.enabled,hive.security.authorization.manager,hive.security.authenticator.manager</value>

</property>

</configuration>

3、hive 重启

bash 复制代码
[root@hd3.dtstack.com apache-hive-3.1.2-bin]# sh stop.sh
[root@hd3.dtstack.com apache-hive-3.1.2-bin]# sh start.sh
[root@hadoop05 apache-hive-3.1.2-bin]# sh stop.sh
[root@hadoop05 apache-hive-3.1.2-bin]# sh start.sh

4、ranger admin页面配置

访问地址:http://hd2.dtstack.com:6080/

用户密码:admin/rangerAdmin123

参数配置说明:

bash 复制代码
jdbc.driverClassName:org.apache.hive.jdbc.HiveDriver
jdbc.url :jdbc:hive2://172.16.107.127:10000/default;principal=hive/hd3.dtstack.com@DTSTACK.COM
Add New Configurations:
tag.download.auth.users:hive,hdfs,impala,rangerlookup
policy.download.auth.users:hive,hdfs,impala,rangerlookup
policy.grantrevoke.auth.users:hive,hdfs,impala,rangerlookup
enable.hive.metastore.lookup:true
default.policy.users:hive,hdfs,impala,rangerlookup
hive.site.file.path:/opt/apache-hive-3.1.2-bin/conf/hive-site.xml


点击测试连接,连接成功后保存即可。

至此,ranger hive权限配置完成。

更多技术信息请查看云掣官网https://yunche.pro/?t=yrgw

相关推荐
Lx35237 分钟前
Hadoop数据处理优化:减少Shuffle阶段的性能损耗
大数据·hadoop
scilwb3 小时前
Isaac Sim机械臂教程 - 阶段1:基础环境搭建与机械臂加载
人工智能·开源
杨杨杨大侠4 小时前
Atlas Mapper 案例 01:初级开发者 - 电商订单系统开发
java·开源·github
武子康5 小时前
大数据-99 Spark Streaming 数据源全面总结:原理、应用 文件流、Socket、RDD队列流
大数据·后端·spark
FIT2CLOUD飞致云19 小时前
AI智能问数能力全面升级,DataEase开源BI工具v2.10.13 LTS版本发布
开源
FIT2CLOUD飞致云20 小时前
九月月报丨MaxKB在不同规模医疗机构的应用进展汇报
人工智能·开源
算家计算20 小时前
AI配音革命!B站最新开源IndexTTS2本地部署教程:精准对口型,情感随心换
人工智能·开源·aigc
阿里云大数据AI技术20 小时前
大数据公有云市场第一,阿里云占比47%!
大数据
OpenTiny社区1 天前
OpenTiny NEXT 内核新生:生成式UI × MCP,重塑前端交互新范式!
前端·开源·agent
幂简集成explinks1 天前
e签宝签署API更新实战:新增 signType 与 FDA 合规参数配置
后端·设计模式·开源