开源大数据集群部署(十二)Ranger 集成 hive

作者:櫰木

1、解压安装

在hd1.dtstack.com主机上执行(一般选择hiveserver2节点)

  • 解压ranger-2.3.0-hive-plugin.tar.gz
bash 复制代码
[root@hd1.dtstack.com software]#tar -zxvf ranger-2.3.0-hive-plugin.tar.gz
  • 修改install.properties配置
bash 复制代码
[root@hd1.dtstack.com ranger-2.3.0-hive-plugin]# vim install.properties
POLICY_MGR_URL=http://hd1.dtstack.com:6080/
REPOSITORY_NAME=hivedev
COMPONENT_INSTALL_DIR_NAME=/opt/hive
XAAUDIT.SOLR.ENABLE=true
XAAUDIT.SOLR.URL=http://hd1.dtstack.com:8983/solr/ranger_audits
XAAUDIT.SOLR.USER=NONE
XAAUDIT.SOLR.PASSWORD=NONE
XAAUDIT.SOLR.ZOOKEEPER=hd1:2181,hd2:2181,hd3:2181/ranger_audits
XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool
XAAUDIT.ELASTICSEARCH.ENABLE=false
XAAUDIT.ELASTICSEARCH.URL=NONE
XAAUDIT.ELASTICSEARCH.USER=NONE
XAAUDIT.ELASTICSEARCH.PASSWORD=NONE
XAAUDIT.ELASTICSEARCH.INDEX=NONE
XAAUDIT.ELASTICSEARCH.PORT=NONE
XAAUDIT.ELASTICSEARCH.PROTOCOL=NONE
XAAUDIT.HDFS.ENABLE=false
XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit
XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/hive/audit/hdfs/spool
XAAUDIT.HDFS.AZURE_ACCOUNTNAME=__REPLACE_AZURE_ACCOUNT_NAME
XAAUDIT.HDFS.AZURE_ACCOUNTKEY=__REPLACE_AZURE_ACCOUNT_KEY
XAAUDIT.HDFS.AZURE_SHELL_KEY_PROVIDER=__REPLACE_AZURE_SHELL_KEY_PROVIDER
XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
XAAUDIT.LOG4J.ENABLE=false
XAAUDIT.LOG4J.IS_ASYNC=false
XAAUDIT.LOG4J.ASYNC.MAX.QUEUE.SIZE=10240
XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS=30000
XAAUDIT.LOG4J.DESTINATION.LOG4J=true
XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER=xaaudit
XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=false
XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=NONE
XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=NONE
XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=NONE
XAAUDIT.AMAZON_CLOUDWATCH.REGION=NONE
XAAUDIT.HDFS.IS_ENABLED=false
XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/hive/audit/%app-type%
XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/hive/audit/archive/%app-type%
XAAUDIT.HDFS.DESTINTATION_FILE=%hostname%-audit.log
XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900
XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400
XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60
XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log
XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60
XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600
XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10
XAAUDIT.SOLR.IS_ENABLED=false
XAAUDIT.SOLR.MAX_QUEUE_SIZE=1
XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000
XAAUDIT.SOLR.SOLR_URL=http://localhost:6083/solr/ranger_audits
SSL_KEYSTORE_FILE_PATH=/etc/hive/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/hive/conf/ranger-plugin-truststore.jks
SSL_TRUSTSTORE_PASSWORD=changeit
UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true
CUSTOM_USER=hive
CUSTOM_GROUP=hadoop

2、hive初始化

bash 复制代码
[root@hd3.dtstack.com ranger-2.0.0-hive-plugin]# ./enable-hive-plugin.sh

初始化完成后会在/opt/apache-hive-3.1.2-bin/conf目录下生成5个文件

hiveserver2-site.xml文件内容如下:

bash 复制代码
[root@hd3.dtstack.com conf]# cat hiveserver2-site.xml

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<?xml-stylesheet type="text/xsl" href="configuration.xsl"?><!--

Licensed to the Apache Software Foundation (ASF) under one or more

contributor license agreements. See the NOTICE file distributed with

this work for additional information regarding copyright ownership.

The ASF licenses this file to You under the Apache License, Version 2.0

(the "License"); you may not use this file except in compliance with

the License. You may obtain a copy of the License at

 

http://www.apache.org/licenses/LICENSE-2.0

 

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.

--><configuration>

<property>

<name>hive.security.authorization.enabled</name>

<value>true</value>

</property>

<property>

<name>hive.security.authorization.manager</name>

<value>org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory</value>

</property>

<property>

<name>hive.security.authenticator.manager</name>

<value>org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator</value>

</property>

<property>

<name>hive.conf.restricted.list</name>

<value>hive.security.authorization.enabled,hive.security.authorization.manager,hive.security.authenticator.manager</value>

</property>

</configuration>

3、hive 重启

bash 复制代码
[root@hd3.dtstack.com apache-hive-3.1.2-bin]# sh stop.sh
[root@hd3.dtstack.com apache-hive-3.1.2-bin]# sh start.sh
[root@hadoop05 apache-hive-3.1.2-bin]# sh stop.sh
[root@hadoop05 apache-hive-3.1.2-bin]# sh start.sh

4、ranger admin页面配置

访问地址:http://hd2.dtstack.com:6080/

用户密码:admin/rangerAdmin123

参数配置说明:

bash 复制代码
jdbc.driverClassName:org.apache.hive.jdbc.HiveDriver
jdbc.url :jdbc:hive2://172.16.107.127:10000/default;principal=hive/hd3.dtstack.com@DTSTACK.COM
Add New Configurations:
tag.download.auth.users:hive,hdfs,impala,rangerlookup
policy.download.auth.users:hive,hdfs,impala,rangerlookup
policy.grantrevoke.auth.users:hive,hdfs,impala,rangerlookup
enable.hive.metastore.lookup:true
default.policy.users:hive,hdfs,impala,rangerlookup
hive.site.file.path:/opt/apache-hive-3.1.2-bin/conf/hive-site.xml


点击测试连接,连接成功后保存即可。

至此,ranger hive权限配置完成。

更多技术信息请查看云掣官网https://yunche.pro/?t=yrgw

相关推荐
在未来等你37 分钟前
Kafka面试精讲 Day 15:跨数据中心复制与灾备
大数据·分布式·面试·kafka·消息队列
虎头金猫1 小时前
如何在Linux上使用Docker在本地部署开源PDF工具Stirling PDF:StirlingPDF+cpolar让专业操作像在线文档一样简单
linux·运维·ubuntu·docker·pdf·开源·centos
三花AI2 小时前
腾讯开源 HunyuanImage-2.1:17B 参数文生图模型原生支持 2K 高清
开源
计算机编程-吉哥2 小时前
大数据毕业设计-基于Python的中文起点网小说数据分析平台(高分计算机毕业设计选题·定制开发·真正大数据)
大数据·hadoop·计算机毕业设计选题·机器学习毕业设计·大数据毕业设计·大数据毕业设计选题推荐·大数据毕设项目
算家计算3 小时前
面壁智能开源多模态大模型——MiniCPM-V 4.5本地部署教程:8B参数开启多模态“高刷”时代!
人工智能·开源
鸿乃江边鸟3 小时前
Flink中的 BinaryRowData 以及大小端
大数据·sql·flink
MicroTech20254 小时前
微算法科技(NASDAQ: MLGO)采用量子相位估计(QPE)方法,增强量子神经网络训练
大数据·算法·量子计算
b***25114 小时前
深圳比斯特|多维度分选:圆柱电池品质管控的自动化解决方案
大数据·人工智能
Agatha方艺璇5 小时前
Hive基础简介
数据仓库·hive·hadoop
Flink_China5 小时前
Flink Agents:基于Apache Flink的事件驱动AI智能体框架
大数据·flink