Apache Ranger 2.4.0 集成Hive 3.x(Kerbos)

一、解压tar包

tar zxvf ranger-2.4.0-hive-plugin.tar.gz

二、修改install.propertis

POLICY_MGR_URL=http://localhost:6080

REPOSITORY_NAME=hive_repo

COMPONENT_INSTALL_DIR_NAME=/BigData/run/hive

CUSTOM_USER=hadoop

三、进行enable

[root@tv3-hadoop-01 ranger-2.4.0-hive-plugin]# ./enable-hive-plugin.sh

看到下面的内容后,已经初始化完毕,需要重启meta和hive服务

Ranger Plugin for hive has been enabled. Please restart hive to ensure that changes are effective.

nohup hive --service metastore &

nohup hive --service hiveserver2 &

四、验证服务状态

服务正常,但是权限已经受到管控,需要进行授权

[hadoop@tv3-hadoop-01 ~]$ beeline
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/home/hadoop/gf13871/apache-hive-3_1_3/lib/log4j-slf4j-impl-2.17.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/BigData/install/hadoop-3.3.1/share/hadoop/common/lib/slf4j-log4j12-1.7.30.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
Beeline version 3.1.3 by Apache Hive
beeline> !connect jdbc:hive2://tv3-hadoop-01:10000/default;principal=hadoop/tv3-hadoop-01@AB.ELONG.COM
Connecting to jdbc:hive2://tv3-hadoop-01:10000/default;principal=hadoop/tv3-hadoop-01@AB.ELONG.COM
Connected to: Apache Hive (version 3.1.3)
Driver: Hive JDBC (version 3.1.3)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://tv3-hadoop-01:10000/default> show tables;
Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [hadoop] does not have [USE] privilege on [default] (state=42000,code=40000)
0: jdbc:hive2://tv3-hadoop-01:10000/default> 

五、Ranger 授权

六、相关报错

6.1 测试连接时出现下面报错(待解决)

org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"]..
Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rangerlookup] does not have [USE] privilege on [Unknown resource!!].
Permission denied: user [rangerlookup] does not have [USE] privilege on [Unknown resource!!].
相关推荐
JessieZeng aaa10 小时前
CSV文件数据导入hive
数据仓库·hive·hadoop
木古古1810 小时前
使用chrome 访问虚拟机Apache2 的默认页面,出现了ERR_ADDRESS_UNREACHABLE这个鸟问题
前端·chrome·apache
Yz987616 小时前
hive复杂数据类型Array & Map & Struct & 炸裂函数explode
大数据·数据库·数据仓库·hive·hadoop·数据库开发·big data
疯一样的码农18 小时前
Apache Maven简介
java·maven·apache
EDG Zmjjkk18 小时前
Hive 函数(实例操作版2)
数据仓库·hive·hadoop
疯一样的码农20 小时前
Apache Maven 标准文件目录布局
java·maven·apache
千羽星弦20 小时前
Apache和HTTPS证书的生成与安装
网络协议·https·apache
high20111 天前
【Apache Paimon】-- 5 -- Flink 向 Paimon 表写入数据
linux·flink·apache·paimon
那一抹阳光多灿烂1 天前
Spark核心组件解析:Executor、RDD与缓存优化
hadoop·spark
Yz98761 天前
Hive分桶超详细!!!
大数据·数据仓库·hive·hadoop·hdfs·数据库开发·big data