Apache Ranger 2.4.0 集成Hive 3.x(Kerbos)

一、解压tar包

tar zxvf ranger-2.4.0-hive-plugin.tar.gz

二、修改install.propertis

复制代码
POLICY_MGR_URL=http://localhost:6080

REPOSITORY_NAME=hive_repo

COMPONENT_INSTALL_DIR_NAME=/BigData/run/hive

CUSTOM_USER=hadoop

三、进行enable

复制代码
[root@tv3-hadoop-01 ranger-2.4.0-hive-plugin]# ./enable-hive-plugin.sh

看到下面的内容后,已经初始化完毕,需要重启meta和hive服务

复制代码
Ranger Plugin for hive has been enabled. Please restart hive to ensure that changes are effective.

nohup hive --service metastore &

nohup hive --service hiveserver2 &

四、验证服务状态

服务正常,但是权限已经受到管控,需要进行授权

复制代码
[hadoop@tv3-hadoop-01 ~]$ beeline
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/home/hadoop/gf13871/apache-hive-3_1_3/lib/log4j-slf4j-impl-2.17.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/BigData/install/hadoop-3.3.1/share/hadoop/common/lib/slf4j-log4j12-1.7.30.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
Beeline version 3.1.3 by Apache Hive
beeline> !connect jdbc:hive2://tv3-hadoop-01:10000/default;principal=hadoop/tv3-hadoop-01@AB.ELONG.COM
Connecting to jdbc:hive2://tv3-hadoop-01:10000/default;principal=hadoop/tv3-hadoop-01@AB.ELONG.COM
Connected to: Apache Hive (version 3.1.3)
Driver: Hive JDBC (version 3.1.3)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://tv3-hadoop-01:10000/default> show tables;
Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [hadoop] does not have [USE] privilege on [default] (state=42000,code=40000)
0: jdbc:hive2://tv3-hadoop-01:10000/default> 

五、Ranger 授权

六、相关报错

6.1 测试连接时出现下面报错(待解决)

复制代码
org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"]..
Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rangerlookup] does not have [USE] privilege on [Unknown resource!!].
Permission denied: user [rangerlookup] does not have [USE] privilege on [Unknown resource!!].
相关推荐
SelectDB14 小时前
浩瀚深度:从 ClickHouse 到 Doris,支撑单表 13PB、534 万亿行的超大规模数据分析场景
大数据·数据库·apache
玖疯子14 小时前
PyCharm高效入门指南大纲
java·运维·服务器·apache·wordpress
SelectDB15 小时前
公开免费!Apache Doris & SelectDB 培训与认证课程正式上线
大数据·数据库·apache
SelectDB15 小时前
Apache Doris Data Agent 解决方案:开启智能运维与数据治理新纪元
github·apache·mcp
码字的字节15 小时前
深入解析Hadoop高频面试题:HDFS读/写流程的RPC调用链
hadoop·hdfs·rpc
白日与明月16 小时前
Hive-vscode-snippets
hive·hadoop·vscode
Sirius Wu16 小时前
Hive的窗口函数
数据仓库·hive·hadoop
码字的字节18 小时前
深入解析HBase如何保证强一致性:WAL日志与MVCC机制
hadoop·hbase·wal·mvcc
シ風箏20 小时前
Hive【安装 01】hive-3.1.2版本安装配置(含 mysql-connector-java-5.1.47.jar 网盘资源)
java·hive·mysql
zhixingheyi_tian21 小时前
Hadoop 之 Yarn
大数据·hadoop·分布式