Apache Ranger 2.4.0 集成Hive 3.x(Kerbos)

一、解压tar包

tar zxvf ranger-2.4.0-hive-plugin.tar.gz

二、修改install.propertis

POLICY_MGR_URL=http://localhost:6080

REPOSITORY_NAME=hive_repo

COMPONENT_INSTALL_DIR_NAME=/BigData/run/hive

CUSTOM_USER=hadoop

三、进行enable

[root@tv3-hadoop-01 ranger-2.4.0-hive-plugin]# ./enable-hive-plugin.sh

看到下面的内容后,已经初始化完毕,需要重启meta和hive服务

Ranger Plugin for hive has been enabled. Please restart hive to ensure that changes are effective.

nohup hive --service metastore &

nohup hive --service hiveserver2 &

四、验证服务状态

服务正常,但是权限已经受到管控,需要进行授权

[hadoop@tv3-hadoop-01 ~]$ beeline
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/home/hadoop/gf13871/apache-hive-3_1_3/lib/log4j-slf4j-impl-2.17.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/BigData/install/hadoop-3.3.1/share/hadoop/common/lib/slf4j-log4j12-1.7.30.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
Beeline version 3.1.3 by Apache Hive
beeline> !connect jdbc:hive2://tv3-hadoop-01:10000/default;principal=hadoop/tv3-hadoop-01@AB.ELONG.COM
Connecting to jdbc:hive2://tv3-hadoop-01:10000/default;principal=hadoop/tv3-hadoop-01@AB.ELONG.COM
Connected to: Apache Hive (version 3.1.3)
Driver: Hive JDBC (version 3.1.3)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://tv3-hadoop-01:10000/default> show tables;
Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [hadoop] does not have [USE] privilege on [default] (state=42000,code=40000)
0: jdbc:hive2://tv3-hadoop-01:10000/default> 

五、Ranger 授权

六、相关报错

6.1 测试连接时出现下面报错(待解决)

org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"]..
Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [rangerlookup] does not have [USE] privilege on [Unknown resource!!].
Permission denied: user [rangerlookup] does not have [USE] privilege on [Unknown resource!!].
相关推荐
节点。csn22 分钟前
Hadoop yarn安装
大数据·hadoop·分布式
不惑_27 分钟前
小白入门 · 腾讯云轻量服务器部署 Hadoop 3.3.6
服务器·hadoop·腾讯云
csding1131 分钟前
写入hive metastore报问题Permission denied: user=hadoop,inode=“/user/hive”
数据仓库·hive·hadoop
NiNg_1_2342 小时前
基于Hadoop的数据清洗
大数据·hadoop·分布式
s甜甜的学习之旅3 小时前
Apache POI练习代码
apache
是小崔啊3 小时前
开源轮子 - Apache Common
java·开源·apache
筒栗子5 小时前
复习打卡大数据篇——Hadoop HDFS 01
大数据·hadoop·hdfs
谷莠子9057 小时前
hadoop实验之创业有感
hadoop·docker·团队开发
神秘打工猴8 小时前
hive常用函数有哪些
hive
程序猿阿伟9 小时前
《探索 Apache Spark MLlib 与 Java 结合的卓越之道》
java·spark-ml·apache