【DataSophon】DataSophon1.2.1 ranger usersync整合

目录

一、简介

二、实现步骤

[2.1 ranger-usersync包下载编译](#2.1 ranger-usersync包下载编译)

[2.2 构建压缩包](#2.2 构建压缩包)

[2.3 编辑元数据文件](#2.3 编辑元数据文件)

[2.4 修改源码](#2.4 修改源码)

三、重新安装


一、简介


如下是DDP1.2.1默认有的rangerAdmin, 我们需要将rangerusersync整合进来 ,实现将Linux机器上的用户和组信息同步到RangerAdmin的数据库中进行管理。


二、实现步骤


2.1 ranger-usersync包下载编译


ranger官网tar包下载

https://ranger.apache.org/download.html

自己编译 或者网上下载

参考文章:

Apache Ranger - Download Apache Ranger?

Ranger安装和使用-CSDN博客

https://juejin.cn/post/6844904159930482696

https://zhuanlan.zhihu.com/p/562012618

权限管理Ranger详解_大数据权限管理利器 - ranger-CSDN博客

2.2 构建压缩包


将ranger-usersync安装包集成到ranger组件中重新打包,如下是ranger admin包和ranger-usersync包。

bash 复制代码
# 解压ranger组件原有包
tar -zxvf ranger-2.1.0.tar.gz
cd ranger-2.1.0

# 将编译好的的sync安装包解压到当前目录
tar -zxvf ranger-2.1.0-usersync.tar.gz ./
cd ranger-2.1.0-usersync
vim ranger_usersync.sh
bash 复制代码
#!/bin/bash

# 获取脚本当前目录
current_path=$(dirname "$0")

# 使用说明
usage="Usage: $0 {start|stop|status|restart}"

start(){
    echo "ranger userSync start"
    sh "$current_path/ranger-usersync" start
    if [ $? -eq 0 ]; then
        echo "ranger userSync start success"
    else
        echo "ranger userSync start failed"
        exit 1
    fi
}

stop(){
    echo "ranger userSync stop"
    sh "$current_path/ranger-usersync" stop
    if [ $? -eq 0 ]; then
        echo "ranger userSync stop success"
    else
        echo "ranger userSync stop failed"
        exit 1
    fi
}

status(){
    process_name="UnixAuthenticationService"

    # 使用 pgrep 命令检测进程是否存在
    pgrep -f "$process_name" > /dev/null

    if [ $? -eq 0 ]; then
        echo "进程 $process_name 存在"
        exit 0
    else
        echo "进程 $process_name 不存在"
        exit 1
    fi
}

restart(){
    echo "ranger userSync restart"
    sh "$current_path/ranger-usersync" restart
    if [ $? -eq 0 ]; then
        echo "ranger userSync restart success"
    else
        echo "ranger userSync restart failed"
        exit 1
    fi
}

# 处理参数
startStop=$1

case $startStop in
    start)
        start
        ;;
    stop)
        stop
        ;;
    status)
        status
        ;;
    restart)
        restart
        ;;
    *)
        echo "$usage"
        exit 1
        ;;
esac

echo "End $startStop ranger userSync"

打包

tar -zcvf ranger-2.1.0.tar.gz ranger-2.1.0
md5sum ranger-2.1.0.tar.gz
echo '756fa828e02d8f890ca2165d237ef487' > ranger-2.1.0.tar.gz.md5
cp ranger-2.1.0.tar.gz ranger-2.1.0.tar.gz.md5 /opt/datasophon/DDP/packages/

2.3 编辑元数据文件


ranger安装配置文件

vim /opt/datasophon/DDP/packages/datasophon-manager-1.2.1/conf/meta/DDP-1.2.1/RANGER/service_ddl.json

{
  "name": "RANGER",
  "label": "Ranger",
  "description": "权限控制框架",
  "version": "2.1.0",
  "sortNum": 10,
  "dependencies":[],
  "packageName": "ranger-2.1.0.tar.gz",
  "decompressPackageName": "ranger-2.1.0",
  "roles": [
    {
      "name": "RangerAdmin",
      "label": "RangerAdmin",
      "roleType": "master",
      "cardinality": "1",
      "logFile": "/var/log/ranger/admin/ranger-admin-${host}-root.log",
      "jmxPort": 6081,
      "sortNum": 1,
      "startRunner": {
        "timeout": "60",
        "program": "bin/ranger_admin.sh",
        "args": [
          "start"
        ]
      },
      "stopRunner": {
        "timeout": "600",
        "program": "bin/ranger_admin.sh",
        "args": [
          "stop"
        ]
      },
      "statusRunner": {
        "timeout": "60",
        "program": "bin/ranger_admin.sh",
        "args": [
          "status"
        ]
      },
      "externalLink": {
        "name": "RangerAdmin Ui",
        "label": "RangerAdmin Ui",
        "url": "http://${host}:6080"
      }
    },
    {
      "name": "RangerUsersync",
      "label": "RangerUsersync",
      "roleType": "master",
      "runAs": {
        "user": "root",
        "group": "root"
      },
      "cardinality": "1",
      "logFile": "ranger-2.1.0-usersync/logs/usersync-${host}-ranger.log",
      "jmxPort": "",
      "sortNum": 2,
      "startRunner": {
        "timeout": "60",
        "program": "ranger-2.1.0-usersync/ranger_usersync.sh",
        "args": [
          "start"
        ]
      },
      "stopRunner": {
        "timeout": "600",
        "program": "ranger-2.1.0-usersync/ranger_usersync.sh",
        "args": [
          "stop"
        ]
      },
      "statusRunner": {
        "timeout": "60",
        "program": "ranger-2.1.0-usersync/ranger_usersync.sh",
        "args": [
          "status"
        ]
      },
      "restartRunner": {
        "timeout": "60",
        "program": "ranger-2.1.0-usersync/ranger_usersync.sh",
        "args": [
          "restart"
        ]
      }
    }
  ],
  "configWriter": {
    "generators": [
      {
        "filename": "install.properties",
        "configFormat": "custom",
        "templateName": "ranger-install.ftl",
        "outputDirectory": "",
        "includeParams": [
          "rootPassword",
          "dbHost",
          "database",
          "rangerUser",
          "rangerPassword",
          "rangerAdminUrl",
          "enableHDFSPlugin",
          "enableHIVEPlugin",
          "enableHBASEPlugin",
          "spnegoPrincipal",
          "spnegoKeytab",
          "adminPrincipal",
          "adminKeytab",
          "hadoopHome",
          "rangerHome"
        ]
      },
      {
        "filename": "install.properties1",
        "configFormat": "custom",
        "templateName": "ranger-usersync-install.ftl",
        "outputDirectory": "ranger-2.1.0-usersync",
        "includeParams": [
          "rangerAdminUrl",
          "adminPrincipal",
          "adminKeytab",
          "hadoopHome",
          "syncInterval"
        ]
      }
    ]
  },
  "parameters": [
    {
      "name": "rootPassword",
      "label": "数据库root用户密码",
      "description": "",
      "required": true,
      "configType": "map",
      "type": "input",
      "value": "",
      "configurableInWizard": true,
      "hidden": false,
      "defaultValue": "123456"
    },
    {
      "name": "dbHost",
      "label": "数据库地址",
      "description": "",
      "required": true,
      "configType": "map",
      "type": "input",
      "value": "",
      "configurableInWizard": true,
      "hidden": false,
      "defaultValue": "${apiHost}"
    },{
      "name": "database",
      "label": "数据库名",
      "description": "",
      "required": true,
      "configType": "map",
      "type": "input",
      "value": "",
      "configurableInWizard": true,
      "hidden": false,
      "defaultValue": "ranger"
    },
    {
      "name": "rangerUser",
      "label": "Ranger数据库用户",
      "description": "",
      "required": true,
      "configType": "map",
      "type": "input",
      "value": "",
      "configurableInWizard": true,
      "hidden": false,
      "defaultValue": "ranger"
    },{
      "name": "rangerPassword",
      "label": "Ranger数据库密码",
      "description": "",
      "required": true,
      "configType": "map",
      "type": "input",
      "value": "",
      "configurableInWizard": true,
      "hidden": false,
      "defaultValue": "ranger"
    },
    {
      "name": "rangerAdminUrl",
      "label": "Ranger访问地址",
      "description": "",
      "required": true,
      "configType": "map",
      "type": "input",
      "value": "",
      "configurableInWizard": true,
      "hidden": false,
      "defaultValue": "${rangerAdminUrl}"
    },
    {
      "name": "enableHDFSPlugin",
      "label": "启用HDFS Ranger插件",
      "description": "",
      "required": true,
      "type": "switch",
      "value": false,
      "configurableInWizard": true,
      "hidden": false,
      "defaultValue": false
    },
    {
      "name": "enableHIVEPlugin",
      "label": "启用Hive Ranger插件",
      "description": "",
      "required": true,
      "type": "switch",
      "value": false,
      "configurableInWizard": true,
      "hidden": false,
      "defaultValue": false
    },
    {
      "name": "enableHBASEPlugin",
      "label": "启用Hbase Ranger插件",
      "description": "",
      "required": true,
      "type": "switch",
      "value": false,
      "configurableInWizard": true,
      "hidden": false,
      "defaultValue": false
    },
    {
      "name": "enableKerberos",
      "label": "开启Kerberos认证",
      "description": "开启Kerberos认证",
      "required": false,
      "type": "switch",
      "value": false,
      "configurableInWizard": true,
      "hidden": true,
      "defaultValue": false
    },
    {
      "name": "spnegoPrincipal",
      "label": "Spnego Principal",
      "description": "",
      "configWithKerberos": true,
      "required": false,
      "configType": "map",
      "type": "input",
      "value": "HTTP/${host}@HADOOP.COM",
      "configurableInWizard": true,
      "hidden": true,
      "defaultValue": "HTTP/${host}@HADOOP.COM"
    },
    {
      "name": "spnegoKeytab",
      "label": "Spnego Keytab",
      "description": "",
      "configWithKerberos": true,
      "required": false,
      "configType": "map",
      "type": "input",
      "value": "/etc/security/keytab/spnego.service.keytab",
      "configurableInWizard": true,
      "hidden": true,
      "defaultValue": "/etc/security/keytab/spnego.service.keytab"
    },
    {
      "name": "adminPrincipal",
      "label": "Ranger Admin Principal",
      "description": "",
      "configWithKerberos": true,
      "required": false,
      "configType": "map",
      "type": "input",
      "value": "rangeradmin/${host}@HADOOP.COM",
      "configurableInWizard": true,
      "hidden": true,
      "defaultValue": "rangeradmin/${host}@HADOOP.COM"
    },
    {
      "name": "adminKeytab",
      "label": "Ranger Admin Keytab",
      "description": "",
      "configWithKerberos": true,
      "required": false,
      "configType": "map",
      "type": "input",
      "value": "/etc/security/keytab/rangeradmin.keytab",
      "configurableInWizard": true,
      "hidden": true,
      "defaultValue": "/etc/security/keytab/rangeradmin.keytab"
    },
    {
      "name": "hadoopHome",
      "label": "HADOOP_HOME",
      "description": "",
      "configWithKerberos": true,
      "required": true,
      "configType": "map",
      "type": "input",
      "value": "${HADOOP_HOME}",
      "configurableInWizard": true,
      "hidden": true,
      "defaultValue": "${HADOOP_HOME}"
    },
    {
      "name": "rangerHome",
      "label": "RANGER_HOME",
      "description": "",
      "required": true,
      "configType": "map",
      "type": "input",
      "value": "${RANGER_HOME}",
      "configurableInWizard": true,
      "hidden": false,
      "defaultValue": "${RANGER_HOME}"
    },
    {
      "name": "syncInterval",
      "label": "SYNC_INTERVAL",
      "description": "userSync同步间隔时间,单位(分钟)",
      "required": true,
      "configType": "map",
      "type": "input",
      "value": "1",
      "configurableInWizard": true,
      "hidden": false,
      "defaultValue": "1"
    }
  ]
}

各worker元数据文件,已部署的路径:

vim /opt/datasophon/datasophon-worker/conf/templates/ranger-usersync-install.ftl

ranger配置文件 install.properties ,使用了 SYNC_SOURCE = unix

bash 复制代码
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# The base path for the usersync process
ranger_base_dir = /etc/ranger

#
# The following URL should be the base URL for connecting to the policy manager web application
# For example:
#
#  POLICY_MGR_URL = http://policymanager.xasecure.net:6080
#
POLICY_MGR_URL = ${rangerAdminUrl}

# sync source,  only unix and ldap are supported at present
# defaults to unix
SYNC_SOURCE = unix

#
# Minimum Unix User-id to start SYNC.
# This should avoid creating UNIX system-level users in the Policy Manager
#
MIN_UNIX_USER_ID_TO_SYNC = 500

# Minimum Unix Group-id to start SYNC.
# This should avoid creating UNIX system-level users in the Policy Manager
#
MIN_UNIX_GROUP_ID_TO_SYNC = 500

# sync interval in minutes
# user, groups would be synced again at the end of each sync interval
# defaults to 5   if SYNC_SOURCE is unix
# defaults to 360 if SYNC_SOURCE is ldap
SYNC_INTERVAL = ${syncInterval}

#User and group for the usersync process
unix_user=ranger
unix_group=ranger

#change password of rangerusersync user. Please note that this password should be as per rangerusersync user in ranger
rangerUsersync_password=admin123

#Set to run in kerberos environment
usersync_principal=<#if adminPrincipal??>${adminPrincipal}</#if>
usersync_keytab=<#if adminKeytab??>${adminKeytab}</#if>
hadoop_conf=${hadoopHome}/etc/hadoop/conf
#
# The file where all credential is kept in cryptic format
#
CRED_KEYSTORE_FILENAME=/etc/ranger/usersync/conf/rangerusersync.jceks

# SSL Authentication
AUTH_SSL_ENABLED=false
AUTH_SSL_KEYSTORE_FILE=/etc/ranger/usersync/conf/cert/unixauthservice.jks
AUTH_SSL_KEYSTORE_PASSWORD=UnIx529p
AUTH_SSL_TRUSTSTORE_FILE=
AUTH_SSL_TRUSTSTORE_PASSWORD=

# ---------------------------------------------------------------
# The following properties are relevant only if SYNC_SOURCE = ldap
# ---------------------------------------------------------------

# The below properties ROLE_ASSIGNMENT_LIST_DELIMITER, USERS_GROUPS_ASSIGNMENT_LIST_DELIMITER, USERNAME_GROUPNAME_ASSIGNMENT_LIST_DELIMITER,
#and GROUP_BASED_ROLE_ASSIGNMENT_RULES can be used to assign role to LDAP synced users and groups
#NOTE all the delimiters should have different values and the delimiters should not contain characters that are allowed in userName or GroupName

# default value ROLE_ASSIGNMENT_LIST_DELIMITER = &
ROLE_ASSIGNMENT_LIST_DELIMITER = &

#default value USERS_GROUPS_ASSIGNMENT_LIST_DELIMITER = :
USERS_GROUPS_ASSIGNMENT_LIST_DELIMITER = :

#default value USERNAME_GROUPNAME_ASSIGNMENT_LIST_DELIMITER = ,
USERNAME_GROUPNAME_ASSIGNMENT_LIST_DELIMITER = ,

# with above mentioned delimiters a sample value would be ROLE_SYS_ADMIN:u:userName1,userName2&ROLE_SYS_ADMIN:g:groupName1,groupName2&ROLE_KEY_ADMIN:u:userName&ROLE_KEY_ADMIN:g:groupName&ROLE_USER:u:userName3,userName4&ROLE_USER:g:groupName3
#&ROLE_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:g:groupName&ROLE_ADMIN_AUDITOR:g:groupName
GROUP_BASED_ROLE_ASSIGNMENT_RULES =

# URL of source ldap
# a sample value would be:  ldap://ldap.example.com:389
# Must specify a value if SYNC_SOURCE is ldap
SYNC_LDAP_URL =

# ldap bind dn used to connect to ldap and query for users and groups
# a sample value would be cn=admin,ou=users,dc=hadoop,dc=apache,dc=org
# Must specify a value if SYNC_SOURCE is ldap
SYNC_LDAP_BIND_DN =

# ldap bind password for the bind dn specified above
# please ensure read access to this file  is limited to root, to protect the password
# Must specify a value if SYNC_SOURCE is ldap
# unless anonymous search is allowed by the directory on users and group
SYNC_LDAP_BIND_PASSWORD =

# ldap delta sync flag used to periodically sync users and groups based on the updates in the server
# please customize the value to suit your deployment
# default value is set to true when is SYNC_SOURCE is ldap
SYNC_LDAP_DELTASYNC =

# search base for users and groups
# sample value would be dc=hadoop,dc=apache,dc=org
SYNC_LDAP_SEARCH_BASE =

# search base for users
# sample value would be ou=users,dc=hadoop,dc=apache,dc=org
# overrides value specified in SYNC_LDAP_SEARCH_BASE
SYNC_LDAP_USER_SEARCH_BASE = 

# search scope for the users, only base, one and sub are supported values
# please customize the value to suit your deployment
# default value: sub
SYNC_LDAP_USER_SEARCH_SCOPE = sub

# objectclass to identify user entries
# please customize the value to suit your deployment
# default value: person
SYNC_LDAP_USER_OBJECT_CLASS = person

# optional additional filter constraining the users selected for syncing
# a sample value would be (dept=eng)
# please customize the value to suit your deployment
# default value is empty
SYNC_LDAP_USER_SEARCH_FILTER =

# attribute from user entry that would be treated as user name
# please customize the value to suit your deployment
# default value: cn
SYNC_LDAP_USER_NAME_ATTRIBUTE = cn

# attribute from user entry whose values would be treated as
# group values to be pushed into Policy Manager database
# You could provide multiple attribute names separated by comma
# default value: memberof, ismemberof
SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = memberof,ismemberof
#
# UserSync - Case Conversion Flags
# possible values:  none, lower, upper
SYNC_LDAP_USERNAME_CASE_CONVERSION=lower
SYNC_LDAP_GROUPNAME_CASE_CONVERSION=lower

#user sync log path
logdir=logs
#/var/log/ranger/usersync

# PID DIR PATH
USERSYNC_PID_DIR_PATH=/var/run/ranger

# do we want to do ldapsearch to find groups instead of relying on user entry attributes
# valid values: true, false
# any value other than true would be treated as false
# default value: false
SYNC_GROUP_SEARCH_ENABLED=

# do we want to do ldapsearch to find groups instead of relying on user entry attributes and
# sync memberships of those groups
# valid values: true, false
# any value other than true would be treated as false
# default value: false
SYNC_GROUP_USER_MAP_SYNC_ENABLED=

# search base for groups
# sample value would be ou=groups,dc=hadoop,dc=apache,dc=org
# overrides value specified in SYNC_LDAP_SEARCH_BASE,  SYNC_LDAP_USER_SEARCH_BASE
# if a value is not specified, takes the value of  SYNC_LDAP_SEARCH_BASE
# if  SYNC_LDAP_SEARCH_BASE is also not specified, takes the value of SYNC_LDAP_USER_SEARCH_BASE
SYNC_GROUP_SEARCH_BASE=

# search scope for the groups, only base, one and sub are supported values
# please customize the value to suit your deployment
# default value: sub
SYNC_GROUP_SEARCH_SCOPE=

# objectclass to identify group entries
# please customize the value to suit your deployment
# default value: groupofnames
SYNC_GROUP_OBJECT_CLASS=

# optional additional filter constraining the groups selected for syncing
# a sample value would be (dept=eng)
# please customize the value to suit your deployment
# default value is empty
SYNC_LDAP_GROUP_SEARCH_FILTER=

# attribute from group entry that would be treated as group name
# please customize the value to suit your deployment
# default value: cn
SYNC_GROUP_NAME_ATTRIBUTE=

# attribute from group entry that is list of members
# please customize the value to suit your deployment
# default value: member
SYNC_GROUP_MEMBER_ATTRIBUTE_NAME=

# do we want to use paged results control during ldapsearch for user entries
# valid values: true, false
# any value other than true would be treated as false
# default value: true
# if the value is false, typical AD would not return more than 1000 entries
SYNC_PAGED_RESULTS_ENABLED=

# page size for paged results control
# search results would be returned page by page with the specified number of entries per page
# default value: 500
SYNC_PAGED_RESULTS_SIZE=
#LDAP context referral could be ignore or follow
SYNC_LDAP_REFERRAL = ignore

# if you want to enable or disable jvm metrics for usersync process
# valid values: true, false
# any value other than true would be treated as false
# default value: false
# if the value is false, jvm metrics is not created
JVM_METRICS_ENABLED=

# filename of jvm metrics created for usersync process
# default value: ranger_usersync_metric.json
JVM_METRICS_FILENAME=

#file directory for jvm metrics
# default value : logdir
JVM_METRICS_FILEPATH=

#frequency for jvm metrics to be updated
# default value : 10000 milliseconds
JVM_METRICS_FREQUENCY_TIME_IN_MILLIS=

2.4 修改源码


com.datasophon.worker.strategy.RangerAdminHandlerStrategy

java 复制代码
/*
 *  Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  See the NOTICE file distributed with
 *  this work for additional information regarding copyright ownership.
 *  The ASF licenses this file to You under the Apache License, Version 2.0
 *  (the "License"); you may not use this file except in compliance with
 *  the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

package com.datasophon.worker.strategy;

import cn.hutool.core.io.FileUtil;
import com.datasophon.common.Constants;
import com.datasophon.common.cache.CacheUtils;
import com.datasophon.common.command.ServiceRoleOperateCommand;
import com.datasophon.common.enums.CommandType;
import com.datasophon.common.utils.ExecResult;
import com.datasophon.common.utils.ShellUtils;
import com.datasophon.worker.handler.ServiceHandler;
import com.datasophon.worker.utils.KerberosUtils;

import java.util.ArrayList;

public class RangerAdminHandlerStrategy extends AbstractHandlerStrategy implements ServiceRoleStrategy {

    public RangerAdminHandlerStrategy(String serviceName, String serviceRoleName) {
        super(serviceName, serviceRoleName);
    }

    @Override
    public ExecResult handler(ServiceRoleOperateCommand command) {
        String workPath = Constants.INSTALL_PATH + Constants.SLASH + command.getDecompressPackageName();
        ExecResult startResult = new ExecResult();
        ServiceHandler serviceHandler = new ServiceHandler(command.getServiceName(), command.getServiceRoleName());

        if (command.getEnableKerberos()) {
            logger.info("start to get ranger keytab file");
            String hostname = CacheUtils.getString(Constants.HOSTNAME);
            KerberosUtils.createKeytabDir();
            if (!FileUtil.exist("/etc/security/keytab/spnego.service.keytab")) {
                KerberosUtils.downloadKeytabFromMaster("HTTP/" + hostname, "spnego.service.keytab");
            }
            if (!FileUtil.exist("/etc/security/keytab/rangeradmin.keytab")) {
                KerberosUtils.downloadKeytabFromMaster("rangeradmin/" + hostname, "rangeradmin.keytab");
            }
        }

        if (command.getCommandType().equals(CommandType.INSTALL_SERVICE) && command.getServiceRoleName().equals("RangerUsersync")) {
            ShellUtils.exceShell("mv " + workPath + "/ranger-2.1.0-usersync/install.properties1 " + workPath + "/ranger-2.1.0-usersync/install.properties");
            ShellUtils.exceShell("chmod 755 " + workPath + "/ranger-2.1.0-usersync/install.properties");

            logger.info("setup ranger user sync");
            ArrayList<String> commands = new ArrayList<>();
            commands.add("sh");
            commands.add("./setup.sh");
            ExecResult execResult = ShellUtils.execWithStatus(workPath + "/ranger-2.1.0-usersync", commands, 300L, logger);
            if (execResult.getExecResult()) {
                logger.info("setup ranger user sync success");
            } else {
                logger.info("setup ranger user sync failed");
                return execResult;
            }

            ShellUtils.exceShell("sed -i '/<name>ranger\\.usersync\\.enabled<\\/name>/{n;s/<value>false<\\/value>/<value>true<\\/value>/}' "
                    + workPath +
                    "/ranger-2.1.0-usersync/conf/ranger-ugsync-site.xml");
            startResult = serviceHandler.start(command.getStartRunner(), command.getStatusRunner(),
                    command.getDecompressPackageName(), command.getRunAs());
        } else {
            startResult = serviceHandler.start(command.getStartRunner(), command.getStatusRunner(),
                    command.getDecompressPackageName(), command.getRunAs());
        }

        return startResult;
    }

}

com.datasophon.worker.strategy.ServiceRoleStrategyContext

map.put("RangerUsersync", new RangerAdminHandlerStrategy("RANGER", "RangerUsersync"));

datasophon-worker jar包更新

mv datasophon-worker-1.2.1.jar      /opt/datasophon/datasophon-worker/lib/

三、重新安装


添加ranger服务

分配服务Master角色

服务配置

选择"settings"我们可以看到linux 上的用户已同步成功。

相关推荐
刘圆辉16 天前
DataSophon集成CMAK KafkaManager
datasophon·cmak·kafkamanager
三劫散仙1 个月前
Hadoop + Hive + Apache Ranger 源码编译记录
hive·hadoop·hbase·ranger
刘圆辉2 个月前
DataSophon集成ApacheImpala的过程
大数据·impala·datasophon·apache impala
疯狂的小强呀3 个月前
超详细讲解:DP和DDP的区别以及使用方法
算法·dp·ddp
云掣YUNCHE5 个月前
ranger审计日志对接CDH solr
ranger·cdh
青瓜先生6 个月前
DDP、FDDP、BOXDDP算法概要
算法·ddp·fddp·boxddp
G皮T8 个月前
【大数据】利用 Apache Ranger 管理 Amazon EMR 中的数据权限
大数据·aws·ranger·ldap·身份验证
G皮T8 个月前
【大数据】Apache Knox 概述
大数据·hadoop·网关·gateway·ranger·knox
魅Lemon8 个月前
权限管理Ranger详解
ranger