Community Articles

Find and share helpful community-sourced technical articles.
avatar
Explorer

    Ranger installation is not as simple as Adding Service on Ambari.

    Ranger also requires DB and Solr for audit.

    In this tutorial we will go through installing Ranger or default postgres DB installed during Ambari Server installation.

    If you did a vanilla Ambari-server Install (HDP 2.4) you should have postgres running.

    1. Verify Default Post gresql running on Ambari-Server

      On the Ambari-Server if you run "ps -eaf | grep ambari | grep postgres" you should be able to verify postgres db running.

      7450-screen-shot-2016-09-02-at-40606-pm.png

    2. We can see the process id is 9595. Running "netstat -anp | grep 9595" gives you the port number postgres DB is running on. We can try connecting using psql command. In our case it is running on default installation port 5432.

      7451-screen-shot-2016-09-02-at-40711-pm.png

    3. Now Let's create DB for ranger and give it permissions. If you have sudo you can log into postgres with postgres user. For reference please take a look at (https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/configuring_postgresql_...)

      7452-screen-shot-2016-09-02-at-44349-pm.png

    4. Confirm by running "\l" command

      7453-screen-shot-2016-09-02-at-44319-pm.png

    5. Create Database ranger with user rangerdba.

      7454-screen-shot-2016-09-02-at-44349-pm.png

      7455-screen-shot-2016-09-02-at-44626-pm.png

    6. Create Database ranger_audit, with user ranger_logger.

      7457-screen-shot-2016-09-02-at-50901-pm.png

      7458-screen-shot-2016-09-02-at-50912-pm.png

      Alter Password for rangerlogger 7459-screen-shot-2016-09-02-at-50940-pm.png

    7. Verify Users via "/du"

      7461-screen-shot-2016-09-02-at-50931-pm.png

    8. Verify databases with "/dt"

      7460-screen-shot-2016-09-02-at-51302-pm.png

    9. Grant rangerlogger privileges

      7462-screen-shot-2016-09-02-at-51311-pm.png

    10. The postgres database should have following databases ranger, ranger_audit created and users rangerdba and ranger_logger created.

    11. Install HDP search so Ranger Audit will work. (

    https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/solr_ranger_configure_s...

    7456-screen-shot-2016-09-02-at-45658-pm.png

  1. run setup and start solr

    7463-screen-shot-2016-09-02-at-52719-pm.png

    7465-screen-shot-2016-09-02-at-52805-pm.png

  2. You should see solr up and running at port 6083.
  3. Add Allow Access details for Ranger users: change listen_addresses='localhost' to listen_addresses='*' ('*' = any) to listen from all IPs in postgresql.conf. (You can find files by find ~name postgresql.conf)

    7471-screen-shot-2016-09-02-at-102606-pm.png

  4. ake the following changes to the Ranger db user and Ranger audit db user in the pg_hba.conf file. after editing the pg_hba.conf file, run the following command to restart the PostgreSQL database.

    7468-screen-shot-2016-09-02-at-102035-pm.png

    7472-screen-shot-2016-09-02-at-102452-pm.png

    7474-screen-shot-2016-09-02-at-103059-pm.png

  5. Below are my configuration screen captures(note I changed the user from ranger_admin to ranger_dba)

    7475-screen-shot-2016-09-02-at-51020-pm.png

    7476-screen-shot-2016-09-02-at-51053-pm.png

    7477-screen-shot-2016-09-02-at-53137-pm.png

    7478-screen-shot-2016-09-02-at-53149-pm.png

  6. 4,223 Views
    Comments
    avatar

    @John Park just a comment that using the built in Ambari Infra SolrCloud deployment is likely simplest for using Solr to index the Ranger audit data. See https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/using_apache_solr_for_r...