Created 02-26-2018 06:25 AM
How can I prepare for Ranger Server failure?
If the server that has ranger admin server got critical fault, i can't changes authorization policy until restore ranger admin server.
So, i need to restore, backup, ha and etc.. options.
First, i consider ha option.
Ranger HA uses load balancer in front of two ranger admin server.
I think that it is same situation in server level failure. It just moved single point of failure from ranger admin server to load balancer.
Even if i construct ranger admin load balancer to another server, all services of using ranger plugin need to restart.
That is very very hard big and commercial cluster.
Second, i consider reinstall ranger option.
It follows working sequences in the below.
Ranger plugin disable -> service of using ranger plugin restart -> install ranger to another server -> Ranger plugin enable
It also needs restarting services.
I don't understand why can't add comma separated url to ranger.plugin.hdfs.policy.source.rest.url, configuration.
I think since ranger admin does not have huge loads, so ranger admin does not need load balancer.
Return to first, How can I prepare for Ranger Server failure?
Created 02-27-2018 03:02 PM
Hi,
I will recommend you to install two HAproxy as a load balancer and configure keepalived (VRRP) between them. In this way you will have virtual ip to which you will refer ranger url. But keep in mind that ranger use relational database which also must have master-master replication if its mysql it can be Galera cluster. So you will have two HAproxy with virtual ip + two Ranger Admin instances + Galera Cluster for mysql. This configuration solves single point of fail in all steps.
Created 02-26-2018 08:11 PM
Hello @L James,
First of all, having Ranger Admin service up & running is not a hard requirement. Meaning, if the Hadoop services (NameNode, YARN ResourceManager etc.) have sync'ed the policy information once, they'll continue to use that even if Ranger Admin service is down. So, no direct impact on running the Hadoop services.
What you'll miss is - Any new update to a policy will not be sync'ed as Ranger plugin won't be able to communicate Ranger Admin. Come to think of it, even any update to a policy won't be possible if Ranger Admin is down. So this is not a problem either.
Some power HDP users use load balancer (haproxy / F5 etc.) in front of two Ranger Services and that works just fine. In this case, each plugin will get policy from load balancer URL instead of individual Ranger Admin URL via ranger.plugin.hdfs.policy.rest.url property.
> Even if i construct ranger admin load balancer to another server, all services of using ranger plugin need to restart.
Based on my above description, this is not true. In the situation when one Ranger Admin is down and load balancer is pointing to another Ranger Admin, the plugins need not restart as long as they are configured to load balancer URL.
Hope this helps !
Created 02-27-2018 12:06 AM
Thank you for your answer @Vipin Rather.
But, I am concerned ranger load balancer die.
If server contains ranger load balancer dies, what can i do?
Created 02-27-2018 03:02 PM
Hi,
I will recommend you to install two HAproxy as a load balancer and configure keepalived (VRRP) between them. In this way you will have virtual ip to which you will refer ranger url. But keep in mind that ranger use relational database which also must have master-master replication if its mysql it can be Galera cluster. So you will have two HAproxy with virtual ip + two Ranger Admin instances + Galera Cluster for mysql. This configuration solves single point of fail in all steps.