1. Configure a resource-based service: HBase
How to add HBase service.
process
1. In the "Service Manager" page, click the "Add" icon behind "HBase".
The "Create Service" page pops up.
2. Enter the following information on the "Create Service" page:
Table 1: Service details
| Field name | description |
|---|---|
| service name | Service name; required when configuring agent. |
| description | Description of the service |
| active status | Enable or disable |
| Select Tag Service | Select Label Service Choose a label service, and apply the service and its label strategy to HBase. |
Table 2: Configuration properties
| Field name | description |
|---|---|
| Username | The user name of the terminal system that can be used to connect. |
| Password | Password for the username entered above |
| hadoop.security.authorization | The complete connection URL, including port and database name. (Default port: 10000). For example, jdbc:hive2://sandbox:10000/ on the sandbox. |
| hbase.master.kerberos.principal | The Kerberos principal of the HBase Master. (Only required when Kerberos authentication is enabled) |
| hbase.security.authentication | As mentioned in the hadoop configuration file hbase-site.xml |
| hbase.zookeeper.property.clientPort | As mentioned in the hadoop configuration file hbase-site.xml |
| hbase.zookeeper.quorum | As mentioned in the hadoop configuration file hbase-site.xml |
| zookeeper.znode.parent | As mentioned in the hadoop configuration file hbase-site.xml |
| Common Name for Certificate | The name of the certificate. In the create service page, this field can be interchangeably named the common name of the certificate and the Ranger plug-in SSL CName. |
| Add New Configurations | Add any new configuration |
- Click Test connection.
- Click Add.
2. Configure a resource-based service: HDFS.
How to add HDFS service.
process
1. In the "Service Manager" page, click the "Add" icon after "HDFS".
The "Create Service" page pops up.
2. Enter the following information on the "Create Service" page:
Table 1: Service details
| Field name | description |
|---|---|
| service name | Service name; required when configuring agent. |
| description | Description of the service |
| active status | Enable or disable |
| Select Tag Service | Select Label Service Choose a label service, and apply the service and its label policy to HDFS. |
Table 2: Configuration properties
| Field name | description |
|---|---|
| Username | The user name of the terminal system that can be used to connect. |
| Password | Password for the username entered above |
| NameNode URL | hdfs: // NAMENODE_FQDN: 8020 The location of the Hadoop HDFS service, as described in the Hadoop configuration file core-site.xml, or (if it is an HA environment) the path of the primary NameNode. This field was previously named fs.defaultFS |
| Authorization Enabled | Authorization includes restricting access to resources. If enabled, the user needs authorization credentials. |
| Authentication Type | The authorization type used is as described in the hadoop configuration file core-site.xml; either simple or Kerberos is fine. (Only required when authorization is enabled). This field was previously named hadoop.security.authorization. |
| hadoop.security.auth_to_local | Use Hadoop to map login credentials to user names; use the values recorded in the hadoop configuration file core-site.xml. |
| dfs.datanode.kerberos.principal | The principal associated with the datanode where the service is located, as described in the hadoop configuration file hdfs-site.xml. (Only required when Kerberos authentication is enabled) |
| dfs.namenode.kerberos.principal | The principal associated with the NameNode where the service is located, as described in the hadoop configuration file hdfs-site.xml. (Only required when Kerberos authentication is enabled). |
| dfs.secondary.namenode.kerberos.principal | 与服务所在的辅助NameNode相关联的主体,如hadoop配置文件hdfssite.xml中所述。(仅在启用Kerberos身份验证时需要)。 |
| RPC Protection Type | 只有授权用户才能查看、使用和贡献数据集。安全的SASL连接的保护值列表。取值范围:认证、完整性、隐私 |
| Common Name For Certificate | 证书的名称。在创建服务页面中,此字段可互换命名为 Common Name For Certificate和Ranger插件SSL CName。 |
| Add New Configurations | 添加任何新的配置 |
- 点击 测试 连接.
- 点击 添加.
三. 配置一个基于资源的服务:Hive
如何添加Hive服务。
过程
1.在“Service Manager”页面中,单击“Hive”后的“Add”图标。
系统弹出“创建服务”页面。
2. 在“创建服务”页面中输入如下信息:
表1:服务细节
| 字段名 | 描述 |
|---|---|
| service name | 服务名称;配置agent时需要。 |
| description | 对服务的描述 |
| active status | 启用或者关闭 |
| Select Tag Service | 选择标签服务选择一个标签服务,将该服务及其标签策略应用到Hive中。 |
表2:配置属性
| 字段名 | 描述 |
|---|---|
| Username | 可用于连接的终端系统用户名。 |
| Password | 上面输入的用户名的密码 |
| jdbc.driver ClassName | 用于Hive连接的驱动程序的完整类名。默认值:org.apache.hive.jdbc.HiveDriver |
| jdbc.url | 完整的连接URL,包括端口和数据库名称。(默认端口:10000)。例如sandbox上的jdbc:hive2://sandbox:10000 /。 |
| Common Name For Certificate | 证书的名称。在创建服务页面中,此字段可互换命名为 Common Name For Certificate和Ranger插件SSL CName。 |
| Add New Configurations | 添加任何新的配置 |
- 点击 测试 连接.
- 点击 添加.
接下来要做的
通常,Ranger Hive服务定义使用HiveServer2 (HS2) JDBC驱动程序获取Hive数据库/表信息,用于资源查找和测试连接。您也可以配置服务定义,使用Hive metastore库直接连接Hive metastore数据库。当很难在集群上设置HiveServer2时,例如在AWS上使用HDCloud时,建议使用此方法。
- 在Ambari>Hive>Configs>Advanced下,编辑Hive属性:
- 添加以下属性到自定义ranger-hive-plugin-properties:
ranger.service.config.param.enable.hive.metastore.lookup= true
ranger.service.config.param.hive.site.file.path= /etc/hive/conf/hive-site.xml
- 保存并重新启动所需的组件。
- 为了测试配置是否成功,需要创建一个新的Hive服务并指定jdbc。url为“none”,然后运行Test
四. 配置一个基于资源的服务:Kafka
如何添加Hive服务。
过程
1.在“Service Manager”页面中,单击“Kafka”后的“Add”图标。
系统弹出“创建服务”页面。
2. 在“创建服务”页面中输入如下信息:
表1:服务细节
| 字段名 | 描述 |
|---|---|
| service name | 服务名称;配置agent时需要。 |
| description | 对服务的描述 |
| active status | 启用或者关闭 |
| Select Tag Service | 选择标签服务选择一个标签服务,将该服务及其标签策略应用到Kafka中。 |
表2:配置属性
| 字段名 | 描述 |
|---|---|
| Username | 可用于连接的终端系统用户名。 |
| Password | 上面输入的用户名的密码 |
| ZooKeeper Connect String | The default is localhost:2181 (provide the FQDN of zookeeper host:2181). |
| Ranger Plugin SSL CName | Provide the common.name.for. certificate registered in Ranger (in a wired encryption environment). In the create service page, this field can be interchangeably named the common name of the certificate and the Ranger plug-in SSL CName. |
| Add New Configurations | Add any new configuration |
- Click Test connection.
- Click Add.
Five. Configure a resource-based service: Yarn
How to add Hive service.
process
1. On the "Service Manager" page, click the "Add" icon behind "Yarn".
The "Create Service" page pops up.
2. Enter the following information on the "Create Service" page:
Table 1: Service details
| Field name | description |
|---|---|
| service name | Service name; required when configuring agent. |
| description | Description of the service |
| active status | Enable or disable |
| Select Tag Service | Select Label Service Choose a label service, and apply the service and its label policy to Yarn. |
Table 2: Configuration properties
| Field name | description |
|---|---|
| Username | The user name of the terminal system that can be used to connect. |
| Password | Password for the username entered above |
| YARN REST URL | The default is localhost:2181 (provide the FQDN of zookeeper host:2181). |
| Authentication Type | The authorization type used is as described in the hadoop configuration file core-site.xml; either simple or Kerberos is fine. (Only required when authorization is enabled). This field was previously named hadoop.security.authorization. |
| Common Name For Certificate | The name of the certificate. In the create service page, this field can be interchangeably named the common name of the certificate and the Ranger plug-in SSL CName. |
| Add New Configurations | Add any new configuration |
- Click Test connection.
- Click Add.
The main resource service configuration is probably so much~.