Apache-Ranger

Apache Ranger™

Apache Ranger™ is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform.

The vision with Ranger is to provide comprehensive security across the Apache Hadoop ecosystem. With the advent of Apache YARN, the Hadoop platform can now support a true data lake architecture. Enterprises can potentially run multiple workloads, in a multi tenant environment. Data security within Hadoop needs to evolve to support multiple use cases for data access, while also providing a framework for central administration of security policies and monitoring of user access.

Apache Ranger™ 是一个框架，用于在整个 Hadoop 平台上启用、监控和管理全面的数据安全性。

Ranger 的愿景是在整个 Apache Hadoop 生态系统中提供全面的安全性。随着 Apache YARN 的出现，Hadoop 平台现在可以支持真正的数据湖架构。企业可能会在多租户环境中运行多个工作负载。Hadoop 内的数据安全需要发展以支持多个数据访问用例，同时还需要提供一个框架来集中管理安全策略和监控用户访问。

Goals Overview

Apache Ranger has the following goals:

• Centralized security administration to manage all security related tasks in a central UI or using REST APIs.
• Fine grained authorization to do a specific action and/or operation with Hadoop component/tool and managed through a central administration tool
• Standardize authorization method across all Hadoop components.
• Enhanced support for different authorization methods - Role based access control, attribute based access control etc.
• Centralize auditing of user access and administrative actions (security related) within all the components of Hadoop.

Apache Ranger 有以下目标：

• 集中安全管理以在中央 UI 或使用 REST API 管理所有与安全相关的任务。
• 使用 Hadoop 组件/工具执行特定操作和/或操作并通过中央管理工具进行管理的细粒度授权
• 跨所有 Hadoop 组件标准化授权方法。
• 增强对不同授权方法的支持 - 基于角色的访问控制、基于属性的访问控制等。
• 在 Hadoop 的所有组件中集中审核用户访问和管理操作（安全相关）。

 

Deployment Process

Installation Host Information

 

1. Ranger Admin Tool Component (ranger-%version-number%-admin.tar.gz) should be installed on a host where Policy Admin Tool web application runs on port 6080 (default).

2. Ranger User Synchronization Component (ranger-%version-number%-usersync.tar.gz) should be installed on a host to synchronize the external user/group information into Ranger database via Ranger Admin Tool.

3. Ranger Component plugin should be installed on the same nodes as the component:

- HDFS Plugin needs to be installed on Name Node hosts
- Hive Plugin needs to be installed on HiveServer2 hosts
- HBase Plugin needs to be installed on both Master and Regional Server nodes.
- Knox Plugin needs to be installed on Knox hosts.
- Storm Plugin needs to be installed on Storm hosts.
- ..and similarly for other plugins like Atlas, Kafka, Kylin, Ozone, Presto, Solr, YARN

 

Installation Process

 

1. Download the tar.gz file into a temporary folder in the host where it needs to be installed.

2. Expand the tar.gz file into /usr/lib/ranger/ folder

3. Go to the component name under the expanded folder (e.g. /usr/lib/ranger/ranger-%version-number%-admin/)

4. Modify the install.properties file with appropriate variables

5. If the module has setup.sh, execute:

./setup.sh

If the setup.sh file does not exist, execute:

./enable-%component%-plugin.sh