If you are here, you already know that Apache Ranger is becoming a an universal Authorization Framework for most of the data platforms in the CLOUD. To make it easier for data/security administrators new Ranger users to try the Apache Ranger in action, we have created a docker based setup process that will take few steps to make the Apache Ranger running on your system (in few mins).
software prerequisites
Here are the pre-requisite requisites to run Apache Ranger on your system:
- You must have a latest version of Docker and Docker-Compose installed on your system
- You should be able to run BASH (shell) script from your system
Downloading Apache Ranger
With that these simple requirements, you can start the setup by start downloading the latest version of Apache Ranger using the following command:
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
mkdir -p ${HOME}/git
cd ${HOME}/git
git clone https://github.com/apache/ranger.git |
Anchor | ||||
---|---|---|---|---|
|
Once you have latest Apache Ranger on your system, you can start the setup of Apache Ranger by following commands below:
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
cd ${HOME}/git/ranger cd ranger # set the Current Folder as RANGER HOME export RANGER_HOME=`pwd` # Enable only necessary services to be run along with CORE ranger services export ENABLED_RANGER_SERVICES="tagsync,hadoop,hbase,kafka,hive,knox,kms" # Execute this command to bring the services up (after successful build if it is not already build) ./ranger_in_docker up |
The above command commands should build the Apache Ranger from the source and creates necessary Docker Containers to run them in Docker. First time startup may take approx. 10 minutes to build all necessary docker container(s) and sub-sequent startup will take less than two minute. Once the process completes successfully, you should be able to login into Apache Ranger UI using using http://localhost{hostname_of_docker}:6080 with appropriate credential displayed on the screen.
As specified in the ENABLED_RANGER_SERVICES variables, additional services are also created as docker containers and runs with ranger plugin(s) installed and configured to work with the Ranger instance. You can login into these services (e.g.: Apache Hive Service) and execute appropriate (e.g.: Hive SQL) commands to see how Apache Ranger is enforcing your Authorization Policies and also, creates necessary audit records to provide an Enterprise Data Governance Framework.
Shutdown Apache Ranger & related services
If you want to turn off the Apache Ranger & its related services, please follow the instruction below:
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
# Go to the directory where we downloaded the Apache Ranger cd ${RANGER_HOME}/git/ranger # Execute this command to bring services down ./ranger_in_docker down |
You can always bring the services up by following the instruction specified above for "Running Apache Ranger in few minutes" .in section: Bring up Apache Ranger (Builds if needed)
List of Ranger Services & its LISTEN port
# | Service Name | Listen Port | Core Ranger Service ? |
---|---|---|---|
1 | ranger | 6080/tcp | Y (ranger engine - 3.0.0-SNAPSHOT version) |
2 | ranger-postgres | 5432/tcp | Y (ranger datastore) |
3 | ranger-solr | 8983/tcp | Y (audit store) |
4 | ranger-zk | 2181/tcp | Y (used by solr) |
5 | ranger-usersync | - | Y (user/group synchronization from Local Linux/Mac) |
6 | ranger-kms | 9292/tcp | N (needed only for Encrypted Storage / TDE) |
7 | ranger-tagsync | - | N (needed only for Tag Based Policies to be sync from ATLAS) |
List of Data Engine Services (protected by Apache Ranger) & its LISTEN port
# | Service Name | Listen Port | Service Description |
---|---|---|---|
1 | Hadoop | 8088/tcp | Apache Hadoop 3.3.0 |
2 | HBase | 16000/tcp 16010/tcp 16020/tcp 16030/tcp | Apache HBase 2.4.6 Protected by Apache Ranger's HBase Plugin |
3 | Hive | 10000/tcp | Apache Hive 3.1.2 Protected by Apache Ranger's Hive Plugin |
4 | Kafka | 6667/tcp | Apache Kafka 2.8.1 Protected by Apache Ranger's Kafka Plugin |
5 | Knox | 8443/tcp | Apache Knox 1.4.0 Protected by Apache Ranger's Knox Plugin |
If you have any questions, please feel free to reach us via Ranger User Group Community.
Subscribe to Apache Ranger User Group by sending an email to user-subscribe@ranger.apache.org