Starting from HDP2.3 Ranger can be deployed using Blueprints in two ways either using stack advisor or setting all the needed properties in the Blueprint.
Stack advisor makes simple the deployment of Ranger as it sets automatically the needed properties thus the user has to provided only a minimal set of configurations. The configurations properties that must be provided in either the Blueprint or cluster creation template are:
Without stack advisor all the configs related to Ranger, Ranger KMS and ranger plugins that don't have default values must be set in the Blueprint or cluster creation template. Consult Ranger and ranger plugin plugins documentation for all properties.
An example of such Blueprint where everything is set manually (note that this just covers a subset of currently supported configuration properties and ranger plugins):
{ "configurations" : [ { "admin-properties" : { "properties_attributes" : { }, "properties" : { "DB_FLAVOR" : "MYSQL", "audit_db_name" : "ranger_audit", "db_name" : "ranger", "audit_db_user" : "rangerlogger", "SQL_CONNECTOR_JAR" : "/usr/share/java/mysql-connector-java.jar", "db_user" : "rangeradmin", "policymgr_external_url" : "http://%HOSTGROUP::host_group_1%:6080", "db_host" : "172.17.0.9:3306", "db_root_user" : "root" } } }, { "ranger-kms-security" : { "properties_attributes" : { }, "properties" : { "ranger.plugin.kms.policy.source.impl" : "org.apache.ranger.admin.client.RangerAdminRESTClient", "ranger.plugin.kms.service.name" : "{{repo_name}}", "ranger.plugin.kms.policy.rest.url" : "{{policymgr_mgr_url}}" } } }, { "kms-site" : { "properties_attributes" : { }, "properties" : { "hadoop.kms.security.authorization.manager" : "org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer", "hadoop.kms.key.provider.uri" : "dbks://http@localhost:9292/kms" } } }, { "ranger-hdfs-plugin-properties" : { "properties_attributes" : { }, "properties" : { "REPOSITORY_CONFIG_USERNAME" : "hadoop", "ranger-hdfs-plugin-enabled" : "Yes", "common.name.for.certificate" : "", "policy_user" : "ambari-qa", "hadoop.rpc.protection" : "" } } }, { "ranger-admin-site" : { "properties_attributes" : { }, "properties" : { "ranger.ldap.group.searchfilter" : "{{ranger_ug_ldap_group_searchfilter}}", "ranger.ldap.group.searchbase" : "{{ranger_ug_ldap_group_searchbase}}", "ranger.sso.enabled" : "false", "ranger.externalurl" : "{{ranger_external_url}}", "ranger.sso.browser.useragent" : "Mozilla,chrome", "ranger.service.https.attrib.ssl.enabled" : "false", "ranger.ldap.ad.referral" : "ignore", "ranger.jpa.jdbc.url" : "jdbc:mysql://172.17.0.9:3306/ranger", "ranger.https.attrib.keystore.file" : "/etc/ranger/admin/conf/ranger-admin-keystore.jks", "ranger.ldap.user.searchfilter" : "{{ranger_ug_ldap_user_searchfilter}}", "ranger.jpa.jdbc.driver" : "com.mysql.jdbc.Driver", "ranger.authentication.method" : "UNIX", "ranger.service.host" : "{{ranger_host}}", "ranger.jpa.audit.jdbc.user" : "{{ranger_audit_db_user}}", "ranger.ldap.referral" : "ignore", "ranger.jpa.audit.jdbc.credential.alias" : "rangeraudit", "ranger.service.https.attrib.keystore.pass" : "SECRET:ranger-admin-site:2:ranger.service.https.attrib.keystore.pass", "ranger.audit.solr.username" : "ranger_solr", "ranger.sso.query.param.originalurl" : "originalUrl", "ranger.service.http.enabled" : "true", "ranger.audit.source.type" : "solr", "ranger.ldap.url" : "{{ranger_ug_ldap_url}}", "ranger.service.https.attrib.clientAuth" : "want", "ranger.ldap.ad.domain" : "", "ranger.ldap.ad.bind.dn" : "{{ranger_ug_ldap_bind_dn}}", "ranger.credential.provider.path" : "/etc/ranger/admin/rangeradmin.jceks", "ranger.jpa.audit.jdbc.driver" : "{{ranger_jdbc_driver}}", "ranger.audit.solr.urls" : "", "ranger.sso.publicKey" : "", "ranger.ldap.bind.dn" : "{{ranger_ug_ldap_bind_dn}}", "ranger.unixauth.service.port" : "5151", "ranger.ldap.group.roleattribute" : "cn", "ranger.jpa.jdbc.dialect" : "{{jdbc_dialect}}", "ranger.sso.cookiename" : "hadoop-jwt", "ranger.service.https.attrib.keystore.keyalias" : "rangeradmin", "ranger.audit.solr.zookeepers" : "NONE", "ranger.jpa.jdbc.user" : "{{ranger_db_user}}", "ranger.jpa.jdbc.credential.alias" : "rangeradmin", "ranger.ldap.ad.user.searchfilter" : "{{ranger_ug_ldap_user_searchfilter}}", "ranger.ldap.user.dnpattern" : "uid={0},ou=users,dc=xasecure,dc=net", "ranger.ldap.base.dn" : "dc=example,dc=com", "ranger.service.http.port" : "6080", "ranger.jpa.audit.jdbc.url" : "{{audit_jdbc_url}}", "ranger.service.https.port" : "6182", "ranger.sso.providerurl" : "", "ranger.ldap.ad.url" : "{{ranger_ug_ldap_url}}", "ranger.jpa.audit.jdbc.dialect" : "{{jdbc_dialect}}", "ranger.unixauth.remote.login.enabled" : "true", "ranger.ldap.ad.base.dn" : "dc=example,dc=com", "ranger.unixauth.service.hostname" : "{{ugsync_host}}" } } }, { "dbks-site" : { "properties_attributes" : { }, "properties" : { "ranger.ks.jpa.jdbc.url" : "jdbc:mysql://172.17.0.9:3306/rangerkms", "hadoop.kms.blacklist.DECRYPT_EEK" : "hdfs", "ranger.ks.jpa.jdbc.dialect" : "{{jdbc_dialect}}", "ranger.ks.jdbc.sqlconnectorjar" : "{{ews_lib_jar_path}}", "ranger.ks.jpa.jdbc.user" : "{{db_user}}", "ranger.ks.jpa.jdbc.credential.alias" : "ranger.ks.jdbc.password", "ranger.ks.jpa.jdbc.credential.provider.path" : "/etc/ranger/kms/rangerkms.jceks", "ranger.ks.masterkey.credential.alias" : "ranger.ks.masterkey.password", "ranger.ks.jpa.jdbc.driver" : "com.mysql.jdbc.Driver" } } }, { "kms-env" : { "properties_attributes" : { }, "properties" : { "kms_log_dir" : "/var/log/ranger/kms", "create_db_user" : "true", "kms_group" : "kms", "kms_user" : "kms", "kms_port" : "9292" } } }, { "ranger-hdfs-security" : { "properties_attributes" : { }, "properties" : { "ranger.plugin.hdfs.policy.source.impl" : "org.apache.ranger.admin.client.RangerAdminRESTClient" } } }, { "ranger-env" : { "properties_attributes" : { }, "properties" : { "xml_configurations_supported" : "true", "ranger_user" : "ranger", "xasecure.audit.destination.hdfs.dir" : "hdfs://ambari-agent-1.node.dc1.consul:8020/ranger/audit", "create_db_dbuser" : "true", "ranger-hdfs-plugin-enabled" : "Yes", "ranger_privelege_user_jdbc_url" : "jdbc:mysql://172.17.0.9:3306", "ranger-knox-plugin-enabled" : "No", "is_solrCloud_enabled" : "false", "bind_anonymous" : "false", "ranger-yarn-plugin-enabled" : "Yes", "ranger-kafka-plugin-enabled" : "No", "xasecure.audit.destination.hdfs" : "true", "ranger-hive-plugin-enabled" : "No", "xasecure.audit.destination.solr" : "false", "xasecure.audit.destination.db" : "true", "ranger_group" : "ranger", "ranger_admin_username" : "amb_ranger_admin", "ranger-hbase-plugin-enabled" : "Yes", "admin_username" : "admin" } } }, { "kms-properties" : { "properties_attributes" : { }, "properties" : { "REPOSITORY_CONFIG_USERNAME" : "keyadmin", "KMS_MASTER_KEY_PASSWD" : "SECRET:kms-properties:1:KMS_MASTER_KEY_PASSWD", "DB_FLAVOR" : "MYSQL", "db_name" : "rangerkms", "SQL_CONNECTOR_JAR" : "/usr/share/java/mysql-connector-java.jar", "db_user" : "rangerkms", "db_host" : "172.17.0.9:3306", "db_root_user" : "root" } } }, { "ranger-yarn-security" : { "properties_attributes" : { }, "properties" : { "ranger.plugin.yarn.policy.source.impl" : "org.apache.ranger.admin.client.RangerAdminRESTClient" } } }, { "usersync-properties" : { "properties_attributes" : { }, "properties" : { } } }, { "ranger-hbase-security" : { "properties_attributes" : { }, "properties" : { "ranger.plugin.hbase.policy.source.impl" : "org.apache.ranger.admin.client.RangerAdminRESTClient" } } }, { "hdfs-site" : { "properties_attributes" : { }, "properties" : { "dfs.encryption.key.provider.uri" : "kms://http@%HOSTGROUP::host_group_1%:9292/kms", "dfs.namenode.inode.attributes.provider.class" : "org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer" } } }, { "ranger-yarn-plugin-properties" : { "properties_attributes" : { }, "properties" : { "REPOSITORY_CONFIG_USERNAME" : "yarn", "common.name.for.certificate" : "", "ranger-yarn-plugin-enabled" : "Yes", "policy_user" : "ambari-qa", "hadoop.rpc.protection" : "" } } }, { "ranger-hbase-plugin-properties" : { "properties_attributes" : { }, "properties" : { "REPOSITORY_CONFIG_USERNAME" : "hbase", "common.name.for.certificate" : "", "ranger-hbase-plugin-enabled" : "Yes", "policy_user" : "ambari-qa" } } } ], "host_groups" : [ { "name" : "host_group_1", "configurations" : [ ], "components" : [ { "name" : "ZOOKEEPER_CLIENT" }, { "name" : "ZOOKEEPER_SERVER" }, { "name" : "RANGER_ADMIN" }, { "name" : "HBASE_REGIONSERVER" }, { "name" : "HBASE_CLIENT" }, { "name" : "HBASE_MASTER" }, { "name" : "RANGER_USERSYNC" }, { "name" : "NAMENODE" }, { "name" : "NODEMANAGER" }, { "name" : "HDFS_CLIENT" }, { "name" : "YARN_CLIENT" }, { "name" : "MAPREDUCE2_CLIENT" }, { "name" : "DATANODE" }, { "name" : "RANGER_KMS_SERVER" } ], "cardinality" : "1" }, { "name" : "host_group_2", "configurations" : [ ], "components" : [ { "name" : "ZOOKEEPER_SERVER" }, { "name" : "HISTORYSERVER" }, { "name" : "HBASE_REGIONSERVER" }, { "name" : "APP_TIMELINE_SERVER" }, { "name" : "HDFS_CLIENT" }, { "name" : "NODEMANAGER" }, { "name" : "SECONDARY_NAMENODE" }, { "name" : "DATANODE" }, { "name" : "RESOURCEMANAGER" } ], "cardinality" : "1" }, { "name" : "host_group_3", "configurations" : [ ], "components" : [ { "name" : "ZOOKEEPER_CLIENT" }, { "name" : "ZOOKEEPER_SERVER" }, { "name" : "HBASE_REGIONSERVER" }, { "name" : "HBASE_CLIENT" }, { "name" : "HDFS_CLIENT" }, { "name" : "NODEMANAGER" }, { "name" : "YARN_CLIENT" }, { "name" : "MAPREDUCE2_CLIENT" }, { "name" : "DATANODE" } ], "cardinality" : "1" } ], "Blueprints" : { "stack_name" : "HDP", "stack_version" : "2.3" } } |
The difference from deploying Ranger in non-HA mode is: