Updated on 2022-02-22 GMT+08:00

Adapting to the Third-party JDK When Ranger Is Used

Scenarios

When Ranger is used as the permission management service of Spark SQL, the certificate in the cluster is required for accessing RangerAdmin. If you use a third-party JDK instead of the JDK or JRE in the cluster, RangerAdmin fails to be accessed. As a result, the Spark application fails to be started.

In this scenario, you need to perform the following operations to import the certificate in the cluster to the third-party JDK or JRE.

Configuration Method

  1. Run the following command to export the certificate from the cluster:

    1. Install the cluster client. Assume that the installation path is /opt/client.
    2. Run the following command to go to the client installation directory.

      cd /opt/client

    3. Run the following command to configure environment variables:

      source bigdata_env

    4. Generate the certificate file.

      keytool -export -alias fusioninsightsubroot -storepass changeit -keystore /opt/client/JRE/jre/lib/security/cacerts -file fusioninsightsubroot.crt

  2. Import the certificate in the cluster to the third-party JDK or JRE.

    Copy the fusioninsightsubroot.crt file generated in 1 to the third-party JRE node, set the JAVA_HOME environment variable of the node, and run the following command to import the certificate:

    keytool -import -trustcacerts -alias fusioninsightsubroot -storepass changeit -file fusioninsightsubroot.crt -keystore MY_JRE/lib/security/cacerts

    MY_JRE indicates the installation path of the third-party JRE. Change it based on the site requirements.