Help Center > > User Guide> Metadata> Configuring Ranger Data Connections

Configuring Ranger Data Connections

Updated at: Oct 21, 2021 GMT+08:00

Switch the Ranger metadata of the existing cluster to the metadata stored in the RDS database. This operation enables multiple MRS clusters to share the same metadata, and the metadata will not be deleted when the clusters are deleted. In this way, Ranger metadata migration is not required during cluster migration.

Prerequisites

You have created an RDS MySQL database instance. For details, see Creating a Data Connection.

  • For versions earlier than MRS 3.x, if the selected data connection is an RDS MySQL database, ensure that the database user is a root user. If the user is not root, create a user and grant permissions to the user by referring to Performing Operations Before Data Connection.
  • In MRS 3.x or later, if the selected data connection is RDS MySQL database, the database user cannot be user root. In this case, create a user and grant permissions to the user by following the instructions provided in Performing Operations Before Data Connection.

Preparing for MySQL Database Ranger Metadata Configuration

This operation is required only for MRS 3.1.0 or later.

  1. Log in to FusionInsight Manager. For details, see Accessing FusionInsight Manager (MRS 3.x or Later). Choose Clusters > Services > Service name.

    Currently, the following components in an MRS 3.1.0 cluster support Ranger authentication: HDFS, HBase, Hive, Spark, Impala, Storm, and Kafka.

  2. In the upper right corner of the Dashboard page, click More and select Disable Ranger. If Disable Ranger is dimmed, Ranger authentication is disabled, as shown in Figure 1.

    Figure 1 Disabling Ranger authentication

  3. (Optional) To use an existing authentication policy, perform this step to export the authentication policy on the Ranger web page. After the Ranger metadata is switched, you can import the existing authentication policy again. The following uses Hive as an example. After the export, a policy file in JSON format is generated in a local directory.

    1. Log in to FusionInsight Manager.
    2. Choose Cluster > Services > Ranger to go to the Ranger service overview page.
    3. Click RangerAdmin in the Basic Information area to go to the Ranger web UI.

      The admin user in Ranger belongs to the User type. To view all management pages, click the username in the upper right corner, select Log Out, log out of the system, and log in to the system as the rangeradmin user or another user.

    4. Click the export button in the row where the Hive component is located to export the authentication policy.
      Figure 2 Exporting authentication policies
    5. Click Export. After the export is complete, a policy file in JSON format is generated in a local directory.
      Figure 3 Exporting Hive authentication policies

Configuring a Data Connection for an MRS Cluster

  1. Log in to the MRS console.
  2. Click the name of the cluster to view its details.
  3. Click Manage on the right of Data Connection to go to the data connection configuration page.
  4. Click Configure Data Connection and set related parameters.

    • Component Name: Ranger
    • Module Type: Ranger metadata
    • Connection Type: RDS MySQL database
    • Connection Instance: Select a created RDS MySQL DB instance. To create a new data connection, see Creating a Data Connection.

  5. Select I understand the consequences of performing the scale-in operation and click Test.
  6. After the test is successful, click OK to complete the data connection configuration.
  7. Log in to FusionInsight Manager.
  8. Choose Cluster > Services > Ranger to go to the Ranger service overview page.
  9. Choose More > Restart Service or More > Service Rolling Restart.

    If you choose Restart Service, services will be interrupted during the restart. If you select Service Rolling Restart, rolling restart can minimize the impact or do not affect service running.

    Restarting Ranger will affect the permissions of all components controlled by Ranger and may affect the normal running of services. Therefore, restart Ranger when the cluster is idle or during off-peak hours. Before the Ranger component is restarted, the policies in the Ranger component still take effect.
    Figure 4 Restarting a service

  10. Enable Ranger authentication for the component to be authenticated. The Hive component is used as an example.

    Currently, the following components in an MRS 3.1.0 cluster support Ranger authentication: HDFS, HBase, Hive, Spark, Impala, Storm, and Kafka.
    1. Log in to FusionInsight Manager and choose Cluster > Services > Service Name.
    2. In the upper right corner of the Dashboard page, click More and select Enable Ranger.
      Figure 5 Enabling Ranger authentication

  11. Log in to the Ranger web UI and click the import button in the row of the Hive component.

  12. Import parameters.

    • Click Select file and select the authentication policy file downloaded in 3.e.
    • Select Merge If Exist Policy.
    Figure 6 Importing authentication policies

  13. Restart the component for which Ranger authentication is enabled.

    1. Log in to FusionInsight Manager.
    2. Choose Cluster > Services > Hive to go to the Hive service overview page.
    3. Choose More > Restart Service or More > Service Rolling Restart.
      Figure 7 Restarting a service

      If you choose Restart Service, services will be interrupted during the restart. If you select Service Rolling Restart, rolling restart can minimize the impact or do not affect service running.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel