Updated on 2024-11-29 GMT+08:00

Adapting to the Third-party JDK When Ranger Is Used

Scenarios

When Ranger is used as the permission management service of Spark SQL, the certificate in the cluster is required for accessing RangerAdmin. If you use a third-party JDK instead of the JDK or JRE in the cluster, RangerAdmin fails to be accessed. As a result, the Spark application fails to be started.

In this scenario, you need to perform the following operations to import the certificate in the cluster to the third-party JDK or JRE.

Configuration Method

  1. Run the following command to export the certificate from the cluster:

    1. Install the cluster client in a client, for example, /opt/client.
    2. Run the following command to switch to the client installation directory:

      cd /opt/client

    3. Run the following command to configure environment variables:

      source bigdata_env

    4. Generate a certificate file. For details about how to obtain the password of the JRE truststore, contact the system administrator.

      keytool -export -alias fusioninsightsubroot -storepass Password of the JRE truststore -keystore /opt/client/JRE/jre/lib/security/cacerts -file fusioninsightsubroot.crt

  2. Import the certificate in the cluster to the third-party JDK or JRE.

    Copy the fusioninsightsubroot.crt file generated in 1 to the third-party JRE node, set the JAVA_HOME environment variable of the node, and run the following command to import the certificate:

    keytool -import -trustcacerts -alias fusioninsightsubroot -storepass changeit -file fusioninsightsubroot.crt -keystore MY_JRE/lib/security/cacerts

    MY_JRE indicates the installation path of the third-party JRE. Change it based on the site requirements.