Ranger Discussion: The procedure for users if they want to use Ranger for ACL of HAWQ

Wed, 25 Jan 2017 00:47:18 -0800 

Hi all,

We propose below behaviors for users if they want to use Ranger as ACL. We
appreciate any comment and feedback from you. Thanks a lot! RPS is the
Range Plugin Service which embeds HAWQ Ranger plugin and provides a RESTful
API.

   1. Build RPS in HAWQ
   1. ./configure --with-python --with-perl --with-rps (Add one option
      --with-rps for building rps)
      2. Make -j8
      3. Make -j8 install. It will generate one jar file(
      ranger-plugin-admin*.jar) which needs to be registered to Ranger
      server, and also will generate information for RRS, under directory
      /usr/local/hawq/ranger/.
   2. Init HAWQ with Ranger off
   3. Register HAWQ service to Ranger
   1. Copy ranger-plugin-admin*.jar  and postgresql*.jar to Ranger Server
      2. Run register_hawq.sh to register HAWQ service into Ranger and
      create a service named as "hawq"
   4. Configure GUCs for HAWQ, specifying Ranger on
   5. Add one entry for Ranger server access in pg_hba.conf of HAWQ master
   6. Restart HAWQ, which will automatically RPS also given that Ranger is
   set as ACL type
   7. Define policy in Ranger UI
   8. HAWQ starts work with ACL managed by Ranger


And below are the GUC list for configuring Ranger.


   - In hawq-site.xml
   - hawq_acl_type (ACL type of HAWQ, can be set to *standalone* or
      *ranger) *
      - hawq_rps_address_host (the host/suffix/port information for rps)
      - hawq_rps_address_suffix
      - hawq_rps_address_port
   - In ranger-hawq-security.xml file for configuring Ranger
   - ranger.plugin.hawq.service.name (name of the Ranger service containing
      policies for this HAWQ instance)
      - ranger.plugin.hawq.policy.source.impl (class to retrieve policies
      from the source)
      - ranger.plugin.hawq.policy.rest.url (the access point to Ranger
      server)
      - ranger.plugin.hawq.policy.pollIntervalMs (how often to poll for
      changes in policies in Ranger server)
      - ranger.plugin.hawq.policy.cache.dir (directory where Ranger
      policies are cached after successful retrieval from the source)
      - ranger.plugin.hawq.policy.rest.client.connection.timeoutMs
(RangerRESTClient
      Connection Timeout in Milliseconds)
      - ranger.plugin.hawq.policy.rest.client.read.timeoutMs (RangerRESTClient
      read Timeout in Milliseconds)
      - ranger.plugin.hawq.policy.rest.ssl.config.file (path to the file
      containing SSL details to contact Ranger Admin)


Best Regards,
Lili

Reply via email to