一. Ranger 編譯

https://ranger.apache.org/quick_start_guide.html

git clone https://github.com/apache/ranger.git
cd ranger
mvn -DskipTests=true clean compile package install assembly:assembly 
ls target/
#target 目錄下為所有壓縮包

image.png

二.Ranger-Admin安裝

https://cwiki.apache.org/confluence/display/RANGER/Ranger+Installation+Guide

tar -zxvf ranger-2.1.0-SNAPSHOT-admin.tar.gz 
cd /opt/app/ranger-2.1.0-SNAPSHOT-admin/
vim install.properties

install.properties修改如下部分

#mysql 數(shù)據(jù)庫信息
db_root_user=root
db_root_password=xxxx
db_host=10.5.xxx.xxx

# DB UserId used for the Ranger schema
#提前在mysql中創(chuàng)建數(shù)據(jù)庫和用戶， GRANT ALL PRIVILEGES ON ranger_presto.* TO 'presto'@'%' WITH GRANT OPTION; 
db_name=ranger_presto
db_user=presto
db_password=presto1234

#禁用審計(jì)功能
#audit_store=solr

SQL語句

CREATE DATABASE `ranger_presto` CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE USER 'presto'@'%' IDENTIFIED BY 'presto1234';
GRANT ALL ON ranger_presto.* TO 'presto'@'%';

將mysql的驅(qū)動(dòng)包放置到/usr/share/java/mysql-connector-java.jar饥悴。
執(zhí)行./setup.sh

啟動(dòng)Ranger Admin服務(wù)

service ranger-admin start

訪問http://localhost:6080坦喘；用admin/admin登錄，出現(xiàn)登錄界面西设，登錄成功瓣铣，說明成功！

image.png

三. 在Prestosql中安裝Presto Plugin

https://cwiki.apache.org/confluence/display/RANGER/Presto+Plugin
https://github.com/prestodb/presto/issues/12989

注意：Presto Plugin目前僅支持Prestosql贷揽，不支持Prestodb棠笑，本文中Presto 即指Prestosql

1、下載安裝Presto

wget https://repo1.maven.org/maven2/io/prestosql/presto-server/317/presto-server-317.tar.gz

具體配置參見Prestodb安裝http://www.reibang.com/p/0de42b075af0

安裝presto-cli

wget https://repo1.maven.org/maven2/io/prestosql/presto-cli/317/presto-cli-317-executable.jar
mv presto-cli-317-executable.jar  presto-cli
chmod 766 presto-cli

2禽绪、安裝Presto Plugin

https://cwiki.apache.org/confluence/display/RANGER/Presto+Plugin

cp tartget/ranger-2.1.0-SNAPSHOT-presto-plugin.tar.gz /usr/local/
tar -zxvf ranger-2.1.0-SNAPSHOT-presto-plugin.tar.gz
mv ranger-2.1.0-SNAPSHOT-presto-plugin ranger-presto-plugin
cd ranger-presto-plugin
vim install.properties

install.properties修改參數(shù)

# Location of Policy Manager URL
# Example: POLICY_MGR_URL=http://policymanager.xasecure.net:6080
POLICY_MGR_URL=http://10.5.xxx.xxx:6080

# This is the repository name created within policy manager
# Example: REPOSITORY_NAME=prestodev
REPOSITORY_NAME=prestodev

#Presto component installed directory
#COMPONENT_INSTALL_DIR_NAME=../presto
COMPONENT_INSTALL_DIR_NAME=/opt/app/presto-server-317

#為了簡單蓖救，此處不開啟審計(jì)功能
XAAUDIT.SOLR.ENABLE=false

#雖然文檔中沒有提及洪规，不設(shè)置的話，enable-presto-plugin.sh腳本執(zhí)行出錯(cuò)
XAAUDIT.SUMMARY.ENABLE=false

以root用戶執(zhí)行腳本

./enable-presto-plugin.sh

如果提示找不到JAVA_HOME循捺，修改enable-presto-plugin.sh斩例，添加：
export JAVA_HOME=/usr/local/jdk

image.png

檢查presto配置文件目錄是否生成access-control.properties

[umecron@sssss-hdp26-xxx11x ranger-presto-plugin]$ ll /opt/app/presto-server-317/etc/
total 44
-rwxr-xr-x 1 umecron hadoop    27 Aug  9 15:41 access-control.properties
drwxr-xr-x 2 umecron hadoop    29 Aug  9 15:10 catalog
-rw-r--r-- 1 umecron hadoop   471 Aug  9 15:10 config.properties
-rw-r--r-- 1 umecron hadoop   244 Aug  9 15:10 jvm.config
-rw-r--r-- 1 umecron hadoop    25 Aug  9 15:10 log.properties
-rw-r--r-- 1 umecron hadoop    87 Aug  9 15:10 node.properties
-rwxr--r-- 1 umecron hadoop  2065 Aug  9 15:41 ranger-policymgr-ssl.xml
-rwxr--r-- 1 umecron hadoop 10476 Aug  9 15:41 ranger-presto-audit.xml
-rwxr--r-- 1 umecron hadoop  2655 Aug  9 15:41 ranger-presto-security.xml
-rw-r--r-- 1 umecron hadoop    69 Aug  9 15:41 ranger-security.xml

[umecron@sssss-hdp26-xxx11x ranger-presto-plugin]$ cat  /opt/app/presto-server-317/etc/access-control.properties 
access-control.name=ranger

檢查presto的plugin目錄下是否生成ranger目錄,其中jar包連接到/usr/local/ranger-presto-plugin/lib

[umecron@umetrip-hdp26-xxx11x ranger-presto-plugin]$ ll /opt/app/presto-server-317/plugin/ranger/
total 0
lrwxrwxrwx 1 root root 55 Aug  9 15:41 bootstrap-0.178.jar -> /usr/local/ranger-presto-plugin/lib/bootstrap-0.178.jar
lrwxrwxrwx 1 root root 54 Aug  9 15:41 bval-jsr-2.0.0.jar -> /usr/local/ranger-presto-plugin/lib/bval-jsr-2.0.0.jar
lrwxrwxrwx 1 root root 59 Aug  9 15:41 configuration-0.178.jar -> /usr/local/ranger-presto-plugin/lib/configuration-0.178.jar
lrwxrwxrwx 1 root root 54 Aug  9 15:41 guava-26.0-jre.jar -> /usr/local/ranger-presto-plugin/lib/guava-26.0-jre.jar
lrwxrwxrwx 1 root root 51 Aug  9 15:41 guice-4.2.2.jar -> /usr/local/ranger-presto-plugin/lib/guice-4.2.2.jar
lrwxrwxrwx 1 root root 54 Aug  9 15:41 javax.inject-1.jar -> /usr/local/ranger-presto-plugin/lib/javax.inject-1.jar
lrwxrwxrwx 1 root root 49 Aug  9 15:41 log-0.178.jar -> /usr/local/ranger-presto-plugin/lib/log-0.178.jar
lrwxrwxrwx 1 root root 57 Aug  9 15:41 log-manager-0.178.jar -> /usr/local/ranger-presto-plugin/lib/log-manager-0.178.jar
lrwxrwxrwx 1 root root 80 Aug  9 15:41 ranger-plugin-classloader-2.1.0-SNAPSHOT.jar -> /usr/local/ranger-presto-plugin/lib/ranger-plugin-classloader-2.1.0-SNAPSHOT.jar
lrwxrwxrwx 1 root root 61 Aug  9 15:41 ranger-presto-plugin-impl -> /usr/local/ranger-presto-plugin/lib/ranger-presto-plugin-impl
lrwxrwxrwx 1 root root 80 Aug  9 15:41 ranger-presto-plugin-shim-2.1.0-SNAPSHOT.jar -> /usr/local/ranger-presto-plugin/lib/ranger-presto-plugin-shim-2.1.0-SNAPSHOT.jar
lrwxrwxrwx 1 root root 56 Aug  9 15:41 slf4j-api-1.7.25.jar -> /usr/local/ranger-presto-plugin/lib/slf4j-api-1.7.25.jar
lrwxrwxrwx 1 root root 66 Aug  9 15:41 validation-api-2.0.1.Final.jar -> /usr/local/ranger-presto-plugin/lib/validation-api-2.0.1.Final.jar

檢查/opt/app/presto-server-317/plugin/ranger/ranger-presto-plugin-impl/conf/中配置文件是否與/opt/app/presto-server-317/etc/中一致

[umecron@umetrip-hdp26-xxx11x ranger-presto-plugin]$ ll /opt/app/presto-server-317/plugin/ranger/ranger-presto-plugin-impl/conf/
total 44
-rwxrwxrwx 1 umecron hadoop    27 Aug  9 14:01 access-control.properties
drwxr-xr-x 2 umecron hadoop    29 Aug  9 11:15 catalog
-rw-r--r-- 1 umecron hadoop   471 Apr 28 14:22 config.properties
lrwxrwxrwx 1 root    root      30 Aug  9 15:41 etc -> /opt/app/presto-server-317/etc
-rw-r--r-- 1 umecron hadoop   244 Jul 30 21:11 jvm.config
-rw-r--r-- 1 umecron hadoop    25 Mar 25 15:04 log.properties
-rw-r--r-- 1 umecron hadoop    87 Apr 28 14:24 node.properties
-rwxr--r-- 1 umecron hadoop  2065 Aug  9 14:01 ranger-policymgr-ssl.xml
-rwxr--r-- 1 umecron hadoop 10476 Aug  9 14:01 ranger-presto-audit.xml
-rwxr--r-- 1 umecron hadoop  2655 Aug  9 14:01 ranger-presto-security.xml
-rw-r--r-- 1 umecron hadoop    69 Aug  9 14:01 ranger-security.xml

Ranger訪問策略本地緩存目錄 /etc/ranger/, 目錄權(quán)限修改為presto啟動(dòng)用戶
3.在Ranger Admin中創(chuàng)建presto repository

image.png

jdbc.driver為: io.prestosql.jdbc.PrestoDriver
jdbc.url為: jdbc:presto://10.5.xxx.xxx:8084/catalog
注意：
1)Service Name要與presto plugin配置文件 install.properties中REPOSITORY_NAME一致。
2)Password填寫為：***empty***从橘。原因是密碼不為空念赶，建立JDBC連接時(shí)PrestoDriverUri.java要求必須使用SSL ,否則拋出異常。

            // TODO: fix Tempto to allow empty passwords
            String password = PASSWORD.getValue(properties).orElse("");
            if (!password.isEmpty() && !password.equals("***empty***")) {
                if (!useSecureConnection) {
                    throw new SQLException("Authentication using username/password requires SSL to be enabled");
                }
                builder.addInterceptor(basicAuth(getUser(), password));
            }

如果以JDBC訪問恰力，可能要修改PrestoDriverUri.java叉谜，去掉必須使用SSL的代碼邏輯。

4.重啟服務(wù)
重啟presto: ./launcher.py restart
重啟ranger: service ranger-admin restart

不指定username踩萎，無權(quán)限訪問表

image.png

指定授權(quán)過username

image.png