vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide/mrs_01_0766.html
Yang, Tong 6182f91ba8 MRS component operation guide_normal 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2022-12-09 14:55:21 +00:00

142 lines
17 KiB
HTML
Raw Blame History

<a name="mrs_01_0766"></a><a name="mrs_01_0766"></a>
<h1 class="topictitle1">Configuring HBase Access Permissions in Ranger</h1>
<div id="body1589421654455"><p id="mrs_01_0766__p114498141583">After an MRS cluster with Ranger installed is created, HBase access control is not integrated into Ranger. This section describes how to integrate HBase into Ranger.</p>
<ol id="mrs_01_0766__ol17248215173718"><li id="mrs_01_0766__li1476394183516"><span>Log in to the Ranger web UI.</span></li><li id="mrs_01_0766__li116391227123617"><span>In the <strong id="mrs_01_0766__b17986203412281">Service Manager</strong> area, click <span><img id="mrs_01_0766__image35341412123717" src="en-us_image_0000001349289417.png"></span> next to <strong id="mrs_01_0766__b199113349281">HBASE</strong> to add an HBase service.</span><p><div class="fignone" id="mrs_01_0766__fig091882852810"><span class="figcap"><b>Figure 1 </b>Adding an HBase service</span><br><span><img id="mrs_01_0766__image135653212294" src="en-us_image_0000001388575174.png"></span></div>
<p id="mrs_01_0766__p2131115616282">Adding a Hive service</p>
</p></li><li id="mrs_01_0766__li340533214416"><span>Set the parameters for adding an HBase service according to <a href="#mrs_01_0766__table74220350178">Table 1</a>. Use the default values for the parameters that are not listed in the table.</span><p>
<div class="tablenoborder"><a name="mrs_01_0766__table74220350178"></a><a name="table74220350178"></a><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_0766__table74220350178" frame="border" border="1" rules="all"><caption><b>Table 1 </b><strong id="mrs_01_0766__b10915207291">Parameter description</strong></caption><thead align="left"><tr id="mrs_01_0766__row1743935151719"><th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.3.2.1.2.4.1.1"><p id="mrs_01_0766__p13378105233519">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.3.2.1.2.4.1.2"><p id="mrs_01_0766__p7378652143515">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.3.2.1.2.4.1.3"><p id="mrs_01_0766__p337875211359">Example Value</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_0766__row94373551718"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.1 "><p id="mrs_01_0766__p13783525354">Service Name</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.2 "><p id="mrs_01_0766__p10378952103511">Name of the service to be created. The value is fixed to <strong id="mrs_01_0766__b1897933292913">hbasedev</strong>.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.3 "><p id="mrs_01_0766__p143789524351">hbasedev</p>
</td>
</tr>
<tr id="mrs_01_0766__row154353515177"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.1 "><p id="mrs_01_0766__p1037885253516">Username</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.2 "><p id="mrs_01_0766__p203781552183511">You can set this parameter to any value.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.3 "><p id="mrs_01_0766__p193781526356">admin</p>
</td>
</tr>
<tr id="mrs_01_0766__row243143511179"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.1 "><p id="mrs_01_0766__p13379115223515">Password</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.2 "><p id="mrs_01_0766__p437945273517">You can set this parameter to any value.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.3 "><p id="mrs_01_0766__p123791352153520">-</p>
</td>
</tr>
<tr id="mrs_01_0766__row343153551716"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.1 "><p id="mrs_01_0766__p1243163517179">hadoop.security.authentication</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.2 "><p id="mrs_01_0766__p243103561716">Hadoop authentication mode. The value is fixed to <strong id="mrs_01_0766__b542413432298">Simple</strong>.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.3 "><p id="mrs_01_0766__p843133512171">Simple</p>
</td>
</tr>
<tr id="mrs_01_0766__row174315352174"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.1 "><p id="mrs_01_0766__p12432355173">hbase.security.authentication</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.2 "><p id="mrs_01_0766__p54303512175">HBase authentication mode. The value is fixed to <strong id="mrs_01_0766__b027364713294">Simple</strong>.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.3 "><p id="mrs_01_0766__p184373591715">Simple</p>
</td>
</tr>
<tr id="mrs_01_0766__row174314357170"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.1 "><p id="mrs_01_0766__p343153517173">hbase.zookeeper.property.clientPort</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.2 "><p id="mrs_01_0766__p1543173551716">Port number of ZooKeeper in the HBase cluster.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.3 "><p id="mrs_01_0766__p16432358177">2181</p>
</td>
</tr>
<tr id="mrs_01_0766__row1043335111715"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.1 "><p id="mrs_01_0766__p343183531710">hbase.zookeeper.quorum</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.2 "><p id="mrs_01_0766__p14431735181716">ZooKeeper address in the HBase cluster.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.3 "><p id="mrs_01_0766__p13980205719194">192.168.0.7,192.168.0.8,192.168.0.9</p>
</td>
</tr>
<tr id="mrs_01_0766__row19708163015201"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.1 "><p id="mrs_01_0766__p1370953092011">zookeeper.znode.parent</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.2 "><p id="mrs_01_0766__p4709123012208">Path of the root node of HBase in ZooKeeper. The value is fixed to <strong id="mrs_01_0766__b153501815173015">/hbase</strong>.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.3.2.1.2.4.1.3 "><p id="mrs_01_0766__p4709163092020">/hbase</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="fignone" id="mrs_01_0766__fig39091316015"><span class="figcap"><b>Figure 2 </b>Creating hbasedev</span><br><span><img id="mrs_01_0766__image1247919164459" src="en-us_image_0000001349289421.png"></span></div>
</p></li><li id="mrs_01_0766__li189043534201"><span>Click <strong id="mrs_01_0766__b103081044103014">Add</strong> to add the service.</span></li><li id="mrs_01_0766__li10978124502112"><span>Start the Ranger HBase plugin to authorize Ranger to manage HBase.</span><p><ol type="a" id="mrs_01_0766__ol2033912334020"><li id="mrs_01_0766__li17892205313916">On the MRS management console, click the cluster name to go to the cluster details page.</li><li id="mrs_01_0766__li179012282616">Click the <strong id="mrs_01_0766__b19723507318">Components</strong> tab.</li><li id="mrs_01_0766__li194741166217">Choose <strong id="mrs_01_0766__b132815614312">HBase</strong> &gt; <strong id="mrs_01_0766__b14282610312">Service Configuration</strong> and switch <strong id="mrs_01_0766__b142910663116">Basic</strong> to <strong id="mrs_01_0766__b10291610313">All</strong>.</li><li id="mrs_01_0766__li2339133315018">Search for <strong id="mrs_01_0766__b15611318183119">hbase.security.authorization</strong> and change its value to <strong id="mrs_01_0766__b19612218193119">true</strong> (select the first HBase parameter).</li><li id="mrs_01_0766__li217715610577">Search for <strong id="mrs_01_0766__b18459431329">hbase.coprocessor.master.classes</strong> and append <strong id="mrs_01_0766__b9451434324">,org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor</strong> to its original value.</li><li id="mrs_01_0766__li997118441902">Search for <strong id="mrs_01_0766__b17938183817343">hbase.coprocessor.region.classes</strong> and append <strong id="mrs_01_0766__b18939133817340">,org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor</strong> to its original value.</li><li id="mrs_01_0766__li1538145391">Click <strong id="mrs_01_0766__b58445743713">Save Configuration</strong> and select <strong id="mrs_01_0766__b98451079376">Restart the affected services or instances</strong> to restart the HMaster and RegionServer instances.</li></ol>
</p></li><li id="mrs_01_0766__li1175119381520"><span>Create a policy under <strong id="mrs_01_0766__b29481711193718">HBase Service hbasedev</strong>.</span><p><ol type="a" id="mrs_01_0766__ol623195511810"><li id="mrs_01_0766__li286414508814">Log in to the Ranger web UI.</li><li id="mrs_01_0766__li651141125712">In the <strong id="mrs_01_0766__b18280016103720">HBASE</strong> area, click the added service <strong id="mrs_01_0766__b328071613371">hbasedev</strong>.</li><li id="mrs_01_0766__li77752095618">Click <strong id="mrs_01_0766__b127411918173719">Add New Policy</strong> to add an access control policy.</li><li id="mrs_01_0766__li483812535575">Set the parameters according to <a href="#mrs_01_0766__table116322231534">Table 2</a>. Use the default values for the parameters that are not listed in the table.
<div class="tablenoborder"><a name="mrs_01_0766__table116322231534"></a><a name="table116322231534"></a><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_0766__table116322231534" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameter description</caption><thead align="left"><tr id="mrs_01_0766__row11633152314316"><th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.6.2.1.4.2.2.4.1.1"><p id="mrs_01_0766__p1260833016420">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.6.2.1.4.2.2.4.1.2"><p id="mrs_01_0766__p156082301046">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.6.2.1.4.2.2.4.1.3"><p id="mrs_01_0766__p1060811302417">Example Value</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_0766__row1163310231234"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.1 "><p id="mrs_01_0766__p1865510429816">Policy Name</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.2 "><p id="mrs_01_0766__p19547132615414">Policy name</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.3 "><p id="mrs_01_0766__p46331231316">Policy002</p>
</td>
</tr>
<tr id="mrs_01_0766__row9633142318314"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.1 "><p id="mrs_01_0766__p11633172313315">HBase Table</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.2 "><p id="mrs_01_0766__p45473261944">Name of the HBase table that the policy allows to access</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.3 "><p id="mrs_01_0766__p2063314239314">test1</p>
</td>
</tr>
<tr id="mrs_01_0766__row863372320317"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.1 "><p id="mrs_01_0766__p16335231835">HBase Column-family</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.2 "><p id="mrs_01_0766__p054718261244">Column family of the HBase table that the policy allows to access</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.3 "><p id="mrs_01_0766__p176331023136">cf1</p>
</td>
</tr>
<tr id="mrs_01_0766__row1663420237318"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.1 "><p id="mrs_01_0766__p663414239318">HBase Column</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.2 "><p id="mrs_01_0766__p1754752616416">Column name of the table corresponding to the HBase table that the policy allows to access</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.3 "><p id="mrs_01_0766__p1063412318311">name</p>
</td>
</tr>
<tr id="mrs_01_0766__row463413231318"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.1 "><p id="mrs_01_0766__p1263412231934">Allow Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.2 "><ul id="mrs_01_0766__ul291972075620"><li id="mrs_01_0766__li1191916209565"><strong id="mrs_01_0766__b5891958123710">Select Group</strong>: user group that the policy allows to access</li><li id="mrs_01_0766__li956702325612"><strong id="mrs_01_0766__b9168165918370">Select User</strong>: user in the user group that the policy allows to access</li><li id="mrs_01_0766__li5554348566"><strong id="mrs_01_0766__b112882043810">Permissions</strong>: permissions that the policy allows the user to have</li></ul>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.6.2.1.4.2.2.4.1.3 "><ul id="mrs_01_0766__ul11428874228"><li id="mrs_01_0766__li8428157182218">Select Group: <strong id="mrs_01_0766__b231114113818">testuser</strong></li><li id="mrs_01_0766__li14285711228">Select User: <strong id="mrs_01_0766__b230310253816">testuser</strong></li><li id="mrs_01_0766__li174281572225">Permissions: <strong id="mrs_01_0766__b1919933183810">Create</strong> and <strong id="mrs_01_0766__b141991132386">Select</strong></li></ul>
</td>
</tr>
</tbody>
</table>
</div>
<div class="fignone" id="mrs_01_0766__fig2047532791212"><span class="figcap"><b>Figure 3 </b>Adding an access control policy for <strong id="mrs_01_0766__b1313984153812">hbasedev</strong></span><br><span><img id="mrs_01_0766__image2461191716107" src="en-us_image_0000001295930284.png"></span></div>
</li><li id="mrs_01_0766__li85730455122">Click <strong id="mrs_01_0766__b28658425393">Add</strong> to add the policy. According to the preceding policy, user <strong id="mrs_01_0766__b1187015427391">testuser</strong> in the <strong id="mrs_01_0766__b9871164223919">testuser</strong> user group has the <strong id="mrs_01_0766__b16871942133920">Create</strong> and <strong id="mrs_01_0766__b087104217397">Select</strong> permissions on the <strong id="mrs_01_0766__b11871174213392">cf1:name</strong> column in the <strong id="mrs_01_0766__b7871442193911">test1</strong> table of the <strong id="mrs_01_0766__b118729421391">default</strong> namespace in HBase, but no permissions to access other columns.</li></ol>
</p></li><li id="mrs_01_0766__li653355053712"><span>Update and log in to the HBase client by referring to <a href="mrs_01_0368.html">Using HBase from Scratch</a>, and check whether HBase has been integrated into Ranger.</span><p><ol type="a" id="mrs_01_0766__ol63481623172519"><li id="mrs_01_0766__li1813416133279">Run the following command to access the HBase shell:<p id="mrs_01_0766__p229910510296"><a name="mrs_01_0766__li1813416133279"></a><a name="li1813416133279"></a><strong id="mrs_01_0766__b1780292618339">source /opt/client/bigdata_env</strong></p>
<p id="mrs_01_0766__p15419941201513"><strong id="mrs_01_0766__b916613701512">hbase shell</strong></p>
<div class="fignone" id="mrs_01_0766__fig194139416157"><span class="figcap"><b>Figure 4 </b>Accessing the HBase shell</span><br><span><img id="mrs_01_0766__image5316182913146" src="en-us_image_0000001296249756.png"></span></div>
</li><li id="mrs_01_0766__li114993407521">Add data and check whether Ranger is integrated.<ol class="substepthirdol" id="mrs_01_0766__ol6778182921719"><li id="mrs_01_0766__li165771725151717">Add data to the <strong id="mrs_01_0766__b1031956163812">cf1:name</strong> column in the <strong id="mrs_01_0766__b148156143817">test1</strong> table.<p id="mrs_01_0766__p75731859101610"><b><span class="cmdname" id="mrs_01_0766__cmdname15136414174">put 'test1','001','cf1:name','tom'</span></b></p>
</li><li id="mrs_01_0766__li171361536201710">Add data to the <strong id="mrs_01_0766__b161818584385">cf1:age</strong> column in the <strong id="mrs_01_0766__b261935810388">test1</strong> table. If the user has no permission to access this column, the data fails to be added.<p id="mrs_01_0766__p18329132141611"><b><span class="cmdname" id="mrs_01_0766__cmdname7624173751611">put 'test1','001','cf1:age',10</span></b></p>
</li></ol>
<div class="fignone" id="mrs_01_0766__fig464134592011"><span class="figcap"><b>Figure 5 </b>Verifying the integration of Ranger with HBase</span><br><span><img id="mrs_01_0766__image86416455201" src="en-us_image_0000001438276253.png"></span></div>
</li></ol>
</p></li></ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_0761.html">Using Ranger (MRS 1.9.2)</a></div>
</div>
</div>
View Git Blame Copy Permalink