This Article guide you how to condigure Ranger in CDH Cluster.
- Cloudera Manager and CDH installed and running.
- Ranger Admin and Plugins installed on the cluster.
- Database for Ranger policies (MySQL/PostgreSQL) configured.
- Admin access to Cloudera Manager and the cluster nodes.
Download and install Apache Ranger:
wget
tar -xvzf ranger-x-admin.tar.gz
cd ranger-x-admin Configure the Ranger database:
vi conf/ranger-admin-site.xml
<property>
<name>ranger.jpa.jdbc.url</name>
<value>jdbc:mysql://ranger-db-host/ranger?useSSL=false</value>
</property>
<property>
<name>ranger.jpa.jdbc.driver</name>
<value>com.mysql.jdbc.Driver</value>
</property>
Run the Ranger database setup:
./setup.shStart Ranger Admin:
ranger-admin start
Go to Cloudera Manager → HDFS → Configuration.
Set the following properties:
dfs.permissions.enabled=true
dfs.block.access.token.enable=true
hadoop.security.authorization=true
hadoop.security.authentication=kerberos
Install and configure the Ranger HDFS plugin:
tar -xvzf ranger-x-hdfs-plugin.tar.gz
cd ranger-x-hdfs-plugin
./enable-hdfs-plugin.sh
Go to Cloudera Manager → Hive → Configuration.
Enable Ranger Authorization:
hive.security.authorization.enabled=true
hive.security.authorization.manager=org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory
Install the Ranger Hive plugin:
tar -xvzf ranger-x-hive-plugin.tar.gz
cd ranger-x-hive-plugin
./enable-hive-plugin.sh
Go to Cloudera Manager → HBase → Configuration.
Set the following properties:
hbase.security.authorization=true
hbase.coprocessor.master.classes=org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor
hbase.coprocessor.region.classes=org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor
Install the Ranger HBase plugin:
tar -xvzf ranger-x-hbase-plugin.tar.gz
cd ranger-x-hbase-plugin
./enable-hbase-plugin.sh
Go to Cloudera Manager → Kafka → Configuration.
Set the following properties:
authorizer.class.name=org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer
Install the Ranger Kafka plugin:
tar -xvzf ranger-x-kafka-plugin.tar.gz
cd ranger-x-kafka-plugin
./enable-kafka-plugin.sh
1. Log in to Ranger Admin at http://ranger-server-host:6080.
2. Navigate to "Access Manager" → "Resource Policies".
3. Select the service (HDFS, Hive, HBase, Kafka).
4. Create a new policy, specifying:
- Resource path (for HDFS).
- Database/Table (for Hive).
- Table/Column permissions (for HBase).
- Topic permissions (for Kafka).
5. Assign users or groups with read/write/execute access.
6. Save and apply changes.
Run a test HDFS access command:
hdfs dfs -ls /secured-data
Attempt a Hive query with controlled access:
hive -e "SELECT * FROM sensitive_data_table;"
Check access on an HBase table:
hbase shell
scan 'secure_table'
Test Kafka topic access:
kafka-console-producer --topic secure_topic --broker-list kafka-broker:9092
By enabling Apache Ranger, organizations can implement centralized security controls across Hive, HDFS, HBase, and Kafka in a Cloudera CDH cluster. Configuring proper access policies enhances data governance and compliance.