yujunjun/datahub
2
0
Fork 0
mirror of https://github.com/datahub-project/datahub.git synced 2025-12-25 00:48:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix apache ranger plugin readme file rendering (#5585)

Browse Source
This commit is contained in:
mohdsiddique 2022-08-08 22:04:29 +05:30 committed by GitHub
parent b32a0723a1
commit d62441b937
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 101 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

202
datahub-ranger-plugin/README.md
View File

@ -29,33 +29,33 @@ For kubernetes example command, please replace the <ranger-pod-name> and &
1. Download the **datahub-ranger-plugin** from [Maven](https://mvnrepository.com/artifact/io.acryl/datahub-ranger-plugin)
2. Create a "datahub" directory inside the "ranger-plugins" directory where Apache Ranger is deployed. For example, to do this in a Privacera container
*Docker command:*
```bash
docker exec privacera_ranger_1 mkdir ews/webapp/WEB-INF/classes/ranger-plugins/datahub
```
*Kubernetes command:*
```bash
kubectl exec <ranger-pod-name> mkdir ews/webapp/WEB-INF/classes/ranger-plugins/datahub -n <namespace>
```
*Docker command:*
```bash
docker exec privacera_ranger_1 mkdir ews/webapp/WEB-INF/classes/ranger-plugins/datahub
```
*Kubernetes command:*
```bash
kubectl exec <ranger-pod-name> mkdir ews/webapp/WEB-INF/classes/ranger-plugins/datahub -n <namespace>
```
3. Copy the downloaded **datahub-ranger-plugin** jar into the newly created "datahub" directory. For example, to do this in a Privacera container
*Docker command:*
```bash
docker cp datahub-ranger-plugin-&lt;version&gt;.jar privacera_ranger_1:/opt/ranger/ranger-2.1.0-admin/ews/webapp/WEB-INF/classes/ranger-plugins/datahub/
```
*Kubernetes command:*
```bash
kubectl cp datahub-ranger-plugin-&lt;version&gt;.jar &lt;ranger-pod-name&gt;:/opt/ranger/ranger-2.1.0-admin/ews/webapp/WEB-INF/classes/ranger-plugins/datahub/ -n &lt;namespace&gt;
```
5. Download the [service definition file](../datahub-ranger-plugin/conf/servicedef.json). This service definition is the ranger service definition JSON file for datahub-ranger-plugin-&lt;version&gt;.jar
6. Register the downloaded service definition file with Apache Ranger Service. To do this executes the below curl command <br />
*Docker command:*
```bash
docker cp datahub-ranger-plugin-<version>.jar privacera_ranger_1:/opt/ranger/ranger-2.1.0-admin/ews/webapp/WEB-INF/classes/ranger-plugins/datahub/
```
*Kubernetes command:*
```bash
kubectl cp datahub-ranger-plugin-<version>.jar <ranger-pod-name>:/opt/ranger/ranger-2.1.0-admin/ews/webapp/WEB-INF/classes/ranger-plugins/datahub/ -n <namespace>
```
4. Download the [service definition file](../datahub-ranger-plugin/conf/servicedef.json). This service definition is the ranger service definition JSON file for datahub-ranger-plugin-&lt;version&gt;.jar
5. Register the downloaded service definition file with Apache Ranger Service. To do this executes the below curl command <br />
Replace variables with corresponding values in curl command
- &lt;ranger-admin-username&gt;
- &lt;ranger-admin-password&gt;
- &lt;ranger-host&gt;
```bash
curl -u &lt;ranger-admin-username&gt;:&lt;ranger-admin-password&gt; -X POST -H "Accept: application/json" -H "Content-Type: application/json" --data @servicedef.json http://&lt;ranger-host&gt;:6080/service/public/v2/api/servicedef
```
- &lt;ranger-admin-username&gt;
- &lt;ranger-admin-password&gt;
- &lt;ranger-host&gt;
```bash
curl -u <ranger-admin-username>:<ranger-admin-password> -X POST -H "Accept: application/json" -H "Content-Type: application/json" --data @servicedef.json http://<ranger-host>:6080/service/public/v2/api/servicedef
```
### Defining a Ranger Policy
@ -91,50 +91,6 @@ Perform the following steps to configure DataHub to send incoming requests to Ap
1. Download Apache Ranger security xml [ranger-datahub-security.xml](../datahub-ranger-plugin/conf/ranger-datahub-security.xml)
2. In **ranger-datahub-security.xml** edit the value of property *ranger.plugin.datahub.policy.rest.url*. Sample snippet is shown below
```xml
<property>
<name>ranger.plugin.datahub.policy.rest.url</name>
<value>http://199.209.9.70:6080</value>
<description>
URL to Ranger Admin
</description>
</property>
```
As per your deployment follow either Docker or Kubernetes section below
### Docker
Configure DataHub to use a Ranger **Authorizer**. On the host where `datahub-gms` is deployed, follow these steps:
1. Create directory **~/.datahub/plugins/auth/resources/**: Executes below command
```bash
mkdir -p ~/.datahub/plugins/auth/resources/
```
2. Copy **ranger-datahub-security.xml** file to ~/.datahub/plugins/auth/resources/
3. [Optional] Disable the DataHub default policy authorizer by setting the following environment variable on the `datahub-gms` container:
```bash
export AUTH_POLICIES_ENABLED=false
```
4. Enable the Apache Ranger authorizer by setting the following environment variable on the `datahub-gms` container:
```bash
export RANGER_AUTHORIZER_ENABLED=true
```
5. Set the Apache Ranger admin username by setting the following environment variable on the `datahub-gms` container:
```bash
export RANGER_USERNAME=&lt;username&gt;
```
6. Set the Apache Ranger admin password by setting the following environment variable on the `datahub-gms` container:
```bash
export RANGER_PASSWORD=&lt;password&gt;
```
7. Redeploy DataHub (`datahub-gms`) with the new environment variables
### Kubernetes
Configure DataHub to use a Ranger **Authorizer**. On the host where `kubectl` is installed, follow these steps:
For kubernetes example command, please replace the &lt;namespace&gt; as per your environment.
1. Download kubernetes configMap for DataHub Apache Ranger authorizer [auth-plugin-configuration-configMap.kubernetes.yaml](../datahub-ranger-plugin/conf/auth-plugin-configuration-configMap.kubernetes.yaml)
2. In **auth-plugin-configuration-configMap.kubernetes.yaml** edit the value of property *ranger.plugin.datahub.policy.rest.url*. Sample snippet is shown below
```xml
<property>
<name>ranger.plugin.datahub.policy.rest.url</name>
@ -145,16 +101,59 @@ As per your deployment follow either Docker or Kubernetes section below
</property>
```
As per your deployment follow either Docker or Kubernetes section below
### Docker
Configure DataHub to use a Ranger **Authorizer**. On the host where `datahub-gms` is deployed, follow these steps:
1. Create directory **~/.datahub/plugins/auth/resources/**: Executes below command
```bash
mkdir -p ~/.datahub/plugins/auth/resources/
```
2. Copy **ranger-datahub-security.xml** file to ~/.datahub/plugins/auth/resources/
3. [Optional] Disable the DataHub default policy authorizer by setting the following environment variable on the `datahub-gms` container:
```bash
export AUTH_POLICIES_ENABLED=false
```
4. Enable the Apache Ranger authorizer by setting the following environment variable on the `datahub-gms` container:
```bash
export RANGER_AUTHORIZER_ENABLED=true
```
5. Set the Apache Ranger admin username by setting the following environment variable on the `datahub-gms` container:
```bash
export RANGER_USERNAME=<username>
```
6. Set the Apache Ranger admin password by setting the following environment variable on the `datahub-gms` container:
```bash
export RANGER_PASSWORD=<password>
```
7. Redeploy DataHub (`datahub-gms`) with the new environment variables
### Kubernetes
Configure DataHub to use a Ranger **Authorizer**. On the host where `kubectl` is installed, follow these steps:
For kubernetes example command, please replace the &lt;namespace&gt; as per your environment.
1. Download kubernetes configMap for DataHub Apache Ranger authorizer [auth-plugin-configuration-configMap.kubernetes.yaml](../datahub-ranger-plugin/conf/auth-plugin-configuration-configMap.kubernetes.yaml)
2. In **auth-plugin-configuration-configMap.kubernetes.yaml** edit the value of property *ranger.plugin.datahub.policy.rest.url*. Sample snippet is shown below
```xml
<property>
<name>ranger.plugin.datahub.policy.rest.url</name>
<value>http://199.222.9.70:6080</value>
<description>
URL to Ranger Admin
</description>
</property>
```
3. Create a kubernetes configMap resource: Execute below command to create an *auth-plugin-configuration* configMap resource
```bash
kubectl apply -f auth-plugin-configuration-configMap.kubernetes.yaml -n &lt;namespace&gt;
kubectl apply -f auth-plugin-configuration-configMap.kubernetes.yaml -n <namespace>
```
4. Edit **datahub-datahub-gms** deployment to set environment variables & volume-mount points: Execute below command to open deployment editor<br/>
```
kubectl edit deployment datahub-datahub-gms
```
```
kubectl edit deployment datahub-datahub-gms
```
1. Add below environment variables in under *spec.template.spec.containers[0].env*: Replace &lt;username&gt; by Apache Ranger admin username and &lt;password&gt; by Apache Ranger admin user password.
```yaml
- name: AUTH_POLICIES_ENABLED
@ -162,27 +161,28 @@ As per your deployment follow either Docker or Kubernetes section below
- name: RANGER_AUTHORIZER_ENABLED
value: "true"
- name: RANGER_USERNAME
value: "&lt;username&gt;"
value: "<username>"
- name: RANGER_PASSWORD
value: "&lt;password&gt;"
value: "<password>"
```
2. Add *volumes* under spec.template.spec: Copy & paste below yaml snippet under *spec.template.spec*
```yaml
volumes:
- configMap:
name: auth-plugin-configuration
name: auth-resource-volume
```
3. Add *volumeMounts* under spec.template.spec.containers[0]: Copy & paste below yaml snippet under spec.template.spec.containers[0]
```yaml
volumeMounts:
- mountPath: /etc/datahub/plugins/auth/resources
name: auth-resource-volume
readOnly: true
```
6. Save and quit the editor
7. Check status of **datahub-datahub-gms** deployment rollout: Execute below command
2. Add *volumes* under spec.template.spec: Copy & paste below yaml snippet under *spec.template.spec*
```yaml
volumes:
- configMap:
name: auth-plugin-configuration
name: auth-resource-volume
```
3. Add *volumeMounts* under spec.template.spec.containers[0]: Copy & paste below yaml snippet under spec.template.spec.containers[0]
```yaml
volumeMounts:
- mountPath: /etc/datahub/plugins/auth/resources
name: auth-resource-volume
readOnly: true
```
5. Save and quit the editor
6. Check status of **datahub-datahub-gms** deployment rollout: Execute below command
```bash
kubectl rollout status deployment/datahub-datahub-gms
```
@ -217,7 +217,7 @@ then follow the below sections to undo the configuration steps you have performe
- &lt;ranger-host&gt;
```bash
curl -u &lt;ranger-admin-username&gt;:&lt;ranger-admin-password&gt; -X DELETE -H "Accept: application/json" -H "Content-Type: application/json" http://&lt;ranger-host&gt;:6080/service/public/v2/api/servicedef/name/datahub
curl -u <ranger-admin-username>:<ranger-admin-password> -X DELETE -H "Accept: application/json" -H "Content-Type: application/json" http://<ranger-host>:6080/service/public/v2/api/servicedef/name/datahub
```
3. Delete **datahub** plugin directory: Execute below command to delete the **datahub** plugin directory from Apache Ranger
@ -227,25 +227,25 @@ then follow the below sections to undo the configuration steps you have performe
```
*Kubernetes command:*
```bash
kubectl exec &lt;ranger-pod-name&gt; -n &lt;namespace&gt; -- sh -c 'rm -rf ews/webapp/WEB-INF/classes/ranger-plugins/datahub'
kubectl exec <ranger-pod-name> -n <namespace> -- sh -c 'rm -rf ews/webapp/WEB-INF/classes/ranger-plugins/datahub'
```
## Revert Configuration of your DataHub Deployment
### Docker
1. Unset environment variables: Execute below command to unset the environment variables
```bash
unset AUTH_POLICIES_ENABLED
unset RANGER_AUTHORIZER_ENABLED
unset RANGER_USERNAME
unset RANGER_PASSWORD
```
```bash
unset AUTH_POLICIES_ENABLED
unset RANGER_AUTHORIZER_ENABLED
unset RANGER_USERNAME
unset RANGER_PASSWORD
```
2. Redeploy DataHub (`datahub-gms`)
### Kubernetes
For kubernetes example command, please replace the &lt;namespace&gt; as per your environment.
1. Open deployment editor: Execute below command
```bash
kubectl edit deployment datahub-datahub-gms -n &lt;namespace&gt;
kubectl edit deployment datahub-datahub-gms -n <namespace>
```
2. Remove below environments variables
1. AUTH_POLICIES_ENABLED
@ -257,7 +257,7 @@ then follow the below sections to undo the configuration steps you have performe
2. volumeMounts
4. Save and quit the editor and use below command to check status of **datahub-datahub-gms** deployment rollout
```bash
kubectl rollout status deployment/datahub-datahub-gms -n &lt;namespace&gt;
kubectl rollout status deployment/datahub-datahub-gms -n <namespace>
```
On successful rollout you should see a message *deployment "datahub-datahub-gms" successfully rolled out*