You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hawq.apache.org by li...@apache.org on 2017/03/25 22:39:51 UTC

incubator-hawq-docs git commit: add pg_hba.conf config for ranger node, formatting updates

Repository: incubator-hawq-docs
Updated Branches:
  refs/heads/feature/ranger-integration 72203286c -> b479fcfe0


add pg_hba.conf config for ranger node, formatting updates


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/b479fcfe
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/b479fcfe
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/b479fcfe

Branch: refs/heads/feature/ranger-integration
Commit: b479fcfe0f156222ae3505cf8c2889346336f900
Parents: 7220328
Author: Lisa Owen <lo...@pivotal.io>
Authored: Sat Mar 25 15:39:34 2017 -0700
Committer: Lisa Owen <lo...@pivotal.io>
Committed: Sat Mar 25 15:39:34 2017 -0700

----------------------------------------------------------------------
 .../ranger-integration-config.html.md.erb       | 64 ++++++++++++++------
 1 file changed, 44 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/b479fcfe/markdown/ranger/ranger-integration-config.html.md.erb
----------------------------------------------------------------------
diff --git a/markdown/ranger/ranger-integration-config.html.md.erb b/markdown/ranger/ranger-integration-config.html.md.erb
index afc78e8..b0684ec 100644
--- a/markdown/ranger/ranger-integration-config.html.md.erb
+++ b/markdown/ranger/ranger-integration-config.html.md.erb
@@ -25,33 +25,57 @@ In order to use Ranger for managing HAWQ authentication events, you must first i
 The following procedures describe each configuration activity.
 
 ## <a id="jar"></a>Step 1: Install Ranger Connectivity to HAWQ
-1. `ssh` into the Ranger Administration host as a user with root privileges:
-    ``` bash
-    $ ssh root@<ranger-admin-host>
-    root@ranger-admin-host$
-    ```
-2. Create the directory for the HAWQ JAR files:
+1. `ssh` into the Ranger Administration host as a user with root privileges:
+
     ``` bash
-    root@ranger-admin-host$ cd /usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/classes/ranger-plugins
-    root@ranger-admin-host$ mkdir hawq
+    $ ssh root@<ranger-admin-node>
+    root@ranger-admin-node$ 
     ```
-3. Copy the necessary HAWQ JAR files (`postgresql-9.1-901-1.jdbc4.jar` and `ranger-plugin-admin-2.2.0.0.jar`) from a HAWQ node to the new directory:
+2. Create the directory for the HAWQ JAR files:
+
     ``` bash
-    root@ranger-admin-host$ scp <hawq-node>:/usr/local/hawq/ranger/lib/*.jar ./hawq
+    root@ranger-admin-node$ cd /usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/classes/ranger-plugins
+    root@ranger-admin-node$ mkdir hawq
     ```
-4. Change the ownership of the new folder and JAR files to the `ranger` user:
+3. Copy the necessary HAWQ JAR files (`postgresql-9.1-901-1.jdbc4.jar` and `ranger-plugin-admin-2.2.0.0.jar`) from the HAWQ master node to the new directory:
+
     ``` bash
-    root@ranger-admin-host$ chown -R ranger:ranger hawq
+    root@ranger-admin-node$ scp <hawq-master>:/usr/local/hawq/ranger/lib/*.jar ./hawq
     ```
-5. From a HAWQ node as the `gpadmin` user, execute the `enable-ranger-plugin.sh` script to configure connectivity to your HAWQ cluster. The command has the syntax:
+4. Change the ownership of the new folder and JAR files to the `ranger` user:
+
     ``` bash
-    /usr/local/hawq/ranger/bin/enable-ranger-plugin.sh -r <ranger_host>:<ranger_port> -u <ranger_user> -p <ranger_password> -h <hawq_host>:<hawq_port> -w <hawq_user> -q <hawq_password>
+    root@ranger-admin-node$ chown -R ranger:ranger hawq
     ```
-   For example:
-   ``` bash
-   gpadmin@hawq-node$ /usr/local/hawq/ranger/bin/enable-ranger-plugin.sh -r ranger_host:6080 -u admin -p admin -h hawq_host:5432 -w gpadmin -q gpadmin
-   ```
-6. To validate connectivity between Ranger and HAWQ, access the Ranger Admin UI in Ambari and select the HAWQ service.  Ensure that the Active Status is set to Enabled, and click `Test Connection`. You should receive a message that Ranger connected succesfully.  If it fails to connect, edit your HAWQ connectivity properties directly in the Ranger Admin UI re-test the connection.
+5. The `enable-ranger-plugin.sh` script configures Ranger connectivity to your HAWQ cluster. The command has the syntax:
+
+    ``` pre
+    enable-ranger-plugin.sh -r <ranger_admin_node>:<ranger_port> -u <ranger_user> -p <ranger_password> -h <hawq_master>:<hawq_port> -w <hawq_user> -q <hawq_password>
+    ```
+
+    Log in to the HAWQ master node as the `gpadmin` user and execute the `enable-ranger-plugin.sh` script. For example:
+
+    ``` bash
+    gpadmin@master$ cd /usr/local/hawq/ranger/bin
+    gpadmin@master$ ./enable-ranger-plugin.sh -r ranger_host:6080 -u admin -p admin -h hawq_master:5432 -w gpadmin -q gpadmin
+    ```
+
+    Ensure \<hawq_master\> identifies the fully qualified domain name of the HAWQ master node.
+
+6. Edit the `pg_hba.conf` file on the HAWQ master node to configure HAWQ access for \<hawq_user\> on the \<ranger-admin-node\>. For example, you would add an entry similar to the following for the example `enable-ranger-plugin.sh` call above:
+
+    ``` bash
+    host  all     gpadmin    ranger_host/32       trust
+    ```
+
+    And reload HAWQ configuration:
+
+    ``` bash
+    gpadmin@master$ hawq stop cluster --reload
+    ```
+
+7. To validate connectivity between Ranger and HAWQ, access the Ranger Admin UI in Ambari, click the edit icon associated with the `hawq` service definition. Ensure that the Active Status is set to Enabled, and click the **Test Connection** button. You should receive a message that Ranger connected succesfully.  If it fails to connect, edit your HAWQ connectivity properties directly in the Ranger Admin UI and re-test the connection.
+
 
 ## <a id="enable"></a>Step 2: Configure HAWQ to Use Ranger Policy Management
 
@@ -59,6 +83,6 @@ The following procedures describe each configuration activity.
 2. Select the **Advanced** tab, and then expand **Custom hawq-site**.
 4. Click **Add Property...** and add the new property, `hawq_acl_type=ranger` property. (If the property already exists, change its value from `standalone` (the default) to `ranger`.)
 5. Click **Save** to save your changes.
-6. Select **Service Actions > Restart All** and confirm that you want to restart the HAWQ cluster.
+6. Select **Service Actions > Restart All** and confirm that you want to restart the HAWQ cluster.
 
 ## <a id="caching"></a>Changing the Frequency of Policy Caching