±à¼ÍƼö: |
±¾ÎÄÊ×ÏȽéÉÜRangerµÄ±³¾°£¬
RangerµÄ»ù±¾¼Ü¹¹ÒÔ¼°»ù±¾×é¼þ£¬×îºó½éÉÜȨÏÞÄ£ÐͺÍʵÏÖ£¬È¨ÏÞ¹ÜÀíµÄÁ÷³Ì£¬Ï£Íû¶ÔÄúµÄѧϰÓÐËù°ïÖú¡£
±¾ÎÄÀ´×ÔDBAplusÉçȺ£¬ÓÉAlice±à¼¡¢ÍƼö¡£ |
|
Ò»¡¢±³¾°
´óÊý¾Ý×î»ù±¾¾ÍÊÇÊý¾ÝÒÔ¼°ÓÃÓÚ¼ÆËãµÄ×ÊÔ´£¬ÐèÒª½«ÏàÓ¦µÄÊý¾ÝºÍ×ÊÔ´¿ª·Å¸ø¶ÔÓ¦µÄÓû§Ê¹Óã¬ÒÔ·À±»ÇÔÈ¡¡¢±»ÆÆ»µÔì³ÉËðʧ£¬Õâ¸ö¾ÍÉæ¼°´óÊý¾Ý°²È«¡£
Ö÷Á÷µÄ´óÊý¾Ý°²È«×é¼þKerberosÓÉÓÚʹÓÃÁÙʱµÄÓû§ÑéÖ¤»úÖÆ²»ÊÊÓÃÓû§¶àµÄÇé¿ö¡¢SentryÖ»ÊÊÓÃÉÙ²¿·ÖµÄHadoopÉú̬×é¼þÓ¦Óó¡¾°ÉÙ¡£
Apache Ranger×÷Ϊ±ê×¼»¯µÄ·ÃÎÊ¿ØÖƲ㣬ÒýÈëͳһµÄȨÏÞÄ£ÐÍÓë¹ÜÀí½çÃæ£¬¼«´óµØ¼ò»¯ÁËÊý¾ÝȨÏ޵ĹÜÀí£¬Í³Ò»µÄȨÏÞ¹ÜÀí½µµÍÁËѧϰ³É±¾£¬·Ç³£Ò×ÓÚʹÓá£
Apache Ranger£ºÒ»¸öÓÃÓÚÔÚÕû¸öHadoopƽ̨ÉÏʹÓã¬ÓÃÀ´¼àÊӺ͹ÜÀíÈ«ÃæµÄÊý¾Ý°²È«ÐԵĿò¼Ü¡£Ö÷ÒªÊÇÌṩһ¸ö¼¯ÖÐʽ°²È«¹ÜÀí¿ò¼Ü,
²¢½â¾öÊÚȨºÍÉó¼ÆÎÊÌâ¡£
ÌØµã£º¼¯ÖÐʽ°²È«¹ÜÀí£¬¿ÉÔÚWeb UI»òʹÓÃREST API¹ÜÀíËùÓÐÓ밲ȫÏà¹ØµÄÈÎÎñ£»»ùÓÚ²ßÂÔ£¨Policy-Based£©µÄ·ÃÎÊȨÏÞÄ£ÐÍ
£¬Ò×ÓÚʹÓã»Ö§³Ö´ó²¿·ÖHadoopÉú̬×é¼þ£»Ö§³ÖÉ󼯣¨Éó¼ÆÖ÷ÒªÊÇÈÕÖ¾É󼯣¬Ö÷Òª¼Ç¼¸÷¸ö×é¼þ×ÊÁϵķÃÎÊÐÅÏ¢£¬Ò²¾ÍÊÇ´Ó¸÷¸ö×é¼þÈÕÖ¾Öг鵽ÏàÓ¦µÄµÇ¼·ÃÎÊÐÅÏ¢
£©£»Ö§³ÖÓû§ÓëLDAP£¨Lightweight Directory Access Protocol£¬ÇáÁ¿Ä¿Â¼·ÃÎÊÐÒ飩¡¢LinuxϵͳµÄÓû§Í¬²½
Ö§³ÖµÄ×é¼þ£ºHDFS£»YARN£»HBase£»Hive£»Solr£»Storm£»Sqoop£»Kafka£»Atlas£»Nifi£»KnoxµÈ¡£ÆäÖÐHDFSÖ÷ÒªÊǶÔÎļþ·ÃÎÊȨÏÞ½øÐйÜÀí£¬HBase¶ÔÓ¦±í¡¢ÁÐ×åºÍÁеÄȨÏÞ¹ÜÀí£¬Hive¶ÔÓ¦±íµÄÊý¾Ý¿â¡¢±íºÍÁеÄȨÏÞ¹ÜÀí¡¢Atlas¶ÔÓ¦Àà±ð¡¢ÔªÊý¾ÝʵÌå¡¢ÀàÐÍ¡¢ÊäÈë/Êä³öµÄȨÏÞ¹ÜÀí¡£
Óŵ㣺ÌṩÁËϸÁ£¶È¼¶£¨ÀýÈçhiveÁм¶±ð£©£»»ùÓÚ·ÃÎʲßÂÔµÄȨÏÞÄ£ÐÍ£»È¨ÏÞ¿ØÖƲå¼þʽ£¬Í³Ò»·½±ãµÄ²ßÂÔ¹ÜÀí£»Ö§³ÖÉó¼ÆÈÕÖ¾£¬¿É¼Ç¼¸÷ÖÖ²Ù×÷µÄÉó¼ÆÈÕÖ¾£¬ÌṩͳһµÄ²éѯ½Ó¿ÚºÍ½çÃæ£»·á¸»µÄHadoopÉú̬×é¼þÖ§³Ö£»Ö§³ÖÓëKerberos¼¯³É£»ÌṩREST
API¿É¹©¶þ´Î¿ª·¢
¶þ¡¢»ù±¾¼Ü¹¹

Óû§¿Éͨ¹ýRangerÌṩµÄWeb½çÃæÒÔAdminȨÏ޵ǼÌí¼ÓȨÏÞ¿ØÖÆService·þÎñ£¬ÔÚServiceÖÐÌí¼ÓÊÚȨµÄ²ßÂÔPolicy£¬ÏµÍ³½«Policy´æÈëMySQLÊý¾Ý¿âÖУ¬²¢ÔÚ±¾µØÍê³É±¸·Ý£¬µ±Óû§È¥ÇëÇó±»ÊÚȨµÄ×é¼þʱ£¬¶ÔÓ¦µÄ×é¼þplugin²å¼þ»ØÈ¥adminÀÈ¡policy²¢¶ÔÓ¦²ßÂÔÄÚÈݽøÐÐÊÚȨ¹ÜÀí£¬·ûºÏȨÏÞÔÊÐí²Ù×÷·ñÔò¾Ü¾øÓû§ÇëÇó£»Í¬Ê±Õû¸ö¹ý³Ì£¨Óû§µÇ¼¡¢´´½¨·þÎñ²ßÂÔ¡¢²å¼þÊÚȨ¹ÜÀí£©¶¼²úÉúÉó¼ÆÈÕÖ¾£¬²¢´æ´¢ÔÚSolrÖС£
Èý¡¢»ù±¾×é¼þ
RangerÖÐÖ÷Òª×é¼þ£ºRanger Admin¡¢Ranger UserSync¡¢Plugin
Ranger Admin£º
Ö°Ôð£ºÌṩ¶Ô²ßÂÔµÄÔöɾ¸Ä²é²Ù×÷£¬²¢ÌṩWebUIºÍRestAPI½Ó¿Ú
×é³É£ºWeb UI¡¢REST API¡¢Êý¾Ý¿â
×÷Ó㺽ÓÊÕUserSync½ø³Ì´«¹ýÀ´µÄÓû§¡¢Óû§×éÐÅÏ¢£¬ ²¢½«ËüÃDZ£´æµ½MySqlÊý¾Ý¿âÖС££¨ÕâЩÓû§ÐÅÏ¢ÔÚÅäÖÃȨÏÞ²ßÂÔµÄʱºòÐèҪʹÓ㬼´·ÖÅä²ßÂԵĶÔÏ󣩣»Ìṩ´´½¨policyµÄ½Ó¿Ú£»ÌṩÍⲿRESTÏûÏ¢µÄ´¦Àí½Ó¿Ú£¨½çÃæÉϵÄһЩCURD²Ù×÷£©
Ranger UserSync£º
Ö°Ô𣺶¨ÆÚ´ÓLDAP/Unix/FileÖмÓÔØÓû§£¬²¢Í¬²½¸øRanger Admin£¨RangerµÄÓû§¹ÜÀí²¢²»Í¬²½£¬¼´ÔÚϵͳÌí¼ÓµÄÓû§²¢²»ÄÜÁ¢¿Ìͬ²½µ½rangerÖУ©
Plugin
Ö°Ôð£ºÒÔ²å¼þµÄÐÎʽ¼¯³Éµ½¸÷×é¼þÖУ¬¶¨ÆÚ´ÓRanger AdminÀÈ¡²ßÂÔ£¬²¢¸ù¾ÝÓû§·ÃÎÊÖ´ÐвßÂÔ£¬ÇÒ¶¨ÆÚ½«Éó¼ÆÈÕÖ¾¼Ç¼µ½Solr¡£Êµ¼ÊÉÏÊǸöỊ̈߳¬»áÈ¥¶ÁÈ¡²ßÂÔµÄÅäÖÃÎļþ
¾ßÌåµÄʵÏÖ½Ó¿Ú¼ûϱí

ÆäÓà×é¼þ£ºRanger Tagsyncs¡ª¡ª¶¨ÆÚ´Ó±êǩԴ(ͨ³£ÊÇAtlas)£¬Í¬²½±êÇ©ÐÅÏ¢£»Ranger
KMS¡ª¡ªRanger Key Management Service£¬»ùÓÚHadoop KMS ·â×°µÄÃØÔ¿¹ÜÀí·þÎñ,Ö§³ÖHDFS¾²Ì¬Êý¾Ý¼ÓÃÜ¡£

ËÄ¡¢È¨ÏÞÄ£Ðͼ°ÊµÏÖ
ȨÏÞÄ£ÐÍ£º¶¨Òå¡°Óû§-ȨÏÞ-×ÊÔ´¡±£¬ÆäÖÐÓû§Ê¹ÓÃUser/group±í´ï£¬User±íʾ·ÃÎÊ×ÊÔ´µÄÓû§£¬Group±íʾUserËùÊôµÄÓû§×飻ȨÏÞÖ÷ÒªÓÉ(AllowACL,
DenyACL)À´±í´ï(Access Control List)£¬ÀàËÆ°×Ãûµ¥&ºÚÃûµ¥£¬AllowACLÓÃÀ´ÃèÊöÔÊÐí·ÃÎʵÄÇé¿ö£¬DenyACLÓÃÀ´ÃèÊö¾Ü¾ø·ÃÎʵÄÇé¿ö,²»Í¬µÄ×é¼þ¶ÔÓ¦µÄȨÏÞ²»Ò»Ñù£»×ÊÔ´¶ÔÓÚ²»Í¬×é¼þ¶ÔÓ¦²»Í¬£¬¾ßÌå¼ûÏÂ±í¡£

ȨÏÞʵÏÖ£º
Admin¸ºÔðÖ¸¶¨È¨ÏÞ²ßÂÔ·ÖÅäÏàÓ¦µÄ×ÊÔ´¸øÏàÓ¦µÄÓû§»ò×飬´æ´¢ÔÚMySQLÖУ»
Plugin¸ºÔð¶¨ÆÚ´ÓRanger AdminÀÈ¡²ßÂÔ²¢¸ù¾Ý²ßÂÔÖ´ÐзÃÎʾö²ßÊ÷Íê³ÉÊÚȨ¹ÜÀí£¬×îºóʵʱ¼Ç¼·ÃÎÊÉ󼯣¨Êµ¼Ê°²×°²¿Êðpluginʱͨ¹ýhook·½Ê½µ÷Óø÷¸ö×é¼þ·þÎñ´ïµ½È¨ÏÞ¹ÜÀí
£©£»
Plugin°²×°µÄ½Úµã¸ù¾Ý²»Í¬µÄ×é¼þÓÐËù²»Í¬£¬¾ßÌå¼ûÏÂ±í£¬

²ßÂÔÓÅÏȼ¶£ººÚÃûµ¥ÓÅÏÈÓÚ°×Ãûµ¥£»ºÚÃûµ¥ÅųýÓÅÏÈÓÚºÚÃûµ¥£»°×Ãûµ¥ÅųýÓÅÏÈÓÚ°×Ãûµ¥£»

Î塢ȨÏÞ¹ÜÀíÁ÷³Ì
ÒÔRangerºÍHDFS¼¯³ÉΪÀý£¬
1.Ranger Admin´´½¨·þÎñService£¨Ï൱ÓÚweb·þÎñÖеÄservice·â×°½Ó¿Ú£©
2.Ranger Adminͨ¹ý·þÎñService´´½¨²ßÂÔPolicy£¨´æ´¢ÓÚmysqlÊý¾Ý¿âÖУ©
3.HDFS Plugin£¨ÌáǰÏÂÔØ°²×°²¿ÊðÍê±ÏµÄPlugin£©²å¼þÀÈ¡²ßÂÔ
4.HDFS Plugin²å¼þ¶ÔÓû§·ÃÎÊÇëÇó¼øÈ¨£¨È¨ÏÞÀàÐÍÔÚmysqlÊý¾Ý¿â´æ´¢£©
5.HDFS Plugin²å¼þ¼Ç¼Éó¼ÆÈÕÖ¾Audit£¨´æ´¢ÔÚSolrÖУ©
6.Ranger Admin²é¿´Éó¼ÆÈÕÖ¾Audit
|