Install the Ranger Policy Manager
- Make sure the HDP 2.5.3 resource-based service is added to your site's list of available repositories. - If it has not yet been added, add it now by performing the following steps: - For RHEL6/Centos6/Oracle LINUX 6: - wget -nv https://hdpweb.o.onslip.net/HDP/centos6/2.x/GA/2.5.3.0/hdp.repo -O /etc/yum.repos.d/hdp.repo 
- For Ubuntu - apt-get update wget https://hdpweb.o.onslip.net/HDP/ubuntu<version>/2.x/GA/2.5.3.0/hdp.list -O /etc/apt/sources.list.d/hdp.list 
- For Debian - apt-get update wget https://hdpweb.o.onslip.net/HDP/debian7/2.x/GA/2.5.3.0/hdp.list -O /etc/apt/sources.list.d/hdp.list 
 
- Find the Ranger Policy Admin software: - For RHEL/Centos/Oracle LINUX: - yum search ranger 
- For Ubuntu, Debian: - aptitude search ranger 
 
- Install the Ranger Policy Admin software: - yum install ranger_<version> 
- apt-get install <package_name> - In the Ranger Policy Administration installation directory, update the - install.propertiesfile:- Go to the installation directory: - cd /usr/hdp/<version>/ranger-admin/ 
- Edit the following install.properties entries: - Table 13.1. install.properties Entries - Configuration Property - Default/Example Value - Required? - Ranger Policy Database - DB_FLAVOR Specifies the type of database used (MYSQL,ORACLE,POSTGRES,MSSQL) - MYSQL (default) - Y - SQL_CONNECTOR_JAR Path to SQL connector jar of the DB Flavor selected. The value should be the absolute path including the jar name. - /usr/share/java/mysql-connector-java.jar (default) - /usr/share/java/postgresql.jar - /usr/share/java/sqljdbc4.jar - /usr/share/java/ojdbc6.jar - Y - db_root_user database username who has privileges for creating database schemas and users - root (default) - Y - db_root_password database password for the "db_root_user" - rootPassW0Rd - Y - db_host Hostname of the Ranger policy database server - localhost - Y - db_name Ranger Policy database name - ranger (default) - Y - db_user db username used for performing all policy mgmt operation from policy admin tool - rangeradmin (default) - Y - db_password database password for the "db_user" - RangerAdminPassW0Rd - Y - Ranger Audit - audit_solr_urls - http://<solr_host>:8886/solr/ranger_audits - Y - audit_solr_user - Y - audit_solr_password - Y - audit_solr_zookeepers - Only required if SolrCloud is used. - Policy Admin Tool Config - policymgr_external_url URL used within Policy Admin tool when a link to its own page is generated in the Policy Admin Tool website - http://localhost:6080 (default) http://myexternalhost.xasecure.net:6080N - policymgr_http_enabled Enables/disables HTTP protocol for downloading policies by Ranger plug-ins - true (default) - Y - unix_user UNIX user who runs the Policy Admin Tool process - ranger (default) - Y - unix_group UNIX group associated with the UNIX user who runs the Policy Admin Tool process - ranger (default) - Y - Policy Admin Tool Authentication - authentication_method - Authentication Method used to log in to the Policy Admin Tool. - NONE -- only users created within the Policy Admin Tool may log in - UNIX -- allows UNIX userid authentication using the UNIX authentication service (see below) - LDAP -- allows Corporate LDAP authentication (see below) - ACTIVE_DIRECTORY -- allows authentication using an Active Directory - none (default) - Y - UNIX Authentication Service - remoteLoginEnabled Flag to enable/disable remote Login via Unix Authentication Mode - true (default) - Y, if UNIX authentication_method is selected - authServiceHostName Server Name (or ip-addresss) where ranger-usersync module is running (along with Unix Authentication Service) - localhost (default) myunixhost.domain.com - Y, if UNIX authentication_method is selected - authServicePort Port Number where ranger-usersync module is running Unix Authentication Service - 5151 (default) - Y, if UNIX authentication_method is selected - LDAP Authentication - xa_ldap_url URL for the LDAP service - ldap://<ldapServer>:389 - Y, if LDAP authentication_method is selected - xa_ldap_userDNpattern LDAP DN Pattern used to uniquely locate the login user - uid={0},ou=users,dc=xasecure,dc=net - Y, if LDAP authentication_method is selected - xa_ldap_groupSearchBase LDAP Base node location to get all groups associated with login user - ou=groups,dc=xasecure,dc=net - Y, if LDAP authentication_method is selected - xa_ldap_groupSearchFilter LDAP search filter used to retrieve groups for the login user - (member=uid={0},ou=users, dc=xasecure,dc=net) - Y, if LDAP authentication_method is selected - xa_ldap_groupRoleAttribute Attribute used to retrieve the group names from the group search filters - cn - Y, if LDAP authentication_method is selected - Active Directory Authentication - xa_ldap_ad_domain Active Directory Domain Name used for AD login - xasecure.net - Y, if ACTIVE_DIRECTORY authentication_method is selected - xa_ldap_ad_url Active Directory LDAP URL for authentication of user - ldap://ad.xasecure.net:389 - Y, if ACTIVE_DIRECTORY authentication_method is selected 
 
- Check the JAVA_HOME environment variable. If it has not yet been set, enter: - export JAVA_HOME=<path of installed jdk version folder> 

