Running Apache Ranger |

Running Ranger

The following file and directories are relevant to running Ranger using Helm.

# resources for executing Helm
└── kubernetes
    └── helm
        └── ranger
            └── values.yaml

# resources for running Ranger
└── kubernetes
    ├── ranger-conf
    └── ranger-key
        └── install.properties

The file kubernetes/helm/ranger/values.yaml defines the default values for the Helm chart. Typically the user creates another file (e.g., values-ranger.yaml) in order to override some of these default values. The user can update configuration files in the directory kubernetes/ranger-conf and kubernetes/ranger-key/install.properties to control the behavior of Ranger. The user should copy keytab files to the directory kubernetes/ranger-key.

Assuming that a new YAML file values-ranger.yaml overrides the default values in kubernetes/helm/ranger/values.yaml, the user can run Ranger with namespace hivemr3 as follows:

$ ln -s $(pwd)/kubernetes/ranger-conf/ kubernetes/helm/ranger/conf
$ ln -s $(pwd)/kubernetes/ranger-key/ kubernetes/helm/ranger/key
$ helm install --namespace hivemr3 kubernetes/helm/ranger -f values-ranger.yaml

Here the first two commands create symbolic links so that Helm can access the directories kubernetes/ranger-conf and kubernetes/ranger-key directly.

Enabling SSL

In order to enable SSL, the user should have a TrustStore file. Follow the instruction in Enabling SSL to perform the following:

Create a self-signed certificate for SSL by executing the script kubernetes/generate-hivemr3-ssl.sh, and set the environment variable MR3_SSL_KEYSTORE_PASSWORD in kubernetes/config-run.sh.
Configure Ranger to use SSL.

Then execute the script kubernetes/run-ranger.sh with an argument --generate-truststore (which is mandatory) in order to create a KeyStore file kubernetes/ranger-key/hivemr3-ssl-certificate.jks.

$ pwd
/home/gla/mr3-run/kubernetes
$ ./run-ranger.sh --generate-truststore

Updating `kubernetes/helm/ranger/values.yaml`

After updating the YAML file values-ranger.yaml and the configuration files, the user can use Helm in the same way to run Ranger. Below we describe each part of kubernetes/helm/ranger/values.yaml.

`name`

This part specifies the names of various Kubernetes objects. It is unnecessary to override the default values.

name:
  ranger:
    configMap: hivemr3-ranger-configmap
    secret: hivemr3-ranger-secret
  persistentVolume: workdir-ranger-pv
  persistentVolumeClaim: workdir-ranger-pvc

`docker` for the Docker image

docker:
  image: 10.1.91.17:5000/ranger:latest
  user: ranger
  imagePullPolicy: Always
  imagePullSecrets:

docker/image specifies the full name of the Docker image including a tag.
docker/user should match the user specified in kubernetes/ranger/Dockerfile when creating the Docker image.
docker/imagePullPolicy specifies the pull policy for the Docker image.
docker/imagePullSecrets specifies the pull secret for the Docker image. It is set to empty if no pull secret is necessary.

`ranger` for Ranger

ranger:
  httpPort: 6080
  httpsPort: 6182
  solrPort: 6083
  externalIp: 10.1.91.41

  createSecret: true

  rangerResources:
    requests:
      cpu: 1
      memory: 4Gi
    limits:
      cpu: 1
      memory: 4Gi
  solrResources:
    requests:
      cpu: 1
      memory: 4Gi
    limits:
      cpu: 1
      memory: 4Gi

ranger/httpPort, ranger/httpsPort, and ranger/solrPort specify the port numbers for exposing Ranger to the outside of the Kubernetes cluster.
ranger/externalIp specifies the host for the Service for exposing Ranger to the outside of the Kubernetes cluster.

ranger/createSecret specifies whether or not to crate a Secret from those files in the directory kubernetes/ranger-key.

ranger/rangerResources specifies the resources to be allocated to the Ranger container inside the Ranger Pod.
ranger/solrResources specifies the resources to be allocated to the Solr container inside the Ranger Pod.

`workDir` for PersistentVolume

workDir:
  isNfs: true
  nfs:
    server: "10.1.91.17"
    path: "/work/nfs/mr3-run-work-dir"
  volumeSize: 10Gi
  volumeClaimSize: 10Gi
  storageClassName: ""
  volumeStr:

workDir/isNfs specifies whether the PersistentVolume uses NFS or not.
workDir/nfs/server and workDir/nfs/path specify the address of the NFS server and the path exported by the NFS server (when workDir/isNfs is set to true).
workDir/volumeSize and workDir/volumeClaimSize specify the size of the PersistentVolume and the PersistentVolumeClaim.
workDir/storageClassName specifies the StorageClass of the PersistentVolume.
workDir/volumeStr specifies the PersistentVolume to use when workDir/isNfs is set to false. For example, volumeStr: "hostPath:\n path: /work/nfs/mr3-run-work-dir" creates a hostPath PersistentVolume.

`logLevel` and `hostAliases`

logLevel: INFO

hostAliases:
- ip: "10.1.91.4"
  hostnames:
  - "red0"
- ip: "10.1.91.17"
  hostnames:
  - "indigo0"
- ip: "10.1.91.41"
  hostnames:
  - "indigo20"

logLevel specifies the logging level.
hostAliases lists host aliases.

Running Ranger

Enabling SSL

Updating kubernetes/helm/ranger/values.yaml

name

docker for the Docker image

ranger for Ranger