Wednesday, April 18, 2018

Running the Apache Ranger Admin service 1.0.0 in Docker

Apache Ranger 1.0.0 has been recently released after a long development cycle, featuring a huge number of improvements and bug fixes. A previous blog post covered how to manually install the Apache Ranger admin service, by compiling the Apache Ranger source and using MySQL as the database. However this involves a large number of steps, as well as installing MySQL, Apache Maven, Java, etc. In this post we will show how Docker Compose can be used to easily set up the Apache Ranger 1.0.0 Admin Service.

1) Description

The project is available in my github testcases repository here. This project is provided as a quick and easy way to play around with the Apache Ranger admin service. It should not be deployed in production as it uses default security credentials, it is not secure with kerberos, auditing is not enabled, etc. It contains the configuration required to build two Docker images:
  • ranger-postgres: Contains a Docker File to set up a Postgres database for Apache Ranger, creating the necessary users for the Ranger admin installation scripts to work.
  • ranger-admin: Contains a Docker File to build, configure and install the Apache Ranger admin service. It downloads the Apache Ranger source code, and builds and extracts the Admin service. It configures it to use the postgres database and starts the Admin service when the docker image is started.
2) Building and running

First we need to build the docker images. This can be done via:
  • (In ranger-postgres) docker build . -t coheigea/ranger-postgres
  • (In ranger-admin) docker build . -t coheigea/ranger-admin
Note that the ranger-admin docker images takes a long time to build due to having to build the source code using Apache Maven - and hence it needs to download a large amount of dependencies.

There are two ways of running the project. The easiest is to install Docker compose and then simply start it with:
  •  docker-compose up
The alternative is to create a network so that we can link containers, and then run the images separately using docker, i.e.:
  • docker network create my-network
  • docker run -p 5432:5432 --name postgres-server --network my-network coheigea/ranger-postgres
  • docker run -p 6080:6080 -it --network my-network coheigea/ranger-admin
Once the Ranger admin server is started then open a browser and navigate to:
  • http://localhost:6080 (credentials: admin/admin)
To see how to create authorization policies for various big data components using the UI please refer to the numerous blog posts I have previously written on this topic (for example: Kafka, HBase, HDFS).