All Products
Search
Document Center

E-MapReduce:Ranger

Last Updated:Dec 12, 2024

Apache Ranger is a security framework that implements fine-grained access control across Hadoop components, such as Hadoop Distributed File System (HDFS), Hive, and YARN, in a centralized manner. You can manage permissions on the components in the web UI of Ranger.

Components of Ranger

Ranger consists of three modules:
  • Ranger Admin

    You can use Ranger Admin to create and update access policies. The policies are stored in a database. The plug-ins for Hadoop components poll the access policies on a regular basis.

  • Ranger Plug-ins

    The plug-ins for Hadoop components are embedded in cluster processes as lightweight Java programs. For example, the Hive plug-in is embedded in the Hiveserver2 process. The plug-ins obtain policies from Ranger Admin and store the policies in local files. When Ranger receives a request from a user of a Hadoop component, the plug-in for the component obtains the request, and then evaluates the request based on the access policies.

  • Ranger UserSync

    UserSync is a user information synchronization tool. It is used to fetch user and user group information from the UNIX system or an LDAP server. The information is stored in the database of Ranger Admin and is used to define policies.

Access the web UI of Ranger

  1. Add port 8443. For more information about how to add a port, see Add a security group rule.

  2. Go to the Access Links and Ports tab.

    1. Log on to the EMR console. In the left-side navigation pane, click EMR on ECS.

    2. In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.

    3. On the EMR on ECS page, find the desired cluster and click the name of the cluster.

    4. On the page that appears, click the Access Links and Ports tab.

  3. On the Access Links and Ports tab, find the Ranger service and click the link in the Access URL column.

  4. On the logon page of Ranger, enter a username and password.

    • Data lake scenario (DataLake clusters)

      • EMR V3.44.0 or a later minor version and EMR V5.10.0 or a later minor version

        The default username is admin, and the default password is Admin1234. If you forget the default password, resolve the issue by referring to FAQ.

      • A minor version earlier than EMR V3.44.0 or a minor version earlier than EMR V5.10.0

        The default username is admin, and the default password is admin1234. If you forget the default password, resolve the issue by referring to FAQ.

    • Old Data lake scenario (Hadoop clusters)

      The default username and password are admin. If you forget the default password, resolve the issue by referring to FAQ.

  5. Reset the password upon your first logon and record the password.

    1. Click Settings in the top navigation bar.

    2. Change the password of the admin user.

    3. In the upper-right corner, choose admin > Log Out.

      After the password is reset, you can use the new password to log on to the web UI of Ranger.

FAQ

Q: What do I do if I forget the password and cannot log on to the web UI of Ranger?

A: You can perform the following steps to resolve the issue:

  1. Log on to the master node of the cluster. For more information, see Log on to a cluster.

  2. Run the following command to reset the password of the admin user to the default password.

    • DataLake clusters

      • EMR V3.44.0 or a later minor version and EMR V5.10.0 or a later minor version

        mysql -urangeradmin -pRangeradmin1234 
        update ranger.x_portal_user set password="07e47d323c1c36c1dc2cc3966027d6f9" where login_id="admin";
      • A minor version earlier than EMR V3.44.0 or a minor version earlier than EMR V5.10.0

        mysql -urangeradmin -prangeradmin1234 
        update ranger.x_portal_user set password="257e4521fee681b67583e2e7a4ac1c28" where login_id="admin";
    • Hadoop clusters

      mysql -urangeradmin -prangeradmin 
      update ranger.x_portal_user set password="ceb4f32325eda6142bd65215f4c0f371" where login_id="admin";