| |
| |
| <!DOCTYPE html> |
| <html lang="en"> |
| <head> |
| <meta charset="utf-8"> |
| <meta http-equiv="X-UA-Compatible" content="IE=edge"> |
| <meta name="viewport" content="width=device-width, initial-scale=1"> |
| |
| <meta name="description" content="Apache Ozone Documentation"> |
| |
| <title>Documentation for Apache Ozone</title> |
| |
| |
| <link href="../../css/bootstrap.min.css" rel="stylesheet"> |
| |
| |
| <link href="../../css/ozonedoc.css" rel="stylesheet"> |
| |
| |
| |
| <link href="../../swagger-resources/swagger-ui.css" rel="stylesheet"> |
| |
| |
| <script> |
| var _paq = window._paq = window._paq || []; |
| |
| |
| |
| _paq.push(['disableCookies']); |
| |
| |
| _paq.push(['trackPageView']); |
| _paq.push(['enableLinkTracking']); |
| (function() { |
| var u="//analytics.apache.org/"; |
| _paq.push(['setTrackerUrl', u+'matomo.php']); |
| _paq.push(['setSiteId', '34']); |
| var d=document, g=d.createElement('script'), |
| s=d.getElementsByTagName('script')[0]; |
| g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); |
| })(); |
| </script> |
| |
| |
| </head> |
| |
| |
| <body> |
| |
| |
| <nav class="navbar navbar-inverse navbar-fixed-top"> |
| <div class="container-fluid"> |
| <div class="navbar-header"> |
| <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#sidebar" aria-expanded="false" aria-controls="navbar"> |
| <span class="sr-only">Toggle navigation</span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| </button> |
| <a href="../../zh/index.html" class="navbar-left ozone-logo"> |
| <img src="../../ozone-logo-small.png"/> |
| </a> |
| <a class="navbar-brand hidden-xs" href="../../zh/index.html"> |
| Apache Ozone/HDDS Documentation |
| </a> |
| <a class="navbar-brand visible-xs-inline" href="#">Apache Ozone</a> |
| </div> |
| <div id="navbar" class="navbar-collapse collapse"> |
| <ul class="nav navbar-nav navbar-right"> |
| <li><a href="https://github.com/apache/ozone">Source</a></li> |
| <li><a href="https://ozone.apache.org">Apache Ozone</a></li> |
| <li><a href="https://apache.org">ASF</a></li> |
| </ul> |
| </div> |
| </div> |
| </nav> |
| |
| |
| <div class="wrapper"> |
| <div class="container-fluid"> |
| <div class="row"> |
| |
| <div class="col-sm-2 col-md-2 sidebar" id="sidebar"> |
| <ul class="nav nav-sidebar"> |
| |
| |
| |
| <li class=""> |
| |
| <a href="../../zh/index.html"> |
| |
| |
| |
| <span>概述</span> |
| </a> |
| </li> |
| |
| |
| |
| <li class=""> |
| |
| <a href="../../zh/start.html"> |
| |
| |
| |
| <span>快速入门</span> |
| </a> |
| </li> |
| |
| |
| |
| <li class=""> |
| <a href="../../zh/concept.html"> |
| |
| <span>概念</span> |
| </a> |
| <ul class="nav"> |
| |
| <li class=""> |
| |
| <a href="../../zh/concept/overview.html">概览</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/concept/ozonemanager.html">Ozone Manager</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/concept/storagecontainermanager.html">Storage Container Manager</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/concept/datanodes.html">数据节点</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/concept/containers.html">Containers</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/concept/recon.html">Recon</a> |
| |
| </li> |
| |
| </ul> |
| </li> |
| |
| |
| |
| <li class=""> |
| <a href="../../zh/feature.html"> |
| |
| <span>特性</span> |
| </a> |
| <ul class="nav"> |
| |
| <li class=""> |
| |
| <a href="../../zh/feature/decommission.html">Decommissioning</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/feature/erasurecoding.html">纠删码</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/feature/om-ha.html">高可用 OM</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/feature/scm-ha.html">高可用 SCM</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/feature/dn-merge-rocksdb.html">在DataNode上合并Container的RocksDB</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/feature/prefixfso.html">基于前缀的文件系统优化</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/feature/topology.html">拓扑感知能力</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/feature/quota.html">Ozone 中的配额</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/feature/recon.html">Recon 服务器</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/feature/reconfigurability.html">动态加载配置</a> |
| |
| </li> |
| |
| </ul> |
| </li> |
| |
| |
| |
| <li class=""> |
| <a href="../../zh/security.html"> |
| |
| <span>安全</span> |
| </a> |
| <ul class="nav"> |
| |
| <li class=""> |
| |
| <a href="../../zh/security/secureozone.html">安全化 Ozone</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/security/securingtde.html">透明数据加密</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/security/gdpr.html">Ozone 中的 GDPR</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/security/securingdatanodes.html">安全化 Datanode</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/security/securings3.html">安全化 S3</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/security/securityacls.html">Ozone 访问控制列表</a> |
| |
| </li> |
| |
| <li class="active"> |
| |
| <a href="../../zh/security/securitywithranger.html">Apache Ranger</a> |
| |
| </li> |
| |
| </ul> |
| </li> |
| |
| |
| |
| <li class=""> |
| <a href="../../zh/interface.html"> |
| |
| <span>编程接口</span> |
| </a> |
| <ul class="nav"> |
| |
| <li class=""> |
| |
| <a href="../../zh/interface/javaapi.html">Java API</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/interface/o3fs.html">Ozone 文件系统</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/interface/csi.html">CSI 协议</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/interface/s3.html">S3 协议接口</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/interface/reconapi.html">Recon API</a> |
| |
| </li> |
| |
| </ul> |
| </li> |
| |
| |
| |
| <li class=""> |
| |
| <a href="../../zh/tools.html"> |
| |
| |
| |
| <span>工具</span> |
| </a> |
| </li> |
| |
| |
| |
| <li class=""> |
| |
| <a href="../../zh/recipe.html"> |
| |
| |
| |
| <span>使用配方</span> |
| </a> |
| </li> |
| |
| |
| <li><a href="../../design.html"><span><b>Design docs</b></span></a></li> |
| <li class="visible-xs"><a href="#">References</a> |
| <ul class="nav"> |
| <li><a href="https://github.com/apache/ozone"><span class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Source</a></li> |
| <li><a href="https://ozone.apache.org"><span class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Apache Ozone</a></li> |
| <li><a href="https://apache.org"><span class="glyphicon glyphicon-new-window" aria-hidden="true"></span> ASF</a></li> |
| </ul></li> |
| </ul> |
| |
| </div> |
| |
| <div class="col-sm-10 col-sm-offset-2 col-md-10 col-md-offset-2 main-content"> |
| |
| |
| |
| <div class="col-md-9"> |
| <nav aria-label="breadcrumb"> |
| <ol class="breadcrumb"> |
| <li class="breadcrumb-item"><a href="../../zh/index.html">Home</a></li> |
| <li class="breadcrumb-item" aria-current="page"><a href="../../zh/security.html">安全</a></li> |
| <li class="breadcrumb-item active" aria-current="page">Apache Ranger</li> |
| </ol> |
| </nav> |
| |
| |
| |
| <div class="pull-right"> |
| |
| |
| |
| <a href="../../security/securitywithranger.html"><span class="label label-success">English</span></a> |
| |
| |
| |
| |
| </div> |
| |
| |
| <div class="col-md-9"> |
| <h1>Apache Ranger</h1> |
| |
| <!--- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <p>Apache Ranger™ 是一个用于管理和监控 Hadoop 平台复杂数据权限的框架。Apache Ranger 从2.0版本开始支持Ozone鉴权。但由于在2.0中存在一些bug,因此我们更推荐使用Apache Ranger 2.1及以后版本。</p> |
| <p>你需要先在你的 Hadoop 集群上安装 Apache Ranger,安装指南可以参考 <a href="https://ranger.apache.org/index.html">Apache Ranger 官网</a>.</p> |
| <p>如果你已经安装好了 Apache Ranger,那么 Ozone 的配置十分简单,你只需要启用 ACL 支持并且将 ACL 授权类设置为 Ranger 授权类,在 ozone-site.xml 中添加下面的参数:</p> |
| <table> |
| <thead> |
| <tr> |
| <th>参数名</th> |
| <th>参数值</th> |
| </tr> |
| </thead> |
| <tbody> |
| <tr> |
| <td>ozone.acl.enabled</td> |
| <td>true</td> |
| </tr> |
| <tr> |
| <td>ozone.acl.authorizer.class</td> |
| <td>org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer</td> |
| </tr> |
| </tbody> |
| </table> |
| <p>为了使用 RangerOzoneAuthorizer,还需要在 ozone-env.sh 中增加下面环境变量:</p> |
| <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">export OZONE_MANAGER_CLASSPATH<span style="color:#f92672">=</span><span style="color:#e6db74">"</span><span style="color:#e6db74">${</span>OZONE_HOME<span style="color:#e6db74">}</span><span style="color:#e6db74">/share/ozone/lib/libext/*"</span> |
| </code></pre></div><ul> |
| <li>ranger-ozone-plugin jars 具体路径取决于 Ranger Ozone plugin 安装配置。</li> |
| <li>如果 ranger-ozone-plugin jars 安装在其他节点,需要拷贝到 Ozone 安装目录。</li> |
| </ul> |
| <p>Ozone各类操作对应Ranger权限如下:</p> |
| <table> |
| <thead> |
| <tr> |
| <th style="text-align:left">operation&permission</th> |
| <th style="text-align:left">Volume permission</th> |
| <th style="text-align:left">Bucket permission</th> |
| <th style="text-align:left">Key permission</th> |
| </tr> |
| </thead> |
| <tbody> |
| <tr> |
| <td style="text-align:left">Create volume</td> |
| <td style="text-align:left">CREATE</td> |
| <td style="text-align:left"></td> |
| <td style="text-align:left"></td> |
| </tr> |
| <tr> |
| <td style="text-align:left">List volume</td> |
| <td style="text-align:left">LIST</td> |
| <td style="text-align:left"></td> |
| <td style="text-align:left"></td> |
| </tr> |
| <tr> |
| <td style="text-align:left">Get volume Info</td> |
| <td style="text-align:left">READ</td> |
| <td style="text-align:left"></td> |
| <td style="text-align:left"></td> |
| </tr> |
| <tr> |
| <td style="text-align:left">Delete volume</td> |
| <td style="text-align:left">DELETE</td> |
| <td style="text-align:left"></td> |
| <td style="text-align:left"></td> |
| </tr> |
| <tr> |
| <td style="text-align:left">Create bucket</td> |
| <td style="text-align:left">READ</td> |
| <td style="text-align:left">CREATE</td> |
| <td style="text-align:left"></td> |
| </tr> |
| <tr> |
| <td style="text-align:left">List bucket</td> |
| <td style="text-align:left">LIST, READ</td> |
| <td style="text-align:left"></td> |
| <td style="text-align:left"></td> |
| </tr> |
| <tr> |
| <td style="text-align:left">Get bucket info</td> |
| <td style="text-align:left">READ</td> |
| <td style="text-align:left">READ</td> |
| <td style="text-align:left"></td> |
| </tr> |
| <tr> |
| <td style="text-align:left">Delete bucket</td> |
| <td style="text-align:left">READ</td> |
| <td style="text-align:left">DELETE</td> |
| <td style="text-align:left"></td> |
| </tr> |
| <tr> |
| <td style="text-align:left">List key</td> |
| <td style="text-align:left">READ</td> |
| <td style="text-align:left">LIST, READ</td> |
| <td style="text-align:left"></td> |
| </tr> |
| <tr> |
| <td style="text-align:left">Write key</td> |
| <td style="text-align:left">READ</td> |
| <td style="text-align:left">READ</td> |
| <td style="text-align:left">CREATE, WRITE</td> |
| </tr> |
| <tr> |
| <td style="text-align:left">Read key</td> |
| <td style="text-align:left">READ</td> |
| <td style="text-align:left">READ</td> |
| <td style="text-align:left">READ</td> |
| </tr> |
| </tbody> |
| </table> |
| |
| |
| |
| </div> |
| |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="push"></div> |
| </div> |
| |
| |
| |
| <footer class="footer"> |
| <div class="container"> |
| <span class="small text-muted"> |
| Version: 1.5.0-SNAPSHOT, Last Modified: February 27, 2024 <a class="hide-child link primary-color" href="https://github.com/apache/ozone/commit/7939faf7d6c904bf1e4ad32baa5d6d0c1de19003">7939faf</a> |
| </span> |
| </div> |
| </footer> |
| |
| |
| |
| <script src="../../js/jquery-3.5.1.min.js"></script> |
| <script src="../../js/ozonedoc.js"></script> |
| <script src="../../js/bootstrap.min.js"></script> |
| |
| |
| </body> |
| |
| </html> |