Choose a location where your bucket's data is permanently stored from the Location type drop-down menu.
If you select the dual-region location type, you can
also choose to enable turbo replication by using the
relevant checkbox.
To set up cross-bucket replication, select
Add cross-bucket replication via Storage Transfer Service and
follow these steps:
Set up cross-bucket replication
In the Bucket menu, select a bucket.
In the Replication settings section,
click Configure to configure settings for the
replication job.
The Configure cross-bucket replication pane
appears.
To filter objects to replicate by object name prefix,
enter a prefix that you want to include or exclude objects from, then click addAdd a prefix.
To set a storage class for the replicated objects,
select a storage class from the Storage class menu.
If you skip this step, the replicated objects will use the
destination bucket's storage class by default.
Click Done.
In the Choose how to store your data section, do the following:
Select a default storage class for the bucket or
Autoclass for automatic storage class management of your
bucket's data.
To enable hierarchical namespace, in the
Optimize storage for data-intensive workloads section, select
Enable hierarchical namespace on this bucket.
In the Choose how to control access to objects section, select
whether or not your bucket enforces public access prevention,
and select an access control method for your bucket's objects.
In the Choose how to protect object data section, do the
following:
Select any of the options under Data protection that you
want to set for your bucket.
To enable soft delete, click the
Soft delete policy (For data recovery) checkbox,
and specify the number of days you want to retain objects
after deletion.
To set Object Versioning, click the
Object versioning (For version control) checkbox,
and specify the maximum number of versions per object and the number of days after which
the noncurrent versions expire.
To enable the retention policy on objects and buckets, click the Retention (For compliance) checkbox, and then do the following:
To enable Bucket Lock, click the Set bucket retention policy checkbox, and choose a unit of time and a length of time for your retention period.
To choose how your object data will be encrypted, expand the
Data encryption section (expand_more), and select a
Data encryption method.
Click Create.
Crear una copia de seguridad de un esquema de Ranger
Usa SSH para conectarte
al nodo maestro de Dataproc del clúster con el esquema de Ranger.
Ejecuta los comandos de esta sección en la sesión de terminal SSH que se esté ejecutando en el nodo maestro.
Define las variables de entorno.
BUCKET_NAME=bucket name \
MYSQL_PASSWORD=MySQL password
SCHEMA_FILE=schema filename
Haz los cambios siguientes:
MySQL password: puedes abrir /etc/mysql/my.cnf en el nodo maestro del clúster para copiar la contraseña de MySQL.
bucket name: nombre del segmento de Cloud Storage que se usará para almacenar el esquema de Ranger.
schema filename: especifica un nombre de archivo
sin la extensión de nombre de archivo .sql. El esquema de Ranger se guarda en este archivo del nodo maestro y, a continuación, en bucket name
en Cloud Storage .
Evita que se hagan cambios en las tablas de esquema de Ranger.
mysql -u root -p${MYSQL_PASSWORD}
REVOKE ALL PRIVILEGES ON ranger.* from 'rangeradmin'@'localhost';
GRANT SELECT ON ranger.* TO 'rangeradmin'@'localhost';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'rangeradmin'@'localhost';
exit;
mysql -u root -p${MYSQL_PASSWORD}
REVOKE SELECT ON ranger.* from 'rangeradmin'@'localhost';
GRANT ALL PRIVILEGES ON ranger.* to 'rangeradmin'@'localhost';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'rangeradmin'@'localhost';
exit;
Usa SSH para conectarte al nodo maestro de Dataproc del clúster en el que vas a restaurar el esquema del clúster.
Ejecuta los comandos de esta sección en la sesión de terminal SSH que se esté ejecutando en el nodo maestro.
Define las variables de entorno.
BUCKET_NAME=bucket name \
MYSQL_PASSWORD=MySQL password
SCHEMA_FILE=schema filename
Haz los cambios siguientes:
MySQL password: puedes abrir /etc/mysql/my.cnf en el nodo maestro del clúster para copiar la contraseña de MySQL.
bucket name: nombre del segmento de Cloud Storage que contiene el esquema de Ranger guardado.
schema filename: nombre del archivo de esquema de Ranger, sin la extensión .sql, guardado en bucket name en Cloud Storage.
Evita que se hagan cambios en las tablas de esquema de Ranger.
mysql -u root -p${MYSQL_PASSWORD}
REVOKE ALL PRIVILEGES ON ranger.* from 'rangeradmin'@'localhost';
GRANT SELECT ON ranger.* TO 'rangeradmin'@'localhost';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'rangeradmin'@'localhost';
exit;
Copia el archivo de esquema de Ranger .sql de Cloud Storage en el nodo maestro del clúster.
mysql -u root -p${MYSQL_PASSWORD}
REVOKE SELECT ON ranger.* from 'rangeradmin'@'localhost';
GRANT ALL PRIVILEGES ON ranger.* to 'rangeradmin'@'localhost';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'rangeradmin'@'localhost';
exit;
Actualiza los archivos de configuración de Ranger. Cambia el host de la base de datos de Ranger por el nombre de host de una nueva base de datos en los siguientes archivos con las siguientes propiedades:
[[["Es fácil de entender","easyToUnderstand","thumb-up"],["Me ofreció una solución al problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Es difícil de entender","hardToUnderstand","thumb-down"],["La información o el código de muestra no son correctos","incorrectInformationOrSampleCode","thumb-down"],["Me faltan las muestras o la información que necesito","missingTheInformationSamplesINeed","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Otro","otherDown","thumb-down"]],["Última actualización: 2025-09-11 (UTC)."],[[["\u003cp\u003eThis page details how to back up and restore a Ranger schema on Dataproc with Ranger clusters, requiring a Cloud Storage bucket for storage.\u003c/p\u003e\n"],["\u003cp\u003eBacking up involves connecting to the Dataproc master node via SSH, setting environment variables, stopping Hive services, saving the schema to an \u003ccode\u003e.sql\u003c/code\u003e file, and copying it to Cloud Storage.\u003c/p\u003e\n"],["\u003cp\u003eRestoring requires connecting to the Dataproc master node via SSH, setting environment variables, stopping Hive services, and copying the schema \u003ccode\u003e.sql\u003c/code\u003e file from Cloud Storage to the cluster.\u003c/p\u003e\n"],["\u003cp\u003eBoth processes involve temporarily preventing changes to the Ranger schema tables and resetting Ranger privileges, and restarting Hive and Ranger services.\u003c/p\u003e\n"],["\u003cp\u003eRestoring the Ranger schema will overwrite the contents of the existing Ranger schema, and it may be required to update ranger configuration files.\u003c/p\u003e\n"]]],[],null,["This page shows you how to back up and restore a Ranger schema on\n[Dataproc with Ranger clusters](/dataproc/docs/concepts/components/ranger).\n\nBefore you begin\n\n1. Create a bucket if needed. You must have access to a Cloud Storage bucket,\n which you will use to store and restore a Ranger schema.\n\n To create a bucket:\n\n\n 1. In the Google Cloud console, go to the Cloud Storage **Buckets** page.\n\n [Go to Buckets](https://console.cloud.google.com/storage/browser)\n 2. Click add_box **Create**.\n 3. On the **Create a bucket** page, enter your bucket information. To go to the next step, click **Continue** .\n 1. In the **Get started** section, do the following:\n - Enter a globally unique name that meets the [bucket naming requirements](/storage/docs/bucket-naming#requirements).\n - To add a [bucket label](/storage/docs/tags-and-labels#bucket-labels), expand the **Labels** section (expand_more), click *add_box* **Add label** , and specify a `key` and a `value` for your label.\n 2. In the **Choose where to store your data** section, do the following:\n 1. Select a [Location type](/storage/docs/locations).\n 2. Choose a location where your bucket's data is permanently stored from the **[Location type](/storage/docs/locations#available-locations)** drop-down menu.\n - If you select the [dual-region](/storage/docs/locations#location-dr) location type, you can also choose to enable [turbo replication](/storage/docs/availability-durability#turbo-replication) by using the relevant checkbox.\n 3. To set up [cross-bucket replication](/storage/docs/availability-durability#cross-bucket-replication), select **Add cross-bucket replication via Storage Transfer Service** and follow these steps: \n\n Set up cross-bucket replication\n 1. In the **Bucket** menu, select a bucket.\n 2. In the **Replication settings** section,\n click **Configure** to configure settings for the\n replication job.\n\n The **Configure cross-bucket replication** pane\n appears.\n - To filter objects to replicate by object name prefix, enter a prefix that you want to include or exclude objects from, then click add **Add a prefix**.\n - To set a storage class for the replicated objects, select a storage class from the **Storage class** menu. If you skip this step, the replicated objects will use the destination bucket's storage class by default.\n - Click **Done**.\n 3. In the **Choose how to store your data** section, do the following:\n 1. Select a [default storage class](/storage/docs/storage-classes) for the bucket or [Autoclass](/storage/docs/autoclass) for automatic storage class management of your bucket's data.\n 2. To enable [hierarchical namespace](/storage/docs/hns-overview), in the **Optimize storage for data-intensive workloads** section, select **Enable hierarchical namespace on this bucket** . **Note:** You cannot enable hierarchical namespace in existing buckets.\n 4. In the **Choose how to control access to objects** section, select whether or not your bucket enforces [public access prevention](/storage/docs/public-access-prevention), and select an [access control method](/storage/docs/access-control) for your bucket's objects. **Note:** You cannot change the **Prevent public access** setting if this setting is enforced at an [organization policy](/storage/docs/org-policy-constraints#public-access-prevention).\n 5. In the **Choose how to protect object data** section, do the following:\n - Select any of the options under **Data protection** that you want to set for your bucket.\n - To enable [soft delete](/storage/docs/soft-delete), click the **Soft delete policy (For data recovery)** checkbox, and specify the number of days you want to retain objects after deletion.\n - To set [Object Versioning](/storage/docs/object-versioning), click the **Object versioning (For version control)** checkbox, and specify the maximum number of versions per object and the number of days after which the noncurrent versions expire.\n - To enable the retention policy on objects and buckets, click the **Retention (For compliance)** checkbox, and then do the following:\n - To enable [Object Retention Lock](/storage/docs/object-lock), click the **Enable object retention** checkbox.\n - To enable [Bucket Lock](/storage/docs/bucket-lock), click the **Set bucket retention policy** checkbox, and choose a unit of time and a length of time for your retention period.\n - To choose how your object data will be encrypted, expand the **Data encryption** section (expand_more), and select a [**Data encryption** method](/storage/docs/encryption).\n 4. Click **Create**.\n\n \u003cbr /\u003e\n\nBack up a Ranger schema\n\n1. Use [SSH](/dataproc/docs/concepts/accessing/ssh) to connect\n to the Dataproc master node of the cluster with the Ranger schema.\n **Run the commands in this section in the SSH terminal session running on\n the master node.**\n\n2. Set environment variables.\n\n ```\n BUCKET_NAME=bucket name \\\n MYSQL_PASSWORD=MySQL password\n SCHEMA_FILE=schema filename\n ```\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eMySQL password\u003c/var\u003e: You can open `/etc/mysql/my.cnf` on the cluster\n master node to copy the MySQL password.\n\n - \u003cvar translate=\"no\"\u003ebucket name\u003c/var\u003e: The name of the Cloud Storage bucket to\n use to store the Ranger schema.\n\n - \u003cvar translate=\"no\"\u003eschema filename\u003c/var\u003e: Specify a filename,\n without the `.sql` filename extension. The Ranger schema is saved\n to this file on the master node, then saved in \u003cvar translate=\"no\"\u003ebucket name\u003c/var\u003e\n in Cloud Storage .\n\n3. Stop Hive services.\n\n ```\n sudo systemctl stop hive-metastore.service\n sudo systemctl stop hive-server2.service\n ```\n\n \u003cbr /\u003e\n\n4. Prevent changes to the Ranger schema tables.\n\n ```\n mysql -u root -p${MYSQL_PASSWORD}\n REVOKE ALL PRIVILEGES ON ranger.* from 'rangeradmin'@'localhost';\n GRANT SELECT ON ranger.* TO 'rangeradmin'@'localhost';\n FLUSH PRIVILEGES;\n SHOW GRANTS FOR 'rangeradmin'@'localhost';\n exit;\n ```\n5. Save the Ranger schema to an `.sql` file.\n\n ```\n mysqldump -u root -p${MYSQL_PASSWORD} ranger \u003e ${SCHEMA_FILE}.sql\n ```\n6. Reset Ranger privileges.\n\n ```\n mysql -u root -p${MYSQL_PASSWORD}\n REVOKE SELECT ON ranger.* from 'rangeradmin'@'localhost';\n GRANT ALL PRIVILEGES ON ranger.* to 'rangeradmin'@'localhost';\n FLUSH PRIVILEGES;\n SHOW GRANTS FOR 'rangeradmin'@'localhost';\n exit;\n ```\n7. Restart Hive and Ranger services.\n\n ```\n sudo systemctl start hive-metastore.service\n sudo systemctl start hive-server2.service\n sudo systemctl restart ranger-admin.service\n sudo systemctl restart ranger-usersync.service\n ```\n8. Copy the Ranger schema to Cloud Storage.\n\n ```\n gcloud storage cp ${SCHEMA_FILE}.sql gs://${BUCKET_NAME}\n ```\n\nRestore a Ranger schema **Note:** If you back up then restore the schema to same cluster, you may be able to use the SSH session and environment variables used in your [Ranger schema backup session](#back_up_a_ranger_schema).\n\n1. Use [SSH](/dataproc/docs/concepts/accessing/ssh) to connect\n to the Dataproc master node of the cluster where you\n will restore the cluster schema.\n **Run the commands in this section in the SSH terminal session running on\n the master node.**\n\n2. Set environment variables.\n\n ```\n BUCKET_NAME=bucket name \\\n MYSQL_PASSWORD=MySQL password\n SCHEMA_FILE=schema filename\n ```\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eMySQL password\u003c/var\u003e: You can open `/etc/mysql/my.cnf` on the cluster\n master node to copy the MySQL password.\n\n - \u003cvar translate=\"no\"\u003ebucket name\u003c/var\u003e: The name of the Cloud Storage bucket\n that contains the saved Ranger schema.\n\n - \u003cvar translate=\"no\"\u003eschema filename\u003c/var\u003e: The name of the Ranger schema\n filename, without the `.sql` filename extension, saved in\n \u003cvar translate=\"no\"\u003ebucket name\u003c/var\u003e in Cloud Storage.\n\n3. Stop Hive services.\n\n ```\n sudo systemctl stop hive-metastore.service\n sudo systemctl stop hive-server2.service\n ```\n\n \u003cbr /\u003e\n\n4. Prevent changes to the Ranger schema tables.\n\n ```\n mysql -u root -p${MYSQL_PASSWORD}\n REVOKE ALL PRIVILEGES ON ranger.* from 'rangeradmin'@'localhost';\n GRANT SELECT ON ranger.* TO 'rangeradmin'@'localhost';\n FLUSH PRIVILEGES;\n SHOW GRANTS FOR 'rangeradmin'@'localhost';\n exit;\n ```\n5. Copy the Ranger schema `.sql` file in Cloud Storage to the cluster\n master node.\n\n ```\n gcloud storage cp ${BUCKET_NAME}/${SCHEMA_FILE}.sql .\n ```\n6. Restore the Ranger schema. **This step overwrites the contents of the\n existing Ranger schema.**\n\n ```\n mysqldump -u root -p${MYSQL_PASSWORD} ranger \u003c ${SCHEMA_FILE}.sql\n ```\n7. Reset Ranger privileges.\n\n ```\n mysql -u root -p${MYSQL_PASSWORD}\n REVOKE SELECT ON ranger.* from 'rangeradmin'@'localhost';\n GRANT ALL PRIVILEGES ON ranger.* to 'rangeradmin'@'localhost';\n FLUSH PRIVILEGES;\n SHOW GRANTS FOR 'rangeradmin'@'localhost';\n exit;\n ```\n8. Update Ranger configuration files. Change the Ranger DB host to a new\n database hostname in the following files with the following properties:\n\n | File | Property |\n |----------------------------|--------------------------------------|\n | `ranger-hdfs-security.xml` | `ranger.plugin.hdfs.policy.rest.url` |\n | `ranger-yarn-security.xml` | `ranger.plugin.yarn.policy.rest.url` |\n\n9. Restart Hive and Ranger services.\n\n ```\n sudo systemctl start hive-metastore.service\n sudo systemctl start hive-server2.service\n sudo systemctl restart ranger-admin.service\n sudo systemctl restart ranger-usersync.service\n ```"]]
