This page shows you how to back up and restore a Ranger schema on Dataproc with Ranger clusters.
Before you begin
Create a bucket if needed. You must have access to a Cloud Storage bucket, which you will use to store and restore a Ranger schema.
To create a bucket:
- In the Google Cloud console, go to the Cloud Storage Buckets page.
- Click Create bucket.
- On the Create a bucket page, enter your bucket information. To go to the next
step, click Continue.
- For Name your bucket, enter a name that meets the bucket naming requirements.
-
For Choose where to store your data, do the following:
- Select a Location type option.
- Select a Location option.
- For Choose a default storage class for your data, select a storage class.
- For Choose how to control access to objects, select an Access control option.
- For Advanced settings (optional), specify an encryption method, a retention policy, or bucket labels.
- Click Create.
Back up a Ranger schema
Use SSH to connect to the Dataproc master node of the cluster with the Ranger schema. Run the commands in this section in the SSH terminal session running on the master node.
Set environment variables.
BUCKET_NAME=bucket name \ MYSQL_PASSWORD=MySQL password SCHEMA_FILE=schema filename
Replace the following:
MySQL password: You can open
/etc/mysql/my.cnf
on the cluster master node to copy the MySQL password.bucket name: The name of the Cloud Storage bucket to use to store the Ranger schema.
schema filename: Specify a filename, without the
.sql
filename extension. The Ranger schema is saved to this file on the master node, then saved in bucket name in Cloud Storage .
Stop Hive services.
sudo systemctl stop hive-metastore.service sudo systemctl stop hive-server2.service
Prevent changes to the Ranger schema tables.
mysql -u root -p${MYSQL_PASSWORD} REVOKE ALL PRIVILEGES ON ranger.* from 'rangeradmin'@'localhost'; GRANT SELECT ON ranger.* TO 'rangeradmin'@'localhost'; FLUSH PRIVILEGES; SHOW GRANTS FOR 'rangeradmin'@'localhost'; exit;
Save the Ranger schema to an
.sql
file.mysqldump -u root -p${MYSQL_PASSWORD} ranger > ${SCHEMA_FILE}.sql
Reset Ranger privileges.
mysql -u root -p${MYSQL_PASSWORD} REVOKE SELECT ON ranger.* from 'rangeradmin'@'localhost'; GRANT ALL PRIVILEGES ON ranger.* to 'rangeradmin'@'localhost'; FLUSH PRIVILEGES; SHOW GRANTS FOR 'rangeradmin'@'localhost'; exit;
Restart Hive and Ranger services.
sudo systemctl start hive-metastore.service sudo systemctl start hive-server2.service sudo systemctl restart ranger-admin.service sudo systemctl restart ranger-usersync.service
Copy the Ranger schema to Cloud Storage.
gcloud storage cp ${SCHEMA_FILE}.sql gs://${BUCKET_NAME}
Restore a Ranger schema
Use SSH to connect to the Dataproc master node of the cluster where you will restore the cluster schema. Run the commands in this section in the SSH terminal session running on the master node.
Set environment variables.
BUCKET_NAME=bucket name \ MYSQL_PASSWORD=MySQL password SCHEMA_FILE=schema filename
Replace the following:
MySQL password: You can open
/etc/mysql/my.cnf
on the cluster master node to copy the MySQL password.bucket name: The name of the Cloud Storage bucket that contains the saved Ranger schema.
schema filename: The name of the Ranger schema filename, without the
.sql
filename extension, saved in bucket name in Cloud Storage.
Stop Hive services.
sudo systemctl stop hive-metastore.service sudo systemctl stop hive-server2.service
Prevent changes to the Ranger schema tables.
mysql -u root -p${MYSQL_PASSWORD} REVOKE ALL PRIVILEGES ON ranger.* from 'rangeradmin'@'localhost'; GRANT SELECT ON ranger.* TO 'rangeradmin'@'localhost'; FLUSH PRIVILEGES; SHOW GRANTS FOR 'rangeradmin'@'localhost'; exit;
Copy the Ranger schema
.sql
file in Cloud Storage to the cluster master node.gcloud storage cp ${BUCKET_NAME}/${SCHEMA_FILE}.sql .
Restore the Ranger schema. This step overwrites the contents of the existing Ranger schema.
mysqldump -u root -p${MYSQL_PASSWORD} ranger < ${SCHEMA_FILE}.sql
Reset Ranger privileges.
mysql -u root -p${MYSQL_PASSWORD} REVOKE SELECT ON ranger.* from 'rangeradmin'@'localhost'; GRANT ALL PRIVILEGES ON ranger.* to 'rangeradmin'@'localhost'; FLUSH PRIVILEGES; SHOW GRANTS FOR 'rangeradmin'@'localhost'; exit;
Update Ranger configuration files. Change the Ranger DB host to a new database hostname in the following files with the following properties:
File Property ranger-hdfs-security.xml
ranger.plugin.hdfs.policy.rest.url
ranger-yarn-security.xml
ranger.plugin.yarn.policy.rest.url
Restart Hive and Ranger services.
sudo systemctl start hive-metastore.service sudo systemctl start hive-server2.service sudo systemctl restart ranger-admin.service sudo systemctl restart ranger-usersync.service