Back up and restore a Ranger schema

This page shows you how to back up and restore a Ranger schema on Dataproc with Ranger clusters.

Before you begin

1. Create a bucket if needed. You must have access to a Cloud Storage bucket, which you will use to store and restore a Ranger schema.

   To create a bucket:

   1. In the Google Cloud console, go to the Cloud Storage Buckets page.

      Go to Buckets page

   2. Click Create bucket.
   3. On the Create a bucket page, enter your bucket information. To go to the next step, click Continue.
      • For Name your bucket, enter a name that meets the bucket naming requirements.
      • For Choose where to store your data, do the following:
        • Select a Location type option.
        • Select a Location option.
      • For Choose a default storage class for your data, select a storage class.
      • For Choose how to control access to objects, select an Access control option.
      • For Advanced settings (optional), specify an encryption method, a retention policy, or bucket labels.
   4. Click Create.

Back up a Ranger schema

1. Use SSH to connect to the Dataproc master node of the cluster with the Ranger schema. Run the commands in this section in the SSH terminal session running on the master node.

2. Set environment variables.

   BUCKET_NAME=bucket name \
     MYSQL_PASSWORD=MySQL password
     SCHEMA_FILE=schema filename
   

   Replace the following:

   • MySQL password: You can open /etc/mysql/my.cnf on the cluster master node to copy the MySQL password.

   • bucket name: The name of the Cloud Storage bucket to use to store the Ranger schema.

   • schema filename: Specify a filename, without the .sql filename extension. The Ranger schema is saved to this file on the master node, then saved in bucket name in Cloud Storage .

3. Stop Hive services.

   sudo systemctl stop hive-metastore.service
   sudo systemctl stop hive-server2.service
   

4. Prevent changes to the Ranger schema tables.

   mysql -u root -p${MYSQL_PASSWORD}
   REVOKE ALL PRIVILEGES ON ranger.* from 'rangeradmin'@'localhost';
   GRANT SELECT ON ranger.* TO 'rangeradmin'@'localhost';
   FLUSH PRIVILEGES;
   SHOW GRANTS FOR 'rangeradmin'@'localhost';
   exit;
   

5. Save the Ranger schema to an .sql file.

   mysqldump -u root -p${MYSQL_PASSWORD} ranger > ${SCHEMA_FILE}.sql
   

6. Reset Ranger privileges.

   mysql -u root -p${MYSQL_PASSWORD}
   REVOKE SELECT ON ranger.* from 'rangeradmin'@'localhost';
   GRANT ALL PRIVILEGES ON ranger.* to 'rangeradmin'@'localhost';
   FLUSH PRIVILEGES;
   SHOW GRANTS FOR 'rangeradmin'@'localhost';
   exit;
   

7. Restart Hive and Ranger services.

   sudo systemctl start hive-metastore.service
     sudo systemctl start hive-server2.service
     sudo systemctl restart ranger-admin.service
     sudo systemctl restart ranger-usersync.service
   

8. Copy the Ranger schema to Cloud Storage.

   gcloud storage cp ${SCHEMA_FILE}.sql gs://${BUCKET_NAME}
   

Restore a Ranger schema

1. Use SSH to connect to the Dataproc master node of the cluster where you will restore the cluster schema. Run the commands in this section in the SSH terminal session running on the master node.

2. Set environment variables.

   BUCKET_NAME=bucket name \
     MYSQL_PASSWORD=MySQL password
     SCHEMA_FILE=schema filename
   

   Replace the following:

   • MySQL password: You can open /etc/mysql/my.cnf on the cluster master node to copy the MySQL password.

   • bucket name: The name of the Cloud Storage bucket that contains the saved Ranger schema.

   • schema filename: The name of the Ranger schema filename, without the .sql filename extension, saved in bucket name in Cloud Storage.

3. Stop Hive services.

   sudo systemctl stop hive-metastore.service
   sudo systemctl stop hive-server2.service
   

4. Prevent changes to the Ranger schema tables.

   mysql -u root -p${MYSQL_PASSWORD}
   REVOKE ALL PRIVILEGES ON ranger.* from 'rangeradmin'@'localhost';
   GRANT SELECT ON ranger.* TO 'rangeradmin'@'localhost';
   FLUSH PRIVILEGES;
   SHOW GRANTS FOR 'rangeradmin'@'localhost';
   exit;
   

5. Copy the Ranger schema .sql file in Cloud Storage to the cluster master node.

   gcloud storage cp ${BUCKET_NAME}/${SCHEMA_FILE}.sql .
   

6. Restore the Ranger schema. This step overwrites the contents of the existing Ranger schema.

   mysqldump -u root -p${MYSQL_PASSWORD} ranger < ${SCHEMA_FILE}.sql
   

7. Reset Ranger privileges.

   mysql -u root -p${MYSQL_PASSWORD}
   REVOKE SELECT ON ranger.* from 'rangeradmin'@'localhost';
   GRANT ALL PRIVILEGES ON ranger.* to 'rangeradmin'@'localhost';
   FLUSH PRIVILEGES;
   SHOW GRANTS FOR 'rangeradmin'@'localhost';
   exit;
   

8. Update Ranger configuration files. Change the Ranger DB host to a new database hostname in the following files with the following properties:

   File	Property
   ranger-hdfs-security.xml	ranger.plugin.hdfs.policy.rest.url
   ranger-yarn-security.xml	ranger.plugin.yarn.policy.rest.url

9. Restart Hive and Ranger services.

   sudo systemctl start hive-metastore.service
     sudo systemctl start hive-server2.service
     sudo systemctl restart ranger-admin.service
     sudo systemctl restart ranger-usersync.service