Choose a location where your bucket's data is permanently stored from the Location type drop-down menu.
If you select the dual-region location type, you can
also choose to enable turbo replication by using the
relevant checkbox.
To set up cross-bucket replication, select
Add cross-bucket replication via Storage Transfer Service and
follow these steps:
Set up cross-bucket replication
In the Bucket menu, select a bucket.
In the Replication settings section,
click Configure to configure settings for the
replication job.
The Configure cross-bucket replication pane
appears.
To filter objects to replicate by object name prefix,
enter a prefix that you want to include or exclude objects from, then click addAdd a prefix.
To set a storage class for the replicated objects,
select a storage class from the Storage class menu.
If you skip this step, the replicated objects will use the
destination bucket's storage class by default.
Click Done.
In the Choose how to store your data section, do the following:
Select a default storage class for the bucket or
Autoclass for automatic storage class management of your
bucket's data.
To enable hierarchical namespace, in the
Optimize storage for data-intensive workloads section, select
Enable hierarchical namespace on this bucket.
In the Choose how to control access to objects section, select
whether or not your bucket enforces public access prevention,
and select an access control method for your bucket's objects.
In the Choose how to protect object data section, do the
following:
Select any of the options under Data protection that you
want to set for your bucket.
To enable soft delete, click the
Soft delete policy (For data recovery) checkbox,
and specify the number of days you want to retain objects
after deletion.
To set Object Versioning, click the
Object versioning (For version control) checkbox,
and specify the maximum number of versions per object and the number of days after which
the noncurrent versions expire.
To enable the retention policy on objects and buckets, click the Retention (For compliance) checkbox, and then do the following:
To enable Bucket Lock, click the Set bucket retention policy checkbox, and choose a unit of time and a length of time for your retention period.
To choose how your object data will be encrypted, expand the
Data encryption section (expand_more), and select a
Data encryption method.
Click Create.
Sauvegarder un schéma Ranger
Utilisez SSH pour vous connecter au nœud maître Dataproc du cluster avec le schéma Ranger.
Exécutez les commandes de cette section dans la session de terminal SSH qui s'exécute sur le nœud maître.
Définir des variables d'environnement.
BUCKET_NAME=bucket name \
MYSQL_PASSWORD=MySQL password
SCHEMA_FILE=schema filename
Remplacez les éléments suivants :
MySQL password : vous pouvez ouvrir /etc/mysql/my.cnf sur le nœud maître du cluster pour copier le mot de passe MySQL.
bucket name : nom du bucket Cloud Storage à utiliser pour stocker le schéma Ranger.
schema filename : spécifiez un nom de fichier, sans l'extension .sql. Le schéma Ranger est enregistré dans ce fichier sur le nœud maître, puis dans bucket name dans Cloud Storage .
Empêchez les modifications apportées aux tables de schéma Ranger.
mysql -u root -p${MYSQL_PASSWORD}
REVOKE ALL PRIVILEGES ON ranger.* from 'rangeradmin'@'localhost';
GRANT SELECT ON ranger.* TO 'rangeradmin'@'localhost';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'rangeradmin'@'localhost';
exit;
Enregistrez le schéma Ranger dans un fichier .sql.
mysql -u root -p${MYSQL_PASSWORD}
REVOKE SELECT ON ranger.* from 'rangeradmin'@'localhost';
GRANT ALL PRIVILEGES ON ranger.* to 'rangeradmin'@'localhost';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'rangeradmin'@'localhost';
exit;
Utilisez SSH pour vous connecter au nœud maître Dataproc du cluster dans lequel vous allez restaurer le schéma du cluster.
Exécutez les commandes de cette section dans la session de terminal SSH qui s'exécute sur le nœud maître.
Définir des variables d'environnement.
BUCKET_NAME=bucket name \
MYSQL_PASSWORD=MySQL password
SCHEMA_FILE=schema filename
Remplacez les éléments suivants :
MySQL password : vous pouvez ouvrir /etc/mysql/my.cnf sur le nœud maître du cluster pour copier le mot de passe MySQL.
bucket name : nom du bucket Cloud Storage contenant le schéma Ranger enregistré.
schema filename : nom du fichier de schéma Ranger, sans l'extension de nom de fichier .sql, enregistré dans bucket name dans Cloud Storage.
Empêchez les modifications apportées aux tables de schéma Ranger.
mysql -u root -p${MYSQL_PASSWORD}
REVOKE ALL PRIVILEGES ON ranger.* from 'rangeradmin'@'localhost';
GRANT SELECT ON ranger.* TO 'rangeradmin'@'localhost';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'rangeradmin'@'localhost';
exit;
Copiez le fichier de schéma Ranger .sql dans Cloud Storage vers le nœud maître du cluster.
mysql -u root -p${MYSQL_PASSWORD}
REVOKE SELECT ON ranger.* from 'rangeradmin'@'localhost';
GRANT ALL PRIVILEGES ON ranger.* to 'rangeradmin'@'localhost';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'rangeradmin'@'localhost';
exit;
Mettez à jour les fichiers de configuration Ranger. Modifiez l'hôte de la base de données Ranger par un nouvel hôte de base de données dans les fichiers suivants avec les propriétés suivantes :
Sauf indication contraire, le contenu de cette page est régi par une licence Creative Commons Attribution 4.0, et les échantillons de code sont régis par une licence Apache 2.0. Pour en savoir plus, consultez les Règles du site Google Developers. Java est une marque déposée d'Oracle et/ou de ses sociétés affiliées.
Dernière mise à jour le 2025/09/04 (UTC).
[[["Facile à comprendre","easyToUnderstand","thumb-up"],["J'ai pu résoudre mon problème","solvedMyProblem","thumb-up"],["Autre","otherUp","thumb-up"]],[["Difficile à comprendre","hardToUnderstand","thumb-down"],["Informations ou exemple de code incorrects","incorrectInformationOrSampleCode","thumb-down"],["Il n'y a pas l'information/les exemples dont j'ai besoin","missingTheInformationSamplesINeed","thumb-down"],["Problème de traduction","translationIssue","thumb-down"],["Autre","otherDown","thumb-down"]],["Dernière mise à jour le 2025/09/04 (UTC)."],[[["\u003cp\u003eThis page details how to back up and restore a Ranger schema on Dataproc with Ranger clusters, requiring a Cloud Storage bucket for storage.\u003c/p\u003e\n"],["\u003cp\u003eBacking up involves connecting to the Dataproc master node via SSH, setting environment variables, stopping Hive services, saving the schema to an \u003ccode\u003e.sql\u003c/code\u003e file, and copying it to Cloud Storage.\u003c/p\u003e\n"],["\u003cp\u003eRestoring requires connecting to the Dataproc master node via SSH, setting environment variables, stopping Hive services, and copying the schema \u003ccode\u003e.sql\u003c/code\u003e file from Cloud Storage to the cluster.\u003c/p\u003e\n"],["\u003cp\u003eBoth processes involve temporarily preventing changes to the Ranger schema tables and resetting Ranger privileges, and restarting Hive and Ranger services.\u003c/p\u003e\n"],["\u003cp\u003eRestoring the Ranger schema will overwrite the contents of the existing Ranger schema, and it may be required to update ranger configuration files.\u003c/p\u003e\n"]]],[],null,["This page shows you how to back up and restore a Ranger schema on\n[Dataproc with Ranger clusters](/dataproc/docs/concepts/components/ranger).\n\nBefore you begin\n\n1. Create a bucket if needed. You must have access to a Cloud Storage bucket,\n which you will use to store and restore a Ranger schema.\n\n To create a bucket:\n\n\n 1. In the Google Cloud console, go to the Cloud Storage **Buckets** page.\n\n [Go to Buckets](https://console.cloud.google.com/storage/browser)\n 2. Click add_box **Create**.\n 3. On the **Create a bucket** page, enter your bucket information. To go to the next step, click **Continue** .\n 1. In the **Get started** section, do the following:\n - Enter a globally unique name that meets the [bucket naming requirements](/storage/docs/bucket-naming#requirements).\n - To add a [bucket label](/storage/docs/tags-and-labels#bucket-labels), expand the **Labels** section (expand_more), click *add_box* **Add label** , and specify a `key` and a `value` for your label.\n 2. In the **Choose where to store your data** section, do the following:\n 1. Select a [Location type](/storage/docs/locations).\n 2. Choose a location where your bucket's data is permanently stored from the **[Location type](/storage/docs/locations#available-locations)** drop-down menu.\n - If you select the [dual-region](/storage/docs/locations#location-dr) location type, you can also choose to enable [turbo replication](/storage/docs/availability-durability#turbo-replication) by using the relevant checkbox.\n 3. To set up [cross-bucket replication](/storage/docs/availability-durability#cross-bucket-replication), select **Add cross-bucket replication via Storage Transfer Service** and follow these steps: \n\n Set up cross-bucket replication\n 1. In the **Bucket** menu, select a bucket.\n 2. In the **Replication settings** section,\n click **Configure** to configure settings for the\n replication job.\n\n The **Configure cross-bucket replication** pane\n appears.\n - To filter objects to replicate by object name prefix, enter a prefix that you want to include or exclude objects from, then click add **Add a prefix**.\n - To set a storage class for the replicated objects, select a storage class from the **Storage class** menu. If you skip this step, the replicated objects will use the destination bucket's storage class by default.\n - Click **Done**.\n 3. In the **Choose how to store your data** section, do the following:\n 1. Select a [default storage class](/storage/docs/storage-classes) for the bucket or [Autoclass](/storage/docs/autoclass) for automatic storage class management of your bucket's data.\n 2. To enable [hierarchical namespace](/storage/docs/hns-overview), in the **Optimize storage for data-intensive workloads** section, select **Enable hierarchical namespace on this bucket** . **Note:** You cannot enable hierarchical namespace in existing buckets.\n 4. In the **Choose how to control access to objects** section, select whether or not your bucket enforces [public access prevention](/storage/docs/public-access-prevention), and select an [access control method](/storage/docs/access-control) for your bucket's objects. **Note:** You cannot change the **Prevent public access** setting if this setting is enforced at an [organization policy](/storage/docs/org-policy-constraints#public-access-prevention).\n 5. In the **Choose how to protect object data** section, do the following:\n - Select any of the options under **Data protection** that you want to set for your bucket.\n - To enable [soft delete](/storage/docs/soft-delete), click the **Soft delete policy (For data recovery)** checkbox, and specify the number of days you want to retain objects after deletion.\n - To set [Object Versioning](/storage/docs/object-versioning), click the **Object versioning (For version control)** checkbox, and specify the maximum number of versions per object and the number of days after which the noncurrent versions expire.\n - To enable the retention policy on objects and buckets, click the **Retention (For compliance)** checkbox, and then do the following:\n - To enable [Object Retention Lock](/storage/docs/object-lock), click the **Enable object retention** checkbox.\n - To enable [Bucket Lock](/storage/docs/bucket-lock), click the **Set bucket retention policy** checkbox, and choose a unit of time and a length of time for your retention period.\n - To choose how your object data will be encrypted, expand the **Data encryption** section (expand_more), and select a [**Data encryption** method](/storage/docs/encryption).\n 4. Click **Create**.\n\n \u003cbr /\u003e\n\nBack up a Ranger schema\n\n1. Use [SSH](/dataproc/docs/concepts/accessing/ssh) to connect\n to the Dataproc master node of the cluster with the Ranger schema.\n **Run the commands in this section in the SSH terminal session running on\n the master node.**\n\n2. Set environment variables.\n\n ```\n BUCKET_NAME=bucket name \\\n MYSQL_PASSWORD=MySQL password\n SCHEMA_FILE=schema filename\n ```\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eMySQL password\u003c/var\u003e: You can open `/etc/mysql/my.cnf` on the cluster\n master node to copy the MySQL password.\n\n - \u003cvar translate=\"no\"\u003ebucket name\u003c/var\u003e: The name of the Cloud Storage bucket to\n use to store the Ranger schema.\n\n - \u003cvar translate=\"no\"\u003eschema filename\u003c/var\u003e: Specify a filename,\n without the `.sql` filename extension. The Ranger schema is saved\n to this file on the master node, then saved in \u003cvar translate=\"no\"\u003ebucket name\u003c/var\u003e\n in Cloud Storage .\n\n3. Stop Hive services.\n\n ```\n sudo systemctl stop hive-metastore.service\n sudo systemctl stop hive-server2.service\n ```\n\n \u003cbr /\u003e\n\n4. Prevent changes to the Ranger schema tables.\n\n ```\n mysql -u root -p${MYSQL_PASSWORD}\n REVOKE ALL PRIVILEGES ON ranger.* from 'rangeradmin'@'localhost';\n GRANT SELECT ON ranger.* TO 'rangeradmin'@'localhost';\n FLUSH PRIVILEGES;\n SHOW GRANTS FOR 'rangeradmin'@'localhost';\n exit;\n ```\n5. Save the Ranger schema to an `.sql` file.\n\n ```\n mysqldump -u root -p${MYSQL_PASSWORD} ranger \u003e ${SCHEMA_FILE}.sql\n ```\n6. Reset Ranger privileges.\n\n ```\n mysql -u root -p${MYSQL_PASSWORD}\n REVOKE SELECT ON ranger.* from 'rangeradmin'@'localhost';\n GRANT ALL PRIVILEGES ON ranger.* to 'rangeradmin'@'localhost';\n FLUSH PRIVILEGES;\n SHOW GRANTS FOR 'rangeradmin'@'localhost';\n exit;\n ```\n7. Restart Hive and Ranger services.\n\n ```\n sudo systemctl start hive-metastore.service\n sudo systemctl start hive-server2.service\n sudo systemctl restart ranger-admin.service\n sudo systemctl restart ranger-usersync.service\n ```\n8. Copy the Ranger schema to Cloud Storage.\n\n ```\n gcloud storage cp ${SCHEMA_FILE}.sql gs://${BUCKET_NAME}\n ```\n\nRestore a Ranger schema **Note:** If you back up then restore the schema to same cluster, you may be able to use the SSH session and environment variables used in your [Ranger schema backup session](#back_up_a_ranger_schema).\n\n1. Use [SSH](/dataproc/docs/concepts/accessing/ssh) to connect\n to the Dataproc master node of the cluster where you\n will restore the cluster schema.\n **Run the commands in this section in the SSH terminal session running on\n the master node.**\n\n2. Set environment variables.\n\n ```\n BUCKET_NAME=bucket name \\\n MYSQL_PASSWORD=MySQL password\n SCHEMA_FILE=schema filename\n ```\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eMySQL password\u003c/var\u003e: You can open `/etc/mysql/my.cnf` on the cluster\n master node to copy the MySQL password.\n\n - \u003cvar translate=\"no\"\u003ebucket name\u003c/var\u003e: The name of the Cloud Storage bucket\n that contains the saved Ranger schema.\n\n - \u003cvar translate=\"no\"\u003eschema filename\u003c/var\u003e: The name of the Ranger schema\n filename, without the `.sql` filename extension, saved in\n \u003cvar translate=\"no\"\u003ebucket name\u003c/var\u003e in Cloud Storage.\n\n3. Stop Hive services.\n\n ```\n sudo systemctl stop hive-metastore.service\n sudo systemctl stop hive-server2.service\n ```\n\n \u003cbr /\u003e\n\n4. Prevent changes to the Ranger schema tables.\n\n ```\n mysql -u root -p${MYSQL_PASSWORD}\n REVOKE ALL PRIVILEGES ON ranger.* from 'rangeradmin'@'localhost';\n GRANT SELECT ON ranger.* TO 'rangeradmin'@'localhost';\n FLUSH PRIVILEGES;\n SHOW GRANTS FOR 'rangeradmin'@'localhost';\n exit;\n ```\n5. Copy the Ranger schema `.sql` file in Cloud Storage to the cluster\n master node.\n\n ```\n gcloud storage cp ${BUCKET_NAME}/${SCHEMA_FILE}.sql .\n ```\n6. Restore the Ranger schema. **This step overwrites the contents of the\n existing Ranger schema.**\n\n ```\n mysqldump -u root -p${MYSQL_PASSWORD} ranger \u003c ${SCHEMA_FILE}.sql\n ```\n7. Reset Ranger privileges.\n\n ```\n mysql -u root -p${MYSQL_PASSWORD}\n REVOKE SELECT ON ranger.* from 'rangeradmin'@'localhost';\n GRANT ALL PRIVILEGES ON ranger.* to 'rangeradmin'@'localhost';\n FLUSH PRIVILEGES;\n SHOW GRANTS FOR 'rangeradmin'@'localhost';\n exit;\n ```\n8. Update Ranger configuration files. Change the Ranger DB host to a new\n database hostname in the following files with the following properties:\n\n | File | Property |\n |----------------------------|--------------------------------------|\n | `ranger-hdfs-security.xml` | `ranger.plugin.hdfs.policy.rest.url` |\n | `ranger-yarn-security.xml` | `ranger.plugin.yarn.policy.rest.url` |\n\n9. Restart Hive and Ranger services.\n\n ```\n sudo systemctl start hive-metastore.service\n sudo systemctl start hive-server2.service\n sudo systemctl restart ranger-admin.service\n sudo systemctl restart ranger-usersync.service\n ```"]]
