1、迁移用户,组
1、停止ranger策略写入(停服)备份旧库的通过mysql备份库迁移
#在老ranger 库执行
drop table if exists x_user_tmp ;
create table x_user_tmp as select *, null as other_attributes from x_user where id > 6;
drop table if exists x_group_tmp ;
create table x_group_tmp as select *, null as other_attributes from x_group where id > 1;
drop table if exists x_portal_user_tmp ;
create table x_portal_user_tmp as select *, null as other_attributes from x_portal_user where id > 5;
drop table if exists x_portal_user_role_tmp ;
create table x_portal_user_role_tmp as select * from x_portal_user_role where id > 5;
2、导出旧库mysql
mysqldump -uroot -proot ranger_db x_user_tmp x_group_tmp x_portal_user_tmp x_portal_user_role_tmp > ranger.sql
3、导入新库中并执行如下语句
source ./ranger.sql
insert into x_user select * from x_user_tmp;
insert into x_group select * from x_group_tmp;
insert into x_portal_user select * from x_portal_user_tmp;
insert into x_portal_user_role select * from x_portal_user_role_tmp;
2、迁移策略
如果策略不是很多的话,可以手动在旧策略导出,再新的ranger导入即可
如果策略比较多,可以写服务,脚本等导入,原理通过api查询策略,再通过api策略插入
api 可以通过页面查看
常用
#添加用户
curl -u admin:admin -v -i -s -X POST -H "Accept: application/json" -H "Content-Type: application/json" http://tianzehao.com:6080/service/xusers/secure/users -d '{ "name":"user2", "firstName":"user2", "lastName": "user2", "emailAddress" : null, "description" : "user1 desc", "password" : "user1pass", "groupIdList":[],"groupNameList":[],"status":1, "isVisible":1, "userRoleList": [ "ROLE_USER" ], "userSource": 0 }'
#添加hive策略
curl -iv -u admin:Rangeradmin12 -H "Content-Type: application/json" -d '{ "isEnabled":true,"service":"asdfasd","name":"test_policy","description":"test","isAuditEnabled":true,"resources":{"database":{"values":["asd"],"isExcludes":false,"isRecursive":false},"column":{"values":["*"],"isExcludes":false,"isRecursive":false},"table":{"values":["*"],"isExcludes":false,"isRecursive":false}},"policyItems":[{"accesses":[{"type":"select","isAllowed":true},{"type":"update","isAllowed":true},{"type":"create","isAllowed":true},{"type":"drop","isAllowed":true},{"type":"alter","isAllowed":true},{"type":"index","isAllowed":true},{"type":"lock","isAllowed":true},{"type":"all","isAllowed":true},{"type":"read","isAllowed":true},{"type":"write","isAllowed":true}],"users":["01416663"],"groups":[],"conditions":[],"delegateAdmin":false}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"options":{},"validitySchedules":[],"po* Connection #0 to host asdsasd left intactlicyLabels":[]}' -X POST http://tianzehao.com:6080/service/public/v2/api/policy
3、hive重新安装ranger-hive-plugin
修改配置,执行./enable-hive-plugin.sh即可
网友评论