1. 首页
  2. 文章中心
  3. hadoop

hadoop+kerberos+ranger Api整理(六)

72 阅读 0 评论
我是靠谱客的博主 纯真自行车,最近开发中收集的这篇文章主要介绍hadoop+kerberos+ranger Api整理(六),觉得挺不错的,现在分享给大家,希望可以做个参考。

概述

文章目录

    • 一、hdfsApi
    • 二、hbaseApi
    • 三、hiveApi
    • 四、rangerApi
    • 五、kerberosApi

一、hdfsApi

package com.hadoop_jdbc;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.security.UserGroupInformation;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
public class HdfsUtils {
public static void main(String[] args) throws Exception {
String reportPath = new File("src/main/resources").getCanonicalFile() + "/hadoop/";
//kerberos认证
kerberosLogin(reportPath);
//获取fs连接
FileSystem fs = getFs();
//查看文件夹
findDir(fs);
//创建文件夹
//
mkDir(fs,"/zhanzhk222");
//删除文件夹
rmDir(fs, "/zhanzhk222");
}
/**
* 查看文件夹
*
* @param fs
*/
private static void findDir(FileSystem fs) throws IOException {
//查看文件夹
FileStatus[] fileStatuses = fs.listStatus(new Path("/"));
//遍历 fileStatuses
for (FileStatus fileStatus : fileStatuses) {
System.out.println(fileStatus);
}
}
/**
* 创建文件夹
*
* @param fs
* @param pathStr
* @throws IOException
*/
private static void mkDir(FileSystem fs, String pathStr) throws IOException {
//创建一个Path对象传入想要创建hdfs的路径
Path path = new Path(pathStr);
//判断是否存在要是存在就删除,以免报错
if (fs.exists(path)) {
System.out.println("文件夹已存在");
}
//创建目录
FsPermission filePermission = null;
filePermission = new FsPermission(
FsAction.ALL, //user action
FsAction.NONE, //group action
FsAction.NONE);//other action
//创建目录 不设置权限,默认为当前hdfs服务器启动用户
boolean success = fs.mkdirs(path, filePermission);
System.out.println("路径创建: " + success);
//
}
/**
* 删除目录
*
* @param fs
* @param pathStr
* @throws Exception
*/
private static void rmDir(FileSystem fs, String pathStr) throws IOException {
fs.delete(new Path(pathStr), true);
}
/**
* 获取hdfs系统客户端
*
* @return
* @throws URISyntaxException
* @throws IOException
*/
private static FileSystem getFs() throws URISyntaxException, IOException {
//hadoop配置文件,自动获取hadoop的hdfs配置文件
Configuration conf = new Configuration();
//有做kerberos认证的需要加上该配置,否则会出现无法上传数据到hdfs的错误
conf.set("dfs.data.transfer.protection", "integrity");
conf.set("fs.defaultFS", "hdfs://mycluster");
conf.set("dfs.nameservices", "mycluster");
conf.set("dfs.ha.namenodes.mycluster", "nn1,nn2");
conf.set("dfs.namenode.rpc-address.mycluster.nn1", "node10:8020");
conf.set("dfs.namenode.rpc-address.mycluster.nn2", "node11:8020");
conf.set("dfs.client.failover.proxy.provider.mycluster",
"org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider");
//创建url 9000是端口号配置文件中有,master是主机名,如果没有配置映射可以是ip地址
URI uri = new URI("hdfs://mycluster/");
//等同于客户端
FileSystem fs = FileSystem.get(uri, conf);
return fs;
}
/**
* kerberos认真
*/
public static void kerberosLogin(String path) {
// 设置jvm启动时krb5的读取路径参数
System.setProperty("java.security.krb5.conf", path + "krb5.conf");
// 配置kerberos认证
Configuration conf = new Configuration();
conf.setBoolean("hadoop.security.authorization", true);
conf.set("hadoop.security.authentication", "kerberos");
UserGroupInformation.setConfiguration(conf);
try {
UserGroupInformation.loginUserFromKeytab("hadoop/node10@HADOOP.COM", path + "hadoop.keytab");
} catch (IOException e) {
e.printStackTrace();
}
}
}

二、hbaseApi

package com.hadoop_jdbc;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.NamespaceDescriptor;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.security.UserGroupInformation;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
public class HbaseUtils {
public static void main(String[] args) throws IOException {
String reportPath = new File("src/main/resources").getCanonicalFile() + "/hadoop/";
//kerberos认证
kerberosLogin(reportPath);
//获取连接
Connection connection = getConnection();
//查询命名空间
List<Map<String, Object>> namespaces = getNameSpace(connection);
System.out.println(namespaces);
//查询表
List<Map<String, Object>> tables = getTables("default", connection);
System.out.println(tables);
connection.close();
}
/**
* nameSpace
*
* @param connection
* @return
* @throws IOException
*/
public static List<Map<String, Object>> getNameSpace(Connection connection) throws IOException {
Admin admin = connection.getAdmin();
List<Map<String, Object>> list = new ArrayList<>();
//获取指定命名空间下的表描述对象
NamespaceDescriptor[] namespaces = admin.listNamespaceDescriptors();
for (NamespaceDescriptor namespaceDescriptor : namespaces) {
Map map = new HashMap();
map.put("tableName", namespaceDescriptor.getName());
list.add(map);
}
admin.close();
return list;
}
/**
* nameSpace
*
* @param db
* @param connection
* @return
* @throws IOException
*/
public static List<Map<String, Object>> getTables(String db, Connection connection) throws IOException {
Admin admin = connection.getAdmin();
List<Map<String, Object>> list = new ArrayList<>();
//获取指定命名空间下的表描述对象
HTableDescriptor[] tableDescriptors = admin.listTableDescriptorsByNamespace(db);
for (HTableDescriptor tableDescriptor : tableDescriptors) {
Map map = new HashMap();
map.put("tableName", tableDescriptor.getNameAsString());
list.add(map);
}
admin.close();
return list;
}
/**
* 获取连接
*
* @return
* @throws IOException
*/
public static Connection getConnection() throws IOException {
Configuration conf = HBaseConfiguration.create();
// 必需
conf.set("hadoop.security.authentication", "kerberos");
// 必需
conf.set("hbase.security.authentication", "kerberos");
conf.set("hbase.regionserver.kerberos.principal", "hadoop/node10@HADOOP.COM");
conf.set("hbase.zookeeper.quorum", "node10,node11,node12");
conf.set("hbase.zookeeper.property.clientPort", "2181");
// (非必需)
conf.set("hbase.master.kerberos.principal", "hadoop/node10@HADOOP.COM");
UserGroupInformation.setConfiguration(conf);
return ConnectionFactory.createConnection(conf);
}
/**
* kerberos认证
*/
public static void kerberosLogin(String path) {
// 设置jvm启动时krb5的读取路径参数
System.setProperty("java.security.krb5.conf", path + "krb5.conf");
// 配置kerberos认证
Configuration conf = new Configuration();
conf.setBoolean("hadoop.security.authorization", true);
conf.set("hadoop.security.authentication", "kerberos");
UserGroupInformation.setConfiguration(conf);
try {
UserGroupInformation.loginUserFromKeytab("hadoop/node10@HADOOP.COM", path + "hadoop.keytab");
} catch (IOException e) {
e.printStackTrace();
}
}
}

三、hiveApi

package com.hadoop_jdbc;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.log4j.BasicConfigurator;
import java.io.File;
import java.io.IOException;
import java.sql.*;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
public class HiveUtils {
public static void main(String[] args) throws Exception {
String reportPath = new File("src/main/resources").getCanonicalFile() + "/hadoop/";
//kerberos认证
kerberosLogin(reportPath);
//获取hive连接
Connection connection = getConnection("default");
//查看表
List<Map<String, Object>> databases = showDatabases(connection);
System.out.println(databases);
//关闭连接
connection.close();
}
//查询库
private static List<Map<String, Object>> showDatabases(Connection conn) throws Exception {
//查询语句
String sql = "show databases";
//获取执行链接
PreparedStatement pstm = conn.prepareStatement(sql);
//执行结果
ResultSet rs = pstm.executeQuery();
List<Map<String, Object>> list = new ArrayList<>();
while (rs.next()) {
String database_name = rs.getString("database_name");
Map map = new HashMap();
map.put("database_name", database_name);
list.add(map);
}
rs.close();
pstm.close();
return list;
}
/**
* 获取hive链接
*
* @return
*/
public static Connection getConnection(String db) {
//开启日志
BasicConfigurator.configure();
//hive数据库
String url = "jdbc:hive2://node10:10000/" + db + ";principal=hadoop/node10@HADOOP.COM";
try {
//加载hive驱动
Class.forName("org.apache.hive.jdbc.HiveDriver");
//获取链接
Connection conn = DriverManager.getConnection(url, "test", "");//此用户不起作用
return conn;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
/**
* kerberos认真
*/
public static void kerberosLogin(String path) {
// 设置jvm启动时krb5的读取路径参数
System.setProperty("java.security.krb5.conf", path + "krb5.conf");
// 配置kerberos认证
Configuration conf = new Configuration();
conf.setBoolean("hadoop.security.authorization", true);
conf.set("hadoop.security.authentication", "kerberos");
UserGroupInformation.setConfiguration(conf);
try {
UserGroupInformation.loginUserFromKeytab("hadoop/node10@HADOOP.COM", path + "hadoop.keytab");
} catch (IOException e) {
e.printStackTrace();
}
}
}

四、rangerApi

package com.ranger;
import com.google.gson.Gson;
import com.ranger.utils.ResultResponse;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.admin.client.datatype.RESTResponse;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.util.RangerRESTUtils;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.jboss.logging.Logger;
import java.lang.reflect.Array;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
* @author 天真热
* @create 2022-12-01 10:04
* @desc
**/
public class RangerApi {
private static String rangerBaseUrl = "http://192.168.248.12:6080";
private static String adminUser = "admin";
private static String adminPwd = "ffcsict123";
// ranger自己的登录密码(不是通过单点登录的密码)
/**
* 获取rangerAdmin的client连接
*
* @return
*/
public static Client getClient() {
Client client = null;
try {
client = Client.create();
client.addFilter(new HTTPBasicAuthFilter(adminUser, adminPwd));
} catch (Exception e) {
e.printStackTrace();
return null;
}
return client;
}
/**
* 根据服务名称、策略名称获取策略(没有填写策略名称,则获取服务底下的所有策略)
*
* @param service
* @param policyName
* @return
*/
public static ResultResponse getPolicy(String service, String policyName) {
ResultResponse resultResponse = ResultResponse.success("获取成功");
String url = "";
if (policyName == null || "".equals(policyName)) {
//拼接地址
url = rangerBaseUrl + "/service/plugins/secure/policies/download/" + service;
} else {
//拼接地址
url = rangerBaseUrl + "/service/public/v2/api/service/" + service + "/policy/" + policyName;
}
//获取客户端连接
Client client = getClient();
ClientResponse response = null;
String jsonString = null;
try {
//请求rangerAdmin,获取回复信息
WebResource webResource = client.resource(url);
response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).get(ClientResponse.class);
if (response.getStatus() == 200) {
jsonString = response.getEntity(String.class);
resultResponse.setData(jsonString);
} else {
RESTResponse resp = RESTResponse.fromClientResponse(response);
jsonString = resp.toJson();
resultResponse.setSuccess(false);
resultResponse.setData(jsonString);
resultResponse.setMessage("获取失败,状态码:" + response.getStatus());
}
} catch (Exception e) {
e.printStackTrace();
RESTResponse resp = RESTResponse.fromClientResponse(response);
jsonString = resp.toJson();
resultResponse.setData(jsonString);
resultResponse.setSuccess(false);
resultResponse.setMessage("获取失败,异常信息:" + e.toString());
} finally {
if (response != null) {
response.close();
}
if (client != null) {
client.destroy();
}
}
return resultResponse;
}
/**
* 创建/更新策略,如果存在policyId就执行更新,否则执行新增
*
* @param rangerPolicyObject
* @return
*/
public static ResultResponse saveOrUpdatePolicy(RangerPolicyObject rangerPolicyObject) {
ResultResponse resultResponse = ResultResponse.success("创建成功");
//拼接地址
String url = rangerBaseUrl + "/service/public/v2/api/policy";
//如果是更新,则需要变更拼接地址
if (StringUtils.isNotEmpty(rangerPolicyObject.getPolicyId())) {
url = url + "/" + rangerPolicyObject.getPolicyId();
}
ClientResponse response = null;
Client client = getClient();
try {
//创建连接
WebResource webResource = client.resource(url);
Gson gson = new Gson();
//拼接获取icy createOfPolicy对象
RangerPolicy rangerPolicy = transformRangerPolicy(rangerPolicyObject);
//新增
if (StringUtils.isEmpty(rangerPolicyObject.getPolicyId())) {
//请求服务器,创建策略
response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE)
.type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE)
.post(ClientResponse.class, gson.toJson(rangerPolicy));
} else {
response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE)
.type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).put(ClientResponse.class, gson.toJson(rangerPolicy));
}
if (response != null && response.getStatus() == 200) {
RangerPolicy newRangerPolicy = response.getEntity(RangerPolicy.class);
resultResponse.setData(newRangerPolicy);
} else {
resultResponse.setMessage("创建失败,状态码:" + response.getStatus());
resultResponse.setSuccess(false);
}
} catch (Exception e) {
e.printStackTrace();
resultResponse.setMessage("创建失败,异常信息:" + e.toString());
resultResponse.setSuccess(false);
} finally {
if (response != null) {
response.close();
}
if (client != null) {
client.destroy();
}
}
return resultResponse;
}
/**
* 解析自定义的rangerPolicyObject对象,解析属性转为RangerPolicy策略对象
*
* @param rangerPolicyObject
* @return
*/
public static RangerPolicy transformRangerPolicy(RangerPolicyObject rangerPolicyObject) {
//服务名称
String serviceName = rangerPolicyObject.getServiceName();
//策略名称
String policeNames = rangerPolicyObject.getPoliceName();
//描述
String description = rangerPolicyObject.getDescription();
//创建者
String createdByUserAccount = null;
//策略-用户账号,多个则使用","隔开
String policeUsers = rangerPolicyObject.getPoliceUsers();
//策略-数据库,多个则使用","隔开
String dbNames = rangerPolicyObject.getDbNames();
//策略-表,多个则使用","隔开
String tableNames = rangerPolicyObject.getTableNames();
//策略-表,多个则使用","隔开
String columnNames = rangerPolicyObject.getColumnNames();
//策略-操作权限,多个则使用","隔开
String operatePermissionsTypes = rangerPolicyObject.getPermissionsTypes();
RangerPolicy rangerPolicy = new RangerPolicy();
//======================================基础参数======================================================
rangerPolicy.setService(serviceName);
rangerPolicy.setName(policeNames);
rangerPolicy.setIsAuditEnabled(true);
rangerPolicy.setDescription(description);
rangerPolicy.setCreatedBy(createdByUserAccount);
//======================================设置策略详情=====================================================
//数据库
RangerPolicy.RangerPolicyResource dbRangerPolicyResource = new RangerPolicy.RangerPolicyResource();
//表
RangerPolicy.RangerPolicyResource tablerRangerPolicyResource = new RangerPolicy.RangerPolicyResource();
//字段
RangerPolicy.RangerPolicyResource columnRangerPolicyResource = new RangerPolicy.RangerPolicyResource();
//字段族
RangerPolicy.RangerPolicyResource columnFamilyRangerPolicyResource = new RangerPolicy.RangerPolicyResource();
//路径
RangerPolicy.RangerPolicyResource pathRangerPolicyResource = new RangerPolicy.RangerPolicyResource();
//队列
RangerPolicy.RangerPolicyResource queueRangerPolicyResource = new RangerPolicy.RangerPolicyResource();
//设置库策略
dbRangerPolicyResource.setValues(rangerPolicyObject.getDbList());
dbRangerPolicyResource.setIsExcludes(false);
dbRangerPolicyResource.setIsRecursive(false);
//设置表策略
tablerRangerPolicyResource.setValues(rangerPolicyObject.getTableList());
tablerRangerPolicyResource.setIsExcludes(false);
tablerRangerPolicyResource.setIsRecursive(false);
//设置字段策略
columnRangerPolicyResource.setValues(rangerPolicyObject.getColumnList());
columnRangerPolicyResource.setIsExcludes(false);
columnRangerPolicyResource.setIsRecursive(false);
//设置字段族策略
columnFamilyRangerPolicyResource.setValues(rangerPolicyObject.getColumnFamilyList());
columnFamilyRangerPolicyResource.setIsExcludes(false);
columnFamilyRangerPolicyResource.setIsRecursive(false);
//设置路径策略
pathRangerPolicyResource.setValues(rangerPolicyObject.getPathList());
pathRangerPolicyResource.setIsExcludes(false);
pathRangerPolicyResource.setIsRecursive(true);
//设置队列策略
queueRangerPolicyResource.setValues(rangerPolicyObject.getQueueList());
queueRangerPolicyResource.setIsExcludes(false);
queueRangerPolicyResource.setIsRecursive(true);
//ranger设置--策略详情
Map<String, RangerPolicy.RangerPolicyResource> resources = new HashMap<String, RangerPolicy.RangerPolicyResource>();
if ("hive".equals(rangerPolicyObject.getType())) {
//===========hive类型===========
resources.put("database", dbRangerPolicyResource);
resources.put("table", tablerRangerPolicyResource);
resources.put("column", columnRangerPolicyResource);
} else if ("hdfs".equals(rangerPolicyObject.getType())) {
//===========hdfs类型===========
resources.put("path", pathRangerPolicyResource);
} else if ("yarn".equals(rangerPolicyObject.getType())) {
//===========yarn类型===========
resources.put("queue", queueRangerPolicyResource);
} else if ("hbase".equals(rangerPolicyObject.getType())) {
//===========hbase类型===========
resources.put("table", tablerRangerPolicyResource);
resources.put("column", columnRangerPolicyResource);
resources.put("column-family", columnFamilyRangerPolicyResource);
}
rangerPolicy.setResources(resources);
//======================================设置Allow Conditions======================================================
List<RangerPolicy.RangerPolicyItem> policyItems = new ArrayList<RangerPolicy.RangerPolicyItem>();
RangerPolicy.RangerPolicyItem rangerPolicyItem = new RangerPolicy.RangerPolicyItem();
//===========设置Allow Conditions的用户===========
List<String> users = new ArrayList<String>();
String[] policeUserArr = policeUsers.split("\,");
if (policeUserArr.length > 0) {
for (int i = 0; i < policeUserArr.length; i++) {
users.add(policeUserArr[i]);
}
}
rangerPolicyItem.setUsers(users);
//===========设置Allow Conditions的权限===========
List<RangerPolicy.RangerPolicyItemAccess> rangerPolicyItemAccesses = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
String[] operatePermArr = operatePermissionsTypes.split("\,");
RangerPolicy.RangerPolicyItemAccess rangerPolicyItemAccess;
if (operatePermArr.length > 0) {
for (int i = 0; i < operatePermArr.length; i++) {
rangerPolicyItemAccess = new RangerPolicy.RangerPolicyItemAccess();
rangerPolicyItemAccess.setType(operatePermArr[i]);
rangerPolicyItemAccess.setIsAllowed(Boolean.TRUE);
rangerPolicyItemAccesses.add(rangerPolicyItemAccess);
}
}
//===========设置Allow Conditions===========
rangerPolicyItem.setAccesses(rangerPolicyItemAccesses);
policyItems.add(rangerPolicyItem);
rangerPolicy.setPolicyItems(policyItems);
return rangerPolicy;
}
/**
* 根据服务名称和策略名称删除策略
*
* @param service
* @param policeName
* @return
*/
public static ResultResponse deletePolicy(String service, String policeName) {
ResultResponse resultResponse = ResultResponse.success("删除成功");
//构造地质
String url = rangerBaseUrl + "/service/public/v2/api/policy?servicename=" + service + "&policyname=" + policeName;
//请求
ClientResponse response = null;
Client client = getClient();
try {
//请求服务器并且删除策略
WebResource webResource = client.resource(url);
webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).delete();
} catch (Exception e) {
resultResponse.setSuccess(false);
resultResponse.setMessage("删除失败,异常:" + e.toString());
e.printStackTrace();
} finally {
if (response != null) {
response.close();
}
if (client != null) {
client.destroy();
}
}
return resultResponse;
}
/**
* 根据策略id删除策略
*
* @param policeId
* @return
*/
public static ResultResponse deletePolicyByPoliceId(String policeId) {
ResultResponse resultResponse = ResultResponse.success("删除成功");
String url = rangerBaseUrl + "/service/public/v2/api/policy/" + policeId;
ClientResponse response = null;
Client client = getClient();
try {
WebResource webResource = client.resource(url);
webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).delete();
} catch (Exception e) {
resultResponse.setSuccess(false);
resultResponse.setMessage("删除失败,异常:" + e.toString());
} finally {
if (response != null) {
response.close();
}
if (client != null) {
client.destroy();
}
}
return resultResponse;
}
/**
* 新增ranger用户
*
* @param rangerUser
* @return
*/
public static ResultResponse createUserByName(RangerUser rangerUser) {
ResultResponse resultResponse = ResultResponse.success("创建成功");
//拼接地址
String url = rangerBaseUrl + "/service/xusers/secure/users/";
if(StringUtils.isNotEmpty(rangerUser.getId())){
url=url+rangerUser.getId();
}
ClientResponse response = null;
Client client = getClient();
try {
//创建连接
WebResource webResource = client.resource(url);
Gson gson = new Gson();
//请求服务器,创建策略
response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE)
.type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE)
.post(ClientResponse.class, gson.toJson(rangerUser));
if (response != null && response.getStatus() == 200) {
RangerPolicy newRangerPolicy = response.getEntity(RangerPolicy.class);
resultResponse.setData(newRangerPolicy);
} else {
resultResponse.setMessage("创建失败,状态码:" + response.getStatus());
resultResponse.setSuccess(false);
}
} catch (Exception e) {
e.printStackTrace();
resultResponse.setMessage("创建失败,异常信息:" + e.toString());
resultResponse.setSuccess(false);
} finally {
if (response != null) {
response.close();
}
if (client != null) {
client.destroy();
}
}
return resultResponse;
}
/**
* 根据用户名删除用户
*
* @param UserName
* @param type
删除类型,0软删除,1硬删除
*
软删除(即将用户状态设为Hidden)
*
硬删除(即从ranger中移除用户数据)
* @return
*/
public static ResultResponse deleteUserByName(String UserName, String type) {
ResultResponse resultResponse = ResultResponse.success("删除成功");
String url = rangerBaseUrl + "/service/xusers/users/userName/" + UserName;
//硬删除
if ("1".equals(type)) {
url = url + "?forceDelete=true";
}
ClientResponse response = null;
Client client = getClient();
try {
WebResource webResource = client.resource(url);
webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).delete();
} catch (Exception e) {
e.printStackTrace();
resultResponse.setSuccess(false);
resultResponse.setMessage("删除失败,异常信息:" + e.toString());
} finally {
if (response != null) {
response.close();
}
if (client != null) {
client.destroy();
}
}
return resultResponse;
}
/**
* 根据id删除用户
*
* @param id
用户id
* @param type 删除类型,0软删除,1硬删除
*
软删除(即将用户状态设为Hidden)
*
硬删除(即从ranger中移除用户数据)
* @return
*/
public static ResultResponse deleteUserById(String id, String type) {
ResultResponse resultResponse = ResultResponse.success("删除成功");
String url = rangerBaseUrl + "/service/xusers/users/" + id;
//硬删除
if ("1".equals(type)) {
url = url + "?forceDelete=true";
}
ClientResponse response = null;
Client client = getClient();
try {
WebResource webResource = client.resource(url);
webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).delete();
} catch (Exception e) {
e.printStackTrace();
resultResponse.setSuccess(false);
resultResponse.setMessage("删除失败,异常信息:" + e.toString());
} finally {
if (response != null) {
response.close();
}
if (client != null) {
client.destroy();
}
}
return resultResponse;
}
/**
* 获取所有用户
*
* @return
*/
public static ResultResponse getAllUser() {
ResultResponse resultResponse = ResultResponse.success("获取成功");
String url = rangerBaseUrl + "/service/xusers/users";
//获取客户端连接
Client client = getClient();
ClientResponse response = null;
String jsonString = null;
try {
//请求rangerAdmin,获取回复信息
WebResource webResource = client.resource(url);
response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).get(ClientResponse.class);
if (response.getStatus() == 200) {
jsonString = response.getEntity(String.class);
resultResponse.setData(jsonString);
} else {
RESTResponse resp = RESTResponse.fromClientResponse(response);
jsonString = resp.toJson();
resultResponse.setSuccess(false);
resultResponse.setData(jsonString);
resultResponse.setMessage("获取失败,状态码:" + response.getStatus());
}
} catch (Exception e) {
e.printStackTrace();
RESTResponse resp = RESTResponse.fromClientResponse(response);
jsonString = resp.toJson();
resultResponse.setData(jsonString);
resultResponse.setSuccess(false);
resultResponse.setMessage("获取失败,异常信息:" + e.toString());
} finally {
if (response != null) {
response.close();
}
if (client != null) {
client.destroy();
}
}
return resultResponse;
}
/**
* 根据id获取用户
*
* @return
*/
public static ResultResponse getUserById(String id) {
ResultResponse resultResponse = ResultResponse.success("获取成功");
String url = rangerBaseUrl + "/service/xusers/users" + "/" + id;
//获取客户端连接
Client client = getClient();
ClientResponse response = null;
String jsonString = null;
try {
//请求rangerAdmin,获取回复信息
WebResource webResource = client.resource(url);
response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).get(ClientResponse.class);
if (response.getStatus() == 200) {
jsonString = response.getEntity(String.class);
resultResponse.setData(jsonString);
} else {
RESTResponse resp = RESTResponse.fromClientResponse(response);
jsonString = resp.toJson();
resultResponse.setSuccess(false);
resultResponse.setData(jsonString);
resultResponse.setMessage("获取失败,状态码:" + response.getStatus());
}
} catch (Exception e) {
e.printStackTrace();
RESTResponse resp = RESTResponse.fromClientResponse(response);
jsonString = resp.toJson();
resultResponse.setData(jsonString);
resultResponse.setSuccess(false);
resultResponse.setMessage("获取失败,异常信息:" + e.toString());
} finally {
if (response != null) {
response.close();
}
if (client != null) {
client.destroy();
}
}
return resultResponse;
}
/**
* 根据用户名获取用户
*
* @return
*/
public static ResultResponse getUserByName(String name) {
ResultResponse resultResponse = ResultResponse.success("获取成功");
String url = rangerBaseUrl + "/service/xusers/users" + "/userName/" + name;
//获取客户端连接
Client client = getClient();
ClientResponse response = null;
String jsonString = null;
try {
//请求rangerAdmin,获取回复信息
WebResource webResource = client.resource(url);
response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).get(ClientResponse.class);
if (response.getStatus() == 200) {
jsonString = response.getEntity(String.class);
resultResponse.setData(jsonString);
} else {
RESTResponse resp = RESTResponse.fromClientResponse(response);
jsonString = resp.toJson();
resultResponse.setSuccess(false);
resultResponse.setData(jsonString);
resultResponse.setMessage("获取失败,状态码:" + response.getStatus());
}
} catch (Exception e) {
e.printStackTrace();
RESTResponse resp = RESTResponse.fromClientResponse(response);
jsonString = resp.toJson();
resultResponse.setData(jsonString);
resultResponse.setSuccess(false);
resultResponse.setMessage("获取失败,异常信息:" + e.toString());
} finally {
if (response != null) {
response.close();
}
if (client != null) {
client.destroy();
}
}
return resultResponse;
}
/**
* 获取所有的用户总数
*
* @return
*/
public static ResultResponse getAllUserCount() {
ResultResponse resultResponse = ResultResponse.success("获取成功");
String url = rangerBaseUrl + "/service/xusers/users/count";
//获取客户端连接
Client client = getClient();
ClientResponse response = null;
String jsonString = null;
try {
//请求rangerAdmin,获取回复信息
WebResource webResource = client.resource(url);
response = webResource.accept(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).type(RangerRESTUtils.REST_EXPECTED_MIME_TYPE).get(ClientResponse.class);
if (response.getStatus() == 200) {
jsonString = response.getEntity(String.class);
resultResponse.setData(jsonString);
} else {
RESTResponse resp = RESTResponse.fromClientResponse(response);
jsonString = resp.toJson();
resultResponse.setSuccess(false);
resultResponse.setData(jsonString);
resultResponse.setMessage("获取失败,状态码:" + response.getStatus());
}
} catch (Exception e) {
e.printStackTrace();
RESTResponse resp = RESTResponse.fromClientResponse(response);
jsonString = resp.toJson();
resultResponse.setData(jsonString);
resultResponse.setSuccess(false);
resultResponse.setMessage("获取失败,异常信息:" + e.toString());
} finally {
if (response != null) {
response.close();
}
if (client != null) {
client.destroy();
}
}
return resultResponse;
}
public static void main(String[] args) {
String service = "rangerhdfs"; // hdfs 的服务名
String policyName = "kms-audit-path"; // hdfs 的某个策略
//================获取某个服务地下所有策略================
//String xx = getPolicyByName(service, null);
//================获取某个服务底下的某个策略================
//
ResultResponse xxx = getPolicy("rangerhbase", "all");
//
System.out.println(xxx);
//================新增hive策略================
//
RangerPolicyObject rangerPolicyObject = new RangerPolicyObject();
//
rangerPolicyObject.setType("hive");
//
rangerPolicyObject.setServiceName("rangerhive");
//
rangerPolicyObject.setPoliceName("testPoliceName");
//
rangerPolicyObject.setPermissionsTypes("select,Read");
//
rangerPolicyObject.setDbNames("testDbNames,testDbNames11");
//
rangerPolicyObject.setTableNames("testTableNames,testTableNames11");
//
rangerPolicyObject.setColumnNames("t1,t2");
//
rangerPolicyObject.setPoliceUsers("zhanzhk,hadoop");
//
rangerPolicyObject.setPathNames("/t1,/t2");
//
createPolicy(rangerPolicyObject);
//================新增hdfs策略================
//
RangerPolicyObject rangerPolicyObject = new RangerPolicyObject();
//
rangerPolicyObject.setType("hdfs");
//
rangerPolicyObject.setServiceName("rangerhdfs");
//
rangerPolicyObject.setPoliceName("testPoliceNamerangerhdfs");
//
rangerPolicyObject.setPermissionsTypes("Write,Read,Execute");
//
rangerPolicyObject.setPoliceUsers("zhanzhk");
//
rangerPolicyObject.setDescription("Policy for testPoliceNamerangerhdfs");
//
rangerPolicyObject.setPathNames("*");
//
saveOrUpdatePolicy(rangerPolicyObject);
//================新增yarn策略================
RangerPolicyObject rangerPolicyObject = new RangerPolicyObject();
rangerPolicyObject.setType("yarn");
rangerPolicyObject.setServiceName("rangeryarn");
rangerPolicyObject.setPoliceName("testPoliceNamerangeryarn");
rangerPolicyObject.setPermissionsTypes("submit-app,admin-queue");
rangerPolicyObject.setQueueNames("root.default");
rangerPolicyObject.setPoliceUsers("zhanzhk");
saveOrUpdatePolicy(rangerPolicyObject);
//================新增hbase策略================
//
RangerPolicyObject rangerPolicyObject = new RangerPolicyObject();
//
rangerPolicyObject.setType("hbase");
//
rangerPolicyObject.setPolicyId("50");
//
rangerPolicyObject.setServiceName("rangerhbase");
//
rangerPolicyObject.setPoliceName("testPoliceNamehbase");
//
rangerPolicyObject.setPermissionsTypes("Write,Read");
//
rangerPolicyObject.setTableNames("testTableNames,testTableNames11");
//
rangerPolicyObject.setColumnNames("t1,t2");
//
rangerPolicyObject.setColumnFamilyNames("f1,f2");
//
rangerPolicyObject.setPoliceUsers("zhanzhk,hadoop");
//
rangerPolicyObject.setPathNames("/t1,/t2");
//
saveOrUpdatePolicy(rangerPolicyObject);
//================删除策略================
//
ResultResponse xxxx=deletePolicy("rangerhive", "testPoliceName");
//
ResultResponse xxxx=deletePolicyByPoliceId("50");
//
System.out.println(xxxx);
//================新增用户================
//
RangerUser rangerUser=new RangerUser();
//
rangerUser.setName("zhanzhk");
//
rangerUser.setFirstName("zhanzhk");
//
rangerUser.setLastName("zhanzhk");
//
rangerUser.setPassword("ffcsict123");
//
rangerUser.setStatus("1");
//
rangerUser.setIsVisible("1");
//
//
List userRoleList=new ArrayList();
//
userRoleList.add("ROLE_USER");
//
rangerUser.setUserRoleList(userRoleList);
//
rangerUser.setUserSource("1");
//
ResultResponse xxxx=createUserByName(rangerUser);
//
System.out.println(xxxx);
//================删除用户================
//
ResultResponse xxxx=deleteUserByName("ffcsict1234","1");
//
ResultResponse xxxx=deleteUserById("37","1");
//
System.out.println(xxxx);
//================获取用户================
//
ResultResponse xxxx=getAllUser();
//
ResultResponse xxxx=getUserById("41");
//
ResultResponse xxxx=getUserByName("ffcsict12345");
//
System.out.println(xxxx);
//================获取用户总数================
//
ResultResponse xxxx=getAllUserCount();
//
System.out.println(xxxx);
}
}
//其他常用方法
//1.根据USERNAME获取ROLE信息:http://192.168.248.12:6080/service/xusers/secure/users/roles/userName/用户名
//2.创建用户组:http://192.168.248.12:6080/service/xusers/secure/groups
//
Body:
//
{
//
"name": "zhouyuan-group",
//
"description": "zhouyuan - add from ambari",
//
"groupSource": 1
//
}
//3.根据组名删除用户组:http://192.168.248.12:6080/xusers/groups/groupName/组名
//
硬删除(即从ranger中移除用户组数据),URL末尾添加参数:?forceDelete=true
//4.根据组id删除用户组:http://192.168.248.12:6080/xusers/groups/id
//
硬删除(即从ranger中移除用户组数据),URL末尾添加参数:?forceDelete=true
//5.获取全部用户组信息:http://192.168.248.12:6080/service/xusers/groups
//6.获取用户组总数:http://192.168.248.12:6080/service/xusers/groups/count
//7.根据ID获取用户组信息:http://192.168.248.12:6080/service/xusers/groups/id
//8.根据组名获取用户组信息:http://192.168.248.12:6080/service/xusers/groups/groupName/组名

package com.ranger;
import lombok.Data;
import java.util.ArrayList;
import java.util.List;
/**
* @author 天真热
* @create 2022-12-02 11:07
* @desc
**/
@Data
public class RangerUser {
private String id;
private String name;
private String firstName;
private String lastName;
private String password;
private String status;
private String isVisible;
private String userSource;
private String userRole;
private List<String> userRoleList;
}

package com.ranger;
import lombok.Data;
import java.util.ArrayList;
/**
* @author 天真热
* @create 2022-12-01 14:46
* @desc
**/
@Data
public class RangerPolicyObject {
/**
* ranger policyId
*/
private String policyId;
/**
* ranger策略类型,分别有hdfs、hive、hbase、yarn
*/
private String type;
/**
* 服务名称
*/
private String serviceName;
/**
* 策略名称
*/
private String policeName;
/**
* 描述
*/
private String description;
/**
* 策略-用户账号,多个则使用","隔开
*/
private String policeUsers;
/**
* 策略-数据库,多个则使用","隔开
*/
private String dbNames;
/**
* 策略-表,多个则使用","隔开
*/
private String tableNames;
/**
* 策略-字段,多个则使用","隔开
*/
private String columnNames;
/**
* 策略-字段族,多个则使用","隔开
*/
private String columnFamilyNames;
/**
* 策略-路径,多个则使用","隔开
*/
private String pathNames;
/**
* 策略-队列,多个则使用","隔开
*/
private String queueNames;
/**
* 策略-操作权限,多个则使用","隔开
*/
private String permissionsTypes;
/**
* 获取库集合
* @return
*/
public ArrayList<String> getDbList() {
ArrayList<String> dbList = new ArrayList<String>();
if (this.dbNames == null || "".equals(this.dbNames)) {
return dbList;
}
if (dbNames.contains(",")) {
String[] dbArr = dbNames.split(",");
for (String dbNameS : dbArr) {
dbList.add(dbNameS);
}
} else {
dbList.add(dbNames);
}
return dbList;
}
/**
* 获取表集合
* @return
*/
public ArrayList<String> getTableList() {
ArrayList<String> tableList = new ArrayList<String>();
if (this.tableNames == null || "".equals(this.tableNames)) {
return tableList;
}
if (tableNames.contains(",")) {
String[] tableArr = tableNames.split(",");
for (String tableNames : tableArr) {
tableList.add(tableNames);
}
} else {
tableList.add(tableNames);
}
return tableList;
}
/**
* 获取字段集合
* @return
*/
public ArrayList<String> getColumnList() {
ArrayList<String> columnList = new ArrayList<String>();
if (this.columnNames == null || "".equals(this.columnNames)) {
return columnList;
}
if (columnNames.contains(",")) {
String[] tableArr = columnNames.split(",");
for (String columnNames : tableArr) {
columnList.add(columnNames);
}
} else {
columnList.add(columnNames);
}
return columnList;
}
/**
* 获取字段族集合
* @return
*/
public ArrayList<String> getColumnFamilyList() {
ArrayList<String> columnFamilyList = new ArrayList<String>();
if (this.columnFamilyNames == null || "".equals(this.columnFamilyNames)) {
return columnFamilyList;
}
if (columnFamilyNames.contains(",")) {
String[] tableArr = columnFamilyNames.split(",");
for (String columnFamilyNames : tableArr) {
columnFamilyList.add(columnFamilyNames);
}
} else {
columnFamilyList.add(columnFamilyNames);
}
return columnFamilyList;
}
/**
* 获取路径集合
* @return
*/
public ArrayList<String> getPathList() {
ArrayList<String> pathList = new ArrayList<String>();
if (this.pathNames == null || "".equals(this.pathNames)) {
return pathList;
}
if (pathNames.contains(",")) {
String[] tableArr = pathNames.split(",");
for (String pathNames : tableArr) {
pathList.add(pathNames);
}
} else {
pathList.add(pathNames);
}
return pathList;
}
/**
* 获取路径集合
* @return
*/
public ArrayList<String> getQueueList() {
ArrayList<String> queueList = new ArrayList<String>();
if (this.queueNames == null || "".equals(this.queueNames)) {
return queueList;
}
if (queueNames.contains(",")) {
String[] tableArr = queueNames.split(",");
for (String queueNames : tableArr) {
queueList.add(queueNames);
}
} else {
queueList.add(queueNames);
}
return queueList;
}
}

五、kerberosApi

由于没有找到关于kerberos相关的java api,所以这边是直接使用调用shell脚本的操作进行操作kerberos

package com.kerberos;
import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
import java.util.Map;
import ch.ethz.ssh2.ChannelCondition;
import ch.ethz.ssh2.Connection;
import ch.ethz.ssh2.Session;
import ch.ethz.ssh2.StreamGobbler;
import com.ranger.utils.ResultResponse;
import org.apache.commons.io.IOUtils;
public class ShellUtils {
private Connection conn;
/**
* 服务器ip
*/
private String ip;
/**
* 服务器账户
*/
private String username;
/**
* 服务器密码
*/
private String password;
/**
* 编码
*/
private String charset = "utf-8";
/**
* 超时时间
*/
private static final int TIME_OUT = 1000 * 5 * 60;
/**
* 构造函数
*
* @param ip
* @param username
* @param pasword
*/
public ShellUtils(String ip, String username, String pasword) {
this.ip = ip;
this.username = username;
this.password = pasword;
}
/**
* 登录远程linux服务器
*
* @return
* @throws IOException
*/
private boolean login() throws IOException {
conn = new Connection(ip);
conn.connect();
return conn.authenticateWithPassword(username, password);
}
/**
* 将流转为字符串
*
* @param in
* @param charset
* @return
* @throws Exception
*/
private String processStream(InputStream in, String charset) throws Exception {
byte[] buf = new byte[1024];
StringBuilder sb = new StringBuilder();
int len = 0;
while ((len = in.read(buf)) != -1) {
sb.append(new String(buf, 0, len, charset));
}
return sb.toString();
}
/**
* 执行脚本
*
* @param cmds
* @return
* @throws Exception
*/
public ResultResponse exec(String cmds) throws Exception {
ResultResponse resultResponse = ResultResponse.success("操作成功");
Map map = new HashMap<>();
InputStream stdOut = null;
InputStream stdErr = null;
try {
if (login()) {
// Open a new {@link Session} on this connection
Session session = conn.openSession();
// Execute a command on the remote machine.
session.execCommand(cmds);
stdOut = new StreamGobbler(session.getStdout());
map.put("outStr", processStream(stdOut, charset));
stdErr = new StreamGobbler(session.getStderr());
map.put("outErr", processStream(stdErr, charset));
session.waitForCondition(ChannelCondition.EXIT_STATUS, TIME_OUT);
map.put("exitStatus", session.getExitStatus());
resultResponse.setData(map);
} else {
resultResponse.setSuccess(false);
resultResponse.setMessage("登录远程机器失败" + ip);
}
} catch (Exception e) {
resultResponse.setSuccess(false);
resultResponse.setMessage("操作失败,异常:" + e.toString());
} finally {
if (conn != null) {
conn.close();
}
IOUtils.closeQuietly(stdOut);
IOUtils.closeQuietly(stdErr);
}
return resultResponse;
}
public static void main(String args[]) throws Exception {
//调远程shell
ShellUtils executor = new ShellUtils("192.168.248.12", "root", "ffcsict123");
ResultResponse xxxx = executor.exec("/opt/kerberos.sh add shixiao");
System.out.println(xxxx.getData().toString());
}
}

脚本主要做了两件事,分别是删除和新增用户:

1)新增:1. 创建kerberos用户,2. 颁发证书,3.证书推送到node13服务器底下,4. 每台服务器都创建linux用户

2)删除:删除只做一件事情,就是重新生成证书并且改变密码,则之前颁发的证书失效,用户无法登陆。

type=$1
account=$2
if [[
$type == "add" ]]; then
echo "$account add......"
rm /opt/kerberos/$account.keytab
kadmin.local -q "addprinc
-randkey $account"
kadmin.local -q "ktadd
-k
/opt/kerberos/$account.keytab
-norandkey $account"
scp /opt/kerberos/$account.keytab
root@node13:/opt/kerberos
ssh node10 "useradd $account"
ssh node11 "useradd $account"
ssh node12 "useradd $account"
ssh node13 "useradd $account"
elif [[
$type == "delete" ]]; then
echo "$account delete......"
rm /opt/kerberos/$account.keytab
kadmin.local -q "ktadd
-k
/opt/kerberos/$account.keytab
$account"
else
echo "please choose right option type and user"
fi

最后

以上就是纯真自行车为你收集整理的hadoop+kerberos+ranger Api整理(六)的全部内容,希望文章能够帮你解决hadoop+kerberos+ranger Api整理(六)所遇到的程序开发问题。

如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。

本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
点赞(48)

相关文章

总结:大数据服务一、介绍二、Kerberos
总结:大数据服务一、介绍二、Kerberos
JAVA通过kerberos认证登陆调起HDFS-进行HDAOOP文件上传下载成功版
JAVA通过kerberos认证登陆调起HDFS-进行HDAOOP文件上传下载成功版
java ugi确认框_java – 我应该在hadoop上的每个动作之前调用ugi.checkTGTAndReloginFromKeytab()?...
java ugi确认框_java – 我应该在hadoop上的每个动作之前调用ugi.checkTGTAndReloginFromKeytab()?...
Java访问kerberos认证的HDFS文件
Java访问kerberos认证的HDFS文件
hadoop+kerberos+ranger Api整理(六)
hadoop+kerberos+ranger Api整理(六)
通过java api操作hdfs(kerberos认证)
通过java api操作hdfs(kerberos认证)
Java 访问kerberos认证的HDFS文件
Java 访问kerberos认证的HDFS文件
Spring Boot 集成Kafka java.lang.String is in module java.base of loader ‘bootstrap‘;
Spring Boot 集成Kafka java.lang.String is in module java.base of loader ‘bootstrap‘;

评论列表共有 0 条评论

立即
投稿
返回
顶部