This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.8
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.8 by this push:
new 9d4cf45c4 RANGER-5494: docker setup fix for startup errors in
ranger-hive, ranger-tagsync, ranger-solr containers (#855)
9d4cf45c4 is described below
commit 9d4cf45c4f19a09bee687afbd4abe95f28546a88
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Thu Feb 19 17:55:19 2026 -0800
RANGER-5494: docker setup fix for startup errors in ranger-hive,
ranger-tagsync, ranger-solr containers (#855)
---
.../ranger-docker/Dockerfile.ranger-tagsync | 1 -
dev-support/ranger-docker/README.md | 2 +-
.../docker-compose.ranger-tagsync.yml | 2 +-
.../scripts/hive/hive-log4j2.properties | 97 ++++++++++++++++++++++
.../scripts/hive/hive-metastore-log4j2.properties | 97 ++++++++++++++++++++++
.../scripts/hive/ranger-hive-setup.sh | 3 +
.../ranger-docker/scripts/solr/ranger-solr.sh | 9 +-
7 files changed, 205 insertions(+), 6 deletions(-)
diff --git a/dev-support/ranger-docker/Dockerfile.ranger-tagsync
b/dev-support/ranger-docker/Dockerfile.ranger-tagsync
index 8ce024243..4560b57a0 100644
--- a/dev-support/ranger-docker/Dockerfile.ranger-tagsync
+++ b/dev-support/ranger-docker/Dockerfile.ranger-tagsync
@@ -29,7 +29,6 @@ RUN tar xvfz
/home/ranger/dist/ranger-${TAGSYNC_VERSION}-tagsync.tar.gz --direct
rm -f ${RANGER_HOME}/tagsync/install.properties && \
mkdir -p /opt/ranger/tagsync/data /var/run/ranger /var/log/ranger/tagsync
/etc/ranger && \
cp -f ${RANGER_SCRIPTS}/ranger-tagsync-install.properties
${RANGER_HOME}/tagsync/install.properties && \
- cp -f ${RANGER_SCRIPTS}/ranger-tagsync-tags.json
${RANGER_HOME}/tagsync/data/tags.json && \
mkdir /etc/init.d || true && \
mkdir /etc/rc2.d || true && \
mkdir /etc/rc3.d || true && \
diff --git a/dev-support/ranger-docker/README.md
b/dev-support/ranger-docker/README.md
index e10166706..35d26a391 100644
--- a/dev-support/ranger-docker/README.md
+++ b/dev-support/ranger-docker/README.md
@@ -53,7 +53,7 @@ Execute following command to build Apache Ranger:
# optional step: a fresh build ensures that the correct jdk version is used
docker compose -f docker-compose.ranger-build.yml build
-docker compose -f docker-compose.ranger-build.yml up -d
+docker compose -f docker-compose.ranger-build.yml up
~~~
Time taken to complete the build might vary (upto an hour), depending on
status of ```${HOME}/.m2``` directory cache.
diff --git a/dev-support/ranger-docker/docker-compose.ranger-tagsync.yml
b/dev-support/ranger-docker/docker-compose.ranger-tagsync.yml
index 0b9bb7011..1f5594190 100644
--- a/dev-support/ranger-docker/docker-compose.ranger-tagsync.yml
+++ b/dev-support/ranger-docker/docker-compose.ranger-tagsync.yml
@@ -16,7 +16,7 @@ services:
- ./scripts/kdc/krb5.conf:/etc/krb5.conf
- ./scripts/hadoop/core-site.xml:/home/ranger/scripts/core-site.xml:ro
- ./dist/version:/home/ranger/dist/version:ro
- -
./scripts/tagsync/ranger-tagsync-tags.json:/home/ranger/scripts/ranger-tagsync-tags.json
+ -
./scripts/tagsync/ranger-tagsync-tags.json:/opt/ranger/tagsync/data/tags.json:ro
-
./scripts/tagsync/ranger-tagsync-install.properties:/opt/ranger/tagsync/install.properties
stdin_open: true
tty: true
diff --git a/dev-support/ranger-docker/scripts/hive/hive-log4j2.properties
b/dev-support/ranger-docker/scripts/hive/hive-log4j2.properties
new file mode 100644
index 000000000..c64b97e67
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/hive/hive-log4j2.properties
@@ -0,0 +1,97 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+status = INFO
+name = HiveLog4j2
+packages = org.apache.hadoop.hive.ql.log
+
+# list of properties
+# Change to DEBUG for detailed troubleshooting
+property.hive.log.level = INFO
+property.hive.root.logger = DRFA
+property.hive.log.dir = /opt/hive/logs
+property.hive.log.file = hiveserver2.log
+property.hive.perflogger.log.level = INFO
+
+# list of all appenders
+appenders = console, DRFA
+
+# console appender
+appender.console.type = Console
+appender.console.name = console
+appender.console.target = SYSTEM_ERR
+appender.console.layout.type = PatternLayout
+appender.console.layout.pattern = %d{ISO8601} %5p [%t] %c{2}: %m%n
+
+# daily rolling file appender
+appender.DRFA.type = RollingRandomAccessFile
+appender.DRFA.name = DRFA
+appender.DRFA.fileName = ${hive.log.dir}/${hive.log.file}
+# Use %pid in the filePattern to append <process-id>@<host-name> to the
filename if you want separate log files for different CLI session
+appender.DRFA.filePattern = ${hive.log.dir}/${hive.log.file}.%d{yyyy-MM-dd}
+appender.DRFA.layout.type = PatternLayout
+appender.DRFA.layout.pattern = %d{ISO8601} %5p [%t] %c{2}: %m%n
+appender.DRFA.policies.type = Policies
+appender.DRFA.policies.time.type = TimeBasedTriggeringPolicy
+appender.DRFA.policies.time.interval = 1
+appender.DRFA.policies.time.modulate = true
+appender.DRFA.strategy.type = DefaultRolloverStrategy
+appender.DRFA.strategy.max = 30
+
+# list of all loggers
+loggers = NIOServerCnxn, ClientCnxnSocketNIO, DataNucleus, Datastore, JPOX,
PerfLogger, AmazonAws, ApacheHttp, RangerAuth
+
+logger.NIOServerCnxn.name = org.apache.zookeeper.server.NIOServerCnxn
+logger.NIOServerCnxn.level = WARN
+
+logger.ClientCnxnSocketNIO.name = org.apache.zookeeper.ClientCnxnSocketNIO
+logger.ClientCnxnSocketNIO.level = WARN
+
+logger.DataNucleus.name = DataNucleus
+logger.DataNucleus.level = ERROR
+
+logger.Datastore.name = Datastore
+logger.Datastore.level = ERROR
+
+logger.JPOX.name = JPOX
+logger.JPOX.level = ERROR
+
+logger.AmazonAws.name=com.amazonaws
+logger.AmazonAws.level = INFO
+
+logger.ApacheHttp.name=org.apache.http
+logger.ApacheHttp.level = INFO
+
+logger.PerfLogger.name = org.apache.hadoop.hive.ql.log.PerfLogger
+logger.PerfLogger.level = ${hive.perflogger.log.level}
+
+# Ranger authorization logger
+logger.RangerAuth.name = org.apache.ranger
+logger.RangerAuth.level = INFO
+
+#
+# Hive authentication
+# logger.HiveAuth.name = org.apache.hadoop.hive.ql.security
+# logger.HiveAuth.level = DEBUG
+#
+# Security and Kerberos
+# logger.SecurityAuth.name = org.apache.hadoop.security
+# logger.SecurityAuth.level = DEBUG
+
+# root logger (controls all packages unless overridden above)
+rootLogger.level = ${hive.log.level}
+rootLogger.appenderRefs = root
+rootLogger.appenderRef.root.ref = ${hive.root.logger}
diff --git
a/dev-support/ranger-docker/scripts/hive/hive-metastore-log4j2.properties
b/dev-support/ranger-docker/scripts/hive/hive-metastore-log4j2.properties
new file mode 100644
index 000000000..88a8a4925
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/hive/hive-metastore-log4j2.properties
@@ -0,0 +1,97 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+status = INFO
+name = HiveMetastoreLog4j2
+packages = org.apache.hadoop.hive.ql.log
+
+# list of properties
+# Change to DEBUG for detailed troubleshooting
+property.hive.log.level = INFO
+property.hive.root.logger = DRFA
+property.hive.log.dir = /opt/hive/logs
+property.hive.log.file = metastore.log
+property.hive.perflogger.log.level = INFO
+
+# list of all appenders
+appenders = console, DRFA
+
+# console appender
+appender.console.type = Console
+appender.console.name = console
+appender.console.target = SYSTEM_ERR
+appender.console.layout.type = PatternLayout
+appender.console.layout.pattern = %d{ISO8601} %5p [%t] %c{2}: %m%n
+
+# daily rolling file appender
+appender.DRFA.type = RollingRandomAccessFile
+appender.DRFA.name = DRFA
+appender.DRFA.fileName = ${hive.log.dir}/${hive.log.file}
+# Use %pid in the filePattern to append <process-id>@<host-name> to the
filename if you want separate log files for different CLI session
+appender.DRFA.filePattern = ${hive.log.dir}/${hive.log.file}.%d{yyyy-MM-dd}
+appender.DRFA.layout.type = PatternLayout
+appender.DRFA.layout.pattern = %d{ISO8601} %5p [%t] %c{2}: %m%n
+appender.DRFA.policies.type = Policies
+appender.DRFA.policies.time.type = TimeBasedTriggeringPolicy
+appender.DRFA.policies.time.interval = 1
+appender.DRFA.policies.time.modulate = true
+appender.DRFA.strategy.type = DefaultRolloverStrategy
+appender.DRFA.strategy.max = 30
+
+# list of all loggers
+loggers = NIOServerCnxn, ClientCnxnSocketNIO, DataNucleus, Datastore, JPOX,
PerfLogger, AmazonAws, ApacheHttp, RangerAuth
+
+logger.NIOServerCnxn.name = org.apache.zookeeper.server.NIOServerCnxn
+logger.NIOServerCnxn.level = WARN
+
+logger.ClientCnxnSocketNIO.name = org.apache.zookeeper.ClientCnxnSocketNIO
+logger.ClientCnxnSocketNIO.level = WARN
+
+logger.DataNucleus.name = DataNucleus
+logger.DataNucleus.level = ERROR
+
+logger.Datastore.name = Datastore
+logger.Datastore.level = ERROR
+
+logger.JPOX.name = JPOX
+logger.JPOX.level = ERROR
+
+logger.AmazonAws.name=com.amazonaws
+logger.AmazonAws.level = INFO
+
+logger.ApacheHttp.name=org.apache.http
+logger.ApacheHttp.level = INFO
+
+logger.PerfLogger.name = org.apache.hadoop.hive.ql.log.PerfLogger
+logger.PerfLogger.level = ${hive.perflogger.log.level}
+
+# Ranger authorization logger
+logger.RangerAuth.name = org.apache.ranger
+logger.RangerAuth.level = INFO
+#
+# Hive authentication
+# logger.HiveAuth.name = org.apache.hadoop.hive.ql.security
+# logger.HiveAuth.level = INFO
+#
+# Security and Kerberos
+# logger.SecurityAuth.name = org.apache.hadoop.security
+# logger.SecurityAuth.level = INFO
+
+# root logger (controls all packages unless overridden above)
+rootLogger.level = ${hive.log.level}
+rootLogger.appenderRefs = root
+rootLogger.appenderRef.root.ref = ${hive.root.logger}
+
diff --git a/dev-support/ranger-docker/scripts/hive/ranger-hive-setup.sh
b/dev-support/ranger-docker/scripts/hive/ranger-hive-setup.sh
index 8a5decdc7..08abfa878 100755
--- a/dev-support/ranger-docker/scripts/hive/ranger-hive-setup.sh
+++ b/dev-support/ranger-docker/scripts/hive/ranger-hive-setup.sh
@@ -35,6 +35,9 @@ fi
cp ${RANGER_SCRIPTS}/hive-site.xml ${HIVE_HOME}/conf/hive-site.xml
cp ${RANGER_SCRIPTS}/hive-site.xml ${HIVE_HOME}/conf/hiveserver2-site.xml
+# fix to address error during HiveServer2 startup due to
java.lang.NoClassDefFoundError: org/apache/commons/collections/CollectionUtils
+cp
${RANGER_HOME}/ranger-hive-plugin/lib/ranger-hive-plugin-impl/commons-collections-3.2.2.jar
${HIVE_HOME}/lib/
+
mkdir -p ${HADOOP_HOME}/etc/hadoop
cp ${RANGER_SCRIPTS}/core-site.xml ${HADOOP_HOME}/etc/hadoop/core-site.xml
diff --git a/dev-support/ranger-docker/scripts/solr/ranger-solr.sh
b/dev-support/ranger-docker/scripts/solr/ranger-solr.sh
index b2aecf960..719e2bee1 100755
--- a/dev-support/ranger-docker/scripts/solr/ranger-solr.sh
+++ b/dev-support/ranger-docker/scripts/solr/ranger-solr.sh
@@ -18,11 +18,13 @@
SOLR_INSTALL_DIR=/opt/solr
+export RANGER_SCRIPTS=/home/ranger/scripts
+
if [ "${KERBEROS_ENABLED}" == "true" ]
then
- /home/ranger/scripts/wait_for_keytab.sh HTTP.keytab
- /home/ranger/scripts/wait_for_keytab.sh solr.keytab
- /home/ranger/scripts/wait_for_testusers_keytab.sh
+ ${RANGER_SCRIPTS}/wait_for_keytab.sh HTTP.keytab
+ ${RANGER_SCRIPTS}/wait_for_keytab.sh solr.keytab
+ ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh
JAAS_CONFIG="-Djava.security.auth.login.config=/opt/solr/server/etc/jaas.conf"
JAAS_APPNAME="-Dsolr.kerberos.jaas.appname=Client"
@@ -36,6 +38,7 @@ RULE:[2:\$1/\$2@\$0](jhs/.*@EXAMPLE\.COM)s/.*/mapred/\
DEFAULT"
export SOLR_AUTHENTICATION_OPTS="${JAAS_CONFIG} ${JAAS_APPNAME} ${KRB5_CONF}
${KERBEROS_KEYTAB} ${KERBEROS_PRINCIPAL} ${COOKIE_DOMAIN}
${KERBEROS_NAME_RULES}"
+ export SOLR_AUTH_TYPE=kerberos
fi
if [ ! -e ${SOLR_INSTALL_DIR}/.setupDone ]
