RANGER-3801: Add support for Ozone in docker (#377)

Includes following changes: - Add support for Ozone in docker with ranger-ozone plugin enabled - Docker CI updated to include ozone containers - download-archives.sh updated to allow download of specific service tarballs - Updated docker README
apache · Sep 11, 2024 · f49413f · f49413f
1 parent 5b22d92
commit f49413f
Show file tree

Hide file tree

Showing 15 changed files with 964 additions and 72 deletions.
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -95,7 +95,7 @@ jobs:
       - name: Run download-archives.sh
         run: |
           cd dev-support/ranger-docker
-          chmod +x download-archives.sh && ./download-archives.sh
+          ./download-archives.sh hadoop hive hbase kafka knox ozone
       
       - name: Build all ranger-service images
         run: |
@@ -114,10 +114,13 @@ jobs:
           -f docker-compose.ranger-hbase.yml \
           -f docker-compose.ranger-kafka.yml \
           -f docker-compose.ranger-hive.yml \
-          -f docker-compose.ranger-knox.yml build
+          -f docker-compose.ranger-knox.yml \
+          -f docker-compose.ranger-ozone.yml build
+
       - name: Bring up containers
         run: |
           cd dev-support/ranger-docker
+          ./scripts/ozone-plugin-docker-setup.sh
           export RANGER_DB_TYPE=postgres
           docker compose \
           -f docker-compose.ranger-${RANGER_DB_TYPE}.yml \
@@ -129,11 +132,12 @@ jobs:
           -f docker-compose.ranger-hbase.yml \
           -f docker-compose.ranger-kafka.yml \
           -f docker-compose.ranger-hive.yml \
-          -f docker-compose.ranger-knox.yml up -d
+          -f docker-compose.ranger-knox.yml \
+          -f docker-compose.ranger-ozone.yml up -d
       - name: Check status of containers and remove them
         run: | 
           sleep 60
-          containers=(ranger ranger-zk ranger-solr ranger-postgres ranger-usersync ranger-tagsync ranger-kms ranger-hadoop ranger-hbase ranger-kafka ranger-hive ranger-knox);
+          containers=(ranger ranger-zk ranger-solr ranger-postgres ranger-usersync ranger-tagsync ranger-kms ranger-hadoop ranger-hbase ranger-kafka ranger-hive ranger-knox ozone-om ozone-scm ozone-datanode);
           flag=true;
           for container in "${containers[@]}"; do
               if [[ $(docker inspect -f '{{.State.Running}}' $container 2>/dev/null) == "true" ]]; then

diff --git a/dev-support/ranger-docker/.dockerignore b/dev-support/ranger-docker/.dockerignore
@@ -12,5 +12,6 @@
 !dist/ranger-*-kafka-plugin.tar.gz
 !dist/ranger-*-knox-plugin.tar.gz
 !dist/ranger-*-trino-plugin.tar.gz
+!dist/ranger-*-ozone-plugin.tar.gz
 !downloads/*
 !scripts/*
diff --git a/dev-support/ranger-docker/.env b/dev-support/ranger-docker/.env
@@ -47,6 +47,10 @@ HIVE_HADOOP_VERSION=3.1.1
 KAFKA_VERSION=2.8.2
 KNOX_VERSION=2.0.0
 TRINO_VERSION=377
+OZONE_VERSION=1.4.0
+OZONE_RUNNER_VERSION=20230615-1
+OZONE_RUNNER_IMAGE=apache/ozone-runner
+OZONE_OPTS=
 
 # versions of ranger services
 RANGER_VERSION=3.0.0-SNAPSHOT
@@ -62,6 +66,7 @@ HBASE_PLUGIN_VERSION=3.0.0-SNAPSHOT
 KAFKA_PLUGIN_VERSION=3.0.0-SNAPSHOT
 KNOX_PLUGIN_VERSION=3.0.0-SNAPSHOT
 TRINO_PLUGIN_VERSION=3.0.0-SNAPSHOT
+OZONE_PLUGIN_VERSION=3.0.0-SNAPSHOT
 
 # To enable debug logs
 DEBUG_ADMIN=false

diff --git a/dev-support/ranger-docker/Dockerfile.ranger-base b/dev-support/ranger-docker/Dockerfile.ranger-base
@@ -50,6 +50,7 @@ RUN groupadd ranger && \
     useradd -g hadoop -ms /bin/bash hive && \
     useradd -g hadoop -ms /bin/bash hbase && \
     useradd -g hadoop -ms /bin/bash kafka && \
+    useradd -g hadoop -ms /bin/bash ozone && \
     groupadd knox && \
     useradd -g knox -ms /bin/bash knox && \
     mkdir -p /home/ranger/dist && \

diff --git a/dev-support/ranger-docker/Dockerfile.ranger-ozone b/dev-support/ranger-docker/Dockerfile.ranger-ozone
@@ -0,0 +1,30 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG OZONE_RUNNER_IMAGE
+ARG OZONE_RUNNER_VERSION
+FROM ${OZONE_RUNNER_IMAGE}:${OZONE_RUNNER_VERSION}
+
+ARG OZONE_HOME
+ARG OZONE_PLUGIN_VERSION
+
+USER root
+
+RUN useradd -g hadoop -ms /bin/bash ozone
+RUN mkdir -p -m 755 /var/log/ozone
+
+# Required to locate the plugin jars and the config files
+ENV OZONE_MANAGER_CLASSPATH="${OZONE_HOME}/ranger-ozone-plugin/lib/libext/*:${OZONE_HOME}/ranger-ozone-plugin/conf"
diff --git a/dev-support/ranger-docker/README.md b/dev-support/ranger-docker/README.md
@@ -19,71 +19,94 @@ under the License.
 
 ## Overview
 
-Docker files in this folder create docker images and run them to build Apache Ranger, deploy Apache Ranger and dependent services in containers.
+Use Dockerfiles in this directory to create docker images and run them to build Apache Ranger, deploy Apache Ranger and dependent services in containers.
 
-## Usage
+### Environment Setup
 
-1. Ensure that you have recent version of Docker installed from [docker.io](http://www.docker.io) (as of this writing: Engine 20.10.5, Compose 1.28.5).
+- Ensure that you have recent version of Docker installed from [docker.io](http://www.docker.io) (as of this writing: Engine 20.10.5, Compose 1.28.5).
    Make sure to configure docker with at least 6gb of memory.
 
-2. Update environment variables in ```.env``` file, if necessary
+- Update environment variables in ```.env``` file, if necessary
 
-3. Set ```dev-support/ranger-docker``` as your working directory.
+- Set ```dev-support/ranger-docker``` as your working directory.
 
-4. Execute following command to download necessary archives to setup Ranger/HDFS/Hive/HBase/Kafka/Knox services:
+- Execute following command to download necessary archives to setup Ranger/HDFS/Hive/HBase/Kafka/Knox/Ozone services:
    ~~~
-   chmod +x download-archives.sh && ./download-archives.sh
+   chmod +x download-archives.sh
+   # use a subset of the below to download specific services
+   ./download-archives.sh hadoop hive hbase kafka knox ozone
    ~~~
 
-5. Execute following commands to set environment variables to build Apache Ranger docker containers:
+- Execute following commands to set environment variables to build Apache Ranger docker containers:
    ~~~
    export DOCKER_BUILDKIT=1
    export COMPOSE_DOCKER_CLI_BUILD=1
    export RANGER_DB_TYPE=postgres
    ~~~
 
-6. Build Apache Ranger in containers using docker-compose
-
-   1. Execute following command to build Apache Ranger:
-      ~~~
-      docker-compose -f docker-compose.ranger-base.yml -f docker-compose.ranger-build.yml up
-      ~~~
-
-      Time taken to complete the build might vary (upto an hour), depending on status of ```${HOME}/.m2``` directory cache.
-
-   2. Alternatively, the following commands can be executed from the parent directory
-      1. To generate tarballs:```mvn clean package -DskipTests```
-
-      2. Copy the tarballs and version file to ```dev-support/ranger-docker/dist```
-         ~~~
-         cp target/ranger-* dev-support/ranger-docker/dist/
-         cp target/version dev-support/ranger-docker/dist/
-         ~~~
-
-      3. Build the ranger-base image:
-         ~~~
-         # ubuntu base image:
-         docker-compose -f docker-compose.ranger-base.yml build --no-cache
-         # OR
-         # ubi base image:
-         docker-compose -f docker-compose.ranger-base-ubi.yml build --no-cache
-         ~~~
-7. To enable file based sync source for usersync execute: ```export ENABLE_FILE_SYNC_SOURCE=true```
-
-8. Execute following command to start Ranger, Ranger Usersync, Ranger Tagsync, Ranger enabled HDFS/YARN/HBase/Hive/Kafka/Knox and dependent services (Solr, DB) in containers:
-   ~~~
-   docker-compose -f docker-compose.ranger-base.yml -f docker-compose.ranger.yml -f docker-compose.ranger-${RANGER_DB_TYPE}.yml -f docker-compose.ranger-usersync.yml -f docker-compose.ranger-tagsync.yml -f docker-compose.ranger-kms.yml -f docker-compose.ranger-hadoop.yml -f docker-compose.ranger-hbase.yml -f docker-compose.ranger-kafka.yml -f docker-compose.ranger-hive.yml -f docker-compose.ranger-knox.yml up -d
-   ~~~
-
-	- valid values for RANGER_DB_TYPE: mysql or postgres
-9. To run ranger enabled Trino in containers (Requires docker build with JDK 11):
-   ~~~
-   docker-compose -f docker-compose.ranger-base.yml -f docker-compose.ranger.yml -f docker-compose.ranger-${RANGER_DB_TYPE}.yml -f docker-compose.ranger-trino.yml up -d
-   ~~~
-
-10. To rebuild specific images and start containers with the new image, use following command:
-   ~~~
-   docker-compose -f docker-compose.ranger-base.yml -f docker-compose.ranger.yml -f docker-compose.ranger-usersync.yml -f docker-compose.ranger-tagsync.yml -f docker-compose.ranger-kms.yml -f docker-compose.ranger-hadoop.yml -f docker-compose.ranger-hbase.yml -f docker-compose.ranger-kafka.yml -f docker-compose.ranger-hive.yml -f docker-compose.ranger-trino.yml -f docker-compose.ranger-knox.yml up -d --no-deps --force-recreate --build <service-1> <service-2>
-   ~~~
-
-9. Ranger Admin can be accessed at http://localhost:6080 (admin/rangerR0cks!)
+### Apache Ranger Build
+
+#### In containers using docker-compose
+
+Execute following command to build Apache Ranger:
+~~~
+docker-compose -f docker-compose.ranger-base.yml -f docker-compose.ranger-build.yml up
+~~~
+Time taken to complete the build might vary (upto an hour), depending on status of ```${HOME}/.m2``` directory cache.  
+
+
+#### OR
+#### Regular build
+
+~~~
+cd ./../../
+mvn clean package -DskipTests
+cp target/ranger-* dev-support/ranger-docker/dist/
+cp target/version dev-support/ranger-docker/dist/
+cd dev-support/ranger-docker
+~~~
+
+### Docker Image Build
+
+#### Prerequisite: ranger-base image build
+~~~
+# ubuntu base image:
+docker-compose -f docker-compose.ranger-base.yml build --no-cache
+# OR
+# ubi base image:
+docker-compose -f docker-compose.ranger-base-ubi.yml build --no-cache
+~~~
+#### Bring up ranger, usersync and tagsync containers
+~~~
+# To enable file based sync source for usersync do:
+# export ENABLE_FILE_SYNC_SOURCE=true
+
+# valid values for RANGER_DB_TYPE: mysql/postgres
+
+docker-compose -f docker-compose.ranger.yml -f docker-compose.ranger-${RANGER_DB_TYPE}.yml -f docker-compose.ranger-usersync.yml -f docker-compose.ranger-tagsync.yml up -d
+
+# Ranger Admin can be accessed at http://localhost:6080 (admin/rangerR0cks!)
+~~~
+#### Bring up hive container
+~~~
+docker-compose -f docker-compose.ranger.yml -f docker-compose.ranger-${RANGER_DB_TYPE}.yml -f docker-compose.ranger-hadoop.yml -f docker-compose.ranger-hive.yml up -d
+~~~
+#### Bring up hbase container
+~~~
+docker-compose -f docker-compose.ranger.yml -f docker-compose.ranger-${RANGER_DB_TYPE}.yml -f docker-compose.ranger-hadoop.yml -f docker-compose.ranger-hbase.yml up -d
+~~~
+#### Bring up ozone containers
+~~~
+./scripts/ozone-plugin-docker-setup.sh
+docker-compose -f docker-compose.ranger.yml -f docker-compose.ranger-${RANGER_DB_TYPE}.yml -f docker-compose.ranger-ozone.yml up -d
+~~~
+#### Bring up trino container (requires docker build with jdk 11):
+~~~
+docker-compose -f docker-compose.ranger.yml -f docker-compose.ranger-${RANGER_DB_TYPE}.yml -f docker-compose.ranger-trino.yml up -d
+~~~
+Similarly, check the `depends` section of the `docker-compose.ranger-service.yaml` file and add docker-compose files for these services when trying to bring up the `service` container.
+
+#### To rebuild specific images and start containers with the new image:
+~~~
+docker-compose -f docker-compose.ranger.yml -f docker-compose.ranger-usersync.yml -f docker-compose.ranger-tagsync.yml -f docker-compose.ranger-kms.yml -f docker-compose.ranger-hadoop.yml -f docker-compose.ranger-hbase.yml -f docker-compose.ranger-kafka.yml -f docker-compose.ranger-hive.yml -f docker-compose.ranger-trino.yml -f docker-compose.ranger-knox.yml up -d --no-deps --force-recreate --build <service-1> <service-2>
+~~~
diff --git a/dev-support/ranger-docker/config/ozone/docker-config b/dev-support/ranger-docker/config/ozone/docker-config
@@ -0,0 +1,68 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+CORE-SITE.XML_fs.defaultFS=ofs://om
+CORE-SITE.XML_fs.trash.interval=1
+# For HttpFS service it is required to enable proxying users.
+CORE-SITE.XML_hadoop.proxyuser.hadoop.hosts=*
+CORE-SITE.XML_hadoop.proxyuser.hadoop.groups=*
+
+OZONE-SITE.XML_ozone.om.address=om
+OZONE-SITE.XML_ozone.om.http-address=om:9874
+OZONE-SITE.XML_ozone.scm.http-address=scm:9876
+OZONE-SITE.XML_ozone.scm.container.size=1GB
+OZONE-SITE.XML_ozone.scm.block.size=1MB
+OZONE-SITE.XML_ozone.scm.datanode.ratis.volume.free-space.min=10MB
+OZONE-SITE.XML_ozone.scm.pipeline.creation.interval=30s
+OZONE-SITE.XML_ozone.scm.pipeline.owner.container.count=1
+OZONE-SITE.XML_ozone.scm.names=scm
+OZONE-SITE.XML_ozone.scm.datanode.id.dir=/data
+OZONE-SITE.XML_ozone.scm.block.client.address=scm
+OZONE-SITE.XML_ozone.metadata.dirs=/data/metadata
+#OZONE-SITE.XML_ozone.recon.db.dir=/data/metadata/recon
+OZONE-SITE.XML_ozone.scm.client.address=scm
+OZONE-SITE.XML_hdds.datanode.dir=/data/hdds
+OZONE-SITE.XML_hdds.datanode.volume.min.free.space=100MB
+#OZONE-SITE.XML_ozone.recon.address=recon:9891
+#OZONE-SITE.XML_ozone.recon.http-address=0.0.0.0:9888
+#OZONE-SITE.XML_ozone.recon.https-address=0.0.0.0:9889
+#OZONE-SITE.XML_ozone.recon.om.snapshot.task.interval.delay=1m
+OZONE-SITE.XML_ozone.datanode.pipeline.limit=1
+OZONE-SITE.XML_hdds.scmclient.max.retry.timeout=30s
+OZONE-SITE.XML_hdds.container.report.interval=60s
+OZONE-SITE.XML_ozone.scm.stale.node.interval=30s
+OZONE-SITE.XML_ozone.scm.dead.node.interval=45s
+OZONE-SITE.XML_hdds.heartbeat.interval=5s
+OZONE-SITE.XML_ozone.scm.close.container.wait.duration=5s
+OZONE-SITE.XML_hdds.scm.replication.thread.interval=15s
+OZONE-SITE.XML_hdds.scm.replication.under.replicated.interval=5s
+OZONE-SITE.XML_hdds.scm.replication.over.replicated.interval=5s
+OZONE-SITE.XML_hdds.scm.wait.time.after.safemode.exit=30s
+OZONE-SITE.XML_ozone.http.basedir=/tmp/ozone_http
+
+OZONE-SITE.XML_hdds.container.ratis.datastream.enabled=true
+
+OZONE_CONF_DIR=/etc/hadoop
+OZONE_LOG_DIR=/var/log/hadoop
+
+no_proxy=om,scm,s3g,recon,kdc,localhost,127.0.0.1
+
+# Explicitly enable filesystem snapshot feature for this Docker compose cluster
+OZONE-SITE.XML_ozone.filesystem.snapshot.enabled=true
+
+# To enable Ranger as the Authorizer in Ozone
+OZONE-SITE.XML_ozone.acl.enabled=true
+OZONE-SITE.XML_ozone.acl.authorizer.class=org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer