RANGER-5494: docker setup fix for startup errors in ranger-hive, ranger-tagsync, ranger-solr containers (#855)

mneethiraj · web-flow · commit 9d4cf45c4f19 · 2026-02-19T17:55:19.000-08:00
diff --git a/dev-support/ranger-docker/Dockerfile.ranger-tagsync b/dev-support/ranger-docker/Dockerfile.ranger-tagsync
@@ -29,7 +29,6 @@ RUN tar xvfz /home/ranger/dist/ranger-${TAGSYNC_VERSION}-tagsync.tar.gz --direct
     rm -f ${RANGER_HOME}/tagsync/install.properties && \
     mkdir -p /opt/ranger/tagsync/data /var/run/ranger /var/log/ranger/tagsync /etc/ranger && \
     cp -f ${RANGER_SCRIPTS}/ranger-tagsync-install.properties ${RANGER_HOME}/tagsync/install.properties && \
-    cp -f ${RANGER_SCRIPTS}/ranger-tagsync-tags.json ${RANGER_HOME}/tagsync/data/tags.json && \
     mkdir /etc/init.d || true && \
     mkdir /etc/rc2.d  || true && \
     mkdir /etc/rc3.d  || true && \
diff --git a/dev-support/ranger-docker/README.md b/dev-support/ranger-docker/README.md
@@ -53,7 +53,7 @@ Execute following command to build Apache Ranger:
 # optional step: a fresh build ensures that the correct jdk version is used
 docker compose -f docker-compose.ranger-build.yml build
 
-docker compose -f docker-compose.ranger-build.yml up -d
+docker compose -f docker-compose.ranger-build.yml up
 ~~~
 Time taken to complete the build might vary (upto an hour), depending on status of ```${HOME}/.m2``` directory cache.  
 
diff --git a/dev-support/ranger-docker/docker-compose.ranger-tagsync.yml b/dev-support/ranger-docker/docker-compose.ranger-tagsync.yml
@@ -16,7 +16,7 @@ services:
       - ./scripts/kdc/krb5.conf:/etc/krb5.conf
       - ./scripts/hadoop/core-site.xml:/home/ranger/scripts/core-site.xml:ro
       - ./dist/version:/home/ranger/dist/version:ro
-      - ./scripts/tagsync/ranger-tagsync-tags.json:/home/ranger/scripts/ranger-tagsync-tags.json
+      - ./scripts/tagsync/ranger-tagsync-tags.json:/opt/ranger/tagsync/data/tags.json:ro
       - ./scripts/tagsync/ranger-tagsync-install.properties:/opt/ranger/tagsync/install.properties
     stdin_open: true
     tty: true
diff --git a/dev-support/ranger-docker/scripts/hive/hive-log4j2.properties b/dev-support/ranger-docker/scripts/hive/hive-log4j2.properties
@@ -0,0 +1,97 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+status = INFO
+name = HiveLog4j2
+packages = org.apache.hadoop.hive.ql.log
+
+# list of properties
+# Change to DEBUG for detailed troubleshooting
+property.hive.log.level = INFO
+property.hive.root.logger = DRFA
+property.hive.log.dir = /opt/hive/logs
+property.hive.log.file = hiveserver2.log
+property.hive.perflogger.log.level = INFO
+
+# list of all appenders
+appenders = console, DRFA
+
+# console appender
+appender.console.type = Console
+appender.console.name = console
+appender.console.target = SYSTEM_ERR
+appender.console.layout.type = PatternLayout
+appender.console.layout.pattern = %d{ISO8601} %5p [%t] %c{2}: %m%n
+
+# daily rolling file appender
+appender.DRFA.type = RollingRandomAccessFile
+appender.DRFA.name = DRFA
+appender.DRFA.fileName = ${hive.log.dir}/${hive.log.file}
+# Use %pid in the filePattern to append <process-id>@<host-name> to the filename if you want separate log files for different CLI session
+appender.DRFA.filePattern = ${hive.log.dir}/${hive.log.file}.%d{yyyy-MM-dd}
+appender.DRFA.layout.type = PatternLayout
+appender.DRFA.layout.pattern = %d{ISO8601} %5p [%t] %c{2}: %m%n
+appender.DRFA.policies.type = Policies
+appender.DRFA.policies.time.type = TimeBasedTriggeringPolicy
+appender.DRFA.policies.time.interval = 1
+appender.DRFA.policies.time.modulate = true
+appender.DRFA.strategy.type = DefaultRolloverStrategy
+appender.DRFA.strategy.max = 30
+
+# list of all loggers
+loggers = NIOServerCnxn, ClientCnxnSocketNIO, DataNucleus, Datastore, JPOX, PerfLogger, AmazonAws, ApacheHttp, RangerAuth
+
+logger.NIOServerCnxn.name = org.apache.zookeeper.server.NIOServerCnxn
+logger.NIOServerCnxn.level = WARN
+
+logger.ClientCnxnSocketNIO.name = org.apache.zookeeper.ClientCnxnSocketNIO
+logger.ClientCnxnSocketNIO.level = WARN
+
+logger.DataNucleus.name = DataNucleus
+logger.DataNucleus.level = ERROR
+
+logger.Datastore.name = Datastore
+logger.Datastore.level = ERROR
+
+logger.JPOX.name = JPOX
+logger.JPOX.level = ERROR
+
+logger.AmazonAws.name=com.amazonaws
+logger.AmazonAws.level = INFO
+
+logger.ApacheHttp.name=org.apache.http
+logger.ApacheHttp.level = INFO
+
+logger.PerfLogger.name = org.apache.hadoop.hive.ql.log.PerfLogger
+logger.PerfLogger.level = ${hive.perflogger.log.level}
+
+# Ranger authorization logger
+logger.RangerAuth.name = org.apache.ranger
+logger.RangerAuth.level = INFO
+
+#
+# Hive authentication
+# logger.HiveAuth.name = org.apache.hadoop.hive.ql.security
+# logger.HiveAuth.level = DEBUG
+#
+# Security and Kerberos
+# logger.SecurityAuth.name = org.apache.hadoop.security
+# logger.SecurityAuth.level = DEBUG
+
+# root logger (controls all packages unless overridden above)
+rootLogger.level = ${hive.log.level}
+rootLogger.appenderRefs = root
+rootLogger.appenderRef.root.ref = ${hive.root.logger}
diff --git a/dev-support/ranger-docker/scripts/hive/hive-metastore-log4j2.properties b/dev-support/ranger-docker/scripts/hive/hive-metastore-log4j2.properties
@@ -0,0 +1,97 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+status = INFO
+name = HiveMetastoreLog4j2
+packages = org.apache.hadoop.hive.ql.log
+
+# list of properties
+# Change to DEBUG for detailed troubleshooting
+property.hive.log.level = INFO
+property.hive.root.logger = DRFA
+property.hive.log.dir = /opt/hive/logs
+property.hive.log.file = metastore.log
+property.hive.perflogger.log.level = INFO
+
+# list of all appenders
+appenders = console, DRFA
+
+# console appender
+appender.console.type = Console
+appender.console.name = console
+appender.console.target = SYSTEM_ERR
+appender.console.layout.type = PatternLayout
+appender.console.layout.pattern = %d{ISO8601} %5p [%t] %c{2}: %m%n
+
+# daily rolling file appender
+appender.DRFA.type = RollingRandomAccessFile
+appender.DRFA.name = DRFA
+appender.DRFA.fileName = ${hive.log.dir}/${hive.log.file}
+# Use %pid in the filePattern to append <process-id>@<host-name> to the filename if you want separate log files for different CLI session
+appender.DRFA.filePattern = ${hive.log.dir}/${hive.log.file}.%d{yyyy-MM-dd}
+appender.DRFA.layout.type = PatternLayout
+appender.DRFA.layout.pattern = %d{ISO8601} %5p [%t] %c{2}: %m%n
+appender.DRFA.policies.type = Policies
+appender.DRFA.policies.time.type = TimeBasedTriggeringPolicy
+appender.DRFA.policies.time.interval = 1
+appender.DRFA.policies.time.modulate = true
+appender.DRFA.strategy.type = DefaultRolloverStrategy
+appender.DRFA.strategy.max = 30
+
+# list of all loggers
+loggers = NIOServerCnxn, ClientCnxnSocketNIO, DataNucleus, Datastore, JPOX, PerfLogger, AmazonAws, ApacheHttp, RangerAuth
+
+logger.NIOServerCnxn.name = org.apache.zookeeper.server.NIOServerCnxn
+logger.NIOServerCnxn.level = WARN
+
+logger.ClientCnxnSocketNIO.name = org.apache.zookeeper.ClientCnxnSocketNIO
+logger.ClientCnxnSocketNIO.level = WARN
+
+logger.DataNucleus.name = DataNucleus
+logger.DataNucleus.level = ERROR
+
+logger.Datastore.name = Datastore
+logger.Datastore.level = ERROR
+
+logger.JPOX.name = JPOX
+logger.JPOX.level = ERROR
+
+logger.AmazonAws.name=com.amazonaws
+logger.AmazonAws.level = INFO
+
+logger.ApacheHttp.name=org.apache.http
+logger.ApacheHttp.level = INFO
+
+logger.PerfLogger.name = org.apache.hadoop.hive.ql.log.PerfLogger
+logger.PerfLogger.level = ${hive.perflogger.log.level}
+
+# Ranger authorization logger
+logger.RangerAuth.name = org.apache.ranger
+logger.RangerAuth.level = INFO
+#
+# Hive authentication
+# logger.HiveAuth.name = org.apache.hadoop.hive.ql.security
+# logger.HiveAuth.level = INFO
+#
+# Security and Kerberos
+# logger.SecurityAuth.name = org.apache.hadoop.security
+# logger.SecurityAuth.level = INFO
+
+# root logger (controls all packages unless overridden above)
+rootLogger.level = ${hive.log.level}
+rootLogger.appenderRefs = root
+rootLogger.appenderRef.root.ref = ${hive.root.logger}
+
diff --git a/dev-support/ranger-docker/scripts/hive/ranger-hive-setup.sh b/dev-support/ranger-docker/scripts/hive/ranger-hive-setup.sh
@@ -35,6 +35,9 @@ fi
 cp ${RANGER_SCRIPTS}/hive-site.xml ${HIVE_HOME}/conf/hive-site.xml
 cp ${RANGER_SCRIPTS}/hive-site.xml ${HIVE_HOME}/conf/hiveserver2-site.xml
 
+# fix to address error during HiveServer2 startup due to java.lang.NoClassDefFoundError: org/apache/commons/collections/CollectionUtils
+cp ${RANGER_HOME}/ranger-hive-plugin/lib/ranger-hive-plugin-impl/commons-collections-3.2.2.jar ${HIVE_HOME}/lib/
+
 mkdir -p ${HADOOP_HOME}/etc/hadoop
 
 cp ${RANGER_SCRIPTS}/core-site.xml ${HADOOP_HOME}/etc/hadoop/core-site.xml
diff --git a/dev-support/ranger-docker/scripts/solr/ranger-solr.sh b/dev-support/ranger-docker/scripts/solr/ranger-solr.sh
@@ -18,11 +18,13 @@
 
 SOLR_INSTALL_DIR=/opt/solr
 
+export RANGER_SCRIPTS=/home/ranger/scripts
+
 if [ "${KERBEROS_ENABLED}" == "true" ]
 then
-  /home/ranger/scripts/wait_for_keytab.sh HTTP.keytab
-  /home/ranger/scripts/wait_for_keytab.sh solr.keytab
-  /home/ranger/scripts/wait_for_testusers_keytab.sh
+  ${RANGER_SCRIPTS}/wait_for_keytab.sh HTTP.keytab
+  ${RANGER_SCRIPTS}/wait_for_keytab.sh solr.keytab
+  ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh
 
   JAAS_CONFIG="-Djava.security.auth.login.config=/opt/solr/server/etc/jaas.conf"
   JAAS_APPNAME="-Dsolr.kerberos.jaas.appname=Client"
@@ -36,6 +38,7 @@ RULE:[2:\$1/\$2@\$0](jhs/.*@EXAMPLE\.COM)s/.*/mapred/\
 DEFAULT"
 
   export SOLR_AUTHENTICATION_OPTS="${JAAS_CONFIG} ${JAAS_APPNAME} ${KRB5_CONF} ${KERBEROS_KEYTAB} ${KERBEROS_PRINCIPAL} ${COOKIE_DOMAIN} ${KERBEROS_NAME_RULES}"
+  export SOLR_AUTH_TYPE=kerberos
 fi
 
 if [ ! -e ${SOLR_INSTALL_DIR}/.setupDone ]
