編譯安裝大數據平臺權限管理組件 - Apache Ranger 3.x

時間 2021-01-19

標籤 html java node python mysql linux git github sql 數據庫欄目 Apache 简体版

原文原文鏈接

官方文檔：html

https://ranger.apache.org/quick_start_guide.html

編譯Ranger源碼

首先準備好Java和Maven環境：java

[root@hadoop01 ~]# java -version
java version "1.8.0_261"
Java(TM) SE Runtime Environment (build 1.8.0_261-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.261-b12, mixed mode)
[root@hadoop01 ~]# mvn -v
Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f)
Maven home: /usr/local/maven
Java version: 1.8.0_261, vendor: Oracle Corporation, runtime: /usr/local/jdk/1.8/jre
Default locale: zh_CN, platform encoding: UTF-8
OS name: "linux", version: "3.10.0-1062.el7.x86_64", arch: "amd64", family: "unix"
[root@hadoop01 ~]#

Tips：Maven需配置好國內的鏡像源，不然依賴下一天也下載不下來

直接從GitHub上拉取Ranger的源碼，或者從官網下載相應版本的源碼包：node

[root@hadoop01 ~]# cd /usr/local/src
[root@hadoop01 /usr/local/src]# git clone https://github.com/apache/ranger

進入源碼目錄：cd ranger，修改該目錄下的pom文件，主要修改兩個地方，第一是將倉庫相關配置都給註釋掉：python

<!--
    <repositories>
        <repository>
            <id>apache.snapshots.https</id>
            <name>Apache Development Snapshot Repository</name>
            <url>https://repository.apache.org/content/repositories/snapshots</url>
            <snapshots>
                <enabled>true</enabled>
            </snapshots>
        </repository>
        <repository>
            <id>apache.public.https</id>
            <name>Apache Development Snapshot Repository</name>
            <url>https://repository.apache.org/content/repositories/public</url>
            <releases>
                <enabled>true</enabled>
            </releases>
            <snapshots>
                <enabled>false</enabled>
            </snapshots>
        </repository>
    <repository>
      <id>repo</id>
      <url>file://${basedir}/local-repo</url>
      <snapshots>
         <enabled>true</enabled>
      </snapshots>
  </repository>
    </repositories>
-->

第二是修改hadoop相關組件的version，將版本改成你所安裝的版本：mysql

<hadoop.version>3.3.0</hadoop.version>
<hbase.version>2.2.6</hbase.version>
<hive.version>3.1.2</hive.version>

Tips：若是須要用Ranger管理其餘組件，也須要找到其版本定義，修改成一致的版本，避免整合時發生版本不兼容等問題

而後修改security-admin/pom.xml文件中與nodejs的相關配置。在文件內搜索<id>install node and npm</id>，將configuration標籤的內容修改以下：linux

<configuration>
    <nodeVersion>v10.13.0</nodeVersion>
    <!--<npmVersion>6.4.1</npmVersion>-->
</configuration>

而後繼續在文件內搜索<id>npm install for packaging</id>，將configuration標籤的內容修改以下：git

<configuration>
    <workingDirectory>${project.build.directory}/jsmain</workingDirectory>
    <arguments>install -registry=https://registry.npm.taobao.org --cache-max=0 --no-save</arguments>
</configuration>

繼續在文件內搜索<id>npm install for tests</id>，將configuration標籤的內容修改以下：github

<configuration>
    <skip>${skipJSTests}</skip>
    <workingDirectory>${project.build.directory}/jstest</workingDirectory>
    <arguments>install -registry=https://registry.npm.taobao.org --cache-max=0 --no-save</arguments>
</configuration>

完成以上的修改後，使用maven命令進行編譯打包：sql

[root@hadoop01 /usr/local/src]# cd ranger/
[root@hadoop01 /usr/local/src/ranger]# mvn -DskipTests=true clean package

通過一段漫長的等待後，編譯打包完成將輸出以下信息：數據庫

[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for ranger 3.0.0-SNAPSHOT:
[INFO] 
[INFO] ranger ............................................. SUCCESS [  0.763 s]
[INFO] Jdbc SQL Connector ................................. SUCCESS [  0.903 s]
[INFO] Credential Support ................................. SUCCESS [ 35.119 s]
[INFO] Audit Component .................................... SUCCESS [ 24.206 s]
[INFO] ranger-plugin-classloader .......................... SUCCESS [  0.823 s]
[INFO] Common library for Plugins ......................... SUCCESS [  4.650 s]
[INFO] ranger-intg ........................................ SUCCESS [  1.672 s]
[INFO] Installer Support Component ........................ SUCCESS [  0.494 s]
[INFO] Credential Builder ................................. SUCCESS [  2.276 s]
[INFO] Embedded Web Server Invoker ........................ SUCCESS [  4.777 s]
[INFO] Key Management Service ............................. SUCCESS [ 27.430 s]
[INFO] HBase Security Plugin Shim ......................... SUCCESS [01:47 min]
[INFO] HBase Security Plugin .............................. SUCCESS [ 25.536 s]
[INFO] Hdfs Security Plugin ............................... SUCCESS [ 13.548 s]
[INFO] Hive Security Plugin ............................... SUCCESS [01:41 min]
[INFO] Knox Security Plugin Shim .......................... SUCCESS [ 12.290 s]
[INFO] Knox Security Plugin ............................... SUCCESS [02:12 min]
[INFO] Storm Security Plugin .............................. SUCCESS [  3.999 s]
[INFO] YARN Security Plugin ............................... SUCCESS [  1.452 s]
[INFO] Ozone Security Plugin .............................. SUCCESS [ 16.509 s]
[INFO] Ranger Util ........................................ SUCCESS [  1.000 s]
[INFO] Unix Authentication Client ......................... SUCCESS [  0.590 s]
[INFO] User Group Synchronizer Util ....................... SUCCESS [  0.457 s]
[INFO] Security Admin Web Application ..................... SUCCESS [01:15 min]
[INFO] KAFKA Security Plugin .............................. SUCCESS [ 13.393 s]
[INFO] SOLR Security Plugin ............................... SUCCESS [ 19.696 s]
[INFO] NiFi Security Plugin ............................... SUCCESS [  1.556 s]
[INFO] NiFi Registry Security Plugin ...................... SUCCESS [  1.586 s]
[INFO] Kudu Security Plugin ............................... SUCCESS [  0.809 s]
[INFO] Unix User Group Synchronizer ....................... SUCCESS [ 34.854 s]
[INFO] Ldap Config Check Tool ............................. SUCCESS [  0.643 s]
[INFO] Unix Authentication Service ........................ SUCCESS [  0.917 s]
[INFO] Unix Native Authenticator .......................... SUCCESS [  0.475 s]
[INFO] KMS Security Plugin ................................ SUCCESS [  7.668 s]
[INFO] Tag Synchronizer ................................... SUCCESS [02:24 min]
[INFO] Hdfs Security Plugin Shim .......................... SUCCESS [  0.906 s]
[INFO] Hive Security Plugin Shim .......................... SUCCESS [  5.423 s]
[INFO] YARN Security Plugin Shim .......................... SUCCESS [  0.914 s]
[INFO] OZONE Security Plugin Shim ......................... SUCCESS [  0.944 s]
[INFO] Storm Security Plugin shim ......................... SUCCESS [  0.961 s]
[INFO] KAFKA Security Plugin Shim ......................... SUCCESS [  0.881 s]
[INFO] SOLR Security Plugin Shim .......................... SUCCESS [  1.096 s]
[INFO] Atlas Security Plugin Shim ......................... SUCCESS [ 12.065 s]
[INFO] KMS Security Plugin Shim ........................... SUCCESS [  7.139 s]
[INFO] ranger-examples .................................... SUCCESS [  0.017 s]
[INFO] Ranger Examples - Conditions and ContextEnrichers .. SUCCESS [  1.479 s]
[INFO] Ranger Examples - SampleApp ........................ SUCCESS [  0.384 s]
[INFO] Ranger Examples - Ranger Plugin for SampleApp ...... SUCCESS [  0.831 s]
[INFO] sample-client ...................................... SUCCESS [  0.865 s]
[INFO] Apache Ranger Examples Distribution ................ SUCCESS [  1.262 s]
[INFO] Ranger Tools ....................................... SUCCESS [  3.747 s]
[INFO] Atlas Security Plugin .............................. SUCCESS [  1.149 s]
[INFO] SchemaRegistry Security Plugin ..................... SUCCESS [ 32.873 s]
[INFO] Sqoop Security Plugin .............................. SUCCESS [  6.273 s]
[INFO] Sqoop Security Plugin Shim ......................... SUCCESS [  0.810 s]
[INFO] Kylin Security Plugin .............................. SUCCESS [03:13 min]
[INFO] Kylin Security Plugin Shim ......................... SUCCESS [  9.244 s]
[INFO] Presto Security Plugin ............................. SUCCESS [ 21.863 s]
[INFO] Presto Security Plugin Shim ........................ SUCCESS [01:42 min]
[INFO] Elasticsearch Security Plugin Shim ................. SUCCESS [  3.510 s]
[INFO] Elasticsearch Security Plugin ...................... SUCCESS [  1.047 s]
[INFO] Apache Ranger Distribution ......................... SUCCESS [03:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------

此時在target目錄下能夠看到打包好的插件安裝包：

[root@hadoop01 /usr/local/src/ranger]# ls target/
antrun                                             ranger-3.0.0-SNAPSHOT-hive-plugin.tar.gz     ranger-3.0.0-SNAPSHOT-presto-plugin.tar.gz        ranger-3.0.0-SNAPSHOT-storm-plugin.tar.gz
maven-shared-archive-resources                     ranger-3.0.0-SNAPSHOT-kafka-plugin.tar.gz    ranger-3.0.0-SNAPSHOT-ranger-tools.tar.gz         ranger-3.0.0-SNAPSHOT-tagsync.tar.gz
ranger-3.0.0-SNAPSHOT-admin.tar.gz                 ranger-3.0.0-SNAPSHOT-kms.tar.gz             ranger-3.0.0-SNAPSHOT-schema-registry-plugin.jar  ranger-3.0.0-SNAPSHOT-usersync.tar.gz
ranger-3.0.0-SNAPSHOT-atlas-plugin.tar.gz          ranger-3.0.0-SNAPSHOT-knox-plugin.tar.gz     ranger-3.0.0-SNAPSHOT-solr_audit_conf.tar.gz      ranger-3.0.0-SNAPSHOT-yarn-plugin.tar.gz
ranger-3.0.0-SNAPSHOT-elasticsearch-plugin.tar.gz  ranger-3.0.0-SNAPSHOT-kylin-plugin.tar.gz    ranger-3.0.0-SNAPSHOT-solr-plugin.tar.gz          version
ranger-3.0.0-SNAPSHOT-hbase-plugin.tar.gz          ranger-3.0.0-SNAPSHOT-migration-util.tar.gz  ranger-3.0.0-SNAPSHOT-sqoop-plugin.tar.gz
ranger-3.0.0-SNAPSHOT-hdfs-plugin.tar.gz           ranger-3.0.0-SNAPSHOT-ozone-plugin.tar.gz    ranger-3.0.0-SNAPSHOT-src.tar.gz
[root@hadoop01 /usr/local/src/ranger]#

nodejs 下載失敗解決

若是遇到node沒法下載或下載緩慢的狀況下，能夠嘗試手動下載相應版本的壓縮包，並放到對應的maven倉庫目錄下。例如，根據輸出信息：

[INFO] Installing node version v10.13.0
[INFO] Downloading https://nodejs.org/dist/v10.13.0/node-v10.13.0-linux-x64.tar.gz to /root/.m2/repository/com/github/eirslett/node/10.13.0/node-10.13.0-linux-x64.tar.gz
[INFO] No proxies configured
[INFO] No proxy was configured, downloading directly

能夠得知目標目路徑爲 /root/.m2/repository/com/github/eirslett/node/10.13.0/node-10.13.0-linux-x64.tar.gz，因而建立目錄：

$ mkdir -p /root/.m2/repository/com/github/eirslett/node/10.13.0/

並將本身下載的壓縮包拷貝到該目錄下：

$ cp node-v10.13.0-linux-x64.tar.gz /root/.m2/repository/com/github/eirslett/node/10.13.0/node-10.13.0-linux-x64.tar.gz

部署Ranger Admin

將ranger admin的安裝包解壓到合適的目錄下，我這裏習慣放到/usr/local：

[root@hadoop01 /usr/local/src/ranger]# tar -zxvf target/ranger-3.0.0-SNAPSHOT-admin.tar.gz -C /usr/local/

[root@hadoop01 /usr/local/src/ranger]# cd /usr/local/ranger-3.0.0-SNAPSHOT-admin/
[root@hadoop01 /usr/local/ranger-3.0.0-SNAPSHOT-admin]# ls
bin                    contrib  dba_script.py           ews                 ranger_credential_helper.py  set_globals.sh           templates-upgrade                 upgrade_admin.py
changepasswordutil.py  cred     db_setup.py             install.properties  restrict_permissions.py      setup_authentication.sh  update_property.py                upgrade.sh
changeusernameutil.py  db       deleteUserGroupUtil.py  jisql               rolebasedusersearchutil.py   setup.sh                 updateUserAndGroupNamesInJson.py  version
[root@hadoop01 /usr/local/ranger-3.0.0-SNAPSHOT-admin]#

配置安裝選項：

[root@hadoop01 /usr/local/ranger-3.0.0-SNAPSHOT-admin]# vim install.properties 
# 指定MySQL驅動包所在的路徑
SQL_CONNECTOR_JAR=/usr/local/src/mysql-connector-java-8.0.21.jar

# 配置root用戶名密碼以及MySQL實例的鏈接地址
db_root_user=root
db_root_password=123456a.
db_host=192.168.1.11

# 配置操做ranger庫的用戶名密碼
db_name=ranger
db_user=root
db_password=123456a.

# 指定審計日誌的存儲方式
audit_store=db
audit_db_user=root
audit_db_name=ranger
audit_db_password=123456a.

在MySQL中建立ranger數據庫：

create database ranger;

因爲我這裏使用的是MySQL8.x，須要修改一下數據庫相關的腳本。打開dba_script.py和db_setup.py文件，搜索以下內容：

-cstring jdbc:mysql://%s/%s%s

將其所有修改成以下所示，主要是添加JDBC的serverTimezone鏈接參數：

-cstring jdbc:mysql://%s/%s%s?serverTimezone=Asia/Shanghai

而後執行以下命令開始安裝ranger admin：

[root@hadoop01 /usr/local/ranger-3.0.0-SNAPSHOT-admin]# ./setup.sh

報錯解決

安裝過程當中若是報以下錯誤：

SQLException : SQL state: HY000 java.sql.SQLException: Operation CREATE USER failed for 'root'@'localhost' ErrorCode: 1396

SQLException : SQL state: 42000 java.sql.SQLSyntaxErrorException: Access denied for user 'root'@'192.168.1.11' to database 'mysql' ErrorCode: 1044

解決方式，就是在MySQL中執行以下語句：

flush privileges;
grant system_user on *.* to 'root';
drop user'root'@'localhost';
create user 'root'@'localhost' identified by '123456a.';
grant all privileges on *.* to 'root'@'localhost' with grant option;

drop user'root'@'192.168.1.11';
create user 'root'@'192.168.1.11' identified by '123456a.';
grant all privileges on *.* to 'root'@'192.168.1.11' with grant option;
flush privileges;

若是報以下錯誤：

SQLException : SQL state: HY000 java.sql.SQLException: This function has none of DETERMINISTIC, NO SQL, or READS SQL DATA in its declaration and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable) ErrorCode: 1418

解決方式：

set global log_bin_trust_function_creators=TRUE;
flush privileges;

若是報以下錯誤：

SQLException : SQL state: HY000 java.sql.SQLException: Cannot drop table 'x_policy' referenced by a foreign key constraint 'x_policy_ref_role_FK_policy_id' on table 'x_policy_ref_role'. ErrorCode: 3730

解決方式：刪除ranger庫中全部的表，再從新執行./setup.sh

安裝完成後最終會輸出：

Installation of Ranger PolicyManager Web Application is completed.

啓動Ranger Admin

修改配置文件，配置數據庫鏈接密碼和jdbc url時區參數：

[root@hadoop01 /usr/local/ranger-3.0.0-SNAPSHOT-admin]# vim conf/ranger-admin-site.xml
...

<property>
        <name>ranger.jpa.jdbc.url</name>
        <value>jdbc:log4jdbc:mysql://192.168.1.11/ranger?serverTimezone=Asia/Shanghai</value>
        <description />
</property>
<property>
        <name>ranger.jpa.jdbc.password</name>
        <value>123456a.</value>
        <description />
</property>

...

啓動命令以下：

[root@hadoop01 /usr/local/ranger-3.0.0-SNAPSHOT-admin]# ranger-admin start 
Starting Apache Ranger Admin Service
Apache Ranger Admin Service failed to start!
[root@hadoop01 /usr/local/ranger-3.0.0-SNAPSHOT-admin]#

能夠看到啓動失敗了，具體緣由須要查看日誌信息。ranger admin的日誌目錄配置在conf/ranger-admin-env-logdir.sh文件中，默認是$RANGER_ADMIN_HOME/ews/logs/。查看日誌文件得知關鍵的報錯信息以下：

[root@hadoop01 /usr/local/ranger-3.0.0-SNAPSHOT-admin]# cat /usr/local/ranger-3.0.0-SNAPSHOT-admin/ews/logs/catalina.out
...
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/commons/compress/archivers/tar/TarArchiveInputStream
...

很明顯是找不到TarArchiveInputStream這個類。該類處於Apache的commons-compress包中，解決起來也簡單，首先到中央倉庫上將該jar包下載下來：

https://mvnrepository.com/artifact/org.apache.commons/commons-compress

而後放到ews/lib/目錄下：

[root@hadoop01 /usr/local/ranger-3.0.0-SNAPSHOT-admin]# ls ews/lib/ |grep commons-compress
commons-compress-1.20.jar
[root@hadoop01 /usr/local/ranger-3.0.0-SNAPSHOT-admin]#

從新啓動ranger admin，此次就啓動成功了：

[root@hadoop01 /usr/local/ranger-3.0.0-SNAPSHOT-admin]# ranger-admin start 
Starting Apache Ranger Admin Service
Apache Ranger Admin Service with pid 52505 has started.
[root@hadoop01 /usr/local/ranger-3.0.0-SNAPSHOT-admin]#

檢查端口和進程是否正常：

[root@hadoop01 /usr/local/ranger-3.0.0-SNAPSHOT-admin]# jps
52626 Jps
52505 EmbeddedServer
[root@hadoop01 /usr/local/ranger-3.0.0-SNAPSHOT-admin]# netstat -lntp |grep 52505
tcp6       0      0 :::6080                 :::*             LISTEN      52505/java          
tcp6       0      0 127.0.0.1:6085          :::*             LISTEN      52505/java          
[root@hadoop01 /usr/local/ranger-3.0.0-SNAPSHOT-admin]#

使用瀏覽器訪問6080端口，進入到登陸頁面，默認用戶名和密碼均爲admin：

登陸成功後，進入到首頁，以下：

Ranger HDFS Plugin安裝

解壓hdfs plugin的安裝包到合適的目錄下：

[root@hadoop01 ~]# mkdir /usr/local/ranger-plugin
[root@hadoop01 ~]# tar -zxvf /usr/local/src/ranger/target/ranger-3.0.0-SNAPSHOT-hdfs-plugin.tar.gz -C /usr/local/ranger-plugin
[root@hadoop01 ~]# cd /usr/local/ranger-plugin/
[root@hadoop01 /usr/local/ranger-plugin]# mv ranger-3.0.0-SNAPSHOT-hdfs-plugin/ hdfs-plugin

[root@hadoop01 /usr/local/ranger-plugin/hdfs-plugin]# ls
disable-hdfs-plugin.sh  enable-hdfs-plugin.sh  install  install.properties  lib  ranger_credential_helper.py  upgrade-hdfs-plugin.sh  upgrade-plugin.py
[root@hadoop01 /usr/local/ranger-plugin/hdfs-plugin]#

配置安裝選項：

[root@hadoop01 /usr/local/ranger-plugin/hdfs-plugin]# vim install.properties
# 指定ranger admin服務的訪問地址
POLICY_MGR_URL=http://192.168.243.142:6080
# 配置倉庫配置，可自定義
REPOSITORY_NAME=dev_hdfs
# 配置hadoop的安裝目錄
COMPONENT_INSTALL_DIR_NAME=/usr/local/hadoop-2.6.0-cdh5.16.2
# 配置hdfs的目錄
XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit
XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%

# 配置用戶和用戶組
CUSTOM_USER=root
CUSTOM_GROUP=root

執行以下腳本開啓hdfs-plugin：

[root@hadoop01 /usr/local/ranger-plugin/hdfs-plugin]# ./enable-hdfs-plugin.sh

若是報以下錯誤：

Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/commons/lang3/StringUtils

Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/commons/compress/archivers/tar/TarArchiveInputStream

拷貝缺失的jar包到install/lib/目錄下：

[root@hadoop01 /usr/local/ranger-plugin/hdfs-plugin]# cp /usr/local/ranger-3.0.0-SNAPSHOT-admin/ews/lib/commons-lang3-3.3.2.jar ./install/lib/
[root@hadoop01 /usr/local/ranger-plugin/hdfs-plugin]# cp /usr/local/ranger-3.0.0-SNAPSHOT-admin/ews/lib/commons-compress-1.20.jar ./install/lib/

腳本執行成功後，會輸出以下內容：

Ranger Plugin for hadoop has been enabled. Please restart hadoop to ensure that changes are effective.

重啓Hadoop：

[root@hadoop01 ~]# stop-all.sh 
[root@hadoop01 ~]# start-all.sh

驗證權限控制

到Ranger Admin上添加hdfs service，這裏的Service Name需與配置文件中的配置所對應上：

填寫相應信息：

填寫完成後，到頁面底部點擊「Test Connection」測試可否正常鏈接，確承認以正常鏈接後點擊「Add」完成新增：

在hdfs中建立一些測試目錄和文件：

[root@hadoop01 ~]# hdfs dfs -mkdir /rangertest1
[root@hadoop01 ~]# hdfs dfs -mkdir /rangertest2
[root@hadoop01 ~]# echo "ranger test" > testfile
[root@hadoop01 ~]# hdfs dfs -put testfile /rangertest1
[root@hadoop01 ~]# hdfs dfs -put testfile /rangertest2

而後到Ranger Admin上添加Ranger的內部用戶，「Settings」 -> 「Add New User」，填寫用戶信息：

接着添加權限策略，「Access Manager」 -> 「dev_hdfs」 -> 「Add New Policy」，配置權限策略所做用的用戶、目錄等信息：

拉到底部點擊「Add」完成添加後，能夠看到新增了一條策略配置：

回到操做系統，切換到hive用戶，測試可否正常讀取目錄、文件：

[root@hadoop01 ~]# sudo su - hive
上一次登陸：一 11月  9 21:08:34 CST 2020pts/3 上
[hive@hadoop01 ~]$ hdfs dfs -ls /rangertest1
Found 1 items
-rw-r--r--   1 root supergroup         12 2020-11-11 16:26 /rangertest1/testfile
[hive@hadoop01 ~]$ hdfs dfs -cat /rangertest1/testfile
ranger test
[hive@hadoop01 ~]$

測試寫操做，此時會發現可以正常往rangertest1目錄添加文件，但往rangertest2目錄添加文件就會報錯，由於咱們只賦予了rangertest1目錄的讀寫權限：

[hive@hadoop01 ~]$ hdfs dfs -put testfile2 /rangertest1
[hive@hadoop01 ~]$ hdfs dfs -put testfile2 /rangertest2
put: Permission denied: user=hive, access=WRITE, inode="/rangertest2":root:supergroup:drwxr-xr-x
[hive@hadoop01 ~]$

至此，Ranger對HDFS的權限控制也驗證經過了。除此以外，你也能夠進行其餘的測試，其餘組件的ranger plugin也是相似的，在本文中就不一一演示了。