Install and Enable Ranger Kafka Plug-in
Extract your build at the appropriate place.
Copy
ranger-<version>-SNAPSHOT-kafka-plugin.tar.gz
toActive_Resourcemanager
host in directory/usr/hdp/<hdp-version>/
.Change directory to
/usr/hdp/<hdp-version>
.Untar
ranger-<version>-SNAPSHOT-SNAPSHOT-kafka-plugin.tar.gz
.Change directories to
ranger-<version>-SNAPSHOT-kafka-plugin
.Edit the
install.properties
file.Enter the appropriate values for each of the following properties:
Table 5.20. install.properties Property Values
Property Values COMPONENT_INSTALL_DIR_NAME /usr/hdp/<hdp-version>/kafka POLICY_MGR_URL http://<FQDN_of_ranger_admin_host>:6080 REPOSITORY_NAME kafkadev Additionally, for the Audit info, Solr/HDFS options are available.
Enable the Kafka plug-in:
export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk.x86_64 ./enable-kafka-plugin.sh
Note In the HA environment, the Knox plug-in must be enabled on all Knox instances.
Stop and start the Kafka gateway:
su kafka -c "/usr/hdp/current/kafka-broker/bin/kafka stop" su kafka -c "/usr/hdp/current/kafka-broker/bin/kafka start"
Create the default repo for Kafka with proper configuration.
In the custom repo configuration, add the component user
kafka
for each of the following properties:policy.grantrevoke.auth.users or policy.download.auth.users
tag.download.auth.users
Use the
Audit->plugins
tab to verify that the Kafka plug-in is communicating with Ranger admin.Note If the Kafka plugin is unable to communicate with Ranger admin, check that the authorizer.class.name property in file
/usr/hdp/<hdp-version>/kafka/config/server.properties
, is set to org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer .