Ranger plugins are enabled from the Ranger service itself. To enable the ranger HDFS plugin, perform the steps described below.
Select HDFS from the service and click on the Configs tab.
Navigate to advanced ranger-hdfs-plugin-properties and select the Enable Ranger for HDFS checkbox.
Select audit settings (Audit to DB or Audit to HDFS) and enter values accordingly. Note that only if Audit to HDFS is selected, settings related to that config will be shown. Refer to the table shown below for the different audit settings you can modify.
Save the configuration.
Ambari will display a restart indicator. Restart the HDFS component.
After the component is restarted, the Ranger plugin for HDFS will be enabled.
Table 4.1. HDFS Plugin Configuration Properties
Configuration Property Name Description Default Value Example Value Required? Enable Ranger for HDFS Flag used to enable/disable Hive funcitonality for Ranger. FALSE Yes Audit to HDFS Flag used to enable/disable HDFS audit logging. If HDFS audit logging is turned off, it will not log any access control to HDFS. FALSE Yes Audit to DB Flag to enable/disable database audit logging. If the database audit logging is turned off, it will not log any access to the database. FALSE Yes Ranger repository config password Ranger repository config user common.name.
for.certificate
hadoop.rpc.protection Configuration parameter used to control the quality of protection in the Hadoop cluster. Options are: Authentication, Integrity, and Privacy. auth-int No policy_user SSL_KEYSTORE_
FILE_PATH
Java Keystore Path where the SSL key for the plugin is stored. This is used only if SSL is enabled between the Policy Admin Tool and Plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY is SSL is not used. /etc/hadoop/conf/ranger-plugin-keystore.jks /etc/hadoop/conf/ranger-plugin-keystore.jks Yes, if only SSL is emanled SSL_KEYSTORE_
PASSWORD
Password associated with SSL Keystore. Is used only if SSL is enabled between Policy Admin Tool and Plugin; if SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not used. None None Yes, if SSL is enabled. SSL_KEYSTORE_
FILEPATH
Java Keystore Path where the trusted certificates are stored for verifying SSL connections to the Policy Admin Tool. Is used only if SSL is enabled between the Policy Admin Tool and Plugin; if SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not used. /etc/hadoop/conf/ranger-plugin-truststore.jks /etc/hadoop/conf/ranger-plugin-truststore.jks Yes, if SSL is enabled. SSL_TRUSTSTORE_
PASSWORD
Password associated with Truststore file. Is used only if SSL is enabled between the Policy Admin Tool and Plugin; if SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not used. None None Yes, if SSL is enabled.
