1. HDFS

Ranger plugins are enabled from the Ranger service itself. To enable the ranger HDFS plugin, perform the steps described below.

  1. Select HDFS from the service and click on the Configs tab.

  2. Navigate to advanced ranger-hdfs-plugin-properties and select the Enable Ranger for HDFS checkbox.

  3. Select audit settings (Audit to DB or Audit to HDFS) and enter values accordingly. Note that only if Audit to HDFS is selected, settings related to that config will be shown. Refer to the table shown below for the different audit settings you can modify.

  4. Save the configuration.

  5. Ambari will display a restart indicator. Restart the HDFS component.

  6. After the component is restarted, the Ranger plugin for HDFS will be enabled.

     

    Table 4.1. HDFS Plugin Configuration Properties

    Configuration Property NameDescriptionDefault ValueExample ValueRequired?
    Enable Ranger for HDFSFlag used to enable/disable Hive funcitonality for Ranger.FALSE Yes
    Audit to HDFSFlag used to enable/disable HDFS audit logging. If HDFS audit logging is turned off, it will not log any access control to HDFS.FALSE Yes
    Audit to DBFlag to enable/disable database audit logging. If the database audit logging is turned off, it will not log any access to the database.FALSE Yes
    Ranger repository config password    
    Ranger repository config user    

    common.name.

    for.certificate

        
    hadoop.rpc.protectionConfiguration parameter used to control the quality of protection in the Hadoop cluster. Options are: Authentication, Integrity, and Privacy. auth-intNo
    policy_user    

    SSL_KEYSTORE_

    FILE_PATH

    Java Keystore Path where the SSL key for the plugin is stored. This is used only if SSL is enabled between the Policy Admin Tool and Plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY is SSL is not used./etc/hadoop/conf/ranger-plugin-keystore.jks/etc/hadoop/conf/ranger-plugin-keystore.jksYes, if only SSL is emanled

    SSL_KEYSTORE_

    PASSWORD

    Password associated with SSL Keystore. Is used only if SSL is enabled between Policy Admin Tool and Plugin; if SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not used.NoneNoneYes, if SSL is enabled.

    SSL_KEYSTORE_

    FILEPATH

    Java Keystore Path where the trusted certificates are stored for verifying SSL connections to the Policy Admin Tool. Is used only if SSL is enabled between the Policy Admin Tool and Plugin; if SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not used./etc/hadoop/conf/ranger-plugin-truststore.jks/etc/hadoop/conf/ranger-plugin-truststore.jksYes, if SSL is enabled.

    SSL_TRUSTSTORE_

    PASSWORD

    Password associated with Truststore file. Is used only if SSL is enabled between the Policy Admin Tool and Plugin; if SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not used.NoneNoneYes, if SSL is enabled.