4. Knox

To enable the Ranger Knox plugin, perform the steps described below.

  1. Navigate to the Knox service.

  2. Click on the Config tab and navigate to advance ranger-knox-plugin-properties and modify the values in the Knox Plugin Properties table shown below.

  3. Make sure to select the Enable Ranger for Knox checkbox.

  4. When you select the checkbox, a warning dialog popup will be opened.

  5. Click on the Apply button to save the changes.

  6. Ambari will display a Restart indicator.

  7. Restart the Ranger Knox component.

     

    Table 4.4. Knox Plugin Properties

    Configuration Property NameDescriptionDefault ValueExample ValueRequired?
    Enable Ranger for KNOXFlag used to enable/disable Knox functionality for Ranger.FALSE Yes
    Audit to HDFSFlag used to enable/disable Knox audit logging. If Knox audit logging is turned off, it will not log any access control to Knox.FALSE Yes
    Audit to DBFlag to enable/disable database audit logging. If the database audit logging is turned off, it will not log any access control to database.FALSE Yes
    policy User for Knox    
    Ranger repository config password    
    Ranger repository config user    

    common.name

    for.certificate

        
    KNOX_HOME    

    SSL_KEYSTORE_

    FILE_PATH

    The Java Keystore path wwhere the SSL key for the plugin is stored. This is only used if SSL is enabled between the Policy Admin tool and plugin./etc/knox/conf/ranger-plugin-truststore.jks/etc/knox/conf/ranger-plugin-truststore.jksYes, if SSL is enabled

    SSL_KEYSTORE_

    PASSWORD

    The password associated with SSL Keystore. This is only used if SSL is enabled between the Policy Admin tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not enabledMyKeyFilePasswordMyKeyFilePasswordYes, if SSL is enabled

    SSL_TRUSTSTORE_

    FILE_PATH

    The Java Keystore path where the trusted certificates are stored for verifying SSL connection to the Policy Admin tool. This is only used if SSL is enabled between the Policy Admin tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not enabled./etc/knox/conf/ranger-plugin-truststore.jks/etc/knox/conf/ranger-plugin-truststore.jksYes, if SSL is enabled

    SSL_TRUSTSTORE_

    PASSWORD

    The password associated with the truststore file. This is only used if SSL is enabled between the Policy Admin tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not enabled.changeitchangeitYes, if SSL is enabled