To enable the Ranger Knox plugin, perform the steps described below.
Navigate to the Knox service.
Click on the Config tab and navigate to advance ranger-knox-plugin-properties and modify the values in the Knox Plugin Properties table shown below.
Make sure to select the Enable Ranger for Knox checkbox.
When you select the checkbox, a warning dialog popup will be opened.
Click on the Apply button to save the changes.
Ambari will display a Restart indicator.
Restart the Ranger Knox component.
Table 4.4. Knox Plugin Properties
Configuration Property Name Description Default Value Example Value Required? Enable Ranger for KNOX Flag used to enable/disable Knox functionality for Ranger. FALSE Yes Audit to HDFS Flag used to enable/disable Knox audit logging. If Knox audit logging is turned off, it will not log any access control to Knox. FALSE Yes Audit to DB Flag to enable/disable database audit logging. If the database audit logging is turned off, it will not log any access control to database. FALSE Yes policy User for Knox Ranger repository config password Ranger repository config user common.name
for.certificate
KNOX_HOME SSL_KEYSTORE_
FILE_PATH
The Java Keystore path wwhere the SSL key for the plugin is stored. This is only used if SSL is enabled between the Policy Admin tool and plugin. /etc/knox/conf/ranger-plugin-truststore.jks /etc/knox/conf/ranger-plugin-truststore.jks Yes, if SSL is enabled SSL_KEYSTORE_
PASSWORD
The password associated with SSL Keystore. This is only used if SSL is enabled between the Policy Admin tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not enabled MyKeyFilePassword MyKeyFilePassword Yes, if SSL is enabled SSL_TRUSTSTORE_
FILE_PATH
The Java Keystore path where the trusted certificates are stored for verifying SSL connection to the Policy Admin tool. This is only used if SSL is enabled between the Policy Admin tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not enabled. /etc/knox/conf/ranger-plugin-truststore.jks /etc/knox/conf/ranger-plugin-truststore.jks Yes, if SSL is enabled SSL_TRUSTSTORE_
PASSWORD
The password associated with the truststore file. This is only used if SSL is enabled between the Policy Admin tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not enabled. changeit changeit Yes, if SSL is enabled