DocsHortonworks Data Platform

 

 5. Storm

Before you can use the Storm plugin, you must first enable Kerberos on your cluster. To enable Kerberos on your cluster:

  1. Add a system (OS) user stormtestuser.

  2. Make sure this user is synced to Ranger Admin (under users/groups tab in the Ranger Admin UI).

  3. Create a Kerberos principal by entering the following command:

    • kadmin.local -q 'addprinc -pw stromtestuser stormtestuser@example.com'

  4. After applying Kerberos setup and creating the user/principal, navigate to the Storm service and click on the Config tab.

  5. Navigate to advanced ranger-storm-plugin-properties and modify the properties shown in the table below.

  6. Select the Enable Ranger for Storm checkbox.

  7. Under the same Config tab, set common.name.for.certificate as blank.

  8. When you select the checkbox, a warning dialog popup window will be opened.

  9. Click on the Apply button to save the changes.

  10. Ambari will display a Restart indicator.

  11. Restart the Ranger Storm component.

     

    Table 4.5. Storm Plugin Properties

    Configuration Property NameDescriptionDefault ValueExample ValueRequired?
    Enable Ranger for STORMFlag used to enable/disable Storm functionality for Ranger.FALSE Yes
    Audit to HDFSFlag used to enable/disable Storm audit logging. If Storm audit logging is turned off, it will not log any access control to Storm.FALSE Yes
    Audit to DBFlag to enable/disable database audit logging. If the database audit logging is turned off, it will not log any access control to database.FALSE Yes
    policy User for Storm    
    Ranger repository config password    
    Ranger repositoy config user    

    common.name.

    for.certificate

    		    

    SSL_KEYSTORE_

    FILE_PATH

    		The Java Keystore path where the SSL key for the plugin is stored. This is only used if SSL is enabled between the Policy Admin tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not enabled./etc/storm/conf/ranger-plugin-truststore.jks/etc/storm/conf/ranger-plugin-truststore.jksYes, if SSL is enabled

    SSL_KEYSTORE_

    PASSWORD

    		The password associated with SSL Keystore. This is only used if SSL is enabled between the Policy Admin tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not enabled.myKeyFilePasswordmyKeyFilePasswordYes, if SSL is enabled

    SSL_TRUSTSTORE_

    FILE_PATH

    		The Java Keystore path where the trusted certificates are stored for the Policy Admin tool. This is only usedif SSL is enabled between the Policy Admin tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not enabled./etc/storem/conf/ranger-plugin-truststore.jks/etc/storm/conf/ranger-plugin-truststore.jksYes, if SSL is enabled

    SSL_TRUSTSTORE_

    PASSWORD

    		The password associated with the truststore file. This is used only if SSL is enabled between the Policy Admin tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not enabled.changeitchangeitYes, if SSL is enabled.

Legal notices