Storm
Before you can use the Storm plugin, you must first enable Kerberos on your cluster. To enable Kerberos on your cluster:
Add a system (OS) user stormtestuser.
Make sure this user is synced to Ranger Admin (under users/groups tab in the Ranger Admin UI).
Create a Kerberos principal by entering the following command:
kadmin.local -q 'addprinc -pw stromtestuser stormtestuser@example.com'
After applying Kerberos setup and creating the user/principal, navigate to the Storm service and click on the Config tab.
Navigate to advanced ranger-storm-plugin-properties and modify the properties shown in the table below.
Select the Enable Ranger for Storm checkbox.
Under the same Config tab, set
common.name.for.certificate
as blank.When you select the checkbox, a warning dialog popup window will be opened.
Click on the Apply button to save the changes.
Ambari will display a Restart indicator.
Restart the Ranger Storm component.
Table 4.5. Storm Plugin Properties
Configuration Property Name Description Default Value Example Value Required? Enable Ranger for STORM Flag used to enable/disable Storm functionality for Ranger. FALSE Yes Audit to HDFS Flag used to enable/disable Storm audit logging. If Storm audit logging is turned off, it will not log any access control to Storm. FALSE Yes Audit to DB Flag to enable/disable database audit logging. If the database audit logging is turned off, it will not log any access control to database. FALSE Yes policy User for Storm Ranger repository config password Ranger repositoy config user common.name.
for.certificate
SSL_KEYSTORE_
FILE_PATH
The Java Keystore path where the SSL key for the plugin is stored. This is only used if SSL is enabled between the Policy Admin tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not enabled. /etc/storm/conf/ranger-plugin-truststore.jks /etc/storm/conf/ranger-plugin-truststore.jks Yes, if SSL is enabled SSL_KEYSTORE_
PASSWORD
The password associated with SSL Keystore. This is only used if SSL is enabled between the Policy Admin tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not enabled. myKeyFilePassword myKeyFilePassword Yes, if SSL is enabled SSL_TRUSTSTORE_
FILE_PATH
The Java Keystore path where the trusted certificates are stored for the Policy Admin tool. This is only usedif SSL is enabled between the Policy Admin tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not enabled. /etc/storem/conf/ranger-plugin-truststore.jks /etc/storm/conf/ranger-plugin-truststore.jks Yes, if SSL is enabled SSL_TRUSTSTORE_
PASSWORD
The password associated with the truststore file. This is used only if SSL is enabled between the Policy Admin tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not enabled. changeit changeit Yes, if SSL is enabled.