Ranger Ambari Installation
Also available as:


To enable the Ranger Knox plugin on a Kerberos-enabled cluster, perform the steps described below.

  1. Create the system (OS) user rangerknoxlookup. Make sure this user is synced to Ranger Admin (under users/groups tab in the Ranger Admin UI).

  2. Create a Kerberos principal for rangerknoxlookup by entering the following command:

    • kadmin.local -q 'addprinc -pw rangerknoxlookup rangerknoxlookup@example.com

  3. Navigate to the Knox service.

  4. Click on the Config tab and navigate to advanced ranger-knox-plugin-properties.

  5. Update the following properties with the values listed in the table below.

    Table 6.4. Knox Plugin Properties

    Configuration Property NameValue
    Ranger repository config userrangerknoxlookup@example.com
    Ranger repository config passwordrangerknoxlookup

  6. After updating these properties, click Save and then restart the Knox service.

  7. Open the Ranger Admin UI by entering the following information:

    • http://ranger-host>:6080

    • username/password - admin/admin. or use username as shown in advanced ranger-env under the Config tab of the Ranger service, and password as shown in Admin Settings.

  8. After you have successfully logged into the system, you will be redirected to the Policy Manager page.

    Figure 6.1. Knox Policy Manager

  9. Click on the repostory (clusterName_hadoop) Edit option under the HDFS box.

    Figure 6.2. Knox Repository Edit

  10. Update the following properties listed in the table below under the Config Properties section:

    Table 6.5. Knox Configuration Properties

    Configuration Property NameValue

  11. Click on Named Test Connection. You should see a Connected Successfully dialog boxappear.

  12. Click Save.