Ranger Ambari Installation
Also available as:
PDF

Save Audits to HDFS

The following steps show how to save Ranger audits to HDFS for HBase. You can use the same procedure for other components.

  1. From the Ambari dashboard, select the HBase service. On the Configs tab, scroll down and select Advanced ranger-hbase-audit. Select the Audit to HDFS check box.

  2. Set the HDFS path where you want to store audits in HDFS:

    xasecure.audit.destination.hdfs.dir = hdfs://$NAMENODE_FQDN:8020/ranger/audit

    Refer to the fs.defaultFS property in the Advanced core-site settings.

    [Note]Note

    For NameNode HA, NAMENODE_FQDN is the cluster name. In order for this to work, /etc/hadoop/conf/hdfs-site.xml needs to be linked under /etc/<component_name>/conf.

  3. Enable the Ranger plugin for HBase.

  4. Make sure that the plugin sudo user should has permission on the HDFS Path:

    hdfs://NAMENODE_FQDN:8020/ranger/audit

    For example, we need to create a Policy for Resource : /ranger/audit, all permissions to user hbase.

  5. Save the configuration updates and restart HBase.

  6. Generate some audit logs for the HBase component.

  7. Check the HFDS component logs on the NameNode:

    hdfs://NAMENODE_FQDN:8020/ranger/audit

[Note]Note

For a secure cluster, use the following steps to test audit to HDFS for STORM/KAFKA/KNOX:

  • In core-site.xml set the hadoop.proxyuser.<component>.groups property with value “ * ” or service user.

  • For the Knox plugin there is one additional property to add to core-site.xml. Add hadoop.proxyuser.<component>.users property with value “ * ” or service user (i.e knox).

  • Link to /etc/hadoop/conf/core-site.xml under /etc/<component_name>/conf.

  • Verify the service user principal.

  • Make sure that the component user has permissions on HDFS.