Configuring Ranger Plugins
This section shows how to configure the Ranger HDFS plugin for SSL. You can use the same procedure for other Ranger components.
Use the following CLI command to stop the NameNode.
su -l hdfs -c "/usr/hdp/current/hadoop-client/sbin/hadoop-daemon.sh stop namenode"
Open the HDFS
install.properties
file in a text editor.vi /usr/hdp/<version>/ranger-hdfs-plugin/install.properties
Update
install.properties
as follows:POLICY_MGR_URL
-- Set this value in the format:https://<hostname of policy manager>:<https port>
SSL_KEYSTORE_FILE_PATH
-- The path to the location of the Public CA issued keystore file.SSL_KEYSTORE_PASSWORD
-- The keystore password.SSL_TRUSTSTORE_FILE_PATH
-- The truststore file path.SSL_TRUSTSTORE_PASSWORD
-- The truststore password.
Save the changes to the
install.properties
file.Use the following command to see if
JAVA_HOME
is available.echo $JAVA_HOME
If
JAVA_HOME
is not available , use the following command to setJAVA_HOME
(Note that Ranger requires Java 1.7).export JAVA_HOME=<path for java 1.7>
Run the following commands to switch to the HDFS plugin install directory and run the install agent to update the plugin with the new configuration settings.
cd /usr/hdp/<version>/ranger-hdfs-plugin/ ./enable-hdfs-plugin.sh
Log into the Ranger Policy Manager UI as the admin user. Click the Edit button of your repository (in this case, hadoopdev) and provide the CN name of the keystore as the value for Common Name For Certificate, then save your changes.
Use the following command to start the NameNode.
su -l hdfs -c "/usr/hdp/current/hadoop-client/sbin/hadoop-daemon.sh start namenode"
In the Policy Manager UI, select Audit > Plugins. You should see an entry for your repo name with HTTP Response Code 200.