Configuring Ranger Admin
Use the following CLI command to stop Ranger Admin.
ranger-admin stop
Open the
ranger-admin-site.xml
file in a text editor.vi /usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/classes/conf/ranger-admin-site.xml
Update
ranger-admin-site.xml
as follows:ranger.service.http.port
-- Comment out the value for this property.ranger.service.http.enabled
-- Set the value of this property tofalse
.ranger.service.https.atrrib.ssl.enabled
-- Set the value of this property totrue
.ranger.service.https.port
-- Make sure that this port is available, or change the value to an available port number.ranger.https.attrib.keystore.file
-- Provide the location of the Public CA issued keystore file.ranger.service.https.attrib.keystore.pass
-- Enter the password for the keystore.ranger.service.https.attrib.keystore.keyalias
-- Enter the alias name for the keystore private key.ranger.externalurl
-- Set the value of this property in the format:https://<hostname of policy manager>:<https port>
.Add or update the following properties with the values shown below:
<property> <name>ranger.service.https.attrib.clientAuth</name> <value>want</value> </property> <property> <name>ranger.service.https.attrib.client.auth</name> <value>want</value> </property> <property> <name>ranger.https.attrib.keystore.file</name> <value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value> </property> <property> <name>ranger.service.https.attrib.keystore.file</name> <value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value> </property>
Save the changes to
ranger-admin-site.xml
, then use the following command to start Ranger Admin.ranger-admin start
When you attempt to access the Ranger Admin UI with the HTTPS protocol on the port specified by the
ranger.service.https.port
property, the browser should report that it does not trust the site. Click Proceed anyway and you should be able to access the Ranger Admin UI over HTTPS.