Security Reference
Also available as:
PDF
loading table of contents...

Configure Ranger Usersync

How to configure Ranger Usersync, when setting up non-Ambari Ranger SSL using self-signed certificates.

  1. Stop the Ranger Usersync service: ranger-usersync stop.
  2. Check to see if unixauthservice.jks is in the /etc/ranger/usersync/conf/ directory. If not, run the following commands in the CLI:
    cd /etc/ranger/usersync/conf/
    mkdir cert
    keytool -genkeypair -keyalg RSA -alias selfsigned -keystore /etc/ranger/usersync/conf/cert/unixauthservice.jks -keypass UnIx529p -storepass UnIx529p -validity 3600 -keysize 2048 -dname 'cn=unixauthservice,ou=authenticator,o=mycompany,c=US'
    chown -R ranger:ranger /etc/ranger/usersync/conf/cert
    chmod -R 400 /etc/ranger/usersync/conf/cert
  3. Change to the Usersync install directory and open the install.properties file in a text editor.
    cd /usr/hdp/current/ranger-usersync/
    vi install.properties
  4. Set the value of POLICY_MGR_URL in the format: https://<hostname of policy manager>:<https port> and save your changes.
  5. Create a truststore for the Ranger Admin's self-signed keystore. When prompted for a password, press the Enter key.
    cd /etc/ranger/usersync/conf/
    keytool -export -keystore /etc/ranger/admin/conf/ranger-admin-keystore.jks -alias rangeradmin -file ranger-admin-trust.cerchown -R ranger:ranger /etc/ranger/usersync/conf/cert
    keytool -import -file ranger-admin-trust.cer -alias rangeradmintrust -keystore mytruststore.jks -storepass changeit
    chown ranger:ranger mytruststore.jks
  6. Change to the Usersync conf directory and open the ranger-ugsync-site.xml file in a text editor.
    cd /usr/hdp/current/ranger-usersync/conf/
    vi ranger-ugsync-site.xml
  7. Edit the following properties, then save your changes:
    • ranger.usersync.truststore.file -- Enter the path to the truststore file.
    • ranger.usersync.truststore.password -- Enter the truststore password.
  8. Run the following commands to install the new settings.
    cd /usr/hdp/current/ranger-usersync/
    ./setup.sh
  9. Start the Ranger Usersync service: ranger-usersync start.