Installing Apache Ranger
Also available as:
PDF

Additional Ranger Plugin Steps for Kerberos: Knox

How to enable the Ranger Knox plugin on a Kerberos cluster.

This procedure assumes that you have already completed “Customize Services: Plugins”.

  1. Create the system (OS) user rangerknoxlookup. Make sure this user is synced to Ranger Admin (under Settings>Users/Groups tab in the Ranger Admin UI).
  2. Create a Kerberos principal for rangerknoxlookup: kadmin.local -q 'addprinc -pw rangerknoxlookup rangerknoxlookup@example.com.
  3. Navigate to the Knox service.
  4. Click the Config tab and navigate to advanced ranger-knox-plugin-properties.
  5. Update the following properties with the values listed in the table below.
    Table 1. Knox Plugin Properties
    Configuration Property Name Value
    Ranger service config user rangerknoxlookup@example.com
    Ranger service config password rangerknoxlookup
    common.name.for.certificate blank
  6. After updating these properties, click Save and then restart the Knox service.
  7. Open the Ranger Admin UI by entering the following information:
    • http://ranger-host>:6080
    • username/password - admin/admin. or use username as shown in advanced ranger-env under the Config tab of the Ranger service, and password as shown in Admin Settings.
  8. After you have successfully logged into the system, you will be redirected to the Access Manager page.
  9. Click the repository (clusterName_hadoop) Edit option under the HDFS box. Knox Service Edit.
  10. Update the following properties listed in the table below under the Config Properties section:
    Table 2. Knox Configuration Properties
    Configuration Property Name Value
    fs.default.name hdfs
    hadoop.rpc.protection blank
    common.name.for.certificate blank
  11. Click Named Test Connection. You should see a Connected Successfully dialog box appears.
  12. Click Save.