Additional Ranger Plugin Steps for Kerberos: Knox
How to enable the Ranger Knox plugin on a Kerberos cluster.
This procedure assumes that you have already completed “Customize Services: Plugins”.
-
Create the system (OS) user
rangerknoxlookup
. Make sure this user is synced to Ranger Admin (under Settings>Users/Groups tab in the Ranger Admin UI). -
Create a Kerberos principal for
rangerknoxlookup
:kadmin.local -q 'addprinc -pw rangerknoxlookup rangerknoxlookup@example.com
. - Navigate to the Knox service.
- Click the Config tab and navigate to advanced ranger-knox-plugin-properties.
-
Update the following properties with the values listed in the table below.
Table 1. Knox Plugin Properties Configuration Property Name Value Ranger service config user rangerknoxlookup@example.com Ranger service config password rangerknoxlookup common.name.for.certificate blank - After updating these properties, click Save and then restart the Knox service.
-
Open the Ranger Admin UI by entering the following information:
- http://ranger-host>:6080
- username/password - admin/admin. or use username as shown in advanced ranger-env under the Config tab of the Ranger service, and password as shown in Admin Settings.
- After you have successfully logged into the system, you will be redirected to the Access Manager page.
- Click the repository (clusterName_hadoop) Edit option under the HDFS box.
-
Update the following properties listed in the table below under the Config
Properties section:
Table 2. Knox Configuration Properties Configuration Property Name Value fs.default.name hdfs hadoop.rpc.protection blank common.name.for.certificate blank - Click Named Test Connection. You should see a Connected Successfully dialog box appears.
- Click Save.