Configuring Wire Encryption
Also available as:
PDF
loading table of contents...

Configure the Ranger HDFS Plugin for SSL

How to configure the Ranger HDFS Plugin for SSL, when setting up Ambari Ranger SSL using Public CA certificates. The following steps show how to configure the Ranger HDFS plugin for SSL. You can use the same procedure for other Ranger components.

  1. Stop HDFS by selecting HDFS > Service Actions > Stop.
  2. Under Ranger > Configs > Advanced > Ranger Settings, provide the value in the External URL box in the format https://<hostname of policy manager>:<https port>.
  3. Under HDFS > Confgs > Advanced, select Advanced ranger-hdfs-policymgr-ssl and set the following properties:
    • xasecure.policymgr.clientssl.keystore -- Enter the public CA signed keystore for the machine that is running the HDFS agent.
    • xasecure.policymgr.clientssl.keystore.password -- Enter the keystore password.
  4. Select Advanced ranger-hdfs-plugin-properties, then select the Enable Ranger for HDFS check box.
  5. Click Save at the top.
  6. Start HDFS by selecting HDFS > Service Actions > Start.
  7. Restart Ranger Admin: Hosts > <Select host> > Ranger Admin / Ranger, from the drop-down menu, select Restart.
    Or: service ranger-admin restart
  8. Log into the Ranger Policy Manager UI as the admin user. Click the Edit button of the HDFS repository and provide the CN name of the keystore as the value for Common Name For Certificate, then save your changes.
  9. Start the HDFS service by selecting HDFS > Service Actions > Start.
  10. Select Audit > Agents. You should see an entry for your repo name with HTTP Response Code 200.