Transforming Ranger HDFS policies into Ranger S3 policies
Learn how to transform Ranger HDFS service policies into Ranger AWS S3 policies,
which can then be imported into the CDP cluster Ranger.
You must have converted the extracted Ranger HDFS native permissions
(.csv file) into Ranger HDFS policies
(.json file) using the transform.sh
convert command.
You must have copied the Ranger policy migration utility,
ranger-<version>-policymigration.tar.gz file to the
migration cluster node.
Log in to the migration cluster's node (or a Data Lake node of a cloud
cluster) where the ranger-admin binaries are
available. For example,
/opt/cloudera/parcels/CDH/lib/ranger-admin
Copy
/opt/cloudera/parcels/CDH/lib/ranger-admin/policymigration/ranger-<version>-policymigration.tar.gz
to some location of the migration cluster machine from where you want to
run the Ranger policy migration utility.
You must have read, write, and execute permissions on the directory where the
Ranger policy migration utility is copied.
You must have SUDO or ROOT access to perform the migration process.
Log in to the migration cluster node where you have copied the
ranger-<version>-policymigration.tar.gz file. Untar
the file and navigate to
ranger-<version>-policymigration directory.
Update the "Transform" part of the env.sh file by updating
the following parameters or as required for your environment.
S3_BUCKET_NAME
SERVICE_NAME_FOR_NATIVE_POLICIES
For more information, see Supported Input parameters for Transform
operation.
Run the transform.sh script with the
transform command to convert the Ranger HDFS policies to
Ranger AWS S3 policy format.
The command generates a
HDFS_Permissions_Export_<timestamp>_convert_transform.json
file, which can then be imported using the Authzmigrator utility into the AWS S3 service
of the target CDP cluster. If you encounter any errors, see the
logs/ranger-policymigration.log file.Import the transformed HDFS native permissions into the
Ranger AWS S3 service of the target CDP cluster using the Authzmigrator tool.
