Configuring purge of x_auth_sess data

A Ranger administrator user can configure Ranger Admin service e to purge authentication login records during start-up.

Currently, Ranger stores authentication entries in x_auth_sess table which may accumulate lots of entries in a few days. You may need to manually remove the entries from x_auth_sess table regularly in order to maintain the disk space or handle the disk space issues in a production environment.

Option-1: Delete the entries during every start of ranger-admin service:

  1. In Cloudera Manager > Ranger > Configuration > Search, type conf/ .
  2. In Ranger Admin Advanced Configuration Snippet (Safety Valve) for conf/ranger-admin-site.xml, click +Add.
  3. Add the following properties and values to conf/ranger-admin-site.xml_role_safety_valve:

    ranger.admin.init.purge.login_records
    true
    default = false
    ranger.admin.init.purge.login_records.retention.days
    type a positive numerical value

    For example:

    Figure 1. Adding properties to Ranger Admin Advanced Configuration Snippet (Safety Valve) for conf/ranger-admin-site.xml
    Adding properties to Ranger Admin Advanced Configuration Snippet (Safety Valve) for conf/ranger-admin-site.xml

    This example shows configuration properties that set ranger admin service to purge records older than 5 days from x_auth_sess table, during service (re)start.

  4. Click Save Changes (CTRL+S).
  5. Restart Ranger service.

Option-2: : Ranger Admin User can call REST-api to delete records from x_auth session table:

Login to Ranger Admin CLI using Ranger Admin role credentials that allow you to call this REST API:

curl -u admin:admin -H "Accept: application/json" -H "Content-Type: application/json" -X DELETE
 'http://localhost:6080/service/public/v2/api/server/purge/records?type=login_records&retentionDays=5'

if retentionDays parameter is not provided then default value 180 shall be considered.