Preparing clusters for Ranger replication policy creation
You must prepare the clusters before you create a Ranger replication policy in CDP Private Cloud Base Replication Manager.
-
Are the source and target clusters Kerberos-enabled?
You can configure SSL/TLS certificate exchange manually on source Cloudera Manager and target Cloudera Manager. For more information, see Configuring SSL/TLS certificate exchange between two Cloudera Manager instances.
-
Have you added the source cluster as a peer to the target cluster? For more
information, see Adding cluster as a peer.
-
Do you want to replicate the Ranger audit logs for HDFS? If so, complete the
following steps:
- Set the Ranger Plugin HDFS Audit Enabled (ranger_plugin_hdfs_audit_enabled) property to true in the Cloudera Manager > Ranger service > Configuration tab on the source cluster and target cluster.
-
Enable HDFS snapshots for the Ranger audit log directory in the source
cluster. The destination directory to which you replicate the Ranger
policies need not be snapshottable.
By default, the Ranger audit log directory is /ranger/audit in HDFS. During Ranger replication policy creation, you can edit the log directory path to replicate a subset of logs by appending hdfs, hbase, or atlas at the end of the default path. For example, if you append hdfs at the end of the default path, Replication Manager replicates only the HDFS Ranger audit logs.
- Do you have the user credentials in the supergroup group on the HDFS NameNode host of the target cluster? Replication Manager requires superuser credentials to replicate Ranger audit log directory.
- Do you have the user credentials in the supergroup group on the HDFS NameNode host of the source cluster?