Preparing clusters for Ranger replication policy creation

You must prepare the clusters before you create a Ranger replication policy in CDP Private Cloud Base Replication Manager.

Ensure that the following prerequisites are complete before you create a Ranger replication policy:

Are the source and target clusters Kerberos-enabled?
You can configure SSL/TLS certificate exchange manually on source Cloudera Manager and target Cloudera Manager. For more information, see Configuring SSL/TLS certificate exchange between two Cloudera Manager instances.
note
You can enable Auto-TLS on the clusters, if required.
Have you added the source cluster as a peer to the target cluster? For more information, see Adding cluster as a peer.

note
Ensure that you choose the Create User With Admin Role option when you add the peer.
Do you want to replicate the Ranger audit logs for HDFS? If so, complete the following steps:
1. Set the Ranger Plugin HDFS Audit Enabled (ranger_plugin_hdfs_audit_enabled) property to true in the Cloudera Manager > Ranger service > Configuration tab on the source cluster and target cluster.
2. Enable HDFS snapshots for the Ranger audit log directory in the source cluster. The destination directory to which you replicate the Ranger policies need not be snapshottable.
  By default, the Ranger audit log directory is /ranger/audit in HDFS. During Ranger replication policy creation, you can edit the log directory path to replicate a subset of logs by appending hdfs, hbase, or atlas at the end of the default path. For example, if you append hdfs at the end of the default path, Replication Manager replicates only the HDFS Ranger audit logs.
3. Do you have the user credentials in the supergroup group on the HDFS NameNode host of the target cluster? Replication Manager requires superuser credentials to replicate Ranger audit log directory.
4. Do you have the user credentials in the supergroup group on the HDFS NameNode host of the source cluster?