Cloudera Docs

Preparing clusters to replicate Ranger policies

You must prepare the clusters before you create a Ranger replication policy.

  1. Verify that the source and target clusters are TLS-enabled.
  2. To replicate the Ranger audit logs for HDFS, perform the following steps:
    1. Set the Ranger Plugin HDFS Audit Enabled (ranger_plugin_hdfs_audit_enabled) property to true on the Cloudera Manager > Ranger service > Configuration tab on the source and target clusters.
    2. Enable HDFS snapshots for the Ranger audit log directory on the source cluster. The target directory to which you replicate the Ranger policies is not required to be snapshottable.
      By default, the Ranger audit log directory is /ranger/audit in HDFS. During Ranger replication policy creation, you can edit the log directory path to replicate a subset of logs by appending hdfs, hbase, or atlas to the end of the default path.
      For example, if you append hdfs to the end of the default path, Replication Manager replicates only the HDFS Ranger audit logs.
    3. Specify the Run as Username field for the source and the target clusters during the Ranger replication policy creation process. Ensure that the user specified in the Run as Username field is a superuser in HDFS that is, the user is part of the supergroup group.
    Replication Manager performs the replicating audit logs task as an HDFS replication embedded within the Ranger replication in the background. Therefore, all the prerequisites and configurations for HDFS replication policies would be applicable.