Configuring Ranger policies for site-to-site communication

To allow NiFi's site-to-site communication between CDP Public Cloud and CDP Private Cloud Base clusters, you need to configure Ranger authorization between the two clusters. To do this, create Ranger users in your CDP Public Cloud cluster that correspond to the CDP Private Cloud Base NiFi nodes. Then create a new Ranger policy with site-to-site resources configured, and assign your CDP Private Cloud Base NiFi node users to the policy.

  • You have defined your CDP Public Cloud data flow.
  • You have a list of your FQDN CDP Private Cloud Base host names. You need the host names to create the Ranger policies in CDP Public Cloud.
  1. In you CDP Public Cloud environment, launch the Ranger UI, click Settings > Users/Groups/Roles > User Create to add the users corresponding to the nodes of the CDP Private Cloud Base cluster.
  2. Click User Create to create one user per NiFi node running your CDP Private Cloud Base environment.
    You create this user to make Ranger aware of the CDP Private Cloud Base nodes, so that you can create policies by including them. Because this user is not used to authenticate on the Ranger UI, the password can be random.
  3. Create a new policy in the NiFi Service in Ranger.

    You need to enter the following NiFi Resources:

    • /site-to-site

    • /data-transfer/input-ports/<ID of the Input Port>

    • /data-transfer/output-ports/<ID of the Output Port>

  4. Add the CDP Private Cloud Base users you created in Step 2, and assign Read and Write permissions:

Your policies are now listed.