Command Line Installation
Also available as:
PDF
loading table of contents...

Install and Enable Ranger Knox Plug-in

  1. Extract your build at the appropriate place.

    Copy ranger-<version>-SNAPSHOT-knox-plugin.tar.gz to Active_Resourcemanager host in directory /usr/hdp/<hdp-version>/.

  2. Change directory to /usr/hdp/<hdp-version>.

  3. Untar ranger-<version>-SNAPSHOT-SNAPSHOT-knox-plugin.tar.gz.

  4. Change directories to ranger-<version>-SNAPSHOT-knox-plugin.

  5. Edit the install.properties file.

    Enter the appropriate values for each of the following properties:

    Table 14.18. install.properties Property Values

    PropertyValues
    POLICY_MGR_URLhttp://<FQDN_of_ranger_admin_host>:6080
    KNOX_HOME/usr/hdp/<version>/knox/
    REPOSITORY_NAMEknoxdev

    Additionally, for the Audit info, Solr/HDFS options are available.

  6. Enable the Knox plug-in:

    export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk.x86_64
    ./enable-knox-plugin.sh
    
    [Note]Note

    In the HA environment, the Knox plug-in must be enabled on all Knox instances.

  7. Stop and start the Knox gateway:

    su knox -c "/usr/hdp/current/knox-server/bin/gateway.sh stop"
    su knox -c "/usr/hdp/current/knox-server/bin/gateway.sh start"
    
  8. Create the default repo for Knox with proper configuration.

    In the custom repo configuration, add the component user knox for each of the following properties:

    • policy.grantrevoke.auth.users or policy.download.auth.users

    • tag.download.auth.users

  9. Use the Audit->plugins tab to verify that the Knox plug-in is communicating with Ranger admin.

  10. For your test connection to be successful, follow the additional step "Trusting Self Signed Knox Certificate." (?? THIS LINK DOES NOT WORK??)