Installing Apache Ranger
Also available as:
PDF

Additional Ranger Plugin Steps for Kerberos: HDFS

How to enable the Ranger HDFS plugin on a Kerberos cluster.

This procedure assumes that you have already completed “Customize Services: Plugins”.

  1. Create the system (OS) user rangerhdfslookup. Make sure this user is synced to Ranger Admin (under Settings>Users/Groups tab in the Ranger Admin User Interface).
  2. Create a Kerberos principal for rangerhdfslookup: kadmin.local -q 'addprinc -pw rangerhdfslookup rangerhdfslookup@example.com.
    Note
    Note

    A single user/principal (e.g., rangerrepouser) can also be created and used across services.

  3. Navigate to the HDFS service.
  4. Click the Config tab.
  5. Navigate to advanced ranger-hdfs-plugin-properties and update the properties listed in the table shown below.
    Table 1. HDFS Plugin Properties
    Configuration Property Name Value
    Ranger repository config user rangerhdfslookup@example.com
    Ranger repository config password rangerhdfslookup
    common.name.for.certificate blank
    Under Ambari > Ranger > Configs > Advanced > Advanced ranger-hdfs-plugin-properties.
  6. After updating these properties, click Save and restart the HDFS service.