Configure Ranger Usersync
How to configure Ranger Usersync, when setting up non-Ambari Ranger SSL using self-signed certificates.
- Stop the Ranger Usersync service:
ranger-usersync stop
. - Check to see if
unixauthservice.jks
is in the/etc/ranger/usersync/conf/
directory. If not, run the following commands in the CLI:cd /etc/ranger/usersync/conf/ mkdir cert keytool -genkeypair -keyalg RSA -alias selfsigned -keystore /etc/ranger/usersync/conf/cert/unixauthservice.jks -keypass UnIx529p -storepass UnIx529p -validity 3600 -keysize 2048 -dname 'cn=unixauthservice,ou=authenticator,o=mycompany,c=US' chown -R ranger:ranger /etc/ranger/usersync/conf/cert chmod -R 400 /etc/ranger/usersync/conf/cert
- Change to the Usersync install directory and open the
install.properties
file in a text editor.cd /usr/hdp/current/ranger-usersync/ vi install.properties
- Set the value of
POLICY_MGR_URL
in the format:https://<hostname of policy manager>:<https port>
and save your changes. - Create a truststore for the Ranger Admin's self-signed keystore. When prompted for a password,
press the Enter key.
cd /etc/ranger/usersync/conf/ keytool -export -keystore /etc/ranger/admin/conf/ranger-admin-keystore.jks -alias rangeradmin -file ranger-admin-trust.cerchown -R ranger:ranger /etc/ranger/usersync/conf/cert keytool -import -file ranger-admin-trust.cer -alias rangeradmintrust -keystore mytruststore.jks -storepass changeit chown ranger:ranger mytruststore.jks
- Change to the Usersync conf directory and open the
ranger-ugsync-site.xml
file in a text editor.cd /usr/hdp/current/ranger-usersync/conf/ vi ranger-ugsync-site.xml
- Edit the following properties, then save your changes:
ranger.usersync.truststore.file
-- Enter the path to the truststore file.ranger.usersync.truststore.password
-- Enter the truststore password.
- Run the following commands to install the new settings.
cd /usr/hdp/current/ranger-usersync/ ./setup.sh
- Start the Ranger Usersync service:
ranger-usersync start
.