question Re: HTTPS access to Ranger via Knox ? in Support Questions

HTTPS access to Ranger via Knox ?

geko — Sat, 09 Jan 2016 04:15:18 GMT

Hi,

due to security concerns I need to provide Ranger WebUI via Https, and I thought accessing it through Knox would be a simple approach. But I can also imagine some wired conflicts while e.g. configuring Knox policies for Knox, in Ranger and thereby creating some Kind of 'deadlock'....

What do you think about that approach, is it possible at all and how would a topology in Knox look like?!?!

Thanks for any thoughts and Hints!

Re: HTTPS access to Ranger via Knox ?

nsabharwal — Wed, 13 Jan 2016 01:30:29 GMT

@Kevin Minder

Re: HTTPS access to Ranger via Knox ?

kevin_minder — Wed, 13 Jan 2016 06:01:58 GMT

Currently Knox does not currently support proxying the Ranger UI. If/when Knox does support proxying the Ranger UI you are correct that it may be impossible to access the Ranger UI via Knox if the Range/Knox agent is installed and if the required users have not already been granted access. Presumably setting up the required policies would be done before hand or from "within" the cluster and not via Knox.

Re: HTTPS access to Ranger via Knox ?

geko — Thu, 14 Jan 2016 02:43:58 GMT

Thanks @Kevin Minder for your explanation.

Is it possible to proxy the NN / RM Webpage through Knox?....Just to put Access to those webuis behind HTTPS

Re: HTTPS access to Ranger via Knox ?

george_gittu — Sat, 12 Mar 2016 03:27:45 GMT

Hi Kevin Minder-

I am at a similar situation right now. Trying to enable SSL in ranger (Version 0.5). I could see some some config props in Ambari ranger, so i am guess SSL enabling is possible and changed following props,

- ranger.service.https.attrib.ssl.enabled : true

- ranger.service.https.port :6182

- HTTP enabled :false

- External URL : https://hostname:6182

After trying out above steps to enable ssl for ranger i end up getting an alert connection refused error to the url

https://hostname:6182 and the ranger UI doesn't show up. I wonder if enabling SSL is possible for ranger UI Ver 0.5 (

https://issues.apache.org/jira/browse/RANGER-795)

or is there any other configs that I missed ?

Re: HTTPS access to Ranger via Knox ?

george_gittu — Sat, 12 Mar 2016 03:29:01 GMT

I couldn't enable ssl in ranger.

Re: HTTPS access to Ranger via Knox ?

dorio — Sun, 17 Apr 2016 04:06:58 GMT

Right now I was able to enable SSL in Ranger 0.6.0 downloaded from the Apache Foundation but not in Ranger 0.5.0 included in HDP 2.4.0. Hope in the next release Hortonworks will upgrade Ranger to 0.6.0.