Community Articles

Short Description:

This article includes manual steps to be performed, if a cluster is setup with Hdfs, Ranger and Ranger KMS services and Ranger service is syncing users from LDAP/AD and Hadoop group mapping is configured using SSSD. Steps provided will help Ranger KMS service to resolve groups with spaces or no name as same as in Hadoop.

Article:

To resolve groups with spaces or no name, Ranger KMS process should have access to hadoop native library path for using JniBasedUnixGroupsMapping class.

Steps for Ambari 2.6.x version:

1. Create a sh file ranger-kms-env-javaopts.sh in Ranger KMS conf directory which will specify -Djava.library.path.

   vim /usr/hdp/current/ranger-kms/conf/ranger-kms-env-javaopts.sh

2. Add below content and save ranger-kms-env-javaopts.sh file.

   export JAVA_OPTS=" ${JAVA_OPTS} -Djava.library.path=${JAVA_LIBRARY_PATH}:/usr/hdp/current/hadoop-client/lib/native  "

3. Update the ownership of ranger-kms-env-javaopts.sh with the user which is used to start Ranger KMS process. (default user is kms)
   

   chown kms:kms /usr/hdp/current/ranger-kms/conf/ranger-kms-env-javaopts.sh

4. Restart Ranger KMS service from Ambari.

Steps for Ambari 3.0.x version:

1. Directly specify -Djava.library.path in Configs section of Ranger KMS from Ambari.
   Go to Ranger KMS > Configs > Advanced section > Advanced kms-env section > kms-env template, add below line
   

   export JAVA_OPTS=" ${JAVA_OPTS} -Djava.library.path=${JAVA_LIBRARY_PATH}:/usr/hdp/current/hadoop-client/lib/native  "

2. After saving the configs from Ambari, restart Ranger KMS service.