Hi, is it possible to manage multiple clusters with only one single ranger? If so, what will be the configurations in ambari and ranger?
Hi @Pooja Kamle, Sure It is possible to have single Ranger instance and multiple clusters, In that scenario, all the Clusters will need to point to the same Ranger Instance.
To achieve that all you will need to do is install Ranger on all clusters, and configure ranger.externalurl to the same Ranger Instance you want to use, you can stop Ranger service on the other clusters.
@vsuvagia hey thanks for your reply. In that case, do we need to create a repository in Ranger for every cluster? Say, if I have hdfs-plugin enabled on 2 clusters, then 2 hdfs repositories will be created in Ranger. Is my understanding correct?
Yes, if you want different policies to apply to the 2 clusters, you need 2 repositories. If the very same policies can be used, then it's enough to have one repository
It will depend on 2 things,
Additionally If you want the services of all the clusters to use the same repository, then for each service you will need to over-ride the parameter ranger.plugin.<service>.service.name where <service> is each of the plugin name. and use the same name for all the clusters, this way the services of all the clusters will point to the same repository.
@Pooja Kamle, You will need to over-ride the default value for the property ranger.externalurl of the all the clusters, and change it to the URL of the Ranger instance you want to use.
The property ranger.externalurl will be available under Ranger configs.
I have overridden the property "ranger.externalurl". Now, when I try to restart hdfs service, it doesnt start due to "Connection to Ranger Admin failed"
I suppose it is not able to contact the Ranger set in "ranger.externalurl". Do you find anything odd in this?