I installed Hortonworks stack using Ambari by following the documentation on HDP 2.5. Later, I installed Ranger and restarted everything. I did not setup Ranger on more secure stuffs like LDAP or Kerberos, just the plain Unix Usersync with no Kerberos.
I encountered permission denied when my default Linux user attempts to go to Hive, so it looks like it cannot create the Linux user workspace in HDFS.
So it turns out I need to 'Create Service' first in Ranger Plugin for HDFS, as HDFS does not have a preconfigured service unlike Hive or HBase. So I click on add (the + sign).
And I get to here:
However, I'm not too sure what username and password should I be placing on this form. In same Ranger HDFS service configuration in Hortonworks Sandbox, the user is 'hadoop'. When I try to place my own Linux user and click the button 'Test Connection', I get this message :
'unable to decrypt password due to error'
So, what is the username and password that I should use?
Have you checked if the HDFS plugin is turned on from the Ranger Plugins panel under Ranger configs in Ambari? If not, delete the HDFS repository you created in Ranger Admin, enable the HDFS plugin from Ambari and restart services. HDFS service type repository should get created automatically correctly once the plugin in turned on.
you need to enable the ranger plugin from ambari directly and restart the corresponding services , no need to create the repo directly in ranger , so now please go ahead and delete the repo you created and enable the ranger plugin following this doc:
Hi, I'm installing ranger with following docs because we are not using Ambari.
So, I've like to know how we set for this "Username" and "Password" on "Create Service" without Ambari with Kerberos.
In my test, hdfs (HDFS superuser) worked fine by creating hdfs account with Ranger Admin UI with a password in lab cluster.
Can we create a new Service with an account without password?
Seems, we can create new ranger service with any account with admin permission in Ranger Admin with password such as "admin" on Ranger Admin UI.
Tomomichi Hirano you are right you can create new ranger service with any account with admin permission, whereas you can give any hdfs admin user in username and password , and if it is kerberos then hdfs keytab will be used for the authentication