Cloudera Community
dsharma
user rank
user rank
Guru

Re: Ranger Tagsync Error: ERROR RangerCredentialPr...

by Expert Contributor in Support Questions
‎01-18-2018 03:02 AM
‎01-18-2018 03:02 AM
Just in case this may save time to other people. The configuration included with HDP 2.5.x and Ambari 2.5 is not compatible with using Ranger Tagsync with SSL, so there is no "Advanced ranger-tagsync-policymgr-ssl" section or anything like that on Ranger (0.6.0) configuration from Ambari. The first response above refers to the parameters included in the file ranger-tagsync-policymgr-ssl.xml included with Ambari 2.6 (y believe in HDP 2.6.x). This in included in the patch discussed in the following URL: https://issues.apache.org/jira/browse/AMBARI-18874 There is an Ambari patch for HDP 2.5 but I was not able to make it work with Ambari 2.5 and Ranger 0.6.0 (included with HDP 2.5.6) so the way to make it work was to change include the file /etc/ranger/tagsync/conf/ranger-tagsync-policymgr-ssl.xml from the patch above edited by hand and in the section "Advanced ranger-tagsync-site" modify the parameter ranger.tagsync.dest.ranger.ssl.config.filename which incredibly (and shamefully) points to a keystore!!! in the default HDP 2.5 configuration to point to this file like this: ranger.tagsync.dest.ranger.ssl.config.filename=/etc/ranger/tagsync/conf/ranger-tagsync-policymgr-ssl.xml After this you will also need to change the credentials store file at rangertagsync.jceks to include the keys ssltruststore and sslkeystore with the correct values. There are other articles on how to do this. Hopefully in HDP 2.6 things are going to be easier 😞 ... View more

Re: solr api is throwing error Cannot find key of ...

by New Member in Support Questions
‎12-25-2017 06:50 AM
1 Kudo
‎12-25-2017 06:50 AM
1 Kudo
Please, refer to the steps in https://community.hortonworks.com/articles/15159/securing-solr-collections-with-ranger-kerberos.html ... View more

Re: how to get audits related to a particular reso...

by New Member in Support Questions
‎09-29-2017 04:44 AM
3 Kudos
‎09-29-2017 04:44 AM
3 Kudos
Try this REST call- http://<ranger_admin_url>/service/assets/accessAudit?repoType=3&resourceTable=db_1/test_table&resourceType=@table ... View more

Ranger : one policy for all common resources

by Guru Guru in Community Articles
‎06-27-2017 10:11 AM
2 Kudos
‎06-27-2017 10:11 AM
2 Kudos
Background: when it comes to rely completely on ranger, and if you are specific about configuring authorization for a resource to an end user then you have to create one policy for each resource. There should be a way to configure a policy that provide access to specific resources based on the User who is making call. Soultion: {USER} Support: {USER} support solves this problem , It allows us to create a policy where we can configure resource as {USER} Eg. /user/{USER} and select user also as {USER}. that means all users will get access of their corresponding home directory. Eg. Hdfs: resource: /user/{USER} user1 will have access to /user/user1 user2 will have access to /user/user2 Hive: resource: database:database_{USER} user1 will have access to database database_user1 user2 will have access to database database_user2 resource may contrain {USER} partially or fully. delimiter can be customised also , Steps to configure {USER}: 1) go to ranger admin, and create policy page, there on resource give {USER} as input. 2) in user type {USER} and {USER} will populate , just select it and add the policy more details can be found at https://cwiki.apache.org/confluence/display/RANGER/Support+for+%24username+variable. ... View more
Labels:

Re: Set {USER} user in Ranger policy?

by New Member in Support Questions
‎05-12-2017 11:02 AM
‎05-12-2017 11:02 AM
I'm using HDP 2.5.3. But thanks I didn't pay attention to the version in the jira (https://issues.apache.org/jira/browse/RANGER-698). I'll upgrade then 🙂 ... View more

Re: Ambari REST API list components with Stale con...

by Rising Star in Support Questions
‎05-10-2017 03:17 PM
‎05-10-2017 03:17 PM
As simple as adding quotes! ... View more

Re: Ranger Install on HDP 2.5 using Ambari

by Master Mentor in Support Questions
‎02-12-2019 07:02 AM
‎02-12-2019 07:02 AM
@Priyanka This is a closed thread (2017) can you open a new one and copy past this content. ... View more

Re: Ranger policies failed to refresh after implem...

by Super Collaborator in Support Questions
‎03-31-2017 08:11 AM
‎03-31-2017 08:11 AM
@Darryl Stoflet @vperiasamy @Deepak Sharma Thank you all! That solved my problem. I've had IP address instead of FQDN in External URL property. ... View more

Re: ​Knox Proxy for Ranger when WE is enabled,

by New Member in Support Questions
‎03-29-2017 09:22 AM
5 Kudos
‎03-29-2017 09:22 AM
5 Kudos
As Knox interacts with Ranger, please make sure that Ranger Admin cert is in Knox truststore(which is cacerts) on Knox host. ... View more

Re: knox to hivserver2 call does not work on ssl c...

by Guru Guru in Support Questions
‎03-30-2017 05:54 PM
1 Kudo
‎03-30-2017 05:54 PM
1 Kudo
yes surya it was one way ssl ... View more
Contact Me
Online
Offline
Last Visited
‎05-18-2021 01:54 PM
Community Statistics
Member Since ‎10-19-2015 10:55 AM
Last Visited ‎05-18-2021 01:54 PM
Posts 279
Kudos received 339