Member since
01-14-2016
23
Posts
16
Kudos Received
1
Solution
My Accepted Solutions
Title | Views | Posted |
---|---|---|
4470 | 02-15-2016 03:54 AM |
02-15-2016
03:54 AM
Here are some steps of enable ranger for kafka and works fine with HDP2.3.4 and Ranger 0.5.0: 1.) Enable kerberos server for cluster. 2.) In Ambari server, go to Kafka`s Configs > Advanced ranger-kafka-plugin-properties , click "Enable Ranger for Kafka". 3.) Go to Configs > Custom kafka-broker , change value of "authorizer.class.name" to "org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer". 4.) Save changes and restart kafka component. 5.) Go to Ranger admin UI, then disable all policies of kafka. 6.) It should be deny Publish/Consume actions now.
... View more
02-03-2016
05:18 AM
1 Kudo
@Neeraj Sabharwal Sure,it`s still could run the job when I disable kafka policy.
... View more
02-03-2016
05:06 AM
1 Kudo
Hi @Neeraj Sabharwal, it`s right that failing on authorization, but it is suppose to be authorized by Ranger right? it`s so weird that Ranger cannot control the Publish or Consume actions.
... View more
02-03-2016
04:59 AM
1 Kudo
Hi @Artem Ervits, It`s still not resolved yet,I`m trying to figure out the solution soon,once I find out the solution I`ll provide solution or accept best answer.
... View more
02-02-2016
08:23 AM
More precisely, after enabling ranger for solr, it should be create a repository in ranger admin UI automatically
... View more
02-02-2016
07:49 AM
3 Kudos
In HDP2.3.4 environment, solr does not show up in Ambari UI,therefore, how do I enable ranger for solr? thanks.
... View more
Labels:
- Labels:
-
Apache Ranger
-
Apache Solr
02-02-2016
06:11 AM
1 Kudo
Hi @bdurai, I did not observe any information about kafka in Audit(Access); However, after I add a property "authorizer.class.name=org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer" in Custom kafka-broker and executed Publish action,Audit Access could appeared information as below(why it did not show "publish" Access Type): In addition, it get some error when I executed Publish action:
... View more
02-02-2016
03:52 AM
I used HDP2.3.4 with ip address ranger: after set up the policy,then I went to 140.92.27.89 command line to change user to kafka, executing Publish and Consume actions,but it still did not deny..,
... View more
02-01-2016
04:31 PM
@Artem Ervits yes I turned off the global policy for Kafka, but it did not work.
... View more
02-01-2016
04:30 PM
very thanks for @Neeraj Sabharwal `s response in advance, 1. I have a little confused about how to setting the ip address ranger, am I suppose to specify namenode host ip? 2. What about earlier version of HDP like 2.3.0?
... View more
02-01-2016
09:18 AM
1 Kudo
Executing consume/publish steps: Step1: connect to kafka-broker server step2: changer user
$ su kafka step3: go to bin folder
$ cd /usr/hdp/2.3.0.0-2557/kafka/bin step4: create a topic
$ ./kafka-topics.sh --create --zookeeper {hostname}:2181 --replication-factor 1 --partitions 1 --topic test step5: execute publish message
$ ./kafka-console-producer.sh --broker-list {hostname}:6667--topic test This is a test message
//it should be denied right? step6: execute consume message
$ ./kafka-console-consumer.sh --zookeeper {hostname}:2181 --topic test --from-beginning //it also should be denied?
... View more
02-01-2016
09:18 AM
1 Kudo
BTW, the following steps are how I enabled ranger for kafka and executed Publish/Consume actions: 1. In kafka Configs > Advanced ranger-kafka-aduit > enable "Audit to DB" and changed value of "xasecure.audit.destination.hdfs.dir" to "hdfs://140.92.XX.XX:8020/ranger/audit" 2. Configs > Advanced ranger-kafka-plugin-properties > enable "Enable Ranger for KAFKA" 3. save changes and restart KAFKA 4. go to Ranger admin UI and I saw the repository of kafka has been created automatically
... View more
02-01-2016
09:09 AM
1 Kudo
Hi @Neeraj Sabharwal, I still can not deny Publish and Consume actions,my policy setting as below: my environment is not a kerberized cluster and also I did not observe any records in Access of Audit,any suggestion? thanks.
... View more
01-31-2016
02:29 PM
1 Kudo
Is it correct that the kafka and ranger must be in the kerberized cluster environment?
... View more
01-19-2016
04:11 AM
1 Kudo
I found in "ambari-web/app/models/stack_service.js" that we could comment out the "doNotShowAndInstall" function in order to show up Ranger or Ranger KMS in first installation.
... View more
01-18-2016
01:36 AM
1 Kudo
It`s supposes to be "org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer" right?
... View more
01-14-2016
07:24 AM
1 Kudo
In Ambari 1.7.1 first installation, I can choose to install "Ranger",however it is opposite in Ambari 2.1.1, I can not choose "Ranger" to install. Therefore what`s the reason about these difference? What should I do if I want to install "Ranger" component in Ambari 2.1.1 first installation. thanks
... View more
Labels:
- Labels:
-
Apache Ambari
-
Apache Ranger
01-14-2016
07:22 AM
1 Kudo
In kafka, I tried to execute consume/publish command with disabled all policies of Ranger, it did not deny both consume/publish behavior. Did I miss any configuration setting of kafka or misunderstanding something else?
... View more
Labels:
- Labels:
-
Apache Kafka
-
Apache Ranger