Hi @Anna Shaverdian, In addition to what has already been posted, I wanted to mention something about Blueprint exports. In general, you should be able to re-use an exported Blueprint from a running cluster without any changes. There are a few exceptions,however: 1. Passwords: Any password properties are filtered out of the exported Blueprint, and must be added in explicitly during a redeployment attempt. 2. External Database Connections: I'm defining an "External" DB connection as any DB that is used by the cluster, but is not managed by Ambari. The DB instance used by Ranger is one example, but Oozie and Hive can also use separate instances that are not managed by Ambari. In these cases, the Blueprint export process filters out these properties, since they are not necessarily portable to the new environment. From what I've seen in this posting, these are the kinds of properties that you'll need to add back into your Blueprint or Cluster Creation template, as the other posts have indicated. Hope this helps, Thanks, Bob ... View more

I am having similar issue We have non Kerberiozed Hadoop Kafka environment . I am testing integrating Ranger Kafak to secure the environment. HDP Version: HDP-2.3.4.0-3485 This is what I did. -- Enables Kafka plugin in Ranger. -- Restarted Ranger -- Create following policies in Ranger ( see the image ) ( Important : Added group Public left policy condition blank ) -- Logged in to server 21 to Produce and consume message's -- I was able to produce and consume messages from any server . What we want is to secure our Kafka environment through ranger by ip address. I understand that the identity of client user over a non-secure channel is not possible. I followed the following article to secure or Kafka environment. https://cwiki.apache.org/confluence/display/RANGER/Kafka+Plugin#KafkaPlugin-WhydowehavetospecifypublicusergrouponallpoliciesitemscreatedforauthorizingKafkaaccessovernon-securechannel Please let me know what I am missing. ... View more