Short Description: This article includes manual steps to be performed, if a cluster is setup with Hdfs, Ranger and Ranger KMS services and Ranger service is syncing users from LDAP/AD and Hadoop group mapping is configured using SSSD. Steps provided will help Ranger KMS service to resolve groups with spaces or no name as same as in Hadoop. Article: To resolve groups with spaces or no name, Ranger KMS process should have access to hadoop native library path for using JniBasedUnixGroupsMapping class. Steps for Ambari 2.6.x version: Create a sh file ranger-kms-env-javaopts.sh in Ranger KMS conf directory which will specify -Djava.library.path. vim /usr/hdp/current/ranger-kms/conf/ranger-kms-env-javaopts.sh Add below content and save ranger-kms-env-javaopts.sh file. export JAVA_OPTS=" ${JAVA_OPTS} -Djava.library.path=${JAVA_LIBRARY_PATH}:/usr/hdp/current/hadoop-client/lib/native " Update the ownership of ranger-kms-env-javaopts.sh with the user which is used to start Ranger KMS process. (default user is kms) chown kms:kms /usr/hdp/current/ranger-kms/conf/ranger-kms-env-javaopts.sh Restart Ranger KMS service from Ambari. Steps for Ambari 3.0.x version: Directly specify -Djava.library.path in Configs section of Ranger KMS from Ambari. Go to Ranger KMS > Configs > Advanced section > Advanced kms-env section > kms-env template, add below line export JAVA_OPTS=" ${JAVA_OPTS} -Djava.library.path=${JAVA_LIBRARY_PATH}:/usr/hdp/current/hadoop-client/lib/native " After saving the configs from Ambari, restart Ranger KMS service. ... View more

Scenario - Cluster managed by Ambari with Ranger Plugins enabled and if Ambari upgrade process fails, below are the things to consider. 1) Updating stack_features property in cluster-env config type Get the current cluster-env version using configs.sh utility. /var/lib/ambari-server/resources/scripts/configs.sh get <AMBARI_HOST> <CLUSTER_NAME> cluster-env cluster_env.json Open cluster_env.json and check for "ranger_xml_configuration" feature in stack_features property. If it is not present add below content and save the cluster_env.json. {\n \"name\": \"ranger_xml_configuration\",\n \"description\": \"Ranger code b ase support xml configurations\",\n \"min_version\": \"2.3.0.0\"\n } Now update the latest cluster-env, /var/lib/ambari-server/resources/scripts/configs.sh set <AMBARI_HOST> <CLUSTER_NAME> cluster-env cluster_env.json 2) Updating Ranger url in plugin properties. Update "ranger.plugin.<SERVICE>.policy.rest.url" property value under Advanced ranger.<SERVICE>.security section with Ranger Url. ie (http:RANGER_ADMIN_HOST:RANGER_ADMIN_PORT). ... View more

When Ranger service is configured for using custom PID file location and custom user using HDP-2.5, below steps need to be followed. 1) Edit ranger-admin-services.sh script file: This file is located at /usr/hdp/current/ranger-admin/ews/ranger-admin-services.sh which have hard-coded default path as pidf=/var/run/ranger/rangeradmin.pid. Need to update the hard-coded path with the custom value specified from Ambari in ranger_pid_dir property under Advanced ranger-env section. Also update the hard-coded user used for chown {pidf} with the service user’s name given during installation of Ranger service on a Misc Tab from Ambari. Update PID location: pidf={custom_pid_path}/rangeradmin.pid Update service user: chown {custom_user} ${pidf} 2) Edit ranger-usersync-services.sh: This file is located at /usr/hdp/current/ranger-usersync/ranger-usersync-services.sh. Similar changes are required to update the hard-coded pid location and hard-coded service user for Ranger Usersync component. Update PID location: pidf={custom_pid_path}/usersync.pid Update service user: chown {custom_user} ${pidf} 3) Start Ranger Service: Start Service from Ambari ... View more