Community Articles

Find and share helpful community-sourced technical articles.
Labels (1)
avatar
Contributor

Short Description:

This article includes manual steps to be performed, if a cluster is setup with Hdfs, Ranger and Ranger KMS services and Ranger service is syncing users from LDAP/AD and Hadoop group mapping is configured using SSSD. Steps provided will help Ranger KMS service to resolve groups with spaces or no name as same as in Hadoop.


Article:

To resolve groups with spaces or no name, Ranger KMS process should have access to hadoop native library path for using JniBasedUnixGroupsMapping class.

Steps for Ambari 2.6.x version:

  1. Create a sh file ranger-kms-env-javaopts.sh in Ranger KMS conf directory which will specify -Djava.library.path.
    vim /usr/hdp/current/ranger-kms/conf/ranger-kms-env-javaopts.sh
  2. Add below content and save ranger-kms-env-javaopts.sh file.
    export JAVA_OPTS=" ${JAVA_OPTS} -Djava.library.path=${JAVA_LIBRARY_PATH}:/usr/hdp/current/hadoop-client/lib/native  "
  3. Update the ownership of ranger-kms-env-javaopts.sh with the user which is used to start Ranger KMS process. (default user is kms)
    chown kms:kms /usr/hdp/current/ranger-kms/conf/ranger-kms-env-javaopts.sh
  4. Restart Ranger KMS service from Ambari.


Steps for Ambari 3.0.x version:

  1. Directly specify -Djava.library.path in Configs section of Ranger KMS from Ambari.
    Go to Ranger KMS > Configs > Advanced section > Advanced kms-env section > kms-env template, add below line
    export JAVA_OPTS=" ${JAVA_OPTS} -Djava.library.path=${JAVA_LIBRARY_PATH}:/usr/hdp/current/hadoop-client/lib/native  "
  2. After saving the configs from Ambari, restart Ranger KMS service.
1,154 Views
0 Kudos