Versions Compared

Old Version 12

changes.mady.by.user Loïc C. Chanel

Saved on

compared with

New Version 13

changes.mady.by.user Loïc C. Chanel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • HDFS Repository configuration

    • Repository Name : name of the repository; required when configuring agents
    • Description : a description of the repository
    • Active status : Enabled or Disabled
    • Repository Type : HDFS (cannot be modified)
    • User Name : end system username that can be used for connection
    • fs.default.name : location of the Hadoop HDFS service, as noted in the Hadoop configuration file core-site.xml OR (if this is a HA environment) the path for the primary NameNode
    • hadoop.security.authorization : type of authorization in use, as noted in the Hadoop configuration file core-site.xml. Can be either simple or Kerberos (required only if authorization is enabled)
    • hadoop.security.auth_to_local : maps the login  credential to a username with Hadoop. Use  the value noted in the Hadoop configuration file, core -site.xml
    • dfs.datanode.kerberos.principal : principal associated with the DataNode where the repository resides, as noted in the Hadoop configuration file hdfs-site.xml (required only if Kerberos authentication is enabled)
    •  dfsdfs.namenode.kerberos.principal : principal associated with the NameNode where the repository resides, as noted in the Hadoop configuration file hdfs-site.xml (required only if Kerberos authentication is enabled)
    • dfs.secondary.namenode.kerberos.principal : principal associated with the secondary NameNode where the repository resides, as noted in the Hadoop configuration file hdfs-site.xml  (required only if Kerberos authentication is enabled)
    • Common Name For Certificate : name of the certificate

...

  • Storm Repository configuration

    •   Repository Name : name of the repository; required when configuring agents  
    • Description : a description of the repository
    • Active status : Enabled or Disabled
    • Repository Type : Storm (cannot be modified)
    • User Name : end system username that can be used for connection
    • Password : password for the username entered above
    • nimbus.url : hostname of nimbus format, in the form : http://ipaddress:8080
    •  Common Name For Certificate : name of the certificate

Policy Manager

 To take a closer look to the policies associated with each repository, go to the service where the repository resides and click the Edit button. The Rabger Policy Manager view then opens and displays a view of that repository, with the policies listed beneath. For providing a better access to the policies, this view includes a search window.

  • To add a new policy : click the Add New Policy button. The form may look slightly different, depending on the type of the repository to which your are adding the policy

...

  • To delete a policy : click the Delete icon to the right of the entry for that repository

Policy Creation

  • HDFS Policy creation

Through configuration, Apache Ranger enables both Ranger policies and HDFS permission to be checked for a user request. Then, when the NameNode receives a user request, the Ranger Plugin checks for policies set through the Ranger Policy Manager. Then, if there are no policies authorizing the request, the Ranger plugin checks for permissions set in HDFS.

Thus, for an effective management of the policies via Ranger, we recommand that permissions be created at the Ranger Policy Manager, and to have very restrictive permissions at the HDFS level.