...
2. Following the instructions available on the apache knox site itself (To install Apache Knox Gateway).
...
Knox Master Secret : knox
12. ENABLING RANGER KNOX PLUGINS:
- We’ll start by extracting our build at the appropriate place.
- cd /usr/local
tar -zxvf ~/dev/incubator-ranger/target/ranger-0.5.0-knox-plugin.tar.gz
- sudo ln -s ranger-0.5.0-knox-plugin ranger-knox-plugin
- cd ranger-knox-plugin
Now let’s edit the install.properties file. Here are the relevant lines that you should edit:
Change the insall.properties file
PROPERY VALUE POLICY_MGR_URL REPOSITORY_NAME knoxdev KNOX_HOME /usr/local/knox XAAUDIT.DB.IS_ENABLED true XAAUDIT.DB.HOSTNAME localhost XAAUDIT.DB.DATABASE_NAME ranger XAAUDIT.DB.USER_NAME rangerlogger XAAUDIT.DB.PASSWORD rangerlogger
Now enable the knoxplugin by running the enable-knox-plugin.sh command (Remember to set JAVA_HOME)
cd /usr/local/ranger-knox-plugin
./enable-knox-plugin.sh
- Once these changes are done Restart Knox ( Gateway / LDAP )
- if you get permission denied error during knox start please provide required privileges to knox user. for example :
chown R knox:knox /usr/local/knox/data
chown R knox:knox /usr/local/knox/logs
chown R knox:knox /usr/local/knox/pids
chown R knox:hadoop /usr/local/knox/pids/*
You can verify by logging into the Ranger Admin Web interface > Audit > Agents
13. TRUSTING SELF SIGNED KNOX CERTIFICATE:
When Knox is listening on its SSL port with self signed certificate, you have to import SSL certificate of Knox into truststore used by XA PolicyManager. Here are steps for importing Knox SSL certificate in truststore used by XA PolicyManager.
- Log in the machine running Knox
- Export knox certificate
- cd $GATEWAY_HOME/data/security/keystores
- This is typically /usr/local/knox/data/security/keystores on Linux machine.
keytool -exportcert -alias gateway-identity -keystore gateway.jks -file knox.crt
Copy knox.crt file onto machine running Ranger Admin/PolicyManager to a working directory, for example /usr/local/ranger-admin
Replicate cacerts
cd /usr/local/ranger-admin
cp $JAVA_HOME/jre/lib/security/cacerts cacertswithknox
5. Import Knox certificate into the replicated new keystore
keytool -import -trustcacerts -file <knox.crt created above> -alias knox -keystore cacertswithknox
password: changeit
6. Edit /usr/local/ranger-admin/ews/ranger-admin-services.sh
Add parameter -Djavax.net.ssl.trustStore=<path to the cacertswithknox> to the java call in the script.
7. Restart Ranger Admin/PolicyManager.
14. INSTALLING APACHE STORM (0.10.0):
Let’s download and install apache Storm from Apache Mirrors
sudo tar -zxvf ~/dev/apache-storm-0.10.0-beta1.tar.gz -C /usr/local
cd /usr/local
sudo ln -s apache-storm-0.10.0beta1 storm
cd storm
2. Following the instructions available on the apache storm site itself(To install Apache Storm).
15. ENABLING RANGER STORM PLUGINS:
- We’ll start by extracting our build at the appropriate place.
cd /usr/local
tar zxvf ~/dev/incubator-ranger/target/ranger-0.5.0-storm-plugin.tar.gz
sudo ln -s ranger-0.5.0-storm-plugin ranger-storm-plugin
2. Now let’s edit the install.properties file. Here are the relevant lines that you should edit:
Change the insall.properties file
PROPERTY VALUE POLICY_MGR_URL REPOSITORY_NAME stormdev XAAUDIT.DB.IS_ENABLED true XAAUDIT.DB.HOSTNAME localhost XAAUDIT.DB.DATABASE_NAME ranger XAAUDIT.DB.USER_NAME rangerlogger XAAUDIT.DB.PASSWORD XAAUDIT.DB.PASSWORD=rangerlogger
3. Now enable the storm-plugin by running the enable-storm-plugin.sh command (Remember to set JAVA_HOME)
cd /usr/local/ranger-storm-plugin
./enable-storm-plugin.sh
Once these changes are done Restart Storm
You can verify by logging into the Ranger Admin Web interface > Audit > Agents
16. INSTALLING APACHE YARN:
You can run a MapReduce job on YARN in a pseudodistributed mode by setting a few parameters and running ResourceManager daemon and NodeManager daemon in addition
The following instructions assume that hadoop installations steps mentioned in Installing Apache Hadoop are already executed.