THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- Create a repository in Ranger Policy Manager. E.g. "knoxdev". The same name needs to be configured during plugin setup
- Set the URL as https://knox_host:8443/gateway/admin/api/v1/topologies (Replace the knox_host with your fully qualified host name)
- Extract binaries at the appropriate place.
cd /usr/local
sudo tar zxf ~/dev/ranger/target/ranger-0.4.0-knox-plugin.tar.gz
sudo ln -s ranger-0.4.0-knox-plugin ranger-knox-plugin
cd ranger-knox-plugin - Now let’s edit the install.properties file. Here are the relevant lines that you should edit:
POLICY_MGR_URL=http://localhost:6080
REPOSITORY_NAME=knoxdev
KNOX_HOME=/usr/local/knox
XAAUDIT.DB.HOSTNAME=localhost
XAAUDIT.DB.DATABASE_NAME=ranger
XAAUDIT.DB.USER_NAME=rangerlogger
XAAUDIT.DB.PASSWORD=rangerlogger - Now enable the knox-plugin by running the enable-knox-plugin.sh command (Remember to set JAVA_HOME)
cd /usr/local/ranger-knox-plugin
./enable-knox-plugin.sh - Now edit the xasecure-audit.xml file.
- cd /usr/local/knox/conf
- Put in /usr/hdp<hadoop-installs>/<your version>/knox/ext/ a symbolic link to mysql-connector-java.jar
- Change the xasecure-audit.xml file. Make sure the JDBC properties are correct.
<property> <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name>
<value>jdbc:mysql://localhost/ranger</value>
</property>
<property>
<name>xasecure.audit.jpa.javax.persistence.jdbc.user</name>
<value>rangerlogger</value>
</property>
<property> <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name>
<value>rangerlogger</value>
</property> - Once these changes are done Restart Knox (Gateway/LDAP). This should start the association of ranger-knox-plugin with Knox.
- You can verify by logging into the Ranger Admin Web interface -> Audit Tab -> Agents
...