Hi Amitsha My answers are embedded...
> On Dec 15, 2014, at 4:25 AM, Amith sha <[email protected]> wrote: > > Hi Bosco, > > As per the past instructions.I have installed the Apache Ranger > successfully.By which i can access the Ranger web interface but i got > some following Errors, > > 1.No Access Audit found! > I installed Hdfs,Hive,Knox and etc by which > i should get some Agent files in web Interface of Audit as you > mentioned in the document ****** You can verify by logging into the > Ranger Admin Web interface -> Audit -> Agents ****** But i got .No > Access Audit found! in web Interface.i tried to find out the process > by where i traced the username and db for the rangeraudit and i > checked out the db ( ranger_audit) and table ( xa_access_audit ) in > mysql where there is no records in the table. > Common cause is mismatch in the repository name given in the PolicyAdmin and install.properties of the plugin. Let’s pick one component for testing the plugin connection and after restart of the component, check in the component logs (hivesever2.log or NameNode log) and see if you see any exceptions. FYI, the plugin connection logs are in x_policy_export_audit table. > 2.knox.url and Common Name For Certificate > Here i have configured knox successfully > and able to acces the hdfs information using Knox gateway via knox > Users,But i want to know the exact knox.url ex:- I used the following > link to access my Hdfs Status > curl -k -u guest:guest-password > 'https://127.0.0.1:8443/gateway/knox_sample/webhdfs/v1?op=LISTSTATUS' > > Here which is my knox url and i have to > provide the Certificate name so how can i? > I provided while creating the repository for Knox > https://127.0.0.1:8443/gateway/knox_sample as Knox url and so on but > while testing i got Connection error. > Not sure I understood your question here. Are you able to “telnet 127.0.0.1 8443” ? > 3.As a Beginner For Apache knox and Ranger i want to Clarify Some Doubts > *knox is also a security Agent to provide Security for > hdfs,hive,hbase etc so why we need ApacheRanger Different purpose. Knox is service level coarse grain authorization. And more importantly, it is API gateway, which provides single URL (hostname) for access all the services and authentication mapping (e.g. your Hadoop could be Kerberoized, but you can still access it via Knox with LDAP authentication). Ranger provides more finer grain access control, central administration and centralized auditing. > *In Hortonworks After Configuring Ranger they Checked using knox Knox is one of the component where you can use Ranger for managing policy administration and centralized auditing. So not sure what your question is. > *So Ranger is only to see graphically the users Login and Logs Ranger does administration, policy enforcement and audit collection. The policies can be configured via UI or via REST APIs. So UI is just a tool over the core Ranger features. > *Can u provide a examples to run using Ranger as examples > Available Like sqoop2,hive etc Few examples are: 1. HDFS folder/file permission. Different users and groups can have different level of permission. 2. In HiveServer2, database, table and column level access control. 3. For scoop, you will setup the policies at the DB level. If it is HiveCLI, then at the HDFS level. 4. Centralized auditing of access to data 5. Auditing of admin actions. > > > Since we are Planing to Secure the Hadoop process we are so interested > in Ranger In-depth.but unfortunatly there is no examples around the > search engines.kindly Provide a solution for us We are working on the documentation and providing more use cases. Let me see if there are better way in the meanwhile. > > Thank you, > Amithsha > > On Thu, Dec 11, 2014 at 11:24 AM, Amith sha <[email protected]> wrote: >> Hi Bosco, >> >> Thanks for your reply, I have checked out the log files Actually i did the >> mistake where file named setup.sh i didnt set the mysql,rangeradmin and >> rangerlogger password.so finally have made a entry in that file and started >> the script have got the access for web console. >> >> Thanks for your guidance and will ping u after completing further >> installation. >> >> On Thu, Dec 11, 2014 at 11:16 AM, Amith sha <[email protected]> wrote: >>> >>> Hi Bosco, >>> >>> >>> On Thu, Dec 11, 2014 at 12:21 AM, Don Bosco Durai <[email protected]> >>> wrote: >>>> >>>> Hi Amith >>>> >>>> Seems MySQL is down or not reachable. Can you check the logs in: >>>> >>>> Logs are in ews/logs folder. The path is relative to where you have >>>> installed ranger-admin. Check xa_portal.log and catalina.out files for >>>> ERROR >>>> and WARN log messages >>>> >>>> I have updated the installation wiki with the above comment (for log >>>> location). >>>> >>>> Thanks >>>> >>>> Bosco >>>> >>>> On Dec 10, 2014, at 4:09 AM, Amith sha <[email protected]> wrote: >>>> >>>> Hi Bosco, >>>> >>>> Thanks for your update.So far it is fine to build and got the web >>>> console. But cannot login the web console using default authentication >>>> username and password admin,admin. Is there any File to edit or Login >>>> Information is Required. >>>> >>>> Thanks >>>> >>>> On Wed, Dec 10, 2014 at 3:23 PM, Amith sha <[email protected]> wrote: >>>>> >>>>> Hi bosco, >>>>> Thanks for ur reply.Will check and Ping you soon. >>>>> >>>>> On Wed, Dec 10, 2014 at 1:17 PM, Don Bosco Durai <[email protected]> >>>>> wrote: >>>>>> >>>>>> Hi Amith >>>>>> >>>>>> I was trying to find from where ranger-script-env.sh was getting >>>>>> invoked, but couldn’t. >>>>>> >>>>>> Below are the instructions to build and run. Happy to get your feedback >>>>>> based on this document. >>>>>> >>>>>> >>>>>> https://cwiki.apache.org/confluence/display/RANGER/Ranger+Installation+Guide >>>>>> >>>>>> >>>>>> Thanks >>>>>> >>>>>> Bosco >>>>>> >>>>>> On Dec 9, 2014, at 9:38 PM, Amith sha <[email protected]> wrote: >>>>>> >>>>>> Hi all, >>>>>> As advised by Madhan,I was able to build the Ranger >>>>>> Successfully.And got the tar.gz files and finally by unzipping >>>>>> it.Tried >>>>>> to install (ranger-admin)using the shell script setup.sh where it got >>>>>> some inputs and finally it shows *Installation of XASecure >>>>>> PolicyManager Web Application is completed.* >>>>>> >>>>>> But i cant access the service in the port 6080 have alse checked >>>>>> whether >>>>>> any service is running on that port >>>>>> >>>>>> finally goggled and got this file location >>>>>> incubator-ranger-master/ >>>>>> embededwebserver/scripts >>>>>> Below files are found >>>>>> logs ranger-admin startcopy >>>>>> start-ranger-admin.sh stop-ranger-admin.sh >>>>>> >>>>>> tried ./start-ranger-admin.sh >>>>>> This script trying to find a file ranger-script-env.sh >>>>>> But it cannot found >>>>>> >>>>>> Can anyone help or suggest !!!! >>>>>> Is that possible to work before the new release . >>>>>> Thank u >>>>>> >>>>>> >>>>> >>>> >>>> >>> >>
