Good. I already typed it, so let me paste it for the benefit of others. We need to update the doc also. If you don’t mind, can you create a JIRA to track this?
1. Go to RangerAdmin UI -> AccessManager (first menu tab is already opened by default) 2. Click on “+” in the HDFS panel title 3. Enter Service Name: e.g. “${cluster_name}_hdfs. Cluster name could be anything. You can call the repo “test_hdfs” if you want to 4. UserName: ranger (doesn’t matter whether it exists because you are not using kerberos) 5. Password: ranger (doesn’t matter what you give) 6. Namenode URL: hdfs://<namenode_host>:8020 7. Authorization Enabled: No 8. Authentication Type: Simple 9. Rest you can leave it as default. Save this screen. Then use the same name e.g “test_hdfs” in your install.properties for enabling Ranger in HDFS. Then restart namenode. Is the plugin request showing up in the Audit->Plugin tab? If the plugin is showing up, then that means authorization and auditing is already working. For configuring policies, we need to configure UserSync. The install/configure process is same for all processes. You need to update the install.properties with the appropriate values. Set SYNC_SOURCE = ldap And check the section "Table: LDAP/AD Properties with sample values” for reference values. Please note that for using LDAP within Hadoop, you need to configure Hadoop core-site.xml to use LDAP. You might be already knowing it. Just want to make sure. Thanks Bosco From: Aneela Saleem <ane...@platalytics.com<mailto:ane...@platalytics.com>> Reply-To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Date: Tuesday, July 28, 2015 at 11:13 AM To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Subject: Re: Error Setting up Ranger-Admin Luckily i have created the service myself. Thanks for your timely help. Can you please tell me now what should be the next step. I want to explore all the functionality i.e., sync LDAP contacts perform authorization etc On Tue, Jul 28, 2015 at 11:07 PM, Aneela Saleem <ane...@platalytics.com<mailto:ane...@platalytics.com>> wrote: There are no errors in NameNode logs. Can you please tell me how to create service/repo using Ranger Admin? On Tue, Jul 28, 2015 at 10:48 PM, Don Bosco Durai <bo...@apache.org<mailto:bo...@apache.org>> wrote: Yes, this is link I was about to redirect you to. Sorry, I might have assumed incorrectly on your initial question. ./setup.sh is called only for installing RangerAdmin. Good it seems you have made progress on installing RangerAdmin. I also assume, your ./enable-hdfs-plugin.sh went through fine. Looking into the Apache Ranger document, it seems it doesn’t explicitly call out to create a repo/service for HDFS in RangerAdmin. In the install.properties for HDFS, what value have you given for the property “REPOSITORY_NAME”? You need to create a service/repo in RangerAdmin with the same name. Also, after you restart HDFS namenode, can you check the namenode logs for any error? Thanks Bosco From: Aneela Saleem <ane...@platalytics.com<mailto:ane...@platalytics.com>> Reply-To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Date: Tuesday, July 28, 2015 at 10:16 AM To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Subject: Re: Error Setting up Ranger-Admin And i'm using following link for installation: https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation I'm upto Enabling Ranger HDFS Plugins section (e) * You can verify by logging into the Ranger Admin Web interface > Audit > Agents. * You can verify the plugin is communicating to Ranger admin in Audit->plugins tab where i don't see any audits ensuring hdfs plugin is communicating to Ranger Admin. On Tue, Jul 28, 2015 at 10:11 PM, Aneela Saleem <ane...@platalytics.com<mailto:ane...@platalytics.com>> wrote: I'm planning to secure HDFS and i'm using Knox for authentication using REST API. Yes i'm still able to access the RangerAdmin UI. I'm just curious how to sync LDAP contacts in APache Ranger. Secondly if the document is related to 0.4 and i'm linked with 0.5, then how should i proceed? Do you have any fruitful link, i should follow? (being a novice) On Tue, Jul 28, 2015 at 10:04 PM, Don Bosco Durai <bo...@apache.org<mailto:bo...@apache.org>> wrote: Aneela The document you linked is for Apache Ranger 0.4. There subtle changes in Apache Ranger 0.5. Just curious, how you were able to access RangerAdmin UI? Did the installation continued after the install failure? Also, can you give additional information of your env? I can try reproducing it. Also, which components are you planning secure? (HDFS, Hive, Hbase, Solr, YARN, Storm, etc) Thanks Bosco From: Aneela Saleem <ane...@platalytics.com<mailto:ane...@platalytics.com>> Reply-To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Date: Tuesday, July 28, 2015 at 5:19 AM To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Subject: Re: Error Setting up Ranger-Admin And secondly my Ranger UI does not Match the UI as shown in the following link: http://pivotalhd.docs.pivotal.io/docs/ranger-user-guide.html#Item1.4.2 There is no Policy Manager Tab and no Manage Repository Thing. On Tue, Jul 28, 2015 at 5:17 PM, Aneela Saleem <ane...@platalytics.com<mailto:ane...@platalytics.com>> wrote: Hi Bosco, I did as you suggested but still getting same error. On Tue, Jul 28, 2015 at 4:49 AM, Don Bosco Durai <bo...@apache.org<mailto:bo...@apache.org>> wrote: The properties file looks good.. I am not sure whether it is because of python 2.7. Is it possible for you to use python 2.6? Try changing the below to where 2.6 is installed. PYTHON_COMMAND_INVOKER=python Thanks Bosco From: Aneela Saleem <ane...@platalytics.com<mailto:ane...@platalytics.com>> Reply-To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Date: Monday, July 27, 2015 at 2:02 PM To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Subject: Error Setting up Ranger-Admin Hi all, I have followed this link https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation But when i run ./setupsh, i get the following error at the end: Traceback (most recent call last): File "update_property.py", line 40, in <module> write_properties_to_xml(ranger_admin_site_xml_path,parameter_name,parameter_value) File "update_property.py", line 21, in write_properties_to_xml if(os.path.isfile(xml_path)): File "/usr/lib/python2.7/genericpath.py", line 29, in isfile st = os.stat(path) TypeError: coercing to Unicode: need string or buffer, NoneType found 2015-07-28 01:38:57,308 [E] Update property failed for: Attached is the install.proprties file. I'm new to Apache Knox, can anyone please guide me. I'm having troubles in installing Apache Ranger. Thanks