This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Page tree
Skip to end of metadata
Go to start of metadata

Summary

In latest ranger-0.6, audit to db support has been removed. So in previous version if audit source is set to db then need to migrate this audit data from db to Solr.

For that follow the below steps

  1. Install and start Solr.

  2. Run migration script to migrate audits from db to Solr.

  • Prerequisite to migrate Audit logs from DB to Solr 

  1. Make sure Solr is installed and running. To install Solr you can refer Doc

  2. Make sure DB server is running and credentials to connect to audit to DB are available.

  3. Make sure Ranger is working with Audit source as ‘solr’ and solr url is configured. To enable Audit to solr; below given two properties should be configured

 

Property Name

Sample Value

Description

ranger.audit.source.type

solr

Ranger would able to communicate to Solr server only if this property is set to ‘solr’

ranger.audit.solr.urls

Syntax :

http://<solr_host>:<port>/solr/ranger_audits

Example :

http://<solr-ip>:6083/solr/ranger_audits

Solr url, should be there if you have setup Ranger with audit source as solr

  • Steps to migrate Audit logs from DB to Solr

    Manual Installation environment:


    Make sure properties mentioned in below given table are having required values in conf/ranger-admin-site.xml or conf/ranger-admin-default-site.xml

    If you have upgraded Ranger and switched audit log destination from DB to Solr then it is possible that you might not be having required properties in conf/ranger-admin-site.xml and/or values of below given properties in conf/ranger-admin-default-site.xml. To configure correct settings you can refer to previous (before upgrade) conf/ranger-admin-site.xml and manually copy-paste values of mentioned properties in conf/ranger-admin-default-site.xml file.

     

    Property Name

    Sample Value (for MySQL DB Flavor)

    Description

    ranger.jpa.audit.jdbc.url

    jdbc:mysql://127.0.0.1/ranger_audit

    make sure audit db URL is according to your DB flavor.

     

    Stop or restart Ranger Admin after configuring above properties and then execute below given command from Ranger admin directory. Please replace /path/to/java with actual java binary path.

     

    $/path/to/java -Dlogdir=ews/logs -Dlog4j.configuration=db_patch.log4j.xml -cp ews/webapp/WEB-INF/classes/conf:ews/webapp/WEB-INF/classes/lib/*:ews/webapp/WEB-INF/:ews/webapp/META-INF/:ews/webapp/WEB-INF/lib/*:ews/webapp/WEB-INF/classes/:ews/webapp/WEB-INF/classes/META-INF org.apache.ranger.patch.cliutil.DbToSolrMigrationUtil

     

    Note : Ranger need not to be in running state to migrate audit logs from RDBMS to Solr, however conf/ranger-admin-site.xml or conf/ranger-admin-default-site.xml file should have right values before executing above command.

    Ambari Based Installation environment:

    If you have upgraded Ranger and switched audit log destination from DB to Solr then it is possible that you might not be having required values of below given properties; but you can add below given properties as custom properties from Ambari UI and refer previous (before upgrade) conf/ranger-admin-site.xml file and manually copy-paste values of mentioned properties in textbox against value field of Add Property dialog box

     

    Property Name

    Sample Value (for MySQL DB Flavor)

    Description

    ranger.jpa.audit.jdbc.url

    jdbc:mysql://127.0.0.1/ranger_audit

    make sure audit db URL is according to your DB flavor.

    Restart Ranger Admin after configuring above properties and then execute below given command from Ranger admin directory. Please replace /path/to/java with actual java binary path.

     

    $/path/to/java -Dlogdir=ews/logs -Dlog4j.configuration=db_patch.log4j.xml -cp ews/webapp/WEB-INF/classes/conf:ews/webapp/WEB-INF/classes/lib/*:ews/webapp/WEB-INF/:ews/webapp/META-INF/:ews/webapp/WEB-INF/lib/*:ews/webapp/WEB-INF/classes/:ews/webapp/WEB-INF/classes/META-INF:/usr/share/java/mysql-connector-java.jar org.apache.ranger.patch.cliutil.DbToSolrMigrationUtil

    Note : Ranger need not to be in running state to migrate audit logs from RDBMS to Solr, however conf/ranger-admin-site.xml or conf/ranger-admin-default-site.xml file should have right values before executing above command.

  • No labels