Steps to use SSL enabled MySQL for Ranger Admin Database
Install MySQL and enable SSL with the help of doc :
- http://dev.mysql.com/doc/refman/5.7/en/creating-ssl-files-using-openssl.html
- https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-using-ssl.html
Open install.properties file in Ranger and update the following properties with values according to your environment:
Property Name Value
db_ssl_enabled True db_ssl_required True db_ssl_verifyServerCertificate True javax_net_ssl_keyStore /etc/ranger/admin/keystore javax_net_ssl_keyStorePassword ranger javax_net_ssl_trustStore /etc/ranger/admin/truststore javax_net_ssl_trustStorePassword ranger Note: If certificate verification is not required then you can set value ‘false’ in property db_ssl_verifyServerCertificate. In this case, keystore and truststore file location need not to be valid and/or mandatory.
Install Ranger by running command ./setup.sh
Verify below listed properties in ranger-admin-default-site.xml, needs to be set as per above values specified in point-1:
Property Name Value ranger.db.ssl.enabled True ranger.db.ssl.required True ranger.db.ssl.verifyServerCertificate True Restart Ranger admin.
Steps to use SSL enabled MySQL for Ranger KMS Database
- Open install.properties file in Ranger-KMS and update the following properties with values according to your environment:
Property Name Value db_ssl_enabled True db_ssl_required True db_ssl_verifyServerCertificate True javax_net_ssl_keyStore /etc/ranger/kms/keystore javax_net_ssl_keyStorePassword ranger javax_net_ssl_trustStore /etc/ranger/kms/truststore javax_net_ssl_trustStorePassword ranger Note: If certificate verification is not required then you can set value ‘false’ in property db_ssl_verifyServerCertificate. In this case, keystore and truststore file location need not to be valid and/or mandatory.
Install Ranger-KMS by running command ./setup.sh
- Verify below listed properties in dbks-site.xml, needs to be set as per above values specified in point-1:
Property Name Value ranger.ks.db.ssl.enabled true ranger.ks.db.ssl.required true ranger.ks.db.ssl.verifyServerCertificate true Note: If certificate verification is not required then you can set value ‘false’ in property ranger.ks.db.ssl.verifyServerCertificate. In this case, keystore and truststore file location need not to be valid and/or mandatory.
- Restart Ranger KMS.