Steps to use SSL enabled MySQL for Ranger Admin Database

 Install MySQL and enable SSL with the help of doc :  

  1. Open install.properties file in Ranger and update the following properties with values according to your environment:

    Property Name

    Value

    db_ssl_enabledTrue
    db_ssl_requiredTrue
    db_ssl_verifyServerCertificateTrue
    javax_net_ssl_keyStore/etc/ranger/admin/keystore
    javax_net_ssl_keyStorePasswordranger
    javax_net_ssl_trustStore/etc/ranger/admin/truststore
    javax_net_ssl_trustStorePasswordranger

    Note: If certificate verification is not required then you can set value ‘false’ in property db_ssl_verifyServerCertificate. In this case, keystore and truststore file location need not to be valid and/or mandatory.


  2. Install Ranger by running command ./setup.sh

  3. Verify below listed properties in ranger-admin-default-site.xml, needs to be set as per above values specified in point-1:

    Property NameValue
    ranger.db.ssl.enabledTrue
    ranger.db.ssl.requiredTrue
    ranger.db.ssl.verifyServerCertificateTrue
  4. Restart Ranger admin.

Steps to use SSL enabled MySQL for Ranger KMS Database

  1. Open install.properties file in Ranger-KMS and update the following properties with values according to your environment: 
    Property NameValue
    db_ssl_enabledTrue
    db_ssl_requiredTrue
    db_ssl_verifyServerCertificateTrue
    javax_net_ssl_keyStore/etc/ranger/kms/keystore
    javax_net_ssl_keyStorePasswordranger
    javax_net_ssl_trustStore/etc/ranger/kms/truststore
    javax_net_ssl_trustStorePasswordranger

    Note: If certificate verification is not required then you can set value ‘false’ in property db_ssl_verifyServerCertificate. In this case, keystore and truststore file location need not to be valid and/or mandatory.


  2. Install Ranger-KMS by running command ./setup.sh

  3. Verify below listed properties in dbks-site.xml, needs to be set as per above values specified in point-1:

     

    Property NameValue
    ranger.ks.db.ssl.enabledtrue
    ranger.ks.db.ssl.requiredtrue
    ranger.ks.db.ssl.verifyServerCertificatetrue

    Note: If certificate verification is not required then you can set value ‘false’ in property ranger.ks.db.ssl.verifyServerCertificateIn this case, keystore and truststore file location need not to be valid and/or mandatory.

  4. Restart Ranger KMS.
  • No labels