This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Page tree
Skip to end of metadata
Go to start of metadata

Steps to use SSL enabled MySQL for Ranger Admin Database

 Install MySQL and enable SSL with the help of doc :  

  1. Open install.properties file in Ranger and update the following properties with values according to your environment:

    Property Name

    Value

    db_ssl_enabledTrue
    db_ssl_requiredTrue
    db_ssl_verifyServerCertificateTrue
    javax_net_ssl_keyStore/etc/ranger/admin/keystore
    javax_net_ssl_keyStorePasswordranger
    javax_net_ssl_trustStore/etc/ranger/admin/truststore
    javax_net_ssl_trustStorePasswordranger

    Note: If certificate verification is not required then you can set value ‘false’ in property db_ssl_verifyServerCertificate. In this case, keystore and truststore file location need not to be valid and/or mandatory.


  2. Install Ranger by running command ./setup.sh

  3. Verify below listed properties in ranger-admin-default-site.xml, needs to be set as per above values specified in point-1:

    Property NameValue
    ranger.db.ssl.enabledTrue
    ranger.db.ssl.requiredTrue
    ranger.db.ssl.verifyServerCertificateTrue
  4. Restart Ranger admin.

Steps to use SSL enabled MySQL for Ranger KMS Database

  1. Open install.properties file in Ranger-KMS and update the following properties with values according to your environment: 
    Property NameValue
    db_ssl_enabledTrue
    db_ssl_requiredTrue
    db_ssl_verifyServerCertificateTrue
    javax_net_ssl_keyStore/etc/ranger/kms/keystore
    javax_net_ssl_keyStorePasswordranger
    javax_net_ssl_trustStore/etc/ranger/kms/truststore
    javax_net_ssl_trustStorePasswordranger

    Note: If certificate verification is not required then you can set value ‘false’ in property db_ssl_verifyServerCertificate. In this case, keystore and truststore file location need not to be valid and/or mandatory.


  2. Install Ranger-KMS by running command ./setup.sh

  3. Verify below listed properties in dbks-site.xml, needs to be set as per above values specified in point-1:

     

    Property NameValue
    ranger.ks.db.ssl.enabledtrue
    ranger.ks.db.ssl.requiredtrue
    ranger.ks.db.ssl.verifyServerCertificatetrue

    Note: If certificate verification is not required then you can set value ‘false’ in property ranger.ks.db.ssl.verifyServerCertificateIn this case, keystore and truststore file location need not to be valid and/or mandatory.

  4. Restart Ranger KMS.
  • No labels