Cloudera Docs

Additional Steps for Apache Ranger

After installing Cloudera Manager and adding a cluster, there are additional steps required to complete the installation of Apache Ranger.

Enable Plugins

The Ranger plugins for HDFS and Solr may not be enabled by default. Ranger plugins enable Cloudera Manager stack components – such as HDFS and Solr – to connect to Ranger and access its authorization and audit services. Verify that the HDFS and Solr plugins are enabled after you install and start the Ranger service.
  1. To enable the HDFS plugin:
    1. Log in to Cloudera Manager.
    2. Go to the HDFS Service status page.
    3. Click the Configuration tab.
    4. Search for the Enable Ranger Authorization configuration property.
    5. If the Enable Ranger Authorization property is not selected, select it and save the changes.
    6. Go to the Ranger Service status page and click Actions > Setup Ranger Plugin Service.
    7. Restart the HDFS service.
  2. To enable the Ranger Solr plugin:
    1. Log in to Cloudera Manager.
    2. Go to the Solr Service status page.
    3. Click the Configuration tab.
    4. Search for the Enable Ranger Authorization configuration property.
    5. If the Enable Ranger Authorization property is not selected, select it and save the changes.
    6. Restart the Solr service.

Add Solr WebUI Users

Add the username of any users to the Ranger Solr policy who should have access to the Solr Web UI in the Ranger Policy for Solr. The user should have full access privileges.

Update the Time-to-live configuration for Ranger Audits

How to change the default time settings that control how long Ranger keeps audit data collected by solr.

  1. From Cloudera Manager choose Ranger > Configuration.
  2. Search for the ranger.audit.solr.config.ttl property, and set the the number of days to keep audit data.
  3. Search for the ranger.audit.solr.config.delete.trigger property, and set the number and units (days, minutes, hours, or seconds) to keep data for expired documents
  4. Refresh the configuration, using one of the following two options:
    1. Click Refresh Configuration, as prompted or, if Refresh Configuration does not appear,
    2. In Actions, click Update Solr config-set for Ranger, then confirm.

Determine susceptibility of Ranger database upgrade failure

This check is essential for you if you are still on releases earlier than 7.3.2.0 (7.3.1.x, 7.2.x, or 7.1.x) and are using MySQL 8.0 or higher.

  1. Verify x_trx_log table existence.
    Execute the following SQL query in your Ranger database:
    SHOW CREATE TABLE x_trx_log;
    Condition Action
    Table x_trx_log does not exist The upgrade will not fail due to this issue. No further action is required.
    Table x_trx_log exists Proceed to step 2 to check the table's default character set (look for DEFAULT CHARSET in the output).
  2. Check table’s default character set.
    Inspect the previous command output for x_trx_log’s DEFAULT CHARSET or the trx_id column’s collation.
    Condition Action
    DEFAULT CHARSET is not utf8mb4 The upgrade is unlikely to fail due to this specific issue. No further action is required.
    DEFAULT CHARSET is utf8mb4 If the default charset is set to utf8mb4 then, your environment is susceptible. Proceed to Step 3.
  3. Verify index existence (x_trx_log_IDX_trx_id).
    If the x_trx_log table exists and the default charset is set to utf8mb4, check if the problematic index already exists:
    SELECT * FROM INFORMATION_SCHEMA.STATISTICS WHERE table_schema=DATABASE() AND table_name='x_trx_log' AND index_name='x_trx_log_IDX_trx_id';
    Condition Action
    Index x_trx_log_IDX_trx_id exists The upgrade will not fail due to this issue. No further action is required.
    Index x_trx_log_IDX_trx_id does not exist Proceed to the remediation step.
    Remediation steps
    Create the required index manually by executing the following SQL statement in the Ranger DB:
    CREATE INDEX x_trx_log_IDX_trx_id ON x_trx_log (trx_id(190));

    This prefix index ensures the key length stays within the 3072-byte limit for utf8mb4 environments.