I have tested this in HDP-2.6.1 cluster and it works fine.
Step 1:-
In Ranger Settings - remove the check box for "HTTP" enabled
Step2 :-
On Ranger Admin Host:-
cd /etc/ranger/conf
keytool -genkey -keyalg RSA -alias rangeradmin -keystore ranger-admin-keystore.jks -storepass xasecure -validity 360 -keysize 2048
Note:-
host name as the value for the "What is your first and last name?" question.
When prompted for your password, press the Enter key. This will not work for Java keytool version 1.5. If you have multiple java versions, then pick the keytool version under the JDK which is greater than JDK 1.5.
Ex: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.141-3.b16.el6_9.x86_64/jre/bin/k
Step 3:-
chown ranger:ranger ranger-admin-keystore.jks
chmod 400 ranger-admin-keystore.jks
Step 4:-
Ranger -> config - > Advanced -> "Advanced ranger-admin-site"
ranger.service.https.attrib.keystore.file=/etc/ranger/admin/conf/ranger-admin-keystore.jks
ranger.service.https.attrib.keystore.pass=xasecure
ranger.service.https.attrib.keystore.keyalias=rangeradmin
ranger.service.https.attrib.clientAuth=false
#(Setting this to false to disable 2 way SSL communication, otherwise have to copy the client certificate to all the nodes and set this to "want" )
ranger.service.https.attrib.ssl.enabled=true
ranger.service.https.port=6182
Step 5:-
Ranger -> config - > Advanced -> "Custom ranger-admin-site"
ranger.service.https.attrib.keystore.file=/etc/ranger/admin/conf/ranger-admin-keystore.jks
ranger.service.https.attrib.client.auth=false
Now you can access ranger admin URL with https://
Reference:-
https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/configure_ambari_ranger_ssl_self_signed_cert_admin.html
No comments:
Post a Comment