Integrating Yarn with Ranger

Describes how to integrate Yarn with Ranger.

Use these steps:
  1. Ensure that the Ranger Admin is configured, as described in Installing Ranger and Configuring Ranger.
  2. Open the Ranger Admin UI using either the secure or non-secure address:
    • Secure address: https://<FQDN>:6182
    • Non-secure address: http://<FQDN>:6080
  3. In the Service Manager screen, create a Yarn service by providing the following properties:
    Properties Type Property Specify . . .
    Main Properties Service Name Any name for the service
    Username <cluster-admin>
    Password <cluster-admin-password>
    YARN REST URL <yarn-url-address>
    In Add New Configrations, add the property: policy.download.auth.users Cluster admin or component's main user

    Yarn Service Details
  4. To test the connection between Ranger and Yarn, click Test Connection.
  5. Modify the following properties in the install.properties in the Ranger Yarn plug-in home directory (RANGER_HOME/ranger-yarn-plugin/install.properties):
    # POLICY_MGR_URL=http(s)://policymanager.xasecure.net:6182 (or 6080)
    POLICY_MGR_URL=http://FQDN:6182
    
    # This is the repository name created within policy manager in item #1
    REPOSITORY_NAME=yarndev
    
    # Hadoop installation directory
    COMPONENT_INSTALL_DIR_NAME=/opt/mapr/hadoop/hadoop-<version>
  6. Enable the plug-in:
    sudo RANGER_HOME/ranger-yarn-plugin/enable-yarn-plugin.sh
  7. Restart Yarn services:
    /opt/mapr/bin/maprcli node services -name resourcemanager -action restart -nodes `hostname`
    /opt/mapr/bin/maprcli node services -name nodemanager -action restart -nodes `hostname`
    Ranger adds the following property to yarn-site.xml:
    <property>
        <name>yarn.authorization-provider</name>
        <value>org.apache.ranger.authorization.yarn.authorizer.RangerYarnAuthorizer</value>
    </property>
  8. To verify that the plug-in is active, navigate to Audit > Plugin Status:
    Yarn Plugin Status
  9. To verify that the policies are synced and applied, navigate to Audit > Plugins:
    Yarn Plugin Policies