Integrating Yarn with Ranger
Describes how to integrate Yarn with Ranger.
Use these steps:
- Ensure that the Ranger Admin is configured, as described in Installing Ranger and Configuring Ranger.
- Open the Ranger Admin UI using either the secure or non-secure address:
- Secure address:
https://<FQDN>:6182
- Non-secure address:
http://<FQDN>:6080
- Secure address:
- In the Service Manager screen, create a Yarn service by
providing the following properties:
Properties Type Property Specify . . . Main Properties Service Name
Any name for the service Username
<cluster-admin>
Password
<cluster-admin-password>
YARN REST URL
<yarn-url-address>
In Add New Configrations, add the property: policy.download.auth.users
Cluster admin or component's main user - To test the connection between Ranger and Yarn, click Test Connection.
- Modify the following properties in the
install.properties
in the Ranger Yarn plug-in home directory (RANGER_HOME/ranger-yarn-plugin/install.properties
):# POLICY_MGR_URL=http(s)://policymanager.xasecure.net:6182 (or 6080) POLICY_MGR_URL=http://FQDN:6182 # This is the repository name created within policy manager in item #1 REPOSITORY_NAME=yarndev # Hadoop installation directory COMPONENT_INSTALL_DIR_NAME=/opt/mapr/hadoop/hadoop-<version>
- Enable the
plug-in:
sudo RANGER_HOME/ranger-yarn-plugin/enable-yarn-plugin.sh
- Restart Yarn
services:
Ranger adds the following property to/opt/mapr/bin/maprcli node services -name resourcemanager -action restart -nodes `hostname` /opt/mapr/bin/maprcli node services -name nodemanager -action restart -nodes `hostname`
yarn-site.xml
:<property> <name>yarn.authorization-provider</name> <value>org.apache.ranger.authorization.yarn.authorizer.RangerYarnAuthorizer</value> </property>
- To verify that the plug-in is active, navigate to Audit > Plugin
Status:
- To verify that the policies are synced and applied, navigate to Audit >
Plugins: