Skip to content

RANGER-4883: fix failure in audit-to-HDFS from Kafka and Knox plugins #839

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mneethiraj merged 1 commit into from
Feb 4, 2026
Merged

RANGER-4883: fix failure in audit-to-HDFS from Kafka and Knox plugins #839

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion dev-support/ranger-docker/docker-compose.ranger-kafka.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@ services:
volumes:
- ./dist/keytabs/ranger-kafka:/etc/keytabs
- ./scripts/kdc/krb5.conf:/etc/krb5.conf:ro
- ./scripts/hadoop/core-site.xml:/home/ranger/scripts/core-site.xml
- ./scripts/hadoop/core-site.xml:/home/ranger/scripts/core-site.xml:ro
- ./scripts/hadoop/hdfs-client-site.xml:/home/ranger/scripts/hdfs-site.xml:ro
- ./scripts/kafka/kafka-server-jaas.conf:/home/ranger/scripts/kafka-server-jaas.conf
- ./dist/version:/home/ranger/dist/version:ro
- ./scripts/kafka/ranger-kafka-plugin-install.properties:/opt/ranger/ranger-kafka-plugin/install.properties
Expand Down
2 changes: 2 additions & 0 deletions dev-support/ranger-docker/docker-compose.ranger-knox.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ services:
volumes:
- ./dist/keytabs/ranger-knox:/etc/keytabs
- ./scripts/kdc/krb5.conf:/etc/krb5.conf:ro
- ./scripts/hadoop/core-site.xml:/home/ranger/scripts/core-site.xml:ro
- ./scripts/hadoop/hdfs-client-site.xml:/home/ranger/scripts/hdfs-site.xml:ro
- ./dist/version:/home/ranger/dist/version:ro
- ./scripts/knox/ranger-knox-sandbox.xml:/opt/knox/conf/topologies/sandbox.xml
- ./scripts/knox/ranger-knox-plugin-install.properties:/opt/ranger/ranger-knox-plugin/install.properties
Expand Down
11 changes: 11 additions & 0 deletions dev-support/ranger-docker/scripts/hadoop/hdfs-client-site.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<configuration>
<property>
<name>dfs.namenode.kerberos.principal</name>
<value>nn/ranger-hadoop.rangernw@EXAMPLE.COM</value>
</property>
<property>
<name>dfs.datanode.kerberos.principal</name>
<value>dn/ranger-hadoop.rangernw@EXAMPLE.COM</value>
</property>
</configuration>
1 change: 1 addition & 0 deletions dev-support/ranger-docker/scripts/kafka/ranger-kafka-setup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ then
fi

cp ${RANGER_SCRIPTS}/core-site.xml ${KAFKA_HOME}/config/
cp ${RANGER_SCRIPTS}/hdfs-site.xml ${KAFKA_HOME}/config/
cp ${RANGER_SCRIPTS}/kafka-server-jaas.conf ${KAFKA_HOME}/config/

chown -R kafka:hadoop /opt/kafka/
Expand Down
6 changes: 6 additions & 0 deletions dev-support/ranger-docker/scripts/knox/ranger-knox-plugin-install.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,12 @@ POLICY_MGR_URL=http://ranger:6080
REPOSITORY_NAME=dev_knox
COMPONENT_INSTALL_DIR_NAME=/opt/knox

UGI_INITIALIZE=true
UGI_LOGIN_TYPE=keytab
UGI_KEYTAB_PRINCIPAL=knox/ranger-knox.rangernw@EXAMPLE.COM
UGI_KEYTAB_FILE=/etc/keytabs/knox.keytab
UGI_JAAS_APPCONFIG=unknown

CUSTOM_USER=knox
CUSTOM_GROUP=knox

Expand Down
2 changes: 1 addition & 1 deletion dev-support/ranger-docker/scripts/knox/ranger-knox-sandbox.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@

<provider>
<role>authorization</role>
<name>AclsAuthz</name>
<name>XASecurePDPKnox</name>
<enabled>true</enabled>
</provider>

Expand Down
3 changes: 3 additions & 0 deletions dev-support/ranger-docker/scripts/knox/ranger-knox-setup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,9 @@ then
${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh
fi

cp ${RANGER_SCRIPTS}/core-site.xml /opt/knox/conf/
cp ${RANGER_SCRIPTS}/hdfs-site.xml /opt/knox/conf/

chown -R knox:knox /opt/knox/

mkdir -p /opt/knox/logs
Expand Down
1 change: 1 addition & 0 deletions distro/src/main/assembly/knox-agent.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@
<include>com.google.protobuf:protobuf-java:jar:${protobuf-java.version}</include>
<include>org.apache.hadoop:hadoop-client-api:jar:${hadoop.version}</include>
<include>org.apache.hadoop:hadoop-client-runtime:jar:${hadoop.version}</include>
<include>org.apache.hadoop:hadoop-hdfs-client:jar:${hadoop.version}</include>
<include>com.fasterxml.jackson.core:jackson-annotations:jar:${fasterxml.jackson.version}</include>
<include>com.fasterxml.jackson.core:jackson-core:jar:${fasterxml.jackson.version}</include>
<include>com.fasterxml.jackson.core:jackson-databind:jar:${fasterxml.jackson.version}</include>
Expand Down
1 change: 1 addition & 0 deletions distro/src/main/assembly/plugin-kafka.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@
<include>org.apache.hadoop:hadoop-auth:jar:${hadoop.version}</include>
<include>org.apache.hadoop:hadoop-client-api:jar:${hadoop.version}</include>
<include>org.apache.hadoop:hadoop-client-runtime:jar:${hadoop.version}</include>
<include>org.apache.hadoop:hadoop-hdfs-client:jar:${hadoop.version}</include>
<include>com.google.code.gson:gson</include>
<include>org.eclipse.jetty:jetty-client:jar:${jetty-client.version}</include>
<include>commons-collections:commons-collections</include>
Expand Down
7 changes: 6 additions & 1 deletion knox-agent/conf/ranger-knox-security-changes.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,9 @@ ranger.plugin.knox.policy.rest.ssl.config.file %COMPONENT_INSTALL_DIR_NAME%/conf
ranger.plugin.knox.policy.pollIntervalMs 30000 mod create-if-not-exists
ranger.plugin.knox.policy.cache.dir %POLICY_CACHE_FILE_PATH% mod create-if-not-exists
ranger.plugin.knox.policy.rest.client.connection.timeoutMs 120000 mod create-if-not-exists
ranger.plugin.knox.policy.rest.client.read.timeoutMs 30000 mod create-if-not-exists
ranger.plugin.knox.policy.rest.client.read.timeoutMs 30000 mod create-if-not-exists
ranger.plugin.knox.ugi.initialize %UGI_INITIALIZE% mod create-if-not-exists
ranger.plugin.knox.ugi.login.type %UGI_LOGIN_TYPE% mod create-if-not-exists
ranger.plugin.knox.ugi.keytab.principal %UGI_KEYTAB_PRINCIPAL% mod create-if-not-exists
ranger.plugin.knox.ugi.keytab.file %UGI_KEYTAB_FILE% mod create-if-not-exists
ranger.plugin.knox.ugi.jaas.appconfig %UGI_JAAS_APPCONFIG% mod create-if-not-exists