Linux-UNIX: Hortonworks and Apache Ranger prerequisites

Verify these prerequisites before starting your integration.

  • S-TAP® and appliance are running Guardium V10.1 or later
  • Hortonworks 2.3-3.1 with Ranger
  • For Hive 3+, log4j libraries must be replaced by log4j 2.8 libraries for hiveserver2 in /usr/hdp/current/hive-server2/lib directory. The correct libraries are:
    • log4j-1.2-api-2.8.2.jar
    • log4j-api-2.8.2.jar
    • log4j-core-2.8.2.jar
    • log4j-slf4j-impl-2.8.2.jar
    • log4j-web-2.8.2.jar
    You can download the libraries from https://logging.apache.org/log4j/log4j-2.8/download.html
  • Solr Component is configured (mandatory Ranger component that enables display of user information in Guardium)
  • Ambari and Ranger information. A significant portion of setup is done through Ambari, the Hadoop administrative interface. You need the following information:
    Ambari
    • A user ID and password who has privileges to update and save the log4j configuration, such as a Service Administrator account. For simplicity, refer to this as the admin account and password.
    • Port and IP address or hostname.
    • Cluster name.
    Ranger
    The details are only needed if configuring blocking. For more information about configuring blocking, see IBM Security Monitoring and Blocking for Hortonworks Hadoop Using Apache Ranger Integration.
    • A Service Administrator account that can update and save the log4j configuration.
    • Port and IP address or hostname.
  • These ports must be open (assuming use of default ports):
    • For monitoring, open port 5555 between the node(s) that S-TAP is on and the Ranger server.
    • For blocking, open port 5556 to allow communication between S-TAP and all nodes in the cluster that have the Guardium plugin.