add_ranger_service

Use this command to map the Ranger service to an S-TAP®, using the S-TAP host and port from the output to get_ranger_staps.

This command requires valid administrative authority on the Ambari server such as an admin or service administrator account. After running the command, the Ambari administrator must restart the affected Hadoop components so that the changes take effect.

This API is available in Guardium V10.1.4 and later.

REST API syntax

This API is available as a REST service with the POST method. Call this API as follows:
POST https://[Guardium hostname or IP address]:8443/restAPI/add_ranger_service

GuardAPI syntax

add_ranger_service parameter=value

Parameters

Parameter Value type Description
clusterName String Required. Ambari cluster name defined with add_ranger_config.
enableMonitoring Boolean Required. Enable Guardium® monitoring for this Hadoop service. Valid values:
  • 0: false
  • 1: true

Default = 0

port Integer Port on the Ambari server for listening. Default = 5555.
serviceName String Required. Name of the service. Valid values:
  • hdfs
  • hive
  • hbase
  • kafka
  • solr
  • storm
stapHostName String Required. Host name or IP of the S-TAP that receives the log4j audit messages from the Ranger.
api_target_host String

Specifies the target hosts where the API executes. Valid values:
  • all_managed: execute on all managed units but not the central manager
  • all: execute on all managed units and the central manager
  • group:<group name>: execute on all managed units identified by <group name>
  • host name or IP address of a managed unit: specified from the central manager to execute on a managed unit.  For example, api_target_host=10.0.1.123.
  • host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.

GrdAPI example

To add a Ranger service on Cluster4, listening port on the Ambari server of 5555, and S-TAP host <db server>:

grdapi add_ranger_service clusterName=Cluster4 serviceName=HDFS stapHostName="<db server>" port=5555 enableMonitoring=true
System response:
ID=0
The Hadoop service configuration has been changed. Ask the Hadoop administrator to restart the Hadoop service to activate the changes.
HDFS Monitoring Enabled on <db server>:5565

REST API example

This example specifies DFS, HIVE, and HBASE:
curl -k --header "Authorization:Bearer <access token>" -i -H "Content-Type: application/json" -X POST -d '{clusterName="Cluster4", serviceName="HDFS,HIVE,HBASE", stapHostName="<db server>", port=5534, enableMonitoring=true}
Sample output:
[
 {
   "id": 3,
   "ambariConfigId": 1,
   "service": {
      "id": 1,
      "label": "HBase",
      "value": "HBASE"
   },
   "stapHost": {
      "id": 18,
      "name": "<db server>",
      "value": "<db server>",
      "port": "5534",
      "stapStatus": 2
      },
      "isMonitored": true,
      "port": "5534",
      "editMode": true
 },
 {
   "id": 1,
   "ambariConfigId": 1,
   "service": {
      "id": 2,
      "label": "HDFS",
      "value": "HDFS"
   },
   "stapHost": {
      "id": 18,
      "name": "<db server>",
      "value": "<db server>",
      "port": "5534","stapStatus": 2
   },
   "isMonitored": true,
   "port": "5534",
   "editMode": true
  },
  {
   "id": 2,
   "ambariConfigId": 1,
   "service": {
      "id": 3,
      "label": "Hive",
      "value": "HIVE"
   },
   "stapHost": {
      "id": 18,
      "name": "<db server>",
      "value": "<db server>",
      "port": "5534",
      "stapStatus": 2
   },
   "isMonitored": true,
   "port": "5534",
   "editMode": true
  }
]