add_ranger_hdfs_config

Use this command to add a Hadoop integration with Ranger HDFS.

This API is available in Guardium V11.3 and later.

REST API syntax

This API is available as a REST service with the POST method. Call this API as follows:
POST https://[Guardium hostname or IP address]:8443/restAPI/add_ranger_hdfs_config

GuardAPI syntax

add_ranger_hdfs_config parameter=value

Parameters

Parameter Value type Description
ldLibraryPath String Locate libjvm.so (for example, /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/jre/lib/amd64/server/libjvm.so) and set ld_library_paths to the directory that contains libjvm.so (for example, /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/jre/lib/amd64/server).
principal String Required for Kerberos. The value of Ranger HDFS user.
rangerHdfsAuditDirs String

Comma-separated list of directories where Ranger logs the service audits. Include one directory that contains the daily log directories, for each service you want to monitor. Usually the paths are located under /ranger/audit.

Example service directories for CDP 7: /ranger/audit/hive/hiveServer2,/ranger/audit/kafka/kafka,/ranger/audit/hbase/hbaseMaster,/ranger/audit/hbase/hbaseRegional,/ranger/audit/atlas/atlas,/ranger/audit/hdfs/hdfs

Example service directories for HW 3: /ranger/audit/hbaseMaster,/ranger/audit/hbaseRegional, /ranger/audit/hdfs,/ranger/audit/hiveServer2,/ranger/audit/kafka,/ranger/audit/solr,/ranger/audit/storm

rangerHDFSAuditHistoryLength Integer Required.
rangerHdfsKeytab String Required for Kerberos. Location of the Kerberos keytab that contains the principal used to connect to HDFS.
rangerHdfsLibLocation String Locate libhdfs.so provided by Hadoop cluster (for example, /usr/hdp/3.1.0.141-1/usr/lib/libhdfs.so) and set ranger_hdfs_lib_location to the directory that contains libhdfs.so (for example, /usr/hdp/3.1.0.141-1/usr/lib).
rangerHdfsNamenode String IP or hostname of the HDFS NameNode.
rangerHdfsPollMs Integer Time interval, in milliseconds, the S-TAP® waits between checking for new Ranger audits in HDFS.
rangerHdfsPort Integer The HDFS NameNode port the S-TAP connects to.
rangerHdfsUser String The user with which S-TAP connects to HDFS. if the HDFS setup is using Kerberos, set the parameter to the Kerberos principal.
stapHostName String Required. Host name or IP of the S-TAP that receives the Ranger audit messages from the Ranger.
useKerberos Boolean Enables Kerberos authentication for this connection. When enabled, requires values for Principal and Ranger HDFS keytab. Valid values:
  • 0: Disabled
  • 1: Enabled

Default = 0

api_target_host String

Specifies the target hosts where the API executes. Valid values:
  • all_managed: execute on all managed units but not the central manager
  • all: execute on all managed units and the central manager
  • group:<group name>: execute on all managed units identified by <group name>
  • host name or IP address of a managed unit: specified from the central manager to execute on a managed unit.  For example, api_target_host=10.0.1.123.
  • host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.