Skip to content

Ranger Tagsync#

This topic shows how you can configure Ranger TagSync to synchronize the Ranger tag store with Atlas.

Configuration

  1. Run the following commands.

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.ranger-tagsync.yml config/custom-vars/
    vi config/custom-vars/vars.ranger-tagsync.yml
    
  2. Edit the following properties.

    Property Description Example
    RANGER_TAGSYNC_ENABLE Property to enable/disable the Ranger TagSync. true
    TAGSYNC_TAG_SOURCE_ATLAS_KAFKA_BOOTSTRAP_SERVERS Kakfa bootstrap server where Atlas publishes the entities. Tagsync listens and pushes the mapping of Atlas entities and tags to Ranger. kafka:9092
    TAGSYNC_TAG_SOURCE_ATLAS_KAFKA_ZOOKEEPER_CONNECT Zookeeper URL for Kafka. zoo-1:2181
    TAGSYNC_ATLAS_CLUSTER_NAME Atlas cluster name. privacera
    TAGSYNC_TAGSYNC_ATLAS_TO_RANGER_SERVICE_MAPPING

    (Optional) To map from Atlas Hive cluster-name to Ranger service-name, the following format is used:

    clusterName,componentType,serviceName;clusterName2,componentType2,serviceName2

    Note: There are no spaces in the above format.

    For Hive, the notifications from Atlas include the name of the entities in the following format:

    dbName@clusterName dbName.tblName@clusterName dbName.tblName.colName@clusterName

    Ranger Tagsync needs to derive the name of the Hive service (in Ranger) from the above entity names. By default, Ranger computes Hive service name as: clusterName + “_hive".

    If the name of the Hive service (in Ranger) is different in your environment, use following property to enable Ranger Tagsync to derive the correct Hive service name.

    TAGSYNC_ATLAS_TO_RANGER_SERVICE_MAPPING = clusterName,hive,rangerServiceName

    {{TAGSYNC_ATLAS_CLUSTER_NAME}},hive,privacera_hive;{{TAGSYNC_ATLAS_CLUSTER_NAME}},s3,privacera_s3
    TAGSYNC_TAGSYNC_ATLAS_DEFAULT_CLUSTER_NAME (Optional) Default cluster name configured for Atlas. {{TAGSYNC_ATLAS_CLUSTER_NAME}}
    TAGSYNC_TAG_SOURCE_ATLAS_KAFKA_ENTITIES_GROUP_ID (Optional) Consumer Group Name to be used to consume Kafka events. privacera_ranger_entities_consumer

    Note

    You can also add custom properties that are not included by default. See Ranger TagSync.

  3. Run the following command.

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update
    

Last update: August 24, 2021