Ranger KMS Launch main ambari page Click add-service option Select Ranger and Ranger KMS Ensure that needful is done Select the nodes on which service(s) need to be installed Fill in the appropriate details Check DB connectivity for Ranger Metastore DB Select DB type and enter the credentials Optional: Select the type of auditing desired Enter relevant details for Ranger KMS tab Click next Wait for the setup to complete Setup looks completed! In most occasions, the issue could be with user access to the DB and host access, this varies between choice of Database (Postgres, Mysql etc) Complete the setup by clicking on complete Restart the services which indicates that service restart is required (HDFS, MapReduce2, YARN and Hive) Wait for the restart of services to complete Enable the ranger plugin (optional) Save configuration changes Restart relevant services Open ranger Admin UI from drop down Login user admin/admin credentials Select HDFS Policy Edit HDFS policy [hdfs@xlnode-242 ~]$ hdfs dfs -mkdir -p /apps/hive/warehouse/zencrypted [hdfs@xlnode-242 ~]$ hdfs dfs -chown -R hive:hadoop /apps/hive/warehouse/zencrypted
you wish to encrypt Add hive as one of the users and ensure that he has all the permissions for encrypted directory Save the new policy Install openssl-devel for enabling encryption Be sure to create the crypto softlink on all the nodes within the cluster Verify if libraries are accessiblae and ready hadoop checknative and create a key as hive user, if you see this error the follow through Login to ranger admin with keyadmin as username and password, which is the default username/password Edit the KMS Witness that users is limited to keyadmin, thus only he can created the key by default Edit the KMS Add hive and hdfs in the Select User section and Save Save the KMS modifications You should be able to create the encryption key Now add the encryption zone as HDFS (superuser) using the key we created zencrypt on the folder zencrypted Ensure that you login to ranger again with credentials admin/admin and make sure that user hive has required privileges on database and table. This should allow you to create the table in default database within the encrypted folder Verify if the inserts and selects are working as hive To verify if the data is indeed encrypted, add a new policy from ranger UI (admin/admin) for a random user centos with SELECT privileges only Save the changes You can see that from a JDBC session, the user centos can read the data, however, cannot do the same from HDFS layer with the configured permissions