Oracle Cloud Infrastructure Documentation

Updated 2023-09-08

Ranger Import and Export Configurations

Ranger import and export bootstrap helper functions exist to import and export Ranger configurations.

Ranger import and export bootstrap helper functions are useful for cluster resiliency, recovery operations, and moving Ranger policies from one cluster to another and are helpful in several scenarios.

Disaster Recovery
Create a new cluster and using the import_ranger_policies helper function, you can import all the Ranger policies present in an old cluster to a new cluster.
Testing or Development Environments
To create a testing or development environment using any existing cluster Ranger policies, you can use the export_ranger_policies helper function to export all the Ranger policies present at the source cluster to a JSON file. Using the import_ranger_policies helper function, you can import all the policies to a destination cluster.
Note

To perform Ranger import and export operations, Ambari and Ranger admin credentials must be same.

To execute a bootstrap script, see Running the Bootstrap Script.

For more information on the Ranger import and export helper functions, see:

Ranger Import and Export Helper Functions

For more information Ranger import and export bootstrap script configurations, see Ranger Import and Export Configurations.

For Ranger import and export helper function examples, see Ranger Import and Export Configuration Examples.

To execute a bootstrap script, see Running the Bootstrap Script.

Helper Function Functionality
export_ranger_policies(ranger_config_dict)

This helper function exports ranger policies in multiple formats. (JSON, CSV, EXCEL). But only JSON format is supported for ranger-policies-import. You can create and pass the ranger_config_dict object that has required parameters to perform export_ranger_policies operation.

Example:

ranger_config_dict = {
                  "output_folder_path": "/tmp",  
                  # Mandatory param for export operation
                  "output_file_format": "json", 
                  # optional param
                  "service_list": "hdfs, kafka", 
                  # optional param
                  "exported_policies_file_name": 
                  "Ranger_policies_file", # optional param
                  "zone_name": "security_zone1", 
                  # optional param
                  "ssl_cert_path": "/tmp/ssl_cert.crt"  
                  # optional param
                  }

Ranger-Export-Config-Info:

output_folder_path: The folder path where the Ranger policy file to be exported.

Optional Parameters:

  • service_list: An optional parameter that's used to export policies only from mentioned list of services, for example, "hdfs, kafka". By default Ranger exports policies from all the Ranger services.
  • output_file_format: An optional parameter that's used to export policies in a specific file format, for example, "json". By default Ranger exports policies in JSON format. Supported formats are JSON, CSV, EXCEL.
  • exported_policies_file_name: An optional parameter that's used to export policies to a specific file name, for example, "Ranger_policies_file". By default Ranger exports policies to Ranger_policies file.
  • zone_name: An optional parameter that's used to export policies from a specific security zone. By default Ranger doesn't refer to any security zone.
  • ssl_cert_path: An optional parameter that's used to pass specific SSL certificate path. By default Ranger refers to the default SSL certificate path present in the cluster.

When the bootstrap-script job to export Ranger policies is successful, Ranger exports policies in a specified format file at the output_folder_path location.
import_ranger_policies(ranger_config_dict)

This helper function imports Ranger policies using provided JSON input file. You can create and pass ranger_config_dict object which has required parameters to perform import_ranger_policies operation.

Example: 

ranger_config_dict = {
    "input_file_path": "/tmp/Ranger_policies.json",  
# Mandatory param for import operation
    "service_list": "hdfs, kafka" # optional param  
}

Ranger-Import-Config-Info:

input_file_path: The path to Ranger_policies.json file, created by the Ranger-policy-export function on the source cluster. The exported JSON file can be placed either in the target cluster local path or in the Object Store location.(PAR URL)

Optional Parameters:

  • override_policies: An optional parameter that's used to override existing policies. Default value is True. If any existing policy in the destination cluster then with override_policies=True, Ranger deletes all existing policies in the destination cluster and creates policies using the imported JSON file.
  • service_list: An optional parameter that's used to import policies from mentioned list of services only, for example, "hdfs, kafka". By default Ranger imports all the policies present in the imported JSON file.
  • backup_policies: An optional parameter that's used to take the backup of existing policies before performing import operation. The default value is True. Therefore, Ranger takes the backup of existing policies before performing the import operation
  • backup_directory_path: An optional parameter, path that's used to store all the backup files. Default path is {user}/Ranger_Backup_Policy_Files.
  • zonemap_json_dict: An optional parameter, to provide zone-mapping-json to import policies to a specified security-zone. For example: 
    zonemap_json = {}
                    zonemap_json['zone1']='zone1'
                    
                    ranger_config_dict = {
                    "zonemap_json_dict": zonemap_json,
                    ......
                    
                    }

When the bootstrap-script job to import Ranger policies is successful, Ranger imports polices from the provided input-json-file.
restore_ranger_policies(ranger_config_dict)

This helper function restores Ranger policies using backup file. You can pass which backup file to use to restore Ranger policies. By default this function restores Ranger policies using latest backup file present in the backup files directory. You can create and pass ranger_config_dict object which has required parameters to perform restore_ranger_policies operation.

Example

ranger_config_dict = {
                "restore_policies_input_file_path": 
"/tmp/Ranger_policies.json"  # Optional
                }

Ranger-Restore-Config-Info:

restore_policies_input_file_path: An optional parameter, input-file-path used to restore Ranger policies. If not provided, restore-function restores Ranger policies using latest backup file present in the backup files directory.

When the bootstrap-script job to restore Ranger policies is successful, Ranger restores polices using the provided input-file or latest backup-file.
cleanup_ranger_policy_backup_files(ranger_config_dict)

This helper function deletes Ranger policy backup files using file-list or pattern. You can create and pass the ranger_config_dict object that has required parameters to perform the cleanup_ranger_policy_backup_files operation.

Example:

ranger_config_dict = {
                  "ranger_backup_files_tobe_removed": 
['Ranger_Policies_*']  # Mandatory param for cleanup operation
                  }

Ranger-Policy-Cleanup-Config-Info:

ranger_backup_files_tobe_removed: File-pattern or list of files that need to be deleted.

Example:

 "ranger_backup_files_tobe_removed":
                    ['Ranger_Policies_*', '*', 
Ranger_policies_1.json]

'Ranger_Policies_*': Deletes all files that starts with prefix Ranger_Policies_

'*': Deletes all backup files present in the backup files directory.

'Ranger_policies_1.json': Deletes Ranger_policies_1.json file.

Ranger Import and Export Configuration Examples

For more information on the Ranger import and export helper functions, see Ranger Import and Export Helper Functions.

Updated 2023-09-08