How Do I Update the Ranger Certificate?
MRS 1.9.3 is used as an example. Replace it with the actual cluster version. After the certificate is updated, manually clear the alarm indicating that the certificate file is invalid or about to expire.
After the Ranger certificate is updated, its validity period is 10 years.
After the Ranger certificate expires, the Ranger web UI is still accessible, but a message indicating that the certificate is untrusted will be displayed when you access the web UI.
- If Ranger is not installed in the cluster, log in to each master node and run the following command to rename the certificate file:
mv /opt/Bigdata/MRS_1.9.3/install/MRS-Ranger-1.0.1/ranger/ranger-1.0.1-admin/ranger-admin-keystore.jks /opt/Bigdata/MRS_1.9.3/install/MRS-Ranger-1.0.1/ranger/ranger-1.0.1-admin/ranger-admin-keystore.jks_bak
- If Ranger has been installed in the cluster, update the certificate as follows:
- Download MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz from the obs-patch bucket and upload it to the /tmp directory on the node where the active RangerAdmin instance of the cluster runs.
On MRS Manager, choose Service > Ranger > Instance and obtain the IP address of the node where the active RangerAdmin instance runs.
- CN-Hong Kong: https://mrs-patch-ap-southeast-1.obs.ap-southeast-1.myhuaweicloud.com/MRS_Common_Script/MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz
- AP-Bangkok: https://mrs-patch-ap-southeast-2.obs.ap-southeast-2.myhuaweicloud.com/MRS_Common_Script/MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz
- AP-Singapore: https://mrs-patch-ap-southeast-3.obs.ap-southeast-3.myhuaweicloud.com/MRS_Common_Script/MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz
- LA-Sao Paulo: https://mrs-container1-patch-sa-brazil-1.obs.myhuaweicloud.com/MRS_Common_Script/MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz
- LA-Mexico City: https://mrs-container1-patch-na-mexico-1.obs.myhuaweicloud.com/MRS_Common_Script/MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz
- Log in to the node where the active RangerAdmin instance is located and run the following commands:
chmod 700 MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz
chown omm:wheel MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz
su - omm
cd /tmp
tar -zxvf MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz
- Replace the certificate files.
sh updateRangerJks.sh ${IP address of the active master node} ${IP address of the active RangerAdmin node} ${Certificate password}
- This script will restart the controller process. During the restart process, the MRS Manager page may not be viewed.
- Obtain the IP address of the active master node from Hosts on MRS Manager.
- To obtain the IP address of the active RangerAdmin node, choose Services > Ranger > Instances on MRS Manager.
- ${Certificate password} is a user-defined password.
- Log in to the MRS console.
- Choose and click a cluster name to go to the cluster details page.
- Choose Components > Ranger > Service Configuration and modify the RangerAdmin configuration.
- Search for the policymgr_https_keystore_password and change its value to the certificate password entered in 3, that is, ${Certificate password}.
You are advised to copy and paste the password. If the passwords are different, Ranger will fail to restart.
- Save the configuration and perform a rolling restart of RangerAdmin.
- Search for the policymgr_https_keystore_password and change its value to the certificate password entered in 3, that is, ${Certificate password}.
- Verify that you can log in to the RangerAdmin web UI.
- Choose Components > Ranger > Service Status. In Ranger Summary, click RangerAdmin corresponding to Ranger Web UI.
- On the Ranger web UI login page, the default username for MRS cluster 1.9.2 is admin and the password is admin@12345. The default username for MRS cluster 1.9.3 or later is admin and the password is ranger@A1!.
After logging in to the Ranger Web UI for the first time, change the password and keep it secure.
- Log in to the node where the RangerAdmin instance is located and delete the temporary files.
rm -rf /tmp/updateRangerJks.tar.gz
For a cluster with a custom topology, if the active master and RangerAdmin instances are not on the same node, log in to the active master node and delete temporary files.
- Download MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz from the obs-patch bucket and upload it to the /tmp directory on the node where the active RangerAdmin instance of the cluster runs.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.