DISCUSS: Ansible playbook for Ranger...

[Don Bosco Durai <bo...@apache.org>]

Recently I gave few trainings for setting up security in Hadoop. Even with Apache Ambari, there are so many external dependencies that need to be tweaked and configured to ensure there are no loop holes. The entire exercise is very overwhelming and bound for human errors or oversights.

Since Ranger supports almost 9 Hadoop components now, just installing and configuring Apache Ranger (https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation) could be a challenge. 

Yesterday, I  wrote some simple Ansible playbooks for installing zookeeper and Solr and I was pretty impressed how easy it is to install and configure components using Ansible. And if we do it once, then anyone can just reuse it.

 We could start by creating playbooks for installing Solr for Ranger Audits, enabling plugins, enabling audits and even installing Ranger.

Another area I see it will be very useful would be to come up with recipes for securing non-core hadoop components like Solr and Kafka. Both the communities have just enabled security in their product. So if we can come up with point solutions for these components, then these user communities will tremendously benefit from our exercise.

I am not an expert in Ansible. If someone knows one of these technologies or knows someone who knows it, and if they are willing to contribute to the Ranger community, then it will be great. The person doesn’t need to know Ranger. The Ranger community can guide.

We can pick something to start with e.g. Ansible, Puppet, Chef or Docker and then use the recipe for supporting other tools.

Thanks

Bosco