Skip to main content

Ranger KMS Encryption

 Ranger KMS Encryption

Range KMS is used to encrypt the HDFS (data at rest). This is very important for your cluster and customer to encrypt your data. It gives more security to your data.

Ranger provides centralized administration of the key management server through the Ranger admin portal.

There are 3 main functions provided by Ranger KMS.

1.    Key Management: It provided you facility to create/update/delete keys using UI interface. Using keyadmin username and password.

2.    Access Control Policies: through this you can manage the permission of your keys.

3.    Audit: this helps you to track the activities on your Ranger KMS.

Ranger KMS with hdfs encryption is recommended to use in all env. To secure the key storage using database.

KMS is also scalable and you can use multiple versions of KMS behind the load balancer.

This blog page depicts the Process of Creating the Encryption Zone.

Process:

Step 1: Create the directory structure on your hdfs which you want to encrypt.
Note: you cannot encrypt the existing hdfs path which already consisting data.
[techzone@node01 ~]$ hdfs dfs –mkdir <hdfs path>

Step 2: Assign 000 Permission on directory
[techzone@node01 ~]$ hdfs dfs –chmod 000 <hdfs path>

Step 3: Create the KMS key. Login to the ranger using kmsadmin as user.

Step 4: Select Encryption Key manager Select Service  service name Add New key

Step 5: Enter the Key name of the directory using (-) as separator ,Length: set the key length 256 and Save the

Step 6: Once the key is created, verify if the key is listed in dashboard.

Step 7: Select Access Manger service name Add New Policy

1. Policy Creation Details
2.  Policy name: name of the directory.
3.    Key name: name of the created KMS Key
4.    Select group: select the appropriate group to provide access
5.    Permission: provide the Decrypt EEK and Encrypt EEK Permission

Provide the delegate admin access to privileged user group.

Step 8: Logout from keyadmin user and Login with you EID to create the ranger policy for hdfs directory. Under the HDFS select the file  Add New Policy
Policy Creation Info
1. Policy Name: name of the directory-Encryption-Zone
2. source Path: path of the directory
3. select Group: Provide the group name to access the path
4.  Permission: select All (Execute,Read,Write)

Save the Policy.

Step 9: Login to the Command line. Destroy the currect user creds and kinit with user 

Step 10: Use the below command to create the encryption zone.

[techzone@node-01 ~]$ hdfs crypto -createZone -keyName <keynameyoucreated> -path
<pathonwhichEncryptiontoapply>

Step 11: After creating the key successfully you will receive the output as key created. Verify the newly created key using below command.
[techzone@node01 ~]$ hdfs crypto –listZones (it will list the all created keys)

Please let me know if comment section if you face any issue while performing above steps. I will try my best to help you.

 Thank you !!! 
 
 

Thank you !! Example HTML page Pleaes provide your valuable feedback.
Labels:

Comments

Post a Comment

Popular posts from this blog

Jenkins

Pre-requisites 1. Install a Webserver https://gitlab.com/Azam-devops/webserver/-/blob/main/README.md Code for index.html https://gitlab.com/Azam-devops/webserver 2. Maven Code https://gitlab.com/Azam-devops/imperial-maven-project 1. Install & configure Jenkins Automation Server on Linux Vm. 2. Go through at some of the important options in Jenkins. 3. Manage Jenkins. 4. Plugins 5. Global Tools Configuration. 6. Credentials 7. Users 8. Slave Nodes 9. Configuring CI pipeline using Gitlab. 10. Configuring standalone CICD pipeline using. 11. Automating the CICD pipeline. 12. Jenkins log 13. Introduction to Jenkins file. 14. Basic groovy syntax & file formation. 15. Launching a Pipeline using Jenkins file. 3. DevOps Architecture Description of above DevOps plan. Create Maven based source code in Gitlab. Create a Jenkins job which will execute below stages. Checkout code from Gitlab Build/compile the source code using Maven as a build tool. scan the code virtually. Test...
Post a Comment
Read more

Docker In Details

  Course Contents:- 1. Overview of Docker 2. Difference between Virtualization & Containerization 3. Installation & Configuration of Docker Runtime on Linux & Windows 4. Practice on Docker commands 5. launch a Webserver in a container 6. Launch public & official images of application like Jenkins, Nginx, DB etc.. 7. Launch a base OS Container 8. How to save changes inside the container & create a fresh image(commit) 9. How to ship image & container from one hardware to another. 10. How to remove stop/rm multiple container/images 11. Docker Registry 12. Docker Networking       Check current docker network                  Docker Network Bridge                     Docker Network Weaving                  Launch our own Docker Cluster with our defined Network             ...
Post a Comment
Read more

Ansible

  Ansible is an open-source software provisioning, configuration management, and application-deployment tool. It runs on many Unix-like systems, and can configure both Unix-like systems as well as Microsoft Windows. It includes its own declarative language to describe system configuration. Ansible was written by Michael DeHaan and acquired by Red Hat in 2015. Ansible is agentless, temporarily connecting remotely via SSH or Windows Remote Management (allowing remote PowerShell execution) to do its tasks. Platform support Control machines have to be a Linux/Unix host (for example SUSE Linux Enterprise, Red Hat Enterprise Linux, Debian, CentOS, macOS, BSD, Ubuntu, and Python 2.7 or 3.5 is required. Managed nodes, if they are Unix-like, must have Python 2.4 or later. For managed nodes with Python 2.5 or earlier, the python-simplejson package is also required. Since version 1.7, Ansible can also manage Windows nodes. In this case, native PowerShell remoting supported by the WS-Managemen...
Post a Comment
Read more

Basic Linux Commands

  Linux Command Cheat Sheet Hello All, Below are the most common commands used in a day to day life of  linux user. if you are new to linux i will recommend you to go through all of the commands.  this commands will help you to troubleshoot linux issues.   Command Description ls Lists all files and directories from present working directory ls-R Lists files in sub-directories ls-a to list down hidden files. ls-al Lists files and directories with complete details like permissions, size, owner cd or cd ~ To go back to home directory cd .. Move one level up cd To change to a particular directory cd / Move to the root directory cat > filename Creates a new file cat filename Displays the content of a file cat file...
Post a Comment
Read more

Kubernetes-Update

                                                    https://kubernetes.io/ Kubernetes (K8s)  is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Kubernetes builds upon  15 years of experience of running production workloads at Google , combined with best-of-breed ideas and practices from the community. Latest Verion:-  1.19 Kubernetes Objects Kubernetes defines a set of building blocks ("primitives"), which collectively provide mechanisms that deploy, maintain, and scale applications based on CPU, memory or custom metrics. Kubernetes is loosely coupled and extensible to meet different workloads. This extensibility is provided in large part by the Kubernetes API, which is used by int...
Post a Comment
Read more