Enable Optimized Apache Ranger Admin Audits¶

Overview¶

Apache Ranger Admin operations (policy creates/updates/deletes, user/group/role changes, security Zone changes etc.) are recorded as admin audits. In high volume environments, the default audit mechanism can generate large number of rows and puts write pressure on Apache Ranger audit database.

The RANGER_TRX_V2_ENABLE enables the optimised admin audits that reduces database overhead and improves query performance, while preserving the same functional behaviour in the Ranger UI and APIs.

Configuration¶

The optimized Ranger Admin audits feature is disabled by default. To enable it, set the RANGER_TRX_V2_ENABLE property to true in the vars.ranger.admin.yml file.

Go to the server where Privacera Manager is installed and navigate to the configuration directory:

Bash
cd ~/privacera/privacera-manager/config
# Copy the sample vars file to the custom vars directory if it does not exist in custom-vars directory
cp -n sample-vars/vars.ranger.admin.yml custom-vars/
vi custom-vars/vars.ranger.admin.yml

Add the following property and set it to true. If the property already exists, update the value to true:

YAML
RANGER_TRX_V2_ENABLE: "true"

After making the changes, save the file and run the following command to apply the configuration changes and restart the Ranger Admin service:

Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

Bash
cd ~/privacera/privacera-manager
./privacera-manager.sh setup

Step 2 - Apply the Privacera Manager helm charts.

Bash
cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade

Enabling Ranger Audits Optimisation

Enabling optimised audits will not migrate the older audits to the new optimised format. As a result, the Audit Info page will initially appear blank until new admin operations are performed and recorded in the optimised audit format.

Prev Ranger Audit Filters
Next Troubleshooting Apache Ranger Admin