How to Configure Ranger TagSync in Privacera¶
- SSH into the instance where Privacera Manager is installed.
- Navigate to the privacera-manager directory using the following command:
Bash - To configure Ranger TagSync in Privacera,you need to copy the vars.ranger-tagsync.yml file from sample-vars to the custom-vars directory if it does not already exist.
- Edit the vars.ranger-tagsync.yml file and follow the steps below to configure Ranger TagSync in Privacera.
- Add the following mandatory properties to the vars.ranger-tagsync.yml file.
Basic Properties:¶
| Property | Description | Default Value |
|---|---|---|
| RANGER_TAGSYNC_ ENABLE | To enable Tagsync, set this property to true | False |
| TAG_SOURCE_ATLAS_ ENABLED | This is used if Atlas events are the source of tags. | true |
| TAGSYNC_TAG_SOURCE_ ATLAS_KAFKA_BOOTSTRAP_ SERVERS | URL of the Kafka endpoint to which Atlas sends its notifications | kafka:9092 |
| TAGSYNC_TAG_SOURCE_ ATLAS_KAFKA_ZOOKEEPER_ CONNECT | URL of the zookeeper endpoint needed for Atlas | zoo-1:2181 |
| TAGSYNC_ATLAS_ CLUSTER_NAME | Provide Atlas cluster details to synchronize tags to Ranger | privacera |
| TAGSYNC_TAG_SOURCE_ ATLAS_KAFKA_SASL_MECHANISM | SASL mechanism used to communicate to kafka endpoint | NA |
| TAGSYNC_TAG_SOURCE_ ATLAS_JAAS_KAFKACLIENT_ LOGINMODULENAME | To specify the login module name when Tagsync connects to a Kafka server that is configured with JAAS | NA |
| TAGSYNC_TAG_SOURCE_ ATLAS_JAAS_KAFKACLIENT_ OPTION_USERNAME | To specify the User name when Tagsync connects to a Kafka server that is configured with JAAS | NA |
| TAGSYNC_TAG_SOURCE_ ATLAS_JAAS_KAFKACLIENT_ OPTION_PASSWORD | To specify the Password when Tagsync connects to a Kafka server that is configured with JAAS | NA |
| TAGSYNC_TAG_SOURCE_ ATLA S_KAFKA_ SECURITY_PROTOCOL | Kafka security protocol used in kerberized cluster | PLAINTEXTSASL |
| TAGSYNC_TAG_SOURCE_ ATLAS_KAFKA_ SERVICE_NAME | Kafka service name used by Atlas | kafka |
| TAG_SOURCE_ATLAS_ KAFKA_ENTITIES_ GROUP_ID | String representing Kafka Consumer Group id used by Tag-Sync | privacera_ranger_entities_consumer |
- After adding the properties, update your Privacera Manager platform instance by following the Restart Services section.
- To learn about more advanced properties used in ranger TagSync,refer to the Advanced Configuration for Ranger TagSync section.