Privacera Platform master publication

Ranger TagSync

:
Ranger Tagsync

The following table contains the list of custom properties that can be configured for Ranger Tagsync. To use a custom property from the table, just add it to the following YML file in the custom-vars folder configured as per your environment:

  • vars.ranger.tagsync.yml

Property

Description

Values

Default Value

RANGER_TAGSYNC_INSTALL

To enable Tagsync, set this property to true.

false

RANGER_TAGSYNC_IMAGE_NAME

Privacera Tagsync image name

{{privacera_hub_url}}/ranger-tagsync

RANGER_TAGSYNC_IMAGE_TAG

Privacera Tagsync image tag name

PRIVACERA_IMAGE_TAG

TAGSYNC_RANGER_URL

Ranger URL for the Tagsync to sync the tags.

http://ranger:6080

TAGSYNC_TAG_SOURCE_ATLASREST_ENDPOINT

Required only when you set the SOURCE as REST.

${ATLAS_HOST}:21000

TAGSYNC_RANGERTAGSYNC_PASSWORD

Password for Tagsync user to use an API to Ranger.

welcome1

TAGSYNC_TAG_DEST_RANGER_ENDPOINT

Ranger URL for the Tagsync to sync the tags.

http://ranger:6080

TAGSYNC_TAG_DEST_RANGER_SSL_CONFIG_FILENAME

SSL config file name is used by Tagsync to push tags to SSL-enabled Ranger and PolicyMgr files. It is required to be modified only when custom changes are made to the file.

/opt/ranger/ranger-tagsync/conf.dist/ranger-policymgr-ssl.xml

TAGSYNC_TAG_SOURCE_ATLAS_ENABLED

Enable Kafka as a SOURCE for Tagsync.

true

TAGSYNC_TAG_SOURCE_ATLAS_KAFKA_SERVICE_NAME

Service Name to be used while communicating with Kafka.

kafka

TAGSYNC_TAG_SOURCE_ATLAS_KAFKA_SECURITY_PROTOCOL

Protocol to be used to communicate to Kafka.

PLAINTEXTSASL

TAGSYNC_TAG_SOURCE_ATLAS_KERBEROS_PRINCIPAL

If Kafka is kerberos-enabled, then set the value to the principal name used by Tagsync to sync the tags.

TAGSYNC_TAG_SOURCE_ATLAS_KERBEROS_KEYTAB

If Kafka is kerberos-enabled, then set the value to the keytab location used by Tagsync to sync the tags.

TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED

Enable REST-based Tagsync to Ranger. This is not recommended as REST has limitation for number of tags it can push to Ranger.

false

TAGSYNC_TAG_SOURCE_ATLASREST_DOWNLOAD_INTERVAL_IN_MILLIS

Tagsync interval required only when TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED is set to true.

900000

TAGSYNC_TAG_SOURCE_ATLASREST_USERNAME

Atlas user name required only when TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED is set to true.

TAGSYNC_TAG_SOURCE_ATLASREST_PASSWORD

Atlas password required only when TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED is set to true.

TAGSYNC_TAG_SOURCE_FILE_ENABLED

To enable file-based TagSync.

false

TAGSYNC_TAG_SOURCE_FILE_FILENAME

Location of the file required only when TAGSYNC_TAG_SOURCE_FILE_ENABLED is set to true.

/etc/ranger/data/tags.json

TAGSYNC_TAG_SOURCE_FILE_CHECK_INTERVAL_IN_MILLIS

Tagsync interval, required only when TAGSYNC_TAG_SOURCE_FILE_ENABLED is set to true.

60000

TAGSYNC_TAGSYNC_ATLAS_CUSTOM_RESOURCE_MAPPERS

Any custom mappers to be configured in Tagsync for mapping Atlas entities to Ranger type definitions.

org.apache.ranger.tagsync.source.atlas.AtlasS3ResourceMapper

TAGSYNC_TAGSYNC_KEYSTORE_FILENAME

File will be generated to store the credentials for Ranger password for rangerTagsync user.

/etc/ranger/tagsync/conf/rangertagsync.jceks

TAGSYNC_TAG_SOURCE_ATLASREST_KEYSTORE_FILENAME

File will be generated to store the password for Atlas when TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED is set to true.

/etc/ranger/tagsync/conf/atlasuser.jceks

TAGSYNC_TAG_SOURCE_ATLASREST_SSL_CONFIG_FILENAME

SSL config file name to communicate to Atlas required when TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED is set to true.

TAGSYNC_UNIX_USER

User to run the process.

ranger

TAGSYNC_UNIX_GROUP

File permission group.

ranger

TAGSYNC_LOGDIR

Log location for Tagsync application.

log

TAGSYNC_PID_DIR_PATH

Location to store the PID file for the Java process.

/var/run/ranger

TAGSYNC_IS_SECURE

Property to check whether Tagsync Is secure (kerberos-enabled).

false

TAGSYNC_PRINCIPAL

Tagsync principal required only when the TAGSYNC_IS_SECURE is set to true.

TAGSYNC_KEYTAB

Tagsync keytab location required only when the TAGSYNC_IS_SECURE is set to true.

TAGSYNC_HADOOP_CONF

Hadoop Conf location.

/etc/hadoop/conf

TAGSYNC_FILE_PERMISSION

File permission on the PM host for the templates generated by PM. For example, file permissions on the file, install.properties.

700

TAGSYNC_K8S_SERVICE_ACCOUNT

Service Account Name to be used during installation in a Kubernetes environment.

privacera-sa

TAGSYNC_ROOT_LOG_LEVEL

Log-level for the root.

info

TAGSYNC_RANGER_LOG_LEVEL

Log-level for the org.apache.ranger.tagsync package.

info

Memory Variables

TAGSYNC_SMALL_MEMORY_MB

TAGSYNC MEMORY in MB for Java process if deployment size is set to SMALL.

1024

TAGSYNC_MEDIUM_MEMORY_MB

TAGSYNC MEMORY in MB for Java process if deployment size is set to MEDIUM.

4096

TAGSYNC_LARGE_MEMORY_MB

TAGSYNC MEMORY in MB for Java process if deployment size is set to LARGE.

8192

TAGSYNC_HEAP_MIN_MEMORY_MB

Depending upon the DEPLOYMENT SIZE the value will be calculated above properties.

1024

TAGSYNC_HEAP_MIN_MEMORY

Minimum Java Heap memory used by Ranger Tagsync. Setting this value will override TAGSYNC_HEAP_MIN_MEMORY_MB. For example, TAGSYNC_HEAP_MIN_MEMORY: "1g"

1024M

TAGSYNC_HEAP_MAX_MEMORY_MB

Maximum Java Heap memory in MB used by Ranger Tagsync. For example, TAGSYNC_HEAP_MAX_MEMORY_MB: "1024"

1024

TAGSYNC_HEAP_MAX_MEMORY

Maximum Java Heap memory used by Ranger Tagsync. Setting this value will override TAGSYNC_HEAP_MAX_MEMORY_MB. For example, TAGSYNC_HEAP_MAX_MEMORY: "1g"

1024M

TAGSYNC_K8S_MEM_REQUESTS_MB

Minimum amount of Kubernetes memory in MB to be requested by Ranger Tagsync. For example, TAGSYNC_K8S_MEM_REQUESTS_MB: "1024"

1024

TAGSYNC_K8S_MEM_REQUESTS

Minimum amount of Kubernetes memory to be used by Ranger Tagsync. Setting this value will override TAGSYNC_K8S_MEM_REQUESTS_MB. For example, TAGSYNC_K8S_MEM_REQUESTS: "1G"

1024M

TAGSYNC_K8S_MEM_LIMITS_MB

Maximum amount of Kubernetes memory in MB to be requested by Ranger Tagsync. For example, TAGSYNC_K8S_MEM_LIMITS_MB: "1024"

1024

TAGSYNC_K8S_MEM_LIMITS

Maximum amount of Kubernetes memory to be used by Ranger Tagsync. Setting this value will override TAGSYNC_K8S_MEM_LIMITS_MB. For example, TAGSYNC_K8S_MEM_LIMITS: "1G"

1024M

TAGSYNC_CPU_MIN

Minimum amount of Kubernetes CPU to be requested by Ranger Tagsync. For example, TAGSYNC_CPU_MIN: "0.5"

0.5

TAGSYNC_CPU_MAX

Maximum amount of Kubernetes CPU to be used by Ranger Tagsync. For example, TAGSYNC_CPU_MAX: "0.5"

0.5

TAGSYNC_K8S_CPU_REQUESTS

Minimum amount of Kubernetes CPU to be requested by Ranger Tagsync. For example, TAGSYNC_CPU_MIN: "0.5"

0.5

TAGSYNC_K8S_CPU_LIMITS

Maximum amount of Kubernetes CPU to be used by Ranger Tagsync. For example, TAGSYNC_CPU_MAX: "0.5"

0.5

TAGSYNC_HELM_CHART_VERSION

Tagsync Helm Chart Version

4.3.0