Skip to content

RANGER-4898: docker setup updated to use kerberos authentication #720

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

RANGER-4898: docker setup updated to use kerberos authentication #720

wants to merge 5 commits into from

Conversation

@mneethiraj
Copy link
Contributor

What changes were proposed in this pull request?

Docker setup updated to use Kerberos authentication.

How was this patch tested?

  • verified containers start up successfully
  • plugins download policy details from Ranger admin server with kerberos authentication
  • plugins successfully sent audit logs to kerberized Solr
  • Ranger admin server successfully reads audit logs from kerberized Solr
  • Ranger tagsync and usersync successfully talk to Ranger admin server

Copilot AI reviewed Oct 28, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the Ranger docker setup to support Kerberos authentication across all services. The changes enable secure communication between Ranger components and external services (HDFS, Hive, HBase, Kafka, Knox, KMS, Solr) using Kerberos principals and keytabs.

Key Changes:

  • Added KDC (Kerberos Key Distribution Center) container with configuration files and entrypoint script
  • Configured all Ranger services and plugins with Kerberos authentication parameters (principals, keytabs, JAAS settings)
  • Updated hostnames from *.example.com to *.rangernw across all configuration files

Reviewed Changes

Copilot reviewed 78 out of 78 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
Dockerfile.ranger-kdc New KDC container definition with Kerberos server setup
config/kdc/* Kerberos configuration files (krb5.conf, kdc.conf, kadm5.acl, entrypoint.sh)
scripts/create_principal_and_keytab.sh Utility script to create Kerberos principals and keytabs
scripts/ranger-*.sh Updated setup scripts to create keytabs when Kerberos is enabled
scripts/-install.properties Added Kerberos configuration properties for all Ranger plugins
scripts/*-site.xml New/updated Hadoop configuration files with Kerberos settings
docker-compose.*.yml Added KDC service dependency and Kerberos environment variables
.env Enabled Kerberos and updated base image versions

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@mneethiraj mneethiraj mentioned this pull request Oct 28, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@rameeshm rameeshm Awaiting requested review from rameeshm

@pradeepagrawal8184 pradeepagrawal8184 Awaiting requested review from pradeepagrawal8184

@vperiasamy vperiasamy Awaiting requested review from vperiasamy

@fateh288 fateh288 Awaiting requested review from fateh288

@kumaab kumaab Awaiting requested review from kumaab

@spolavarpau1 spolavarpau1 Awaiting requested review from spolavarpau1

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mneethiraj