Ranger Import and Export Configurations

Ranger import and export bootstrap helper functions exist to import and export Ranger configurations.

Ranger import and export bootstrap helper functions are useful for cluster resiliency, recovery operations, and moving Ranger policies from one cluster to another and are helpful in several scenarios.

Disaster Recovery: Create a new cluster and using the import_ranger_policies helper function, you can import all the Ranger policies present in an old cluster to a new cluster.
Testing or Development Environments: To create a testing or development environment using any existing cluster Ranger policies, you can use the export_ranger_policies helper function to export all the Ranger policies present at the source cluster to a JSON file. Using the import_ranger_policies helper function, you can import all the policies to a destination cluster.

Note

To perform Ranger import and export operations, Ambari and Ranger admin credentials must be same.

To execute a bootstrap script, see Running the Bootstrap Script.

For more information on the Ranger import and export helper functions, see:

Ranger Import and Export Helper Functions

For more information Ranger import and export bootstrap script configurations, see Ranger Import and Export Configurations.

For Ranger import and export helper function examples, see Ranger Import and Export Configuration Examples.

To execute a bootstrap script, see Running the Bootstrap Script.


Helper Function	Functionality
`export_ranger_policies`(`ranger_config_dict`)	This helper function exports ranger policies in multiple formats. (JSON, CSV, EXCEL). But only JSON format is supported for `ranger-policies-import`. You can create and pass the `ranger_config_dict` object that has required parameters to perform `export_ranger_policies` operation. Example: `ranger_config_dict = { "output_folder_path": "/tmp", # Mandatory param for export operation "output_file_format": "json", # optional param "service_list": "hdfs, kafka", # optional param "exported_policies_file_name": "Ranger_policies_file", # optional param "zone_name": "security_zone1", # optional param "ssl_cert_path": "/tmp/ssl_cert.crt" # optional param }` Ranger-Export-Config-Info: `output_folder_path`: The folder path where the Ranger policy file to be exported. Optional Parameters: `service_list`: An optional parameter that's used to export policies only from mentioned list of services, for example, `"hdfs, kafka"`. By default Ranger exports policies from all the Ranger services. `output_file_format`: An optional parameter that's used to export policies in a specific file format, for example, `"json"`. By default Ranger exports policies in JSON format. Supported formats are JSON, CSV, EXCEL. `exported_policies_file_name`: An optional parameter that's used to export policies to a specific file name, for example, `"Ranger_policies_file"`. By default Ranger exports policies to `Ranger_policies` file. `zone_name`: An optional parameter that's used to export policies from a specific security zone. By default Ranger doesn't refer to any security zone. `ssl_cert_path`: An optional parameter that's used to pass specific SSL certificate path. By default Ranger refers to the default SSL certificate path present in the cluster. When the bootstrap-script job to export Ranger policies is successful, Ranger exports policies in a specified format file at the `output_folder_path` location.
`import_ranger_policies`(`ranger_config_dict`)	This helper function imports Ranger policies using provided JSON input file. You can create and pass `ranger_config_dict` object which has required parameters to perform `import_ranger_policies` operation. Example: ranger_config_dict = { "input_file_path": "/tmp/Ranger_policies.json", # Mandatory param for import operation "service_list": "hdfs, kafka" # optional param } Ranger-Import-Config-Info: `input_file_path`: The path to `Ranger_policies.json` file, created by the `Ranger-policy-export` function on the source cluster. The exported JSON file can be placed either in the target cluster local path or in the Object Store location.(PAR URL) Optional Parameters: `override_policies`: An optional parameter that's used to override existing policies. Default value is True. If any existing policy in the destination cluster then with `override_policies=True`, Ranger deletes all existing policies in the destination cluster and creates policies using the imported JSON file. `service_list`: An optional parameter that's used to import policies from mentioned list of services only, for example, `"hdfs, kafka"`. By default Ranger imports all the policies present in the imported JSON file. `backup_policies`: An optional parameter that's used to take the backup of existing policies before performing import operation. The default value is True. Therefore, Ranger takes the backup of existing policies before performing the import operation `backup_directory_path`: An optional parameter, path that's used to store all the backup files. Default path is `{user}/Ranger_Backup_Policy_Files`. `zonemap_json_dict`: An optional parameter, to provide `zone-mapping-json` to import policies to a specified security-zone. For example: `zonemap_json = {} zonemap_json['zone1']='zone1' ranger_config_dict = { "zonemap_json_dict": zonemap_json, ...... }` When the bootstrap-script job to import Ranger policies is successful, Ranger imports polices from the provided `input-json-file`.
`restore_ranger_policies`(`ranger_config_dict`)	This helper function restores Ranger policies using backup file. You can pass which backup file to use to restore Ranger policies. By default this function restores Ranger policies using latest backup file present in the backup files directory. You can create and pass `ranger_config_dict` object which has required parameters to perform `restore_ranger_policies` operation. Example `ranger_config_dict = { "restore_policies_input_file_path": "/tmp/Ranger_policies.json" # Optional }` Ranger-Restore-Config-Info: restore_policies_input_file_path: An optional parameter, `input-file-path` used to restore Ranger policies. If not provided, `restore-function` restores Ranger policies using latest backup file present in the backup files directory. When the bootstrap-script job to restore Ranger policies is successful, Ranger restores polices using the provided `input-file` or latest `backup-file`.
`cleanup_ranger_policy_backup_files`(`ranger_config_dict`)	This helper function deletes Ranger policy backup files using file-list or pattern. You can create and pass the `ranger_config_dict` object that has required parameters to perform the `cleanup_ranger_policy_backup_files` operation. Example: `ranger_config_dict = { "ranger_backup_files_tobe_removed": ['Ranger_Policies_'] # Mandatory param for cleanup operation }` Ranger-Policy-Cleanup-Config-Info: `ranger_backup_files_tobe_removed`: File-pattern or list of files that need to be deleted. Example: `"ranger_backup_files_tobe_removed": ['Ranger_Policies_', '', Ranger_policies_1.json]` `'Ranger_Policies_'`: Deletes all files that starts with prefix `Ranger_Policies_` `'*'`: Deletes all backup files present in the backup files directory. `'Ranger_policies_1.json'`: Deletes `Ranger_policies_1.json` file.

Ranger Import and Export Configuration Examples

For more information on the Ranger import and export helper functions, see Ranger Import and Export Helper Functions.

Example: Custom bootstrap script with help functions to import Ranger policies

#!/usr/bin/env python2.7
        
        def execute(ranger_policy_helper):
        logger = ranger_policy_helper.getLogger()
        
        logger.info('Testing Ranger export-import functions')
        
        ranger_config_dict = {
        "input_file_path": "<Ranger_Policies.json_input_filepath>",  # Mandatory param, Input file to import policies.
        "service_list": "hdfs,hive"  # Optional param, imports policies only from hdfs and hive services.
        }
        
        ranger_policy_helper.import_ranger_policies(ranger_config_dict)

Example: Custom bootstrap script with help functions to export Ranger policies

#!/usr/bin/env python2.7
        
        def execute(ranger_policy_helper):
        logger = ranger_policy_helper.getLogger()
        
        logger.info('Testing Ranger export-import functions')
        
        ranger_config_dict = {
        "output_folder_path": "/tmp",  # Mandatory param, exports output file to /tmp folder
        "service_list": "hdfs,hive"  # Optional param, exports policies only from hdfs and hive services.
        }
        
        ranger_policy_helper.export_ranger_policies(ranger_config_dict)

Example: Custom bootstrap script with help functions to restore Ranger policies

#!/usr/bin/env python2.7
 
def execute(ranger_policy_helper):
    logger = ranger_policy_helper.getLogger()
 
    logger.info('Testing Ranger export-import functions')
 
# Restores Ranger policies from the provided input file. If User don't provide this param, restore-function restores Ranger policies using latest backup file present in the backup files directory.
     ranger_config_dict = {
        "restore_policies_input_file_path": "/tmp/Ranger_Policies.json"  # Optional param
 
    }
 
    ranger_policy_helper.restore_ranger_policies(ranger_config_dict)

Example: Custom bootstrap script with help functions to cleanup Ranger policy backup files

#!/usr/bin/env python2.7
 
def execute(ranger_policy_helper):
    logger = ranger_policy_helper.getLogger()
 
    logger.info('Testing Ranger export-import functions')
 
     ranger_config_dict = {
        "ranger_backup_files_tobe_removed": ['Ranger_Policies_*','*','Ranger_Policies.json']  # File-list or pattern to delete Ranger-policy backup files.
 
    }
 
    ranger_policy_helper.cleanup_ranger_policy_backup_files(ranger_config_dict)

Oracle Cloud Infrastructure Documentation

Ranger Import and Export Configurations

Ranger Import and Export Helper Functions

Ranger Import and Export Configuration Examples