Paras created RANGER-5615:
-----------------------------
Summary: Add OpenSearch dispatcher to Enhance Ranger Audit Server
Key: RANGER-5615
URL: https://issues.apache.org/jira/browse/RANGER-5615
Project: Ranger
Issue Type: Improvement
Components: Ranger
Reporter: Paras
*Overview*
Extend the Ranger Audit Server's dispatcher framework with a new OpenSearch
destination, enabling audit event ingestion into OpenSearch clusters.
*Background*
The Ranger Audit Server already supports consuming access audit events from
Kafka and dispatching them to external stores via its pluggable dispatcher
architecture. Today, two dispatchers are available:
- _Solr dispatcher_ — routes audit events to Apache Solr
- _HDFS dispatcher_ — routes audit events to HDFS
Organisations adopting OpenSearch for log analytics and audit storage currently
have no native audit server dispatcher for this destination. They must either
rely on Solr (with its Zookeeper operational overhead) or configure the
Elasticsearch audit destination directly within ranger-admin, which couples
audit writing to the admin service and limits independent scalability.
*Motivation*
- _Eliminate Zookeeper dependency_ — OpenSearch is accessed via plain
HTTP/HTTPS REST endpoints, removing the need for Zookeeper in the audit
pipeline when Solr is not used
- _Operational simplicity_ — OpenSearch's authentication model (HTTP Basic
Auth) is simpler to configure and manage compared to Solr's JAAS/Kerberos or
HDFS's UGI/Kerberos requirements
*Related*
RANGER-4676 — OpenSearch as an audit destination within ranger-admin (direct
write from admin service)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
