[
https://issues.apache.org/jira/browse/RANGER-5615?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Paras updated RANGER-5615:
--------------------------
Description:
*Overview*
Extend the Ranger Audit Server's dispatcher framework with a new OpenSearch
destination, enabling audit event ingestion into OpenSearch clusters.
*Background*
The Ranger Audit Server already supports consuming access audit events from
Kafka and dispatching them to external stores via its pluggable dispatcher
architecture. Today, two dispatchers are available:
- _Solr dispatcher_ — routes audit events to Apache Solr
- _HDFS dispatcher_ — routes audit events to HDFS
Organisations adopting OpenSearch for log analytics and audit storage currently
have no native audit server dispatcher for this destination. They must either
rely on Solr (with its Zookeeper operational overhead) or configure the
Elasticsearch audit destination directly within ranger-admin, which couples
audit writing to the admin service and limits independent scalability.
*Motivation*
- _Eliminate Zookeeper dependency_ — OpenSearch is accessed via plain
HTTP/HTTPS REST endpoints, removing the need for Zookeeper in the audit
pipeline when Solr is not used
- _Operational simplicity_ — OpenSearch's authentication model (HTTP Basic
Auth) is simpler to configure and manage compared to Solr's JAAS/Kerberos or
HDFS's UGI/Kerberos requirements
*Related*
RANGER-4676 — OpenSearch as an audit destination within ranger-admin
was:
*Overview*
Extend the Ranger Audit Server's dispatcher framework with a new OpenSearch
destination, enabling audit event ingestion into OpenSearch clusters.
*Background*
The Ranger Audit Server already supports consuming access audit events from
Kafka and dispatching them to external stores via its pluggable dispatcher
architecture. Today, two dispatchers are available:
- _Solr dispatcher_ — routes audit events to Apache Solr
- _HDFS dispatcher_ — routes audit events to HDFS
Organisations adopting OpenSearch for log analytics and audit storage currently
have no native audit server dispatcher for this destination. They must either
rely on Solr (with its Zookeeper operational overhead) or configure the
Elasticsearch audit destination directly within ranger-admin, which couples
audit writing to the admin service and limits independent scalability.
*Motivation*
- _Eliminate Zookeeper dependency_ — OpenSearch is accessed via plain
HTTP/HTTPS REST endpoints, removing the need for Zookeeper in the audit
pipeline when Solr is not used
- _Operational simplicity_ — OpenSearch's authentication model (HTTP Basic
Auth) is simpler to configure and manage compared to Solr's JAAS/Kerberos or
HDFS's UGI/Kerberos requirements
*Related*
RANGER-4676 — OpenSearch as an audit destination within ranger-admin (direct
write from admin service)
> Add OpenSearch dispatcher to Enhance Ranger Audit Server
> --------------------------------------------------------
>
> Key: RANGER-5615
> URL: https://issues.apache.org/jira/browse/RANGER-5615
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Reporter: Paras
> Priority: Major
>
> *Overview*
> Extend the Ranger Audit Server's dispatcher framework with a new OpenSearch
> destination, enabling audit event ingestion into OpenSearch clusters.
> *Background*
> The Ranger Audit Server already supports consuming access audit events from
> Kafka and dispatching them to external stores via its pluggable dispatcher
> architecture. Today, two dispatchers are available:
> - _Solr dispatcher_ — routes audit events to Apache Solr
> - _HDFS dispatcher_ — routes audit events to HDFS
> Organisations adopting OpenSearch for log analytics and audit storage
> currently have no native audit server dispatcher for this destination. They
> must either rely on Solr (with its Zookeeper operational overhead) or
> configure the Elasticsearch audit destination directly within ranger-admin,
> which couples audit writing to the admin service and limits independent
> scalability.
> *Motivation*
> - _Eliminate Zookeeper dependency_ — OpenSearch is accessed via plain
> HTTP/HTTPS REST endpoints, removing the need for Zookeeper in the audit
> pipeline when Solr is not used
> - _Operational simplicity_ — OpenSearch's authentication model (HTTP Basic
> Auth) is simpler to configure and manage compared to Solr's JAAS/Kerberos or
> HDFS's UGI/Kerberos requirements
>
> *Related*
> RANGER-4676 — OpenSearch as an audit destination within ranger-admin
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
