Hi Mehul, Thanks for clarifying this. As you pointed out, deleting install.properties after starting Ranger looks like a reasonable solution. However, there are situations in which deleting install.properties is not a complete solution.
1. Some organizations have an internal policy prohibiting the deployment of any software system that requires passwords written in text form somewhere (not because of the security issue but because of rogue users). 2. In our case, we are running Ranger as a Kubernetes Pod. We mount install.properties inside a Pod, which is not deleted automatically. We decided to mount it as a Kubernetes Secret (instead of a ConfigMap) to alleviate the security issue. You can find our solution at: https://mr3.postech.ac.kr/hivek8s/guide/run-ranger/ A complete solution to this problem would be to require the user to submit a KeyStore file that contains all the passwords. (This is what we really need, because we would like to launch a Ranger service for each user, and thus we cannot really ask for the password in text form.) With the current release of Ranger 2.0.0-SNAPSHOT, it seems that this is easy to implement, except that it does not work for db_root_password, unfortunately. (I think the current code reads db_root_password in text form to communicate with the database.) If you think this is feasible with a simple fix, please let me know, so that we could give it a try. Cheers, --- Sungwoo On Thu, Aug 1, 2019 at 4:43 PM Mehul Parikh <xsme...@gmail.com> wrote: > Hi Sungwoo, > > Are you installing Ranger Manually ? > > - Ranger saves these passwords in Keystore file only, and replaces all > password values with _ value in ranger-admin-site.xml. > - You can backup install.properties and then delete that file after > installing and starting Ranger service. > > > > On Mon, Jul 22, 2019 at 5:48 PM Sungwoo Park <glap...@gmail.com> wrote: > >> Hello, >> >> I have a question on installing Ranger. Currently we specify the password >> for Ranger database (which is MySQL) with db_root_password in >> ranger-admin-install.properties, e.g.: >> >> db_root_user=root >> db_root_password=passwd >> >> I wonder if there is an alternative way of specifying the password with a >> KeyStore file (jceks). Or, it the file ranger-admin-install.properties just >> supposed to be removed after installing Ranger? >> >> Thanks, >> >> --- Sungwoo Park >> > > > -- > > Thanks and regards, > Mehul Parikh > ---------------------------- > M: +91 98191 54446 > E: xsme...@gmail.com >
