Hortonworks Docs » Hortonworks Data Platform 3.1.5 » Managing Auditing
Managing Auditing
Also available as:
PDF

Configure SolrCloud for Kerberos

How to configure SolrCloud for Kerberos.

  1. Run the following commands: 
    cd /opt/solr
mkdir /opt/solr/conf
  2. Create a new JAAS file in the /opt/solr/conf directory: vi /opt/solr/conf/solr_jaas.conf.
  3. Add the following lines to the solr_jaas.conf file, but replace the REALM name @EXAMPLE.COM with your REALM. 
    Client {
       com.sun.security.auth.module.Krb5LoginModule required
       useKeyTab=true
       keyTab="/opt/solr/conf/solr.service.keytab"
       storeKey=true
       useTicketCache=true
       debug=true
       principal="solr@EXAMPLE.COM";
};
  4. Copy the solr_jaas.conf file to all of the hosts on which Solr is running.
  5. Edit the solr.in.sh file in the <SOLR_INSTALL_HOME>/bin/ directory:vi $SOLR_INSTALL_HOME/ranger_audit_server/scripts/solr.in.sh.
  6. Add the following lines at the end of the solr.in.sh file: 
    SOLR_JAAS_FILE=/opt/solr/conf/solr_jaas.conf
SOLR_HOST=`hostname -f`
ZK_HOST="$ZK_HOST1:2181,$ZK_HOST2:2181,$ZK_HOST3:2181/ranger_audits" 
KERBEROS_REALM="EXAMPLE.COM"
SOLR_KEYTAB=/opt/solr/conf/solr.service.keytab
SOLR_KERB_PRINCIPAL=HTTP@${KERBEROS_REALM}
SOLR_KERB_KEYTAB=/opt/solr/conf/HTTP.keytab
SOLR_AUTHENTICATION_CLIENT_CONFIGURER="org.apache.solr.client.solrj.impl.Krb5HttpClientConfigurer"
SOLR_AUTHENTICATION_OPTS=" -DauthenticationPlugin=org.apache.solr.security.KerberosPlugin
 -Djava.security.auth.login.config=$SOLR_JAAS_FILE -Dsolr.kerberos.principal=${SOLR_KERB_PRINCIPAL}
 -Dsolr.kerberos.keytab=${SOLR_KERB_KEYTAB} -Dsolr.kerberos.cookie.domain=${SOLR_HOST} -Dhost=${SOLR_HOST}
 -Dsolr.kerberos.name.rules=DEFAULT"
  7. Copy the solr.in.sh file to all of the hosts on which Solr is running.
  8. Run the following command to enable Kerberos as the authentication scheme by updating the security.json file in ZooKeeper.$SOLR_INSTALL_HOME/server/scripts/cloud-scripts/zkcli.sh -zkhost $ZK_HOST:2181 -cmd put /ranger_audits/security.json '{"authentication":{"class": "org.apache.solr.security.KerberosPlugin"}}'.
  9. Run the following commands to restart Solr on all hosts: 
    /opt/solr/ranger_audit_server/scripts/stop_solr.sh
/opt/solr/ranger_audit_server/scripts/start_solr.sh
  10. On the Ambari dashboard, select Ranger > Configs > Ranger Audit, then enable External SolrCloud Kerberos by clicking the OFF button. The button label changes to ON when External SolrCloud Kerberos is enabled.

    Under Ambari > Ranger > Configs > Ranger Audit, External SolrCloud kerberos option is highlighted as toggled ON.

  11. Click Save, then restart Ranger and all required services.
© 2012–2019, Hortonworks, Inc.
Document licensed under the Creative Commons Attribution ShareAlike 4.0 License.
Hortonworks.com | Documentation | Support | Community