Cloudera Docs

Configuring Ranger authorization for Solr in a DDE Data Hub cluster

By default, the Solr service deployed with a Data Discovery and Experience (DDE) cluster is not configured for authorization by Ranger. You can configure authorization manually, using Cloudera Management Console.

Minimum Required Role: environmentAdmin

  1. Navigate to the Ranger service of the data lake where DDE is running.
  2. On the Service Manager page, click the Add icon next to Solr.
  3. Enter the following information on the Create Service page:

    Service Details

    Field name Description
    Service Name

    Assign a name to the Solr service you want to create.

    Note down the value you define here. You need to enter it later, when specifying the ranger.plugin.solr.service.name parameter in the Solr Service Advanced Configuration Snippet (Safety Valve) for ranger-solr-security.xml option.
    Active Status Enabled
    Select Tag Service Select cm_tag.

    Configuration Properties

    Field name Description
    Username Assign a placeholder value. This property is not used in case of Kerberos authentication.
    Password Assign a placeholder value. This property is not used in case of Kerberos authentication.
    Solr URL Assign a placeholder value. This property is not used in case of Kerberos authentication.
    Add new configurations

    Add the following new configurations:

    • policy.download.auth.users = solr

    • tag.download.auth.users = solr
  4. Click Save.
  5. Click on the newly added service.
    The List of Policies page opens.
  6. Under Action click the Edit icon.
  7. In Allow Conditions > Select User dropdown select hue.
    This is necessary because the Hue service breaks if it has no permission to access Solr.

    To keep the cluster accessible to non-admin users, you can add other users to the default policy or you can define additional policies.

  8. Grant full admin privileges to users that you want to be able to access the Solr Admin UI.
    1. Click Add under Allow Conditions to add a new condition, then add the user or users from the Select User drop-down.
    2. Click Add Permissions then select the Select/Deselect All option.
    3. Accept the selection, then click Save.
  9. Navigate to the Cloudera Manager (CM) UI on the DDE cluster.
  10. From Clusters select Solr.
  11. Select the Configuration tab.
  12. In the Search field start typing ‘safety’
  13. Click Add under Solr Service Advanced Configuration Snippet (Safety Valve).
  14. Define the following:
    Key
    ranger.plugin.solr.service.name
    Value

    The Solr Service Name you assigned when creating the Solr service in Ranger.

  15. Click Save Changes.
  16. Click the Status tab to refresh the window.
  17. Click the Stale Configuration: Restart needed indicator on top of the page.
  18. Click Restart Stale Services.
  19. Click Restart Now.