Establish trust between the indexer client and Solr server(s).
The go-live phase of the indexer jobs sends a MERGEINDEXES request
from the indexer client (the node from which the MR job was submitted) to the live
Solr servers. If the Solr server has SSL enabled, you need to ensure that the
indexer client trusts the certificate presented by the Solr server(s), otherwise you
get an SSLPeerUnverifiedException.
Specify the location of the trust store by setting the following
HADOOP_OPTS variable before launching the indexer
job:
If the Solr servers have Kerberos authentication enabled, you need to ensure
that the indexer client can authenticate via Kerberos to the Solr servers. For
this, you need to create a Java Authentication and Authorization Service
configuration (JAAS) file locally on the node where the indexing job is
launched:
If you are authenticating using kinit to obtain
credentials, you can configure the client to use your credential cache
by creating a jaas.conf file with the following
contents:
Replace
/path/to/user.keytab with
the keytab file you want to use and
<user>@EXAMPLE.COM with the
principal in the keytab. If you are using a service principal that
includes the hostname, make sure that it is included in the
jaas.conf file (for example,
solr/solr01.example.com@EXAMPLE.COM).
If you are using a ticket cache, you need to do a kinit to
acquire a ticket for the configured principal before launching the
indexer.
Specify the authentication configuration in the HADOOP_OPTS
environment variable: