question Securing Solr for Ranger Audit Logs in Archives of Support Questions (Read Only)

Securing Solr for Ranger Audit Logs

egarelnabi — Fri, 23 Sep 2016 20:29:58 GMT

My client is using Solr for Ranger audit logs. It appears that enabling Solr results in a Solr instance devoid of any security? What are the recommended paths to secure this particular instance of Solr?

Re: Securing Solr for Ranger Audit Logs

dsharma — Sun, 18 Aug 2019 11:08:23 GMT

HDP 2.5 support secure solr intergration with ranger, in hdp2.5 , you can specify in ranger config whether you solr is secure , and ranger is also kerberised so it should be good to go with auditing using solr

Re: Securing Solr for Ranger Audit Logs

egarelnabi — Fri, 23 Sep 2016 20:36:38 GMT

Thanks @deepak sharma. We're still not on HDP 2.5. Does this apply to HDP 2.3.4 and 2.4.2 or is it only 2.5+? Also, can we connect to secure Solr instance rather than SolrCloud?

Re: Securing Solr for Ranger Audit Logs

rmani — Sat, 24 Sep 2016 03:11:05 GMT

@Eyad Garelnabi

Secure solr support is already in

Re: Securing Solr for Ranger Audit Logs

venkata_gangava — Thu, 27 Apr 2017 01:07:51 GMT

Hi,

I am getting the below error when I configured Ranger to use Solr for audits. We are using HDP-2.3.6

2017-04-26 09:29:22,353 [http-bio-6080-exec-2] ERROR org.apache.ranger.solr.SolrUtil (SolrUtil.java:79) - Error from Solr server. org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://hostname:8886/solr/ranger_audit: Expected mime type application/octet-stream but got text/html. <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <title>Error 401 Authentication required</title> </head> <body><h2>HTTP ERROR 401</h2> <p>Problem accessing /solr/ranger_audit/select. Reason: <pre> Authentication required</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/> </body> </html>

I see the below error when I access Solr UI

http://hostname:8886/solr/

GSSException: Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44))

The cluster is kerberized

Re: Securing Solr for Ranger Audit Logs

venkata_gangava — Thu, 27 Apr 2017 01:07:52 GMT

Hey,

We are using HDP2.3.6.

We are geeting below error when we configured Ranger to store audit on Solr.

2017-04-25 09:16:23,366 WARN [org.apache.ranger.audit.queue.AuditBatchQueue0]: provider.BaseAuditHandler (BaseAuditHandler.java:logFailedEvent(374)) - failed to log audit event: {"repoType":3,"repo":"hdpt01_hive","reqUser":"hadooptest","evtTime":"2017-04-25 09:16:21.124","access":"USE","resType":"@null","action":"SHOWDATABASES","result":1,"policy":6,"enforcer":"ranger-acl","sess":"06802e00-eda7-4bd2-a812-7e2ed2621e24","cliType":"HIVESERVER2","cliIP":"","reqData":"show schemas","agentHost":"hivehost","logType":"RangerAudit","id":"d8b3d307-0035-4613-a7ff-872fa1c46a9e","seq_num":0,"event_count":1,"event_dur_ms":0} org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://hostname:8886/solr/ranger_audit: Expected mime type application/octet-stream but got text/html. <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <title>Error 401 Authentication required</title> </head> <body><h2>HTTP ERROR 401</h2> <p>Problem accessing /solr/ranger_audit/update. Reason: <pre> Authentication required</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/> </body> </html>

The cluster is kerberized.

Below error is seen when accessing teh ambari-infra-solr UI

http://hostname:8886/solr/

GSSException: Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44))