Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Configure HDP Search Solr ranger plugin

Labels (2)
avatar
author-rank falbani author-rank
Guru

Created on ‎06-20-2018 03:56 PM

This article with cover step by step how to configure HDP Search Solr with Ranger Plugin

Step 1

Download and install the 2.2.9+ mpack - FYI: Previous mpack versions don't support integration of HDP Search Solr with Ranger. Mpack 2.2.9 includes configurable section for the solr-security on ambari which allows to add the authorization information.

wget 'http://public-repo-1.hortonworks.com/HDP-SOLR/hdp-solr-ambari-mp/solr-service-mpack-2.2.9.tar.gz'; -O /tmp/solr-service-mpack-2.2.9.tar.gz

ambari-server install-mpack --mpack=/tmp/solr-service-mpack-2.2.9.tar.gz

Step 2

On HDP solr host run

yum install ranger-solr-plugin.noarch

cd /usr/hdp/2.6.2.0-205/ranger-solr-plugin

Edit install.properties and make sure the following settings at least are properly configured:

POLICY_MGR_URL=http://<ranger-host>:6080 
SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar

Edit solr-plugin-install.properties and set correct value for install dir:

COMPONENT_INSTALL_DIR_NAME=/opt/lucidworks-hdpsearch/solr/server

Next source the environment and enable the plugin:

source /etc/hadoop/hadoop-env.sh 
./enable-solr-plugin.sh

Step 3

Update security znode with ranger authorization class

kinit -kt solr.service.keytab solr/<host>@REALM.COM 

/opt/lucidworks-hdpsearch/solr/server/scripts/cloud-scripts/zkcli.sh -z '<zookeeper>:2181' -cmd put /solr/security.json '{"authentication":{"class": "org.apache.solr.security.KerberosPlugin"},"authorization":{"class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"}}'

Also on Ambari->Solr-Config->Advance solr-security set:

{
"authentication":{"class": "org.apache.solr.security.KerberosPlugin"},
"authorization":{"class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"}
}

Save and restart, on the operation start output you should see

- call['/opt/lucidworks-hdpsearch/solr/server/scripts/cloud-scripts/zkcli.sh -zkhost <zookeeper1>:2181,<zookeeper2>:2181,<zookeeper3>:2181 -cmd get /solr/security.json'] {'timeout': 60, 'env': {'JAVA_HOME': u'/usr/jdk64/jdk1.8.0_112'}}
- call returned (0, '{\"authentication\":{\"class\": \"org.apache.solr.security.KerberosPlugin\"},\"authorization\":{\"class\": \"org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer\"}}')
- Solr Security Json was found, it will not be overridden

Step 4

Fix clustername for solr plugin

cd /opt/lucidworks-hdpsearch/solr/server/solr-webapp/webapp/WEB-INF/classes/

Edit ranger-solr-audit.xml and add following property

  <property>
     <name>ranger.plugin.solr.ambari.cluster.name</name>
      <value>YOUR_CLUSTER_NAME</value>
    </property>

Restart solr for changes to reflect.

Step 5

Open Ranger Admin UI and edit solr repository add New Configurations

tag.download.auth.users = solr
policy.download.auth.users = solr
ambari.service.check.user = ambari-qa
3,321 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
View More Announcements
Version history
Last update:
‎06-20-2018 03:56 PM
Updated by:
Guru Guru
Contributors