Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (2)

This article with cover step by step how to configure HDP Search Solr with Ranger Plugin

Step 1

Download and install the 2.2.9+ mpack - FYI: Previous mpack versions don't support integration of HDP Search Solr with Ranger. Mpack 2.2.9 includes configurable section for the solr-security on ambari which allows to add the authorization information.

wget 'http://public-repo-1.hortonworks.com/HDP-SOLR/hdp-solr-ambari-mp/solr-service-mpack-2.2.9.tar.gz'; -O /tmp/solr-service-mpack-2.2.9.tar.gz

ambari-server install-mpack --mpack=/tmp/solr-service-mpack-2.2.9.tar.gz

Step 2

On HDP solr host run

yum install ranger-solr-plugin.noarch

cd /usr/hdp/2.6.2.0-205/ranger-solr-plugin

Edit install.properties and make sure the following settings at least are properly configured:

POLICY_MGR_URL=http://<ranger-host>:6080 
SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar

Edit solr-plugin-install.properties and set correct value for install dir:

COMPONENT_INSTALL_DIR_NAME=/opt/lucidworks-hdpsearch/solr/server 

Next source the environment and enable the plugin:

source /etc/hadoop/hadoop-env.sh 
./enable-solr-plugin.sh

Step 3

Update security znode with ranger authorization class

kinit -kt solr.service.keytab solr/<host>@REALM.COM 

/opt/lucidworks-hdpsearch/solr/server/scripts/cloud-scripts/zkcli.sh -z '<zookeeper>:2181' -cmd put /solr/security.json '{"authentication":{"class": "org.apache.solr.security.KerberosPlugin"},"authorization":{"class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"}}'

Also on Ambari->Solr-Config->Advance solr-security set:

{
"authentication":{"class": "org.apache.solr.security.KerberosPlugin"},
"authorization":{"class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"}
} 

Save and restart, on the operation start output you should see

- call['/opt/lucidworks-hdpsearch/solr/server/scripts/cloud-scripts/zkcli.sh -zkhost <zookeeper1>:2181,<zookeeper2>:2181,<zookeeper3>:2181 -cmd get /solr/security.json'] {'timeout': 60, 'env': {'JAVA_HOME': u'/usr/jdk64/jdk1.8.0_112'}}
- call returned (0, '{\"authentication\":{\"class\": \"org.apache.solr.security.KerberosPlugin\"},\"authorization\":{\"class\": \"org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer\"}}')
- Solr Security Json was found, it will not be overridden

Step 4

Fix clustername for solr plugin

cd /opt/lucidworks-hdpsearch/solr/server/solr-webapp/webapp/WEB-INF/classes/ 

Edit ranger-solr-audit.xml and add following property

  <property>
     <name>ranger.plugin.solr.ambari.cluster.name</name>
      <value>YOUR_CLUSTER_NAME</value>
    </property>

Restart solr for changes to reflect.

Step 5

Open Ranger Admin UI and edit solr repository add New Configurations

tag.download.auth.users = solr
policy.download.auth.users = solr
ambari.service.check.user = ambari-qa
1,590 Views
Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎06-20-2018 03:56 PM
Updated by:
 
Contributors
Top Kudoed Authors