Hello
As some of you already know, Solr through knox on HDP platform isn't fully supported yet, however, it is possible to achieve that using an IBM IOP distribution.
Here are some steps:
Problems like that are usually related with kerberos issues.
Pre-reqs: You should have already configured your knox with the desired authentication mode:
OBS: In order to use this flag "Dsun.security.krb5.rcache", the jdk 1.8 or above must be used.
Root cause:
a) You may have not configured your browser for authentication ( SPNEGO ),
b) You haven't included your users into the SolR Plugin on Ranger.
c) You are hitting a known issue related with this parameter "Dsun.security.krb5.rcache=none", which is better described in this forum
1) Add the following parameters into your Hadoop core-site.xml:
hadoop.proxyuser.knox.groups = *
hadoop.proxyuser.knox.hosts = *
OBS: You can change the impersonation requirements accordingly with your environment.
2) According to the "known" issue aforementioned, you will have to add this parameter "Dsun.security.krb5.rcache=none" on Ambari > SolR > solr.env >
The configuration needs to be configured like that:
SOLR_OPTS="-Dsolr.directoryFactory=HdfsDirectoryFactory -Dsolr.lock.type=hdfs -Dsolr.hdfs.confdir=/etc/hadoop/conf -Dsolr.hdfs.home={{fs_root}}{{solr_hdfs_home_dir}} -Dsolr.hdfs.security.kerberos.enabled={{security_enabled}} -Dsolr.hdfs.security.kerberos.keytabfile={{solr_kerberos_keytab}} -Dsolr.hdfs.security.kerberos.principal={{solr_kerberos_principal}} -Dsun.security.krb5.rcache=none -Dsolr.log4j.dir={{solr_log_dir}}"
3) Go to the "Quick Links > Ranger > Ranger Admin UI > Solr" and add the user "knox"
After these steps, your SolR UI should work fine through Knox.
