Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (2)
Super Guru

These steps have been successfully tried and tested on Ambari-2.4.2.0 and HDP-2.5.3.

.

When you install and configure Solr cloud via Ambari or embedded solr via Ambari Infra on a kerberized cluster, SPNEGO authentication gets enabled by default. There is not direct switch to disable only SPNEGO authentication.

.

Please follow below method to disable it.

.

Step 1 - Login to Ambari server

.

Step 2 - Please take backup of below script

/var/lib/ambari-server/resources/common-services/SOLR/<version>/package/scripts/setup_solr_kerberos_auth.py

.

Step 3 - Edit above script and do the modifications as below

Original value:

command += '\'{"authentication":{"class": "org.apache.solr.security.KerberosPlugin"}}\''
Recommended value:
command += '\'{ }\''

.

Step 4 - Please replace cached script with below command and restart ambari-agent followed by Solr service(via Ambari)

cp /var/lib/ambari-server/resources/mpacks/solr-ambari-mpack-5.5.2.2.5/common-services/SOLR/5.5.2.2.5/package/scripts/setup_solr_kerberos_auth.py /var/lib/ambari-agent/cache/common-services/SOLR/5.5.2.2.5/package/scripts/setup_solr_kerberos_auth.py

.

You should be able to access Solr Web UI without having kerberos ticket.

.

Please comment if you have any feedback/questions/suggestions. Happy Hadooping!! :)

1,965 Views
Comments
New Contributor

Thanks for the instructions. I have a Kerberos and HTTPS HDP 2.5 cluster, and after Kerberizing, I see errors in the Ambari infra logs of both the nodes that it could not replicate the index between the solr nodes. Is this related to the above steps?

**Note: I am able to access the Solr UI of both the Ambari infra solr nodes, though.

Errors:

	ERROR [c:hadoop_logs s:shard3 r:core_node1 x:hadoop_logs_shard3_replica1] org.apache.solr.update.StreamingSolrClients$1 (StreamingSolrClients.java:79) - error

	org.apache.solr.common.SolrException: Authentication required

and when I restart the Ambari-Infra solr services, I do see the below error as well:

	Expected mime type application/octet-stream but got text/html. <html>
	<head>
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
	<title>Error 401 Authentication required</title>
	</head>
	<body><h2>HTTP ERROR 401</h2>
	<p>Problem accessing /solr/vertex_index_shard1_replica1/get. Reason:
	<pre>  Authentication required</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>
	</body>
	</html>
		

Any inputs on how to resolve this?

Recently, I updated the LogSearch UI to HTTPS and that is unable to connect to the Solr instances ..

Thanks in advance.

New Contributor

Hi Kuldeep, Thanks for the information. I applied the same steps for HDP 2.6. But, the SPNEGO is still enabled. One thing I observed is that there was no SOLR in the cached script. I created the SOLR directory and subsequent path and copied the modified script. Do you think that's the reason. Any help in this regard is appreciated.

Not applicable

Thank You. I was strucked at this point for past one day.

Not applicable

Thank You. I was strucked at this point for past one day.

Hi Kuldeep, thanks for this hack. IS there a similar hack that can be applied to schema registry too?

New Contributor

I see this is very old post, can we have any property which can be set for solr 7.4 in HDP 3.0.1 to disable spnego authentication?

Please help, we are stuck at this step and not able to access the solr URL getting below error.

HTTP ERROR 403

Problem accessing /solr/. Reason:

    GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎06-19-2017 07:37 PM
Updated by:
 
Contributors
Top Kudoed Authors