Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

How to define the retention period for Ranger Audits in CDP INFRA Solr?

avatar
author-rank vidanimegh
Expert Contributor

Created ‎06-16-2021 12:44 AM

Hello Everyone,

 

I would like to understand how I can define the retention period for Ranger Audits in CDP Infra Solr.

 

Ranger Audits are filling up the disk space on my nodes and I would like to configure a retention period for the same.

 

Is there any configuration setting in CDP-INFRA-SOLR or Ranger Service in Cloudera Manager that can be configured?

 

Thanks,

Megh

2,054 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank vidanimegh
Expert Contributor

Created on ‎06-16-2021 07:15 AM - edited ‎06-16-2021 07:19 AM

Managed to get it working.

 

Since my environment is Kerberized, I need to give a jaas.conf file while running a command which potentially modifies any collection configuration. This jaas.conf file should include the solr principal configuration. In my case, the jaas.conf file looks like this.

 

 

Client {
  com.sun.security.auth.module.Krb5LoginModule required
  useKeyTab=true
  keyTab="/solr/keytab/path/solr.keytab"
  storeKey=true
  useTicketCache=false
  principal="solr/<fully.qualified.domain.name>@<REALM_NAME>";
};

 

and ran the command like this:

 

solrctl --jaas /jaas/file/path/jaas.conf instancedir --update ranger_audits /tmp/ranger_audits

solrctl --jaas /jaas/file/path/jaas.conf collection --reload ranger_audits

 

 

And it was successful!

 

This documentation article also helped. 

 

Thanks,

Megh

 

View solution in original post

2,027 Views
0 Kudos
2 REPLIES 2

avatar
author-rank vidanimegh
Expert Contributor

Created ‎06-16-2021 05:01 AM

Found this article in the documentation,

 

but while executing this command

solrctl instancedir --update ranger_audits /tmp/ranger_audits

  I'm getting this error.

 

org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /configs/ranger_audits/managed-schema
at org.apache.zookeeper.KeeperException.create(KeeperException.java:120)
at org.apache.zookeeper.KeeperException.create(KeeperException.java:54)
at org.apache.zookeeper.ZooKeeper.delete(ZooKeeper.java:1793)
at org.apache.solr.common.cloud.SolrZkClient.lambda$delete$1(SolrZkClient.java:263)
at org.apache.solr.common.cloud.ZkCmdExecutor.retryOperation(ZkCmdExecutor.java:71)
at org.apache.solr.common.cloud.SolrZkClient.delete(SolrZkClient.java:262)
at org.apache.solr.common.cloud.ZkMaintenanceUtils.lambda$clean$1(ZkMaintenanceUtils.java:240)
at org.apache.solr.common.cloud.ZkMaintenanceUtils.traverseZkTree(ZkMaintenanceUtils.java:417)
at org.apache.solr.common.cloud.ZkMaintenanceUtils.traverseZkTree(ZkMaintenanceUtils.java:413)
at org.apache.solr.common.cloud.ZkMaintenanceUtils.clean(ZkMaintenanceUtils.java:236)
at org.apache.solr.common.cloud.SolrZkClient.clean(SolrZkClient.java:791)
at org.apache.solr.cloud.ZkCLI.main(ZkCLI.java:279)
Error: can't delete configuration

 

 

I have done kinit with solr principal still facing this error. This is the klist output.

 

 

[root@<hostname> ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: solr/<fully.qualified.domain.name>@<REALM.NAME>

Valid starting       Expires              Service principal
2021-06-16T15:50:04  2021-06-17T01:50:04  krbtgt/<REALM.NAME>@<REALM.NAME>
        renew until 2021-06-23T15:50:04

 

 

Any idea?

 

Thanks,

Megh

 

2,032 Views
0 Kudos

avatar
author-rank vidanimegh
Expert Contributor

Created on ‎06-16-2021 07:15 AM - edited ‎06-16-2021 07:19 AM

Managed to get it working.

 

Since my environment is Kerberized, I need to give a jaas.conf file while running a command which potentially modifies any collection configuration. This jaas.conf file should include the solr principal configuration. In my case, the jaas.conf file looks like this.

 

 

Client {
  com.sun.security.auth.module.Krb5LoginModule required
  useKeyTab=true
  keyTab="/solr/keytab/path/solr.keytab"
  storeKey=true
  useTicketCache=false
  principal="solr/<fully.qualified.domain.name>@<REALM_NAME>";
};

 

and ran the command like this:

 

solrctl --jaas /jaas/file/path/jaas.conf instancedir --update ranger_audits /tmp/ranger_audits

solrctl --jaas /jaas/file/path/jaas.conf collection --reload ranger_audits

 

 

And it was successful!

 

This documentation article also helped. 

 

Thanks,

Megh

 

2,028 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements