Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How to define the retention period for Ranger Audits in CDP INFRA Solr?

avatar
Expert Contributor

Hello Everyone,

 

I would like to understand how I can define the retention period for Ranger Audits in CDP Infra Solr.

 

Ranger Audits are filling up the disk space on my nodes and I would like to configure a retention period for the same.

 

Is there any configuration setting in CDP-INFRA-SOLR or Ranger Service in Cloudera Manager that can be configured?

 

Thanks,

Megh

1 ACCEPTED SOLUTION

avatar
Expert Contributor

Managed to get it working.

 

Since my environment is Kerberized, I need to give a jaas.conf file while running a command which potentially modifies any collection configuration. This jaas.conf file should include the solr principal configuration. In my case, the jaas.conf file looks like this.

 

 

Client {
  com.sun.security.auth.module.Krb5LoginModule required
  useKeyTab=true
  keyTab="/solr/keytab/path/solr.keytab"
  storeKey=true
  useTicketCache=false
  principal="solr/<fully.qualified.domain.name>@<REALM_NAME>";
};

 

and ran the command like this:

 

solrctl --jaas /jaas/file/path/jaas.conf instancedir --update ranger_audits /tmp/ranger_audits

solrctl --jaas /jaas/file/path/jaas.conf collection --reload ranger_audits

 

 

And it was successful!

 

This documentation article also helped. 

 

Thanks,

Megh

 

View solution in original post

2 REPLIES 2

avatar
Expert Contributor

Found this article in the documentation,

 

but while executing this command

solrctl instancedir --update ranger_audits /tmp/ranger_audits

  I'm getting this error.

 

org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /configs/ranger_audits/managed-schema
at org.apache.zookeeper.KeeperException.create(KeeperException.java:120)
at org.apache.zookeeper.KeeperException.create(KeeperException.java:54)
at org.apache.zookeeper.ZooKeeper.delete(ZooKeeper.java:1793)
at org.apache.solr.common.cloud.SolrZkClient.lambda$delete$1(SolrZkClient.java:263)
at org.apache.solr.common.cloud.ZkCmdExecutor.retryOperation(ZkCmdExecutor.java:71)
at org.apache.solr.common.cloud.SolrZkClient.delete(SolrZkClient.java:262)
at org.apache.solr.common.cloud.ZkMaintenanceUtils.lambda$clean$1(ZkMaintenanceUtils.java:240)
at org.apache.solr.common.cloud.ZkMaintenanceUtils.traverseZkTree(ZkMaintenanceUtils.java:417)
at org.apache.solr.common.cloud.ZkMaintenanceUtils.traverseZkTree(ZkMaintenanceUtils.java:413)
at org.apache.solr.common.cloud.ZkMaintenanceUtils.clean(ZkMaintenanceUtils.java:236)
at org.apache.solr.common.cloud.SolrZkClient.clean(SolrZkClient.java:791)
at org.apache.solr.cloud.ZkCLI.main(ZkCLI.java:279)
Error: can't delete configuration

 

 

I have done kinit with solr principal still facing this error. This is the klist output.

 

 

[root@<hostname> ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: solr/<fully.qualified.domain.name>@<REALM.NAME>

Valid starting       Expires              Service principal
2021-06-16T15:50:04  2021-06-17T01:50:04  krbtgt/<REALM.NAME>@<REALM.NAME>
        renew until 2021-06-23T15:50:04

 

 

Any idea?

 

Thanks,

Megh

 

avatar
Expert Contributor

Managed to get it working.

 

Since my environment is Kerberized, I need to give a jaas.conf file while running a command which potentially modifies any collection configuration. This jaas.conf file should include the solr principal configuration. In my case, the jaas.conf file looks like this.

 

 

Client {
  com.sun.security.auth.module.Krb5LoginModule required
  useKeyTab=true
  keyTab="/solr/keytab/path/solr.keytab"
  storeKey=true
  useTicketCache=false
  principal="solr/<fully.qualified.domain.name>@<REALM_NAME>";
};

 

and ran the command like this:

 

solrctl --jaas /jaas/file/path/jaas.conf instancedir --update ranger_audits /tmp/ranger_audits

solrctl --jaas /jaas/file/path/jaas.conf collection --reload ranger_audits

 

 

And it was successful!

 

This documentation article also helped. 

 

Thanks,

Megh