Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How to define the retention period for Ranger Audits in CDP INFRA Solr?

avatar
author-rank vidanimegh
Expert Contributor

Created ‎06-16-2021 12:44 AM

Hello Everyone,

 

I would like to understand how I can define the retention period for Ranger Audits in CDP Infra Solr.

 

Ranger Audits are filling up the disk space on my nodes and I would like to configure a retention period for the same.

 

Is there any configuration setting in CDP-INFRA-SOLR or Ranger Service in Cloudera Manager that can be configured?

 

Thanks,

Megh

2,630 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank vidanimegh
Expert Contributor

Created on ‎06-16-2021 07:15 AM - edited ‎06-16-2021 07:19 AM

Managed to get it working.

 

Since my environment is Kerberized, I need to give a jaas.conf file while running a command which potentially modifies any collection configuration. This jaas.conf file should include the solr principal configuration. In my case, the jaas.conf file looks like this.

 

 

Client {
  com.sun.security.auth.module.Krb5LoginModule required
  useKeyTab=true
  keyTab="/solr/keytab/path/solr.keytab"
  storeKey=true
  useTicketCache=false
  principal="solr/<fully.qualified.domain.name>@<REALM_NAME>";
};

 

and ran the command like this:

 

solrctl --jaas /jaas/file/path/jaas.conf instancedir --update ranger_audits /tmp/ranger_audits

solrctl --jaas /jaas/file/path/jaas.conf collection --reload ranger_audits

 

 

And it was successful!

 

This documentation article also helped. 

 

Thanks,

Megh

 

View solution in original post

2,603 Views
0 Kudos
2 REPLIES 2

avatar
author-rank vidanimegh
Expert Contributor

Created ‎06-16-2021 05:01 AM

Found this article in the documentation,

 

but while executing this command

solrctl instancedir --update ranger_audits /tmp/ranger_audits

  I'm getting this error.

 

org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /configs/ranger_audits/managed-schema
at org.apache.zookeeper.KeeperException.create(KeeperException.java:120)
at org.apache.zookeeper.KeeperException.create(KeeperException.java:54)
at org.apache.zookeeper.ZooKeeper.delete(ZooKeeper.java:1793)
at org.apache.solr.common.cloud.SolrZkClient.lambda$delete$1(SolrZkClient.java:263)
at org.apache.solr.common.cloud.ZkCmdExecutor.retryOperation(ZkCmdExecutor.java:71)
at org.apache.solr.common.cloud.SolrZkClient.delete(SolrZkClient.java:262)
at org.apache.solr.common.cloud.ZkMaintenanceUtils.lambda$clean$1(ZkMaintenanceUtils.java:240)
at org.apache.solr.common.cloud.ZkMaintenanceUtils.traverseZkTree(ZkMaintenanceUtils.java:417)
at org.apache.solr.common.cloud.ZkMaintenanceUtils.traverseZkTree(ZkMaintenanceUtils.java:413)
at org.apache.solr.common.cloud.ZkMaintenanceUtils.clean(ZkMaintenanceUtils.java:236)
at org.apache.solr.common.cloud.SolrZkClient.clean(SolrZkClient.java:791)
at org.apache.solr.cloud.ZkCLI.main(ZkCLI.java:279)
Error: can't delete configuration

 

 

I have done kinit with solr principal still facing this error. This is the klist output.

 

 

[root@<hostname> ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: solr/<fully.qualified.domain.name>@<REALM.NAME>

Valid starting       Expires              Service principal
2021-06-16T15:50:04  2021-06-17T01:50:04  krbtgt/<REALM.NAME>@<REALM.NAME>
        renew until 2021-06-23T15:50:04

 

 

Any idea?

 

Thanks,

Megh

 

2,608 Views
0 Kudos

avatar
author-rank vidanimegh
Expert Contributor

Created on ‎06-16-2021 07:15 AM - edited ‎06-16-2021 07:19 AM

Managed to get it working.

 

Since my environment is Kerberized, I need to give a jaas.conf file while running a command which potentially modifies any collection configuration. This jaas.conf file should include the solr principal configuration. In my case, the jaas.conf file looks like this.

 

 

Client {
  com.sun.security.auth.module.Krb5LoginModule required
  useKeyTab=true
  keyTab="/solr/keytab/path/solr.keytab"
  storeKey=true
  useTicketCache=false
  principal="solr/<fully.qualified.domain.name>@<REALM_NAME>";
};

 

and ran the command like this:

 

solrctl --jaas /jaas/file/path/jaas.conf instancedir --update ranger_audits /tmp/ranger_audits

solrctl --jaas /jaas/file/path/jaas.conf collection --reload ranger_audits

 

 

And it was successful!

 

This documentation article also helped. 

 

Thanks,

Megh

 

2,604 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements