Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Ranger audit to Solr problem

avatar
author-rank frank93
Super Collaborator

Created on ‎10-13-2016 02:02 PM - edited ‎08-19-2019 02:44 AM

Hi guys,

I upgraded HDP from 2.3 to 2.5 (and Ambari to 2.4) using Rolling Upgrade. I want to use Solr as Ranger audit type. To do that I installed Ambari-infra and configured Ranger. I can access Solr UI using hostname:8886. Ambari created ranger audits core during restart, but in ranger UI in audit tab I got an error: "Unable to connect to Audit store !!". Below is my configuration and xa_portal.log.

The command "/usr/lib/ambari-infra-solr-client/solrCloudCli.sh --zookeeper-connect-string hadoop3.locald:2181,hadoop2.locald:2181,hadoop1.locald:2181/infra-solr --create-collection --collection ranger_audits --config-set ranger_audits --shards 1 --replication 1 --max-shards 1 --retry 5 --interval 10 --no-sharding" successfully creates a core.

I am using 1 Solr server

xa-portal.txt8510-solr1.png8531-solr2.png

Preview file
33 KB
28,484 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank jstraub
Guru

Created ‎10-14-2016 04:25 AM

Hi @Edgar Daeds

I looked at your log file and it seems that your solr schema is broken or not valid.

at http://myhostname:8886/solr/ranger_audits: sort param field can't be found: evtTime, retry

Could you please delete the collection and its configure. Afterwards, let Ranger re-create the Collection and its configuration.

Delete Collections: https://cwiki.apache.org/confluence/display/solr/Collections+API#CollectionsAPI-api6

Delete Configuration (delete the collection first!):

1.Log into ZK

zookeeper-client -server <zk server & port>

2.Check what configurations are available

ls /infra-solr/configs

3.Delete configurations related to ranger audits (including the ones you have created). For example:

rmr /infra-solr/configs/ranger_audits

Now let Ranger re-create the Audit collection

🙂

View solution in original post

21,048 Views
12 REPLIES 12

avatar
author-rank frank93
Super Collaborator

Created ‎10-14-2016 06:58 AM

@Jonas Straub

It works! Thank you. I tried to delete it before but not using Zookeeper, just Solr admin and then I deleted my core directory.

Where does Solr store ranger audit? Locally in /opt/ambari_infra_solr/data/ranger_audits_shard1_replica1/data I see the data is getting larger and then smaller.

7,887 Views
0 Kudos

avatar
author-rank jstraub
Guru

Created ‎10-14-2016 10:48 AM

Awesome! Glad it worked 🙂

Yes, the solrconfig for ranger audits is configured to use local storage. You can check the solrconfig.xml (either through zookeeper or Solr UI -> Select Collection in dropdown -> Files -> solrconfig.xml) for the exact path.

7,887 Views
0 Kudos

avatar
author-rank erkansirin78
Expert Contributor

Created ‎07-13-2018 07:46 AM

No ranger_audits

[zk: hadooptest01:2181(CONNECTED) 0] ls /infra-solr/configs

[atlas_configs]
7,887 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements