Support Questions

Find answers, ask questions, and share your expertise

Securing Solr for Ranger Audit Logs

My client is using Solr for Ranger audit logs. It appears that enabling Solr results in a Solr instance devoid of any security? What are the recommended paths to secure this particular instance of Solr?

1 ACCEPTED SOLUTION

HDP 2.5 support secure solr intergration with ranger, in hdp2.5 , you can specify in ranger config whether you solr is secure , and ranger is also kerberised so it should be good to go with auditing using solr

7915-screen-shot-2016-09-23-at-70315-pm.png

View solution in original post

5 REPLIES 5

HDP 2.5 support secure solr intergration with ranger, in hdp2.5 , you can specify in ranger config whether you solr is secure , and ranger is also kerberised so it should be good to go with auditing using solr

7915-screen-shot-2016-09-23-at-70315-pm.png

Thanks @deepak sharma. We're still not on HDP 2.5. Does this apply to HDP 2.3.4 and 2.4.2 or is it only 2.5+? Also, can we connect to secure Solr instance rather than SolrCloud?

Expert Contributor
@Eyad Garelnabi

Secure solr support is already in

Rising Star

Hi,

I am getting the below error when I configured Ranger to use Solr for audits. We are using HDP-2.3.6

2017-04-26 09:29:22,353 [http-bio-6080-exec-2] ERROR org.apache.ranger.solr.SolrUtil (SolrUtil.java:79) - Error from Solr server. org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://hostname:8886/solr/ranger_audit: Expected mime type application/octet-stream but got text/html. <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <title>Error 401 Authentication required</title> </head> <body><h2>HTTP ERROR 401</h2> <p>Problem accessing /solr/ranger_audit/select. Reason: <pre> Authentication required</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/> </body> </html>

I see the below error when I access Solr UI

http://hostname:8886/solr/

GSSException: Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44))

The cluster is kerberized

Rising Star

Hey,

We are using HDP2.3.6.

We are geeting below error when we configured Ranger to store audit on Solr.

2017-04-25 09:16:23,366 WARN [org.apache.ranger.audit.queue.AuditBatchQueue0]: provider.BaseAuditHandler (BaseAuditHandler.java:logFailedEvent(374)) - failed to log audit event: {"repoType":3,"repo":"hdpt01_hive","reqUser":"hadooptest","evtTime":"2017-04-25 09:16:21.124","access":"USE","resType":"@null","action":"SHOWDATABASES","result":1,"policy":6,"enforcer":"ranger-acl","sess":"06802e00-eda7-4bd2-a812-7e2ed2621e24","cliType":"HIVESERVER2","cliIP":"","reqData":"show schemas","agentHost":"hivehost","logType":"RangerAudit","id":"d8b3d307-0035-4613-a7ff-872fa1c46a9e","seq_num":0,"event_count":1,"event_dur_ms":0} org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://hostname:8886/solr/ranger_audit: Expected mime type application/octet-stream but got text/html. <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <title>Error 401 Authentication required</title> </head> <body><h2>HTTP ERROR 401</h2> <p>Problem accessing /solr/ranger_audit/update. Reason: <pre> Authentication required</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/> </body> </html>

The cluster is kerberized.

Below error is seen when accessing teh ambari-infra-solr UI

http://hostname:8886/solr/

GSSException: Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44))
Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.