Created 10-25-2016 09:12 AM
my solr can working normal.when i use the security.json like this
{ "authentication": { "class": "solr.BasicAuthPlugin", "blockUnknown": true, "credentials": { "root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw=" } }, "authorization": { "class": "solr.RuleBasedAuthorizationPlugin" } }
but when i Securing Solr Collections with Ranger as below:
{ "authentication": { "class": "solr.BasicAuthPlugin", "credentials": { "root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw=" } }, "authorization": { "class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer" } }
solr-plugin can show in ranger-audit-plugin. But solr cant work when i open http://localhost:8983/solr/
HTTP ERROR 500 Problem accessing /solr/. Reason: {trace=java.lang.NullPointerException at org.apache.solr.servlet.HttpSolrCall$2.toString(HttpSolrCall.java:1020) at java.lang.String.valueOf(String.java:2849) at java.lang.StringBuilder.append(StringBuilder.java:128) at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:227) at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:128) at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:420) at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:225) at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:183) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) at org.eclipse.jetty.server.Server.handle(Server.java:499) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) at java.lang.Thread.run(Thread.java:745) ,code=500} Powered by Jetty://
Created 10-25-2016 09:50 AM
Did you enable the Ranger Solr Plugin using the enable-ranger-plugin.sh script? What version of Solr and Ranger is this?
You might want to enable the Ranger Plugin again and make sure that all ranger jars/xmls have been copied to .../solr/server/solr-webapp/webapp/WEB-INF/classes and .../solr/server/solr-webapp/webapp/WEB-INF/libs
(Validate the paths, not sure if they are 100% correct)
Created 10-25-2016 10:02 AM
@Fang Heart, are you trying to enable Ranger solr plugin under non secured environment i.e non-kerberised env ?, Ranger Solr plugin is supported to work under kerberized environments. You can follow the steps described here to enable Ranger Solr plugin.
Created 10-25-2016 10:09 AM
if ranger no authorization with ranger,my solr can work normal but it can't show plugin in ranger.
Created 10-25-2016 10:18 AM
You can follow the steps mentioned in https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation#ApacheRanger0.5....
Created 10-25-2016 10:20 AM
Created 10-25-2016 10:46 AM
@Fang Heart, did you install kerberos ?
Created 10-25-2016 10:57 AM
no.it's needed?
Created 10-25-2016 11:09 AM
@Fang Heart , yes Kerberos is needed and Solr should be configured in cloud mode you can follow the instructions for installing and configuring solr in cloud mode here
Created 05-22-2018 04:15 PM
Hello @Jonas Straub,
sorry for reopening this old topic, but I'm getting the same error.
In my case, cluster is kerberized. I'm using HDP 2.6.0.3 with Ambari 2.5.0.3 and Solr 5.5 installed via Mpack. Solr authentication via SPNEGO is working fine, but when I tried to enable the ranger plugin for solr I'm getting a strange behavior, because if I configure log4j for INFO I'm getting 403 error (but ranger policies are well configured and I can see the ranger cache updated locally on the solr node), while if I set log4j to log DEBUG information I'm getting a 500 error from solr server. Looking at the source code of solr and ranger-solr it seems that ranger plugin is unable to obtain the AuthorizationContext, in fact I can see these lines in the log:
2018-05-22 13:03:17,703 [qtp537548559-18 - /solr/] DEBUG [ ] org.apache.solr.servlet.HttpSolrCall (HttpSolrCall.java:316) - no handler or core retrieved for /, follow through... 2018-05-22 13:03:17,703 [qtp537548559-18 - /solr/] DEBUG [ ] org.apache.solr.servlet.HttpSolrCall (HttpSolrCall.java:499) - PkiAuthenticationPlugin says authorization required : true 2018-05-22 13:03:17,704 [qtp537548559-18 - /solr/] DEBUG [ ] org.apache.solr.servlet.HttpSolrCall (HttpSolrCall.java:421) - AuthorizationContext : [FAILED toString()] .... 2018-05-22 13:03:17,717 [qtp537548559-18 - /solr/] ERROR [ ] org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer (RangerSolrAuthorizer.java:288) - Error getting request context!!! java.lang.NullPointerException at org.apache.solr.servlet.HttpSolrCall$2.getParams(HttpSolrCall.java:953) at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.logAuthorizationConext(RangerSolrAuthorizer.java:279) at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:165) at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:128) at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:422)
Since this version of Ambari does not support the ranger solr plugin, I had to manually edit the setup_solr_kerberos_auth.py script, adding "authorization":{"class":"org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"}, so my current security.json file on zookeeper is the following:
{"authentication":{"class": "org.apache.solr.security.KerberosPlugin"},"authorization":{"class":"org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"}}
apart of that, I followed the instructions provided here and the repo on ranger is working.
Is it a missing configuration or maybe a bug? Exact versions I using are the following:
ranger-solr-plugin-0.7.0.2.6.0.3-8.el6.noarch
ranger_2_6_0_3_8-solr-plugin-0.7.0.2.6.0.3-8.x86_64
lucidworks-hdpsearch-2.6-100.noarch
Thanks,
Davide