...
- Install ZooKeeper and setup the ensemble. If you are using Hadoop, it is very likely you might already have Zookeeper installed and configured. Else, follow the instruction from Solr site for configuring ZooKeeper.
- Create path in zookeeper for storing the Solr configs and other parameters.
- $SOLR_INSTALL_HOME/server/scripts/cloud-scripts/zkcli.sh -zkhost $ZK_HOST:281 -cmd makepath solr
- Upload your collection config to zookeeper. Below is an example to upload a default config packaged in Solr
- $SOLR_INSTALL_HOME/server/scripts/cloud-scripts/zkcli.sh -cmd upconfig -zkhostzkhost $ZK_HOST:2181/solr -confname basic_configs -confdirconfdir $SOLR_INSTALL_HOME/server/solr/configsets/basic_configs/conf
Create a new JAAS file at the path /etc/solr/conf and replace the REALM name @EXAMPLE.COM with your REALM name.
Code Block language bash vi /etc/solr/conf/solr_jaas.conf Client { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="/etc/solr/conf/solr.keytab" storeKey=true useTicketCache=true debug=true principal="solr@EXAMPLE.COM"; };
- Copy the solr_jaas.conf to all the host which are running Solr
Update solr.in.sh in $SOLR_INSTALL_HOME/bin/solr.in.sh
vi $SOLR_INSTALL_HOME/bin/solr.in.sh and add the below lines at the end
SOLR_JAAS_FILE=/etc/solr/conf/solr_jaas.conf
SOLR_HOST=`hostname -f`
ZK_HOST="$ZK_HOST1:2181,$ZK_HOST2:2181,$ZK_HOST3:2181/solr"
KERBEROS_REALM="EXAMPLE.COM"
SOLR_KEYTAB=/etc/solr/conf/solr.keytab
SOLR_KERB_PRINCIPAL=HTTP@${KERBEROS_REALM}
SOLR_KERB_KEYTAB=/etc/solr/conf/HTTP.keytab
SOLR_AUTHENTICATION_CLIENT_CONFIGURER="org.apache.solr.client.solrj.impl.Krb5HttpClientConfigurer"
SOLR_AUTHENTICATION_OPTS=" -DauthenticationPlugin=org.apache.solr.security.KerberosPlugin -Djava.security.auth.login.config=$SOLR_JAAS_FILE -Dsolr.kerberos.principal=${SOLR_KERB_PRINCIPAL} -Dsolr.kerberos.keytab=${SOLR_KERB_KEYTAB} -Dsolr.kerberos.cookie.domain=${SOLR_HOST} -Dhost=${SOLR_HOST} -Dsolr.kerberos.name.rules=DEFAULT"- Copy solr.in.sh to all the host which are running Solr
- $SOLR_INSTALL_HOME/server/scripts/cloud-scripts/zkcli.sh -zkhost $ZK_HOST:2181 -cmd put /solr/security.json '{"authentication":{"class": "org.apache.solr.security.KerberosPlugin"}}'
- Now restart Solr on all hosts. With this setting only Keberos is enabled. For configuring Ranger authorization, refer to Apache Ranger 0.5.0 Installation#EnablingRangerSolrPlugin
...