Versions Compared

Old Version 3

changes.mady.by.user Bosco

Saved on

compared with

New Version 4

changes.mady.by.user Bosco

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Install ZooKeeper and setup the ensemble. If you are using Hadoop, it is very likely you might already have Zookeeper installed and configured. Else, follow the instruction from Solr site for configuring ZooKeeper.
  • Create path in zookeeper for storing the Solr configs and other parameters. 
    • $SOLR_INSTALL_HOME/server/scripts/cloud-scripts/zkcli.sh -zkhost $ZK_HOST:281 -cmd makepath solr
  • Upload your collection config to zookeeper. Below is an example to upload a default config packaged in Solr
    • $SOLR_INSTALL_HOME/server/scripts/cloud-scripts/zkcli.sh -cmd upconfig  -zkhostzkhost $ZK_HOST:2181/solr -confname basic_configs -confdirconfdir $SOLR_INSTALL_HOME/server/solr/configsets/basic_configs/conf

  • Create a new JAAS file at the path /etc/solr/conf and replace the REALM name @EXAMPLE.COM with your REALM name.

    Code Block
    languagebash
    vi /etc/solr/conf/solr_jaas.conf
Client {
       com.sun.security.auth.module.Krb5LoginModule required
       useKeyTab=true
       keyTab="/etc/solr/conf/solr.keytab"
       storeKey=true
       useTicketCache=true
       debug=true
       principal="solr@EXAMPLE.COM";
};


 
  • Copy the solr_jaas.conf to all the host which are running Solr

  • Update solr.in.sh in $SOLR_INSTALL_HOME/bin/solr.in.sh

    vi $SOLR_INSTALL_HOME/bin/solr.in.sh and add the below lines at the end

    SOLR_JAAS_FILE=/etc/solr/conf/solr_jaas.conf
    SOLR_HOST=`hostname -f`
    ZK_HOST="$ZK_HOST1:2181,$ZK_HOST2:2181,$ZK_HOST3:2181/solr"
    KERBEROS_REALM="EXAMPLE.COM"
    SOLR_KEYTAB=/etc/solr/conf/solr.keytab
    SOLR_KERB_PRINCIPAL=HTTP@${KERBEROS_REALM}
    SOLR_KERB_KEYTAB=/etc/solr/conf/HTTP.keytab
    SOLR_AUTHENTICATION_CLIENT_CONFIGURER="org.apache.solr.client.solrj.impl.Krb5HttpClientConfigurer"
    SOLR_AUTHENTICATION_OPTS=" -DauthenticationPlugin=org.apache.solr.security.KerberosPlugin -Djava.security.auth.login.config=$SOLR_JAAS_FILE -Dsolr.kerberos.principal=${SOLR_KERB_PRINCIPAL} -Dsolr.kerberos.keytab=${SOLR_KERB_KEYTAB} -Dsolr.kerberos.cookie.domain=${SOLR_HOST} -Dhost=${SOLR_HOST} -Dsolr.kerberos.name.rules=DEFAULT"

     

  • Copy solr.in.sh to all the host which are running Solr
  • $SOLR_INSTALL_HOME/server/scripts/cloud-scripts/zkcli.sh -zkhost  $ZK_HOST:2181 -cmd put /solr/security.json '{"authentication":{"class": "org.apache.solr.security.KerberosPlugin"}}'
  • Now restart Solr on all hosts. With this setting only Keberos is enabled. For configuring Ranger authorization, refer to Apache Ranger 0.5.0 Installation#EnablingRangerSolrPlugin

...