RANGER-266: Solr configuration and setup files and documentation (cherry-picked commit c5ae2edd9948b9cbb463533589b356c9b4313fae)
Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/b205c086 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/b205c086 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/b205c086 Branch: refs/heads/ranger-0.5 Commit: b205c086ddef9974d5cf2c7555fd147556c14d8c Parents: ba0d2e3 Author: Don Bosco Durai <[email protected]> Authored: Sun Sep 20 01:57:35 2015 -0400 Committer: Velmurugan Periasamy <[email protected]> Committed: Fri Dec 11 00:16:19 2015 -0500 ---------------------------------------------------------------------- .../contrib/solr_for_audit_setup/README.txt | 25 + .../solr_for_audit_setup/conf/admin-extra.html | 24 + .../conf/admin-extra.menu-bottom.html | 25 + .../conf/admin-extra.menu-top.html | 25 + .../solr_for_audit_setup/conf/elevate.xml | 38 + .../solr_for_audit_setup/conf/schema.xml | 118 ++ .../solr_for_audit_setup/conf/solrconfig.xml | 1865 ++++++++++++++++++ .../solr_for_audit_setup/install.properties | 96 + .../resources/log4j.properties.template | 39 + .../contrib/solr_for_audit_setup/setup.sh | 421 ++++ .../add_ranger_audits_conf_to_zk.sh.template | 63 + .../create_ranger_audits_collection.sh.template | 33 + .../solr_cloud/scripts/start_solr.sh.template | 39 + .../solr_cloud/scripts/stop_solr.sh.template | 35 + .../solr_cloud/solr.xml.template | 26 + .../ranger_audits/core.properties.template | 20 + .../scripts/start_solr.sh.template | 38 + .../scripts/stop_solr.sh.template | 35 + .../solr_standalone/solr.xml | 19 + src/main/assembly/admin-web.xml | 7 + 20 files changed, 2991 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b205c086/security-admin/contrib/solr_for_audit_setup/README.txt ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/README.txt b/security-admin/contrib/solr_for_audit_setup/README.txt new file mode 100644 index 0000000..ac4eb8e --- /dev/null +++ b/security-admin/contrib/solr_for_audit_setup/README.txt @@ -0,0 +1,25 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +This folder consists of the scripts required to install and configure Solr +as an audit destination/source for Apache Ranger. + +Check Apache Ranger Wiki page for more information: +https://cwiki.apache.org/confluence/display/RANGER/Install+and+Configure+Solr+for+Ranger+Audits+-+Apache+Ranger+0.5 + +Steps: +1. Update install.properties +2. ./setup.sh +3. Check $SOLR_RANGER_HOME/install_notes.txt for additional instructions http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b205c086/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.html ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.html b/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.html new file mode 100755 index 0000000..fecab20 --- /dev/null +++ b/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.html @@ -0,0 +1,24 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<!-- The content of this page will be statically included into the top- +right box of the cores overview page. Uncomment this as an example to +see there the content will show up. + +<img src="img/ico/construction.png"> This line will appear at the top- +right box on collection1's Overview +--> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b205c086/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.menu-bottom.html ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.menu-bottom.html b/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.menu-bottom.html new file mode 100755 index 0000000..3359a46 --- /dev/null +++ b/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.menu-bottom.html @@ -0,0 +1,25 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<!-- admin-extra.menu-bottom.html --> +<!-- +<li> + <a href="#" style="background-image: url(img/ico/construction.png);"> + LAST ITEM + </a> +</li> +--> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b205c086/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.menu-top.html ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.menu-top.html b/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.menu-top.html new file mode 100755 index 0000000..0886cee --- /dev/null +++ b/security-admin/contrib/solr_for_audit_setup/conf/admin-extra.menu-top.html @@ -0,0 +1,25 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<!-- admin-extra.menu-top.html --> +<!-- +<li> + <a href="#" style="background-image: url(img/ico/construction.png);"> + FIRST ITEM + </a> +</li> +--> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b205c086/security-admin/contrib/solr_for_audit_setup/conf/elevate.xml ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/conf/elevate.xml b/security-admin/contrib/solr_for_audit_setup/conf/elevate.xml new file mode 100644 index 0000000..25d5ceb --- /dev/null +++ b/security-admin/contrib/solr_for_audit_setup/conf/elevate.xml @@ -0,0 +1,38 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<!-- If this file is found in the config directory, it will only be + loaded once at startup. If it is found in Solr's data + directory, it will be re-loaded every commit. + + See http://wiki.apache.org/solr/QueryElevationComponent for more info + +--> +<elevate> + <query text="foo bar"> + <doc id="1" /> + <doc id="2" /> + <doc id="3" /> + </query> + + <query text="ipod"> + <doc id="MA147LL/A" /> <!-- put the actual ipod at the top --> + <doc id="IW-02" exclude="true" /> <!-- exclude this cable --> + </query> + +</elevate> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b205c086/security-admin/contrib/solr_for_audit_setup/conf/schema.xml ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/conf/schema.xml b/security-admin/contrib/solr_for_audit_setup/conf/schema.xml new file mode 100644 index 0000000..df56974 --- /dev/null +++ b/security-admin/contrib/solr_for_audit_setup/conf/schema.xml @@ -0,0 +1,118 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<!-- Trimmed schema.xml to include only the fields used by RangerAudit and also to make it more manageable --> +<schema name="ranger-audit-schema" version="1.5"> + <fields> + <field name="id" type="string" indexed="true" stored="true" required="true" multiValued="false" /> + <field name="_version_" type="long" indexed="true" stored="true"/> + + <field name="resource" type="key_lower_case" multiValued="false"/> + <field name="cluster" type="key_lower_case" multiValued="false"/> + <field name="resType" type="key_lower_case" multiValued="false"/> + <field name="reqUser" type="key_lower_case" multiValued="false"/> + <field name="evtTime" type="tdate"/> + <field name="policy" type="tlong" docValues="true"/> + <field name="sess" type="key_lower_case" multiValued="false"/> + <field name="access" type="key_lower_case" multiValued="false"/> + <field name="result" type="tint" multiValued="false"/> + <field name="reason" type="text_std_token_lower_case" omitNorms="false" multiValued="false"/> + <field name="enforcer" type="key_lower_case" multiValued="false"/> + <field name="repo" type="key_lower_case" multiValued="false"/> + <field name="cliIP" type="key_lower_case" multiValued="false"/> + <field name="cliType" type="key_lower_case" multiValued="false"/> + <field name="action" type="key_lower_case" multiValued="false"/> + <field name="agent" type="key_lower_case" multiValued="false"/> + <field name="agentHost" type="key_lower_case" multiValued="false"/> + <field name="logType" type="key_lower_case" multiValued="false"/> + <field name="repoType" type="tint" multiValued="false" docValues="true"/> + <field name="reqData" type="text_std_token_lower_case" multiValued="false"/> + <field name="seq_num" type="tlong" multiValued="false" docValues="true"/> + <field name="tags" type="key_lower_case" multiValued="true"/> + <field name="tags_str" type="text_std_token_lower_case" multiValued="false"/> + <field name="event_count" type="tlong" multiValued="false" docValues="true"/> + <field name="event_dur_ms" type="tlong" multiValued="false" docValues="true"/> + + <field name="text" type="text_std_token_lower_case" indexed="true" stored="false" multiValued="true"/> + </fields> + + <uniqueKey>id</uniqueKey> + + <types> + + <!-- Updated from text_general and having only StandardTokenizer and LowerCaseFilter--> + <fieldType name="text_std_token_lower_case" class="solr.TextField" positionIncrementGap="100" multiValued="true"> + <analyzer> + <tokenizer class="solr.StandardTokenizerFactory"/> + <filter class="solr.LowerCaseFilterFactory" /> + </analyzer> + </fieldType> + + <!-- Keyword tokenizer won't split the string. So is like full string search --> + <fieldType name="key_lower_case" class="solr.TextField" + sortMissingLast="true" omitNorms="true"> + <analyzer> + <tokenizer class="solr.KeywordTokenizerFactory"/> + <filter class="solr.LowerCaseFilterFactory" /> + </analyzer> + </fieldType> + + <!-- The StrField type is not analyzed, but indexed/stored verbatim. + It supports doc values but in that case the field needs to be + single-valued and either required or have a default value. + --> + <fieldType name="string" class="solr.StrField" sortMissingLast="true" /> + + <!-- boolean type: "true" or "false" --> + <fieldType name="boolean" class="solr.BoolField" sortMissingLast="true"/> + + <fieldType name="booleans" class="solr.BoolField" sortMissingLast="true" multiValued="true"/> + + <fieldType name="int" class="solr.TrieIntField" precisionStep="0" positionIncrementGap="0"/> + <fieldType name="float" class="solr.TrieFloatField" precisionStep="0" positionIncrementGap="0"/> + <fieldType name="long" class="solr.TrieLongField" precisionStep="0" positionIncrementGap="0"/> + <fieldType name="double" class="solr.TrieDoubleField" precisionStep="0" positionIncrementGap="0"/> + + <fieldType name="tint" class="solr.TrieIntField" precisionStep="8" positionIncrementGap="0"/> + <fieldType name="tfloat" class="solr.TrieFloatField" precisionStep="8" positionIncrementGap="0"/> + <fieldType name="tlong" class="solr.TrieLongField" precisionStep="8" positionIncrementGap="0"/> + <fieldType name="tdouble" class="solr.TrieDoubleField" precisionStep="8" positionIncrementGap="0"/> + + <fieldType name="tints" class="solr.TrieIntField" precisionStep="8" positionIncrementGap="0" multiValued="true"/> + <fieldType name="tfloats" class="solr.TrieFloatField" precisionStep="8" positionIncrementGap="0" multiValued="true"/> + <fieldType name="tlongs" class="solr.TrieLongField" precisionStep="8" positionIncrementGap="0" multiValued="true"/> + <fieldType name="tdoubles" class="solr.TrieDoubleField" precisionStep="8" positionIncrementGap="0" multiValued="true"/> + <fieldType name="date" class="solr.TrieDateField" precisionStep="0" positionIncrementGap="0"/> + <!-- A Trie based date field for faster date range queries and date faceting. --> + <fieldType name="tdate" class="solr.TrieDateField" precisionStep="6" positionIncrementGap="0"/> + <fieldType name="tdates" class="solr.TrieDateField" precisionStep="6" positionIncrementGap="0" multiValued="true"/> + <!--Binary data type. The data should be sent/retrieved in as Base64 encoded Strings --> + <fieldtype name="binary" class="solr.BinaryField"/> + <fieldType name="random" class="solr.RandomSortField" indexed="true" /> + <!-- A text field that only splits on whitespace for exact matching of words --> + <fieldType name="text_ws" class="solr.TextField" positionIncrementGap="100"> + <analyzer> + <tokenizer class="solr.WhitespaceTokenizerFactory"/> + </analyzer> + </fieldType> + <!-- since fields of this type are by default not stored or indexed, + any data added to them will be ignored outright. --> + <fieldtype name="ignored" stored="false" indexed="false" multiValued="true" class="solr.StrField" /> + + </types> +</schema>
