[
https://issues.apache.org/jira/browse/KNOX-528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15527545#comment-15527545
]
Kevin Risden commented on KNOX-528:
-----------------------------------
{quote}
The following is where most of the service tests go that need to test
expectations of the rewrite rules and dispatch classes within the definition
for a given service:
https://github.com/apache/knox/blob/master/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayBasicFuncTest.java
This is especially important for when there are nuances to what rewrite or
dispatch need to do.
{quote}
Ah ok I'll take a look.
{quote}
That said, there are still a few things about he POC that needs to be addressed:
1. It seems that the solr definition provided in your POC is really only for
the UI. So, there needs to be a corresponding REST API definition as well. This
is generally done with a SOLRUI and SOLR service pair.
{quote}
Is it possible to have one service? There really isn't a difference between the
Solr UI and the APIs. It would be awesome to be able to visit a single Knox
endpoint for both. Below expands a bit more on the relationship between the UI
and the APIs and maybe that helps.
{quote}
2. The current definition is using the Anonymous authentication provider. This
is commonly used for UIs that provide their own authentication with form-based
login, HTTP basic auth or even with KnoxSSO integration, etc. It doesn't look
like solr UI is doing any authentication for the user. Unauthenticated UI
access should be avoided. We should discuss what is needed there further.
{quote}
Ah wasn't really sure what that was for other than just copied from the
proxying UI page. Right now with the basic setup there is no UI authentication.
Solr really doesn't support UI authentication per say. The authentication is
actually at the API layer itself. The UI really just needs rewriting. The APIs
have support for basic and SPNEGO Kerberos authentication if you enable it in
Solr (not the easiest to do right now, but possible).
{quote}
3. The dispatch being used is another common one for UIs and won't likely be
sufficient for REST APIs though we can discuss that as well. It depends on what
straight API access requires as far as credentials or identity propagation.
{quote}
Just to provide a little more background on the Solr UI, it really just calls
out to the Solr REST APIs and otherwise is just an angular UI.
{quote}
4. I need some clarity on the topology service descriptor. The URL within the
default.xml topology for the service seems strange (I probably just need it
explained to me) and there doesn't seem to be any HA specific URLs. I expected
to see multiple URLs or Zookeeper specifics for determining the URLs, etc.
{quote}
Right now for the quick demo there is only one Solr host. Each host in a Solr
cluster knows how to forward requests to the right host. This means that Knox
just needs to be able to pick one available host. I have tested this a little
by just adding another url and Knox "does the right thing". I am using the Knox
built in HA provider to do failover if it determines the first URL is down.
The Solr url format is as follows:
http://SOLR_HOSTNAME:SOLR_PORT/solr
The /solr is hardcoded with Solr 5.x+ since it is meant to be run as is. The
docker example has a format that looks a bit weird since the name I gave the
Solr container is "solr".
> Support for Apache SOLR REST APIs
> ---------------------------------
>
> Key: KNOX-528
> URL: https://issues.apache.org/jira/browse/KNOX-528
> Project: Apache Knox
> Issue Type: Improvement
> Reporter: Rick Kellogg
> Fix For: Future
>
>
> Add Knox support for routing and securing Apache SOLR's REST APIs
> See: https://wiki.apache.org/solr/Solrj
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
