[PR] RANGER-5603: Docker setup updated to use Solr 9.4.1 [ranger]

Tue, 26 May 2026 05:50:11 -0700 


pradeepagrawal8184 opened a new pull request, #981:
URL: https://github.com/apache/ranger/pull/981

   ## What changes were proposed in this pull request?
   
   Updates Ranger Docker dev stack for Solr 9.4.1 with Kerberos: use mounted 
keytabs under /etc/keytabs, policy cache under /etc/ranger, Solr 9 
Kerberos/hadoop-auth wiring, and Ranger Admin Solr audit access via FQDN + JAAS 
(fixes SPNEGO / xaudit 401).
   
   **Changes:**
   ```
   - Dockerfile.ranger-solr: Default SOLR_VERSION 9.4.1 (align with .env).
   - docker-compose.ranger.yml: Bind-mount audit core conf + core.properties; 
mount ranger-solr-security-changes.cfg from repo; 
SOLR_SECURITY_MANAGER_ENABLED=false for Solr 9 + Ranger.
   - ranger-solr.sh: Stop copying keytabs to /var/solr/data (stale after KDC 
restart); use /etc/keytabs; Solr 9 SOLR_AUTH_TYPE/Hadoop Kerberos; policy cache 
dir; hadoop-auth module; bootstrap core.properties; pass opts into entrypoint.
   - solr-jaas.conf, solr-security.json, ranger-solr-plugin-install.properties: 
Keytabs and policy cache paths → /etc/keytabs and 
/etc/ranger/dev_solr/policycache.
   - ranger-admin-install-postgres.properties: Audit URL ranger-solr.rangernw 
(SPNEGO); empty serviceName; useTicketCache=false.
   ```
   ## How was this patch tested?
   ```
   - mvn package -Pranger-solr-plugin -DskipTests; copy *-admin.tar.gz, 
*-solr-plugin.tar.gz, version → dev-support/ranger-docker/dist/.
   - export RANGER_DB_TYPE=postgres
   - docker compose -f docker-compose.ranger.yml build && docker compose -f 
docker-compose.ranger.yml up -d
   - Solr 9.4.1; dev_solr policies download; ranger_audits core healthy.
   - Plugin audit write + Solr SPNEGO read on ranger_audits.
   - Admin xaudit: curl -u admin:rangerR0cks! 
'http://localhost:6080/service/xaudit/access_audit?pageSize=2&startIndex=0' → 
JSON with totalCount (not 401/HTML).
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to