-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49803/
-----------------------------------------------------------
Review request for Ambari and Dmytro Sen.
Bugs: AMBARI-17621
https://issues.apache.org/jira/browse/AMBARI-17621
Repository: ambari
Description
-------
Currently Atlas does not support kerberized Solr communication.
To make kerberized Solr client work:
1\. Set `java.security.auth.login.config` property, which points to a jaas-
file (with Client block)
2\. Use Kerberos http client configurer.
This option should be bind to a new property (e.g.:
"atlas.solr.kerberos.enable")
call this before creating CloudSolrClient instance: (most likely
Solr5Index.java)
boolean securityEnabled =
PropertiesUtil.getBooleanProperty("atlas.solr.kerberos.enable", false);
if (securityEnabled) {
System.setProperty("java.security.auth.login.config",
"/etc/atlas/conf/atlas-jaas.conf");
HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
}
some useful documentation from Ranger:
<https://cwiki.apache.org/confluence/display/RANGER/How+to+configure+Solr+Clou
d+with+Kerberos+for+Ranger+0.5>
On ambari side: we should handle this property if kerberos is enabled. The new
property should be added only if Solr is used for Atlas
Diffs
-----
ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml
57b31a7
ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/kerberos.json
fd05edf
Diff: https://reviews.apache.org/r/49803/diff/
Testing
-------
mvn clean test
Thanks,
Andrew Onischuk
