HDP-2.6.4.0 Solr (6.6.2) Ranger (0.7.0) From: Don Bosco Durai [mailto:bo...@apache.org] Sent: Tuesday, July 03, 2018 12:11 PM To: user@ranger.apache.org Subject: Re: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Ideally you shouldn’t update the properties manually. You should set the properties in install.properties before running enable-solr-plugin.sh and it would automatically create the final properties files. You can do minor tweaking if needed. https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation#ApacheRanger0.5.0Installation-EnablingRangerSolrPlugin The above link was originally tested on Solr 5.2. I have not tried out Solr 6+. Not sure anyone else in the community have tried it. Also, it seems you are using Solr plugin from HDP. Which version of HDP are you using? Thanks Bosco From: Jon Morisi <jon.mor...@hsc.utah.edu<mailto:jon.mor...@hsc.utah.edu>> Reply-To: <user@ranger.apache.org<mailto:user@ranger.apache.org>> Date: Tuesday, July 3, 2018 at 10:22 AM To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" <user@ranger.apache.org<mailto:user@ranger.apache.org>> Subject: RE: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled * This is NOT audit to solr * I am running solr cloud * My cluster is kerberized Taken from here: https://community.hortonworks.com/articles/15159/securing-solr-collections-with-ranger-kerberos.html yum -y install ranger_*-solr-plugin.x86_64 ./enable-solr-plugin.sh I’m then editing two files: 1. ranger-policymgr-ssl.xml 2. security.json ranger-policymgr-ssl.xml has my ssl config values for: xasecure.policymgr.clientssl.keystore xasecure.policymgr.clientssl.keystore.credential.file xasecure.policymgr.clientssl.keystore.password xasecure.policymgr.clientssl.truststore xasecure.policymgr.clientssl.truststore.credential.file xasecure.policymgr.clientssl.truststore.password security.json is uploaded to ZK to enable authorization. {"authentication": {"class": "org.apache.solr.security.KerberosPlugin"},"authorization":{"class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"}} From: Don Bosco Durai [mailto:bo...@apache.org] Sent: Tuesday, July 03, 2018 11:09 AM To: user@ranger.apache.org<mailto:user@ranger.apache.org> Subject: Re: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled Hi Jon How are you installing the Ranger plugin for Solr? Thanks Bosco From: Jon Morisi <jon.mor...@hsc.utah.edu<mailto:jon.mor...@hsc.utah.edu>> Reply-To: <user@ranger.apache.org<mailto:user@ranger.apache.org>> Date: Tuesday, July 3, 2018 at 9:46 AM To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" <user@ranger.apache.org<mailto:user@ranger.apache.org>> Subject: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled Hi, I'm having a heck of a time getting Solr (6.6.2) to talk to Ranger (0.7.0) when Ranger is SSL enabled. (Solr is also SSL enabled) Anyone seen a walkthrough on configuring this? Are the versions I’ve mentioned compatible over SSL? I just can’t seem to get my settings right in the ranger-policymgr-ssl.xml file. I receive errors like these: org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider (RangerCredentialProvider.java:72) - Unable to get the Credential Provider from the Configuration org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:286) - Unable to obtain keystore from file …/ranger-admin-keystore.jks] org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:341) - Unable to read the necessary SSL Keystore and TrustStore Files java.io.IOException: Keystore was tampered with, or password was incorrect I received that last one when I know I had the correct password. Thanks, Jon
