You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Don Bosco Durai <bo...@apache.org> on 2016/10/27 19:10:50 UTC
Re: ranger solr-plugin
[Copied user and dev group]
Hello
I personally have not tested with Solr’s basic auth. All my testing was with Kerberos.
Which Ranger version are you using? Looking at the line numbers, it doesn’t seem to be Ranger 0.6
Bosco
From: "方久鑫 (fangheart)" <fa...@fangheart.win>
Date: Tuesday, October 25, 2016 at 2:14 AM
To: bosco <bo...@apache.org>
Subject: ranger solr-plugin
my solr can working normal.when i use the security.json like this
{
"authentication": {
"class": "solr.BasicAuthPlugin",
"blockUnknown": true,
"credentials": {
"root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
}
},
"authorization": {
"class": "solr.RuleBasedAuthorizationPlugin"
}
}
but when i Securing Solr Collections with Ranger as below:
{
"authentication": {
"class": "solr.BasicAuthPlugin",
"credentials": {
"root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
}
},
"authorization": {
"class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"
}
}
solr-plugin can show in ranger-audit-plugin.
But solr can't work normal when i open http://localhost:8983/solr/
HTTP ERROR 500
Problem accessing /solr/. Reason:
{trace=java.lang.NullPointerException
at org.apache.solr.servlet.HttpSolrCall$2.toString(HttpSolrCall.java:1020)
at java.lang.String.valueOf(String.java:2849)
at java.lang.StringBuilder.append(StringBuilder.java:128)
at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:227)
at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:128)
at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:420)
at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:225)
at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:183)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:499)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:745)
,code=500}
Powered by Jetty://
fangheart@fangheart.win
Re: ranger solr-plugin
Posted by Don Bosco Durai <bo...@apache.org>.
For “Test Connection” to work, you need to have the Ranger Admin also Kerberized. Just for your information, connection from Ranger Admin to Solr is only required for “collections” lookup. If you know the collections, then you can manually type them while creating the policies.
Let me know if you need help on setting up Kerberos for Ranger Admin.
Bosco
From: "方久鑫 (fangheart)" <fa...@fangheart.win>
Date: Friday, October 28, 2016 at 1:20 AM
To: Don Bosco Durai <bo...@apache.org>
Subject: Re: Re: ranger solr-plugin
my version is 0.6. And now i install the kerberos. it can work normal . But now i have another question.
When the authorization and authentication is completed. ranger-solr-service test connection can't show successfully.It show HTTP 401 Authentication required. What should i do let it can test connection?
Thank you for your reply.
fangheart@fangheart.win
From: Don Bosco Durai
Date: 2016-10-28 03:10
To: 方久鑫 (fangheart)
CC: user@ranger.incubator.apache.org; ranger
Subject: Re: ranger solr-plugin
[Copied user and dev group]
Hello
I personally have not tested with Solr’s basic auth. All my testing was with Kerberos.
Which Ranger version are you using? Looking at the line numbers, it doesn’t seem to be Ranger 0.6
Bosco
From: "方久鑫 (fangheart)" <fa...@fangheart.win>
Date: Tuesday, October 25, 2016 at 2:14 AM
To: bosco <bo...@apache.org>
Subject: ranger solr-plugin
my solr can working normal.when i use the security.json like this
{
"authentication": {
"class": "solr.BasicAuthPlugin",
"blockUnknown": true,
"credentials": {
"root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
}
},
"authorization": {
"class": "solr.RuleBasedAuthorizationPlugin"
}
}
but when i Securing Solr Collections with Ranger as below:
{
"authentication": {
"class": "solr.BasicAuthPlugin",
"credentials": {
"root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
}
},
"authorization": {
"class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"
}
}
solr-plugin can show in ranger-audit-plugin.
But solr can't work normal when i open http://localhost:8983/solr/
HTTP ERROR 500
Problem accessing /solr/. Reason:
{trace=java.lang.NullPointerException
at org.apache.solr.servlet.HttpSolrCall$2.toString(HttpSolrCall.java:1020)
at java.lang.String.valueOf(String.java:2849)
at java.lang.StringBuilder.append(StringBuilder.java:128)
at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:227)
at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:128)
at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:420)
at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:225)
at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:183)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:499)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:745)
,code=500}
Powered by Jetty://
fangheart@fangheart.win
Re: ranger solr-plugin
Posted by Don Bosco Durai <bo...@apache.org>.
Configuring Solr for Kerberos and accessing it requires a lot of things done correctly, else it is very difficult to debug.
I had written this article a while ago, you can give a try. But note that, all clients needs to be Kerberos aware. So if you are using curl, then make sure you have kinit’ed before making the call. Also check for the cookies returned. If you are accessing via browser, note only certain browsers picks your local kinit by default. Others, including Chrome, you need to do additional steps.
https://cwiki.apache.org/confluence/display/RANGER/How+to+configure+Solr+Cloud+with+Kerberos+for+Ranger+0.5
Thanks
Bosco
From: "方久鑫 (fangheart)" <fa...@fangheart.win>
Date: Wednesday, January 4, 2017 at 11:19 PM
To: Don Bosco Durai <bo...@apache.org>
Subject: Re: Re: ranger solr-plugin
Now i install ranger not in kerberos,but solr in kerberos,After authentication and authorization ,Enven "Test connection" still can't show nomal,But my ranger It seems that can control the solr when i after add base policy,when i use commond such as
curl --negotiate -u : http://test-1:8983/solr/gettingstarted/select?q=film
Besides after authorization,the solr webUI cant't use .That cause some trouble for me.it caused by ranger not in kerberos?
From: Don Bosco Durai
Date: 2017-01-05 04:25
To: user@ranger.incubator.apache.org
CC: fangheart
Subject: Re: ranger solr-plugin
Gautam, thanks. This is what I was looking for. The document looks pretty detailed. But had a hard time finding it. We should have a central page with the links to the different documents.
Fangheart, can you go through the steps as noted in the document and let us know if it works for you? And give any feedback you might have.
Thanks
Bosco
From: Gautam Borad <gb...@gmail.com>
Reply-To: <us...@ranger.incubator.apache.org>
Date: Tuesday, January 3, 2017 at 10:16 PM
To: <us...@ranger.incubator.apache.org>
Cc: fangheart <fa...@fangheart.win>
Subject: Re: ranger solr-plugin
Bosco, there is a session "Creating Keytab and principals" in the doc, if that is what you want. After that one will have to enable the plugin like any other plugin.
However, will still give the doc one shot and try to update if anything is missing. Thanks.
On Wed, Jan 4, 2017 at 12:47 AM, Don Bosco Durai <bo...@apache.org> wrote:
Gautam, this is mostly how to setup Apache Ranger to run in Kerberos mode. I know, when installed via Ambari, we create the Ranger Admin and Lookup user keytabs and appropriate properties are automatically configured.
So if someone want to do this manually or via our manual setup script, then is there any documentation.
If we don’t, we should create a JIRA and track it for now.
Thanks
Bosco
From: Gautam Borad <gb...@gmail.com>
Reply-To: <us...@ranger.incubator.apache.org>
Date: Tuesday, January 3, 2017 at 12:34 AM
To: <us...@ranger.incubator.apache.org>
Cc: fangheart <fa...@fangheart.win>
Subject: Re: ranger solr-plugin
The following documents should server your purpose :
- Enable Ranger Solr Plugin
- Configure SolrCloud in secure mode
- Ranger installation in Kerberos Environment
Also Bosco, am not sure if any changes were done to the setup script for Solr plugin support. The script is generic for all components.
On Mon, Jan 2, 2017 at 11:15 PM, Don Bosco Durai <bo...@apache.org> wrote:
The latest release supports Kerberos. However, the setup is done via Apache Ambari. I am not sure whether there is a documentation to set this up for manual Ranger install.
Ankita, since you worked on this, did we update the manual install scripts and is there any documentation around it?
Thanks
Bosco
From: fangheart <fa...@fangheart.win>
Date: Wednesday, December 28, 2016 at 4:38 PM
To: Don Bosco Durai <bo...@apache.org>
Subject: Re: ranger solr-plugin
Thank you very much for your reply.if you can support the kerberoes for ranger admin,i will thank you very much.
Best wishes for you.
On 12/28/2016 08:53, Don Bosco Durai wrote:
For “Test Connection” to work, you need to have the Ranger Admin also Kerberized. Just for your information, connection from Ranger Admin to Solr is only required for “collections” lookup. If you know the collections, then you can manually type them while creating the policies.
Let me know if you need help on setting up Kerberos for Ranger Admin.
Bosco
From: "方久鑫 (fangheart)" <fa...@fangheart.win>
Date: Friday, October 28, 2016 at 1:20 AM
To: Don Bosco Durai <bo...@apache.org>
Subject: Re: Re: ranger solr-plugin
my version is 0.6. And now i install the kerberos. it can work normal . But now i have another question.
When the authorization and authentication is completed. ranger-solr-service test connection can't show successfully.It show HTTP 401 Authentication required. What should i do let it can test connection?
Thank you for your reply.
fangheart@fangheart.win
From: Don Bosco Durai
Date: 2016-10-28 03:10
To: 方久鑫 (fangheart)
CC: user@ranger.incubator.apache.org; ranger
Subject: Re: ranger solr-plugin
[Copied user and dev group]
Hello
I personally have not tested with Solr’s basic auth. All my testing was with Kerberos.
Which Ranger version are you using? Looking at the line numbers, it doesn’t seem to be Ranger 0.6
Bosco
From: "方久鑫 (fangheart)" <fa...@fangheart.win>
Date: Tuesday, October 25, 2016 at 2:14 AM
To: bosco <bo...@apache.org>
Subject: ranger solr-plugin
my solr can working normal.when i use the security.json like this
{
"authentication": {
"class": "solr.BasicAuthPlugin",
"blockUnknown": true,
"credentials": {
"root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
}
},
"authorization": {
"class": "solr.RuleBasedAuthorizationPlugin"
}
}
but when i Securing Solr Collections with Ranger as below:
{
"authentication": {
"class": "solr.BasicAuthPlugin",
"credentials": {
"root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
}
},
"authorization": {
"class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"
}
}
solr-plugin can show in ranger-audit-plugin.
But solr can't work normal when i open http://localhost:8983/solr/
HTTP ERROR 500
Problem accessing /solr/. Reason:
{trace=java.lang.NullPointerException
at org.apache.solr.servlet.HttpSolrCall$2.toString(HttpSolrCall.java:1020)
at java.lang.String.valueOf(String.java:2849)
at java.lang.StringBuilder.append(StringBuilder.java:128)
at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:227)
at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:128)
at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:420)
at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:225)
at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:183)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:499)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:745)
,code=500}
Powered by Jetty://
fangheart@fangheart.win
--
Regards,
Gautam.
--
Regards,
Gautam.
Re: ranger solr-plugin
Posted by Don Bosco Durai <bo...@apache.org>.
Gautam, thanks. This is what I was looking for. The document looks pretty detailed. But had a hard time finding it. We should have a central page with the links to the different documents.
Fangheart, can you go through the steps as noted in the document and let us know if it works for you? And give any feedback you might have.
Thanks
Bosco
From: Gautam Borad <gb...@gmail.com>
Reply-To: <us...@ranger.incubator.apache.org>
Date: Tuesday, January 3, 2017 at 10:16 PM
To: <us...@ranger.incubator.apache.org>
Cc: fangheart <fa...@fangheart.win>
Subject: Re: ranger solr-plugin
Bosco, there is a session "Creating Keytab and principals" in the doc, if that is what you want. After that one will have to enable the plugin like any other plugin.
However, will still give the doc one shot and try to update if anything is missing. Thanks.
On Wed, Jan 4, 2017 at 12:47 AM, Don Bosco Durai <bo...@apache.org> wrote:
Gautam, this is mostly how to setup Apache Ranger to run in Kerberos mode. I know, when installed via Ambari, we create the Ranger Admin and Lookup user keytabs and appropriate properties are automatically configured.
So if someone want to do this manually or via our manual setup script, then is there any documentation.
If we don’t, we should create a JIRA and track it for now.
Thanks
Bosco
From: Gautam Borad <gb...@gmail.com>
Reply-To: <us...@ranger.incubator.apache.org>
Date: Tuesday, January 3, 2017 at 12:34 AM
To: <us...@ranger.incubator.apache.org>
Cc: fangheart <fa...@fangheart.win>
Subject: Re: ranger solr-plugin
The following documents should server your purpose :
- Enable Ranger Solr Plugin
- Configure SolrCloud in secure mode
- Ranger installation in Kerberos Environment
Also Bosco, am not sure if any changes were done to the setup script for Solr plugin support. The script is generic for all components.
On Mon, Jan 2, 2017 at 11:15 PM, Don Bosco Durai <bo...@apache.org> wrote:
The latest release supports Kerberos. However, the setup is done via Apache Ambari. I am not sure whether there is a documentation to set this up for manual Ranger install.
Ankita, since you worked on this, did we update the manual install scripts and is there any documentation around it?
Thanks
Bosco
From: fangheart <fa...@fangheart.win>
Date: Wednesday, December 28, 2016 at 4:38 PM
To: Don Bosco Durai <bo...@apache.org>
Subject: Re: ranger solr-plugin
Thank you very much for your reply.if you can support the kerberoes for ranger admin,i will thank you very much.
Best wishes for you.
On 12/28/2016 08:53, Don Bosco Durai wrote:
For “Test Connection” to work, you need to have the Ranger Admin also Kerberized. Just for your information, connection from Ranger Admin to Solr is only required for “collections” lookup. If you know the collections, then you can manually type them while creating the policies.
Let me know if you need help on setting up Kerberos for Ranger Admin.
Bosco
From: "方久鑫 (fangheart)" <fa...@fangheart.win>
Date: Friday, October 28, 2016 at 1:20 AM
To: Don Bosco Durai <bo...@apache.org>
Subject: Re: Re: ranger solr-plugin
my version is 0.6. And now i install the kerberos. it can work normal . But now i have another question.
When the authorization and authentication is completed. ranger-solr-service test connection can't show successfully.It show HTTP 401 Authentication required. What should i do let it can test connection?
Thank you for your reply.
fangheart@fangheart.win
From: Don Bosco Durai
Date: 2016-10-28 03:10
To: 方久鑫 (fangheart)
CC: user@ranger.incubator.apache.org; ranger
Subject: Re: ranger solr-plugin
[Copied user and dev group]
Hello
I personally have not tested with Solr’s basic auth. All my testing was with Kerberos.
Which Ranger version are you using? Looking at the line numbers, it doesn’t seem to be Ranger 0.6
Bosco
From: "方久鑫 (fangheart)" <fa...@fangheart.win>
Date: Tuesday, October 25, 2016 at 2:14 AM
To: bosco <bo...@apache.org>
Subject: ranger solr-plugin
my solr can working normal.when i use the security.json like this
{
"authentication": {
"class": "solr.BasicAuthPlugin",
"blockUnknown": true,
"credentials": {
"root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
}
},
"authorization": {
"class": "solr.RuleBasedAuthorizationPlugin"
}
}
but when i Securing Solr Collections with Ranger as below:
{
"authentication": {
"class": "solr.BasicAuthPlugin",
"credentials": {
"root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
}
},
"authorization": {
"class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"
}
}
solr-plugin can show in ranger-audit-plugin.
But solr can't work normal when i open http://localhost:8983/solr/
HTTP ERROR 500
Problem accessing /solr/. Reason:
{trace=java.lang.NullPointerException
at org.apache.solr.servlet.HttpSolrCall$2.toString(HttpSolrCall.java:1020)
at java.lang.String.valueOf(String.java:2849)
at java.lang.StringBuilder.append(StringBuilder.java:128)
at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:227)
at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:128)
at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:420)
at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:225)
at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:183)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:499)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:745)
,code=500}
Powered by Jetty://
fangheart@fangheart.win
--
Regards,
Gautam.
--
Regards,
Gautam.
Re: ranger solr-plugin
Posted by Gautam Borad <gb...@gmail.com>.
Bosco, there is a session "Creating Keytab and principals" in the doc
<https://cwiki.apache.org/confluence/display/RANGER/Ranger+installation+in+Kerberized++Environment>,
if that is what you want. After that one will have to enable the plugin
like any other plugin.
However, will still give the doc one shot and try to update if anything is
missing. Thanks.
On Wed, Jan 4, 2017 at 12:47 AM, Don Bosco Durai <bo...@apache.org> wrote:
> Gautam, this is mostly how to setup Apache Ranger to run in Kerberos mode.
> I know, when installed via Ambari, we create the Ranger Admin and Lookup
> user keytabs and appropriate properties are automatically configured.
>
>
>
> So if someone want to do this manually or via our manual setup script,
> then is there any documentation.
>
>
>
> If we don’t, we should create a JIRA and track it for now.
>
>
>
> Thanks
>
>
>
> Bosco
>
>
>
>
>
> *From: *Gautam Borad <gb...@gmail.com>
> *Reply-To: *<us...@ranger.incubator.apache.org>
> *Date: *Tuesday, January 3, 2017 at 12:34 AM
> *To: *<us...@ranger.incubator.apache.org>
> *Cc: *fangheart <fa...@fangheart.win>
> *Subject: *Re: ranger solr-plugin
>
>
>
> The following documents should server your purpose :
>
>
>
> - Enable Ranger Solr Plugin
> <https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation#ApacheRanger0.5.0Installation-EnablingRangerSolrPlugin>
>
>
> - Configure SolrCloud in secure mode
> <https://cwiki.apache.org/confluence/display/RANGER/How+to+configure+Solr+Cloud+with+Kerberos+for+Ranger+0.5>
>
>
> - Ranger installation in Kerberos Environment
> <https://cwiki.apache.org/confluence/display/RANGER/Ranger+installation+in+Kerberized++Environment>
>
>
>
>
> Also Bosco, am not sure if any changes were done to the setup script for
> Solr plugin support. The script is generic for all components.
>
>
>
>
>
>
>
> On Mon, Jan 2, 2017 at 11:15 PM, Don Bosco Durai <bo...@apache.org> wrote:
>
> The latest release supports Kerberos. However, the setup is done via
> Apache Ambari. I am not sure whether there is a documentation to set this
> up for manual Ranger install.
>
>
>
> Ankita, since you worked on this, did we update the manual install scripts
> and is there any documentation around it?
>
>
>
> Thanks
>
>
>
> Bosco
>
>
>
>
>
> *From: *fangheart <fa...@fangheart.win>
> *Date: *Wednesday, December 28, 2016 at 4:38 PM
> *To: *Don Bosco Durai <bo...@apache.org>
> *Subject: *Re: ranger solr-plugin
>
>
>
> Thank you very much for your reply.if you can support the
> kerberoes for ranger admin,i will thank you very much.
>
>
>
> Best wishes for you.
>
> On 12/28/2016 08:53, Don Bosco Durai <bo...@apache.org> wrote:
>
> For “Test Connection” to work, you need to have the Ranger Admin also
> Kerberized. Just for your information, connection from Ranger Admin to Solr
> is only required for “collections” lookup. If you know the collections,
> then you can manually type them while creating the policies.
>
>
>
> Let me know if you need help on setting up Kerberos for Ranger Admin.
>
>
>
> Bosco
>
>
>
>
>
> *From: *"方久鑫 (fangheart)" <fa...@fangheart.win>
> *Date: *Friday, October 28, 2016 at 1:20 AM
> *To: *Don Bosco Durai <bo...@apache.org>
> *Subject: *Re: Re: ranger solr-plugin
>
>
>
> my version is 0.6. And now i install the kerberos. it can work normal .
> But now i have another question.
>
>
>
> *When the authorization and authentication is completed.
> ranger-solr-service test connection can't show successfully.It show HTTP
> 401 Authentication required. What should i do let it can test connection?*
>
>
>
> *Thank you for your reply.*
>
>
> ------------------------------
>
> fangheart@fangheart.win
>
>
>
> *From:* Don Bosco Durai <bo...@apache.org>
>
> *Date:* 2016-10-28 03:10
>
> *To:* 方久鑫 (fangheart) <fa...@fangheart.win>
>
> *CC:* user@ranger.incubator.apache.org; ranger
> <de...@ranger.incubator.apache.org>
>
> *Subject:* Re: ranger solr-plugin
>
> [Copied user and dev group]
>
> Hello
>
>
>
> I personally have not tested with Solr’s basic auth. All my testing was
> with Kerberos.
>
>
>
> Which Ranger version are you using? Looking at the line numbers, it
> doesn’t seem to be Ranger 0.6
>
>
>
> Bosco
>
>
>
>
>
> *From: *"方久鑫 (fangheart)" <fa...@fangheart.win>
> *Date: *Tuesday, October 25, 2016 at 2:14 AM
> *To: *bosco <bo...@apache.org>
> *Subject: *ranger solr-plugin
>
>
>
>
>
> my solr can working normal.when i use the security.json like this
>
> {
>
> "authentication": {
>
> "class": "solr.BasicAuthPlugin",
>
> "blockUnknown": true,
>
> "credentials": {
>
> "root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
>
> }
>
> },
>
> "authorization": {
>
> "class": "solr.RuleBasedAuthorizationPlugin"
>
> }
>
> }
>
> but when i Securing Solr Collections with Ranger as below:
>
> {
>
> "authentication": {
>
> "class": "solr.BasicAuthPlugin",
>
> "credentials": {
>
> "root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
>
> }
>
> },
>
> "authorization": {
>
> "class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"
>
> }
>
> }
>
> solr-plugin can show in ranger-audit-plugin.
>
> But solr can't work normal when i open http://localhost:8983/solr/
>
>
>
>
> HTTP ERROR 500
>
> Problem accessing /solr/. Reason:
>
> {trace=java.lang.NullPointerException
>
> at org.apache.solr.servlet.HttpSolrCall$2.toString(HttpSolrCall.java:1020)
>
> at java.lang.String.valueOf(String.java:2849)
>
> at java.lang.StringBuilder.append(StringBuilder.java:128)
>
> at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:227)
>
> at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:128)
>
> at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:420)
>
> at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:225)
>
> at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:183)
>
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>
> at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
>
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
>
> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
>
> at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
>
> at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
>
> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
>
> at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
>
> at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
>
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
>
> at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
>
> at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
>
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
>
> at org.eclipse.jetty.server.Server.handle(Server.java:499)
>
> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
>
> at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
>
> at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
>
> at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
>
> at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
>
> at java.lang.Thread.run(Thread.java:745)
>
> ,code=500}
>
> Powered by Jetty://
>
> ------------------------------
>
> fangheart@fangheart.win
>
>
>
>
>
> --
>
> Regards,
>
> Gautam.
>
--
Regards,
Gautam.
Re: ranger solr-plugin
Posted by Don Bosco Durai <bo...@apache.org>.
Gautam, this is mostly how to setup Apache Ranger to run in Kerberos mode. I know, when installed via Ambari, we create the Ranger Admin and Lookup user keytabs and appropriate properties are automatically configured.
So if someone want to do this manually or via our manual setup script, then is there any documentation.
If we don’t, we should create a JIRA and track it for now.
Thanks
Bosco
From: Gautam Borad <gb...@gmail.com>
Reply-To: <us...@ranger.incubator.apache.org>
Date: Tuesday, January 3, 2017 at 12:34 AM
To: <us...@ranger.incubator.apache.org>
Cc: fangheart <fa...@fangheart.win>
Subject: Re: ranger solr-plugin
The following documents should server your purpose :
- Enable Ranger Solr Plugin
- Configure SolrCloud in secure mode
- Ranger installation in Kerberos Environment
Also Bosco, am not sure if any changes were done to the setup script for Solr plugin support. The script is generic for all components.
On Mon, Jan 2, 2017 at 11:15 PM, Don Bosco Durai <bo...@apache.org> wrote:
The latest release supports Kerberos. However, the setup is done via Apache Ambari. I am not sure whether there is a documentation to set this up for manual Ranger install.
Ankita, since you worked on this, did we update the manual install scripts and is there any documentation around it?
Thanks
Bosco
From: fangheart <fa...@fangheart.win>
Date: Wednesday, December 28, 2016 at 4:38 PM
To: Don Bosco Durai <bo...@apache.org>
Subject: Re: ranger solr-plugin
Thank you very much for your reply.if you can support the kerberoes for ranger admin,i will thank you very much.
Best wishes for you.
On 12/28/2016 08:53, Don Bosco Durai wrote:
For “Test Connection” to work, you need to have the Ranger Admin also Kerberized. Just for your information, connection from Ranger Admin to Solr is only required for “collections” lookup. If you know the collections, then you can manually type them while creating the policies.
Let me know if you need help on setting up Kerberos for Ranger Admin.
Bosco
From: "方久鑫 (fangheart)" <fa...@fangheart.win>
Date: Friday, October 28, 2016 at 1:20 AM
To: Don Bosco Durai <bo...@apache.org>
Subject: Re: Re: ranger solr-plugin
my version is 0.6. And now i install the kerberos. it can work normal . But now i have another question.
When the authorization and authentication is completed. ranger-solr-service test connection can't show successfully.It show HTTP 401 Authentication required. What should i do let it can test connection?
Thank you for your reply.
fangheart@fangheart.win
From: Don Bosco Durai
Date: 2016-10-28 03:10
To: 方久鑫 (fangheart)
CC: user@ranger.incubator.apache.org; ranger
Subject: Re: ranger solr-plugin
[Copied user and dev group]
Hello
I personally have not tested with Solr’s basic auth. All my testing was with Kerberos.
Which Ranger version are you using? Looking at the line numbers, it doesn’t seem to be Ranger 0.6
Bosco
From: "方久鑫 (fangheart)" <fa...@fangheart.win>
Date: Tuesday, October 25, 2016 at 2:14 AM
To: bosco <bo...@apache.org>
Subject: ranger solr-plugin
my solr can working normal.when i use the security.json like this
{
"authentication": {
"class": "solr.BasicAuthPlugin",
"blockUnknown": true,
"credentials": {
"root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
}
},
"authorization": {
"class": "solr.RuleBasedAuthorizationPlugin"
}
}
but when i Securing Solr Collections with Ranger as below:
{
"authentication": {
"class": "solr.BasicAuthPlugin",
"credentials": {
"root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
}
},
"authorization": {
"class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"
}
}
solr-plugin can show in ranger-audit-plugin.
But solr can't work normal when i open http://localhost:8983/solr/
HTTP ERROR 500
Problem accessing /solr/. Reason:
{trace=java.lang.NullPointerException
at org.apache.solr.servlet.HttpSolrCall$2.toString(HttpSolrCall.java:1020)
at java.lang.String.valueOf(String.java:2849)
at java.lang.StringBuilder.append(StringBuilder.java:128)
at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:227)
at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:128)
at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:420)
at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:225)
at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:183)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:499)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:745)
,code=500}
Powered by Jetty://
fangheart@fangheart.win
--
Regards,
Gautam.
Re: ranger solr-plugin
Posted by Gautam Borad <gb...@gmail.com>.
The following documents should server your purpose :
- Enable Ranger Solr Plugin
<https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation#ApacheRanger0.5.0Installation-EnablingRangerSolrPlugin>
- Configure SolrCloud in secure mode
<https://cwiki.apache.org/confluence/display/RANGER/How+to+configure+Solr+Cloud+with+Kerberos+for+Ranger+0.5>
- Ranger installation in Kerberos Environment
<https://cwiki.apache.org/confluence/display/RANGER/Ranger+installation+in+Kerberized++Environment>
Also Bosco, am not sure if any changes were done to the setup script for
Solr plugin support. The script is generic for all components.
On Mon, Jan 2, 2017 at 11:15 PM, Don Bosco Durai <bo...@apache.org> wrote:
> The latest release supports Kerberos. However, the setup is done via
> Apache Ambari. I am not sure whether there is a documentation to set this
> up for manual Ranger install.
>
>
>
> Ankita, since you worked on this, did we update the manual install scripts
> and is there any documentation around it?
>
>
>
> Thanks
>
>
>
> Bosco
>
>
>
>
>
> *From: *fangheart <fa...@fangheart.win>
> *Date: *Wednesday, December 28, 2016 at 4:38 PM
> *To: *Don Bosco Durai <bo...@apache.org>
> *Subject: *Re: ranger solr-plugin
>
>
>
> Thank you very much for your reply.if you can support the
> kerberoes for ranger admin,i will thank you very much.
>
>
>
> Best wishes for you.
>
> On 12/28/2016 08:53, Don Bosco Durai <bo...@apache.org> wrote:
>
> For “Test Connection” to work, you need to have the Ranger Admin also
> Kerberized. Just for your information, connection from Ranger Admin to Solr
> is only required for “collections” lookup. If you know the collections,
> then you can manually type them while creating the policies.
>
>
>
> Let me know if you need help on setting up Kerberos for Ranger Admin.
>
>
>
> Bosco
>
>
>
>
>
> *From: *"方久鑫 (fangheart)" <fa...@fangheart.win>
> *Date: *Friday, October 28, 2016 at 1:20 AM
> *To: *Don Bosco Durai <bo...@apache.org>
> *Subject: *Re: Re: ranger solr-plugin
>
>
>
> my version is 0.6. And now i install the kerberos. it can work normal .
> But now i have another question.
>
>
>
> *When the authorization and authentication is completed.
> ranger-solr-service test connection can't show successfully.It show HTTP
> 401 Authentication required. What should i do let it can test connection?*
>
>
>
> *Thank you for your reply.*
>
>
> ------------------------------
>
> fangheart@fangheart.win
>
>
>
> *From:* Don Bosco Durai <bo...@apache.org>
>
> *Date:* 2016-10-28 03:10
>
> *To:* 方久鑫 (fangheart) <fa...@fangheart.win>
>
> *CC:* user@ranger.incubator.apache.org; ranger
> <de...@ranger.incubator.apache.org>
>
> *Subject:* Re: ranger solr-plugin
>
> [Copied user and dev group]
>
> Hello
>
>
>
> I personally have not tested with Solr’s basic auth. All my testing was
> with Kerberos.
>
>
>
> Which Ranger version are you using? Looking at the line numbers, it
> doesn’t seem to be Ranger 0.6
>
>
>
> Bosco
>
>
>
>
>
> *From: *"方久鑫 (fangheart)" <fa...@fangheart.win>
> *Date: *Tuesday, October 25, 2016 at 2:14 AM
> *To: *bosco <bo...@apache.org>
> *Subject: *ranger solr-plugin
>
>
>
>
>
> my solr can working normal.when i use the security.json like this
>
> {
>
> "authentication": {
>
> "class": "solr.BasicAuthPlugin",
>
> "blockUnknown": true,
>
> "credentials": {
>
> "root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
>
> }
>
> },
>
> "authorization": {
>
> "class": "solr.RuleBasedAuthorizationPlugin"
>
> }
>
> }
>
> but when i Securing Solr Collections with Ranger as below:
>
> {
>
> "authentication": {
>
> "class": "solr.BasicAuthPlugin",
>
> "credentials": {
>
> "root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
>
> }
>
> },
>
> "authorization": {
>
> "class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"
>
> }
>
> }
>
> solr-plugin can show in ranger-audit-plugin.
>
> But solr can't work normal when i open http://localhost:8983/solr/
>
>
>
>
>
> HTTP ERROR 500
>
> Problem accessing /solr/. Reason:
>
> {trace=java.lang.NullPointerException
>
> at org.apache.solr.servlet.HttpSolrCall$2.toString(HttpSolrCall.java:1020)
>
> at java.lang.String.valueOf(String.java:2849)
>
> at java.lang.StringBuilder.append(StringBuilder.java:128)
>
> at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:227)
>
> at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:128)
>
> at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:420)
>
> at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:225)
>
> at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:183)
>
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>
> at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
>
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
>
> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
>
> at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
>
> at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
>
> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
>
> at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
>
> at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
>
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
>
> at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
>
> at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
>
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
>
> at org.eclipse.jetty.server.Server.handle(Server.java:499)
>
> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
>
> at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
>
> at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
>
> at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
>
> at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
>
> at java.lang.Thread.run(Thread.java:745)
>
> ,code=500}
>
> Powered by Jetty://
>
> ------------------------------
>
> fangheart@fangheart.win
>
>
--
Regards,
Gautam.
Re: ranger solr-plugin
Posted by Don Bosco Durai <bo...@apache.org>.
The latest release supports Kerberos. However, the setup is done via Apache Ambari. I am not sure whether there is a documentation to set this up for manual Ranger install.
Ankita, since you worked on this, did we update the manual install scripts and is there any documentation around it?
Thanks
Bosco
From: fangheart <fa...@fangheart.win>
Date: Wednesday, December 28, 2016 at 4:38 PM
To: Don Bosco Durai <bo...@apache.org>
Subject: Re: ranger solr-plugin
Thank you very much for your reply.if you can support the kerberoes for ranger admin,i will thank you very much.
Best wishes for you.
On 12/28/2016 08:53, Don Bosco Durai wrote:
For “Test Connection” to work, you need to have the Ranger Admin also Kerberized. Just for your information, connection from Ranger Admin to Solr is only required for “collections” lookup. If you know the collections, then you can manually type them while creating the policies.
Let me know if you need help on setting up Kerberos for Ranger Admin.
Bosco
From: "方久鑫 (fangheart)" <fa...@fangheart.win>
Date: Friday, October 28, 2016 at 1:20 AM
To: Don Bosco Durai <bo...@apache.org>
Subject: Re: Re: ranger solr-plugin
my version is 0.6. And now i install the kerberos. it can work normal . But now i have another question.
When the authorization and authentication is completed. ranger-solr-service test connection can't show successfully.It show HTTP 401 Authentication required. What should i do let it can test connection?
Thank you for your reply.
fangheart@fangheart.win
From: Don Bosco Durai
Date: 2016-10-28 03:10
To: 方久鑫 (fangheart)
CC: user@ranger.incubator.apache.org; ranger
Subject: Re: ranger solr-plugin
[Copied user and dev group]
Hello
I personally have not tested with Solr’s basic auth. All my testing was with Kerberos.
Which Ranger version are you using? Looking at the line numbers, it doesn’t seem to be Ranger 0.6
Bosco
From: "方久鑫 (fangheart)" <fa...@fangheart.win>
Date: Tuesday, October 25, 2016 at 2:14 AM
To: bosco <bo...@apache.org>
Subject: ranger solr-plugin
my solr can working normal.when i use the security.json like this
{
"authentication": {
"class": "solr.BasicAuthPlugin",
"blockUnknown": true,
"credentials": {
"root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
}
},
"authorization": {
"class": "solr.RuleBasedAuthorizationPlugin"
}
}
but when i Securing Solr Collections with Ranger as below:
{
"authentication": {
"class": "solr.BasicAuthPlugin",
"credentials": {
"root": "v1kx29vsv2JHda4iY+rqpNpHscwW29rH1z6rzI/6LVI= tL5DTOVBr1eRaW8u1Hyo5JluY8bMqkeQJ573pgLynDw="
}
},
"authorization": {
"class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"
}
}
solr-plugin can show in ranger-audit-plugin.
But solr can't work normal when i open http://localhost:8983/solr/
HTTP ERROR 500
Problem accessing /solr/. Reason:
{trace=java.lang.NullPointerException
at org.apache.solr.servlet.HttpSolrCall$2.toString(HttpSolrCall.java:1020)
at java.lang.String.valueOf(String.java:2849)
at java.lang.StringBuilder.append(StringBuilder.java:128)
at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:227)
at org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer.authorize(RangerSolrAuthorizer.java:128)
at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:420)
at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:225)
at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:183)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:499)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:745)
,code=500}
Powered by Jetty://
fangheart@fangheart.win