You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Andrew Onischuk (JIRA)" <ji...@apache.org> on 2016/07/08 10:33:10 UTC

[jira] [Created] (AMBARI-17621) Kerberized Solr support for Atlas

Andrew Onischuk created AMBARI-17621:
----------------------------------------

             Summary: Kerberized Solr support for Atlas
                 Key: AMBARI-17621
                 URL: https://issues.apache.org/jira/browse/AMBARI-17621
             Project: Ambari
          Issue Type: Bug
            Reporter: Andrew Onischuk
            Assignee: Andrew Onischuk
             Fix For: 2.4.0
         Attachments: AMBARI-17621.patch

Currently Atlas does not support kerberized Solr communication.  
To make kerberized Solr client work:  
1\. Set `java.security.auth.login.config` property, which points to a jaas-
file (with Client block)  
2\. Use Kerberos http client configurer.

This option should be bind to a new property (e.g.:
"atlas.solr.kerberos.enable")

call this before creating CloudSolrClient instance: (most likely
Solr5Index.java)

    
    
    
    boolean securityEnabled = PropertiesUtil.getBooleanProperty("atlas.solr.kerberos.enable", false);
    if (securityEnabled) {
      System.setProperty("java.security.auth.login.config", "/etc/atlas/conf/atlas-jaas.conf");
      HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
    }
    

some useful documentation from Ranger:  
<https://cwiki.apache.org/confluence/display/RANGER/How+to+configure+Solr+Clou
d+with+Kerberos+for+Ranger+0.5>

On ambari side: we should handle this property if kerberos is enabled. The new
property should be added only if Solr is used for Atlas





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)