You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by HeartSaVioR <gi...@git.apache.org> on 2018/01/02 23:49:38 UTC

[GitHub] storm pull request #2467: STORM-2860: Add Kerberos support to Solr bolt

Github user HeartSaVioR commented on a diff in the pull request:

    https://github.com/apache/storm/pull/2467#discussion_r159340988
  
    --- Diff: external/storm-solr/README.md ---
    @@ -97,6 +97,29 @@ field separates each value with the token % instead of the default | . To use th
                     .setMultiValueFieldToken("%").build();
     ```
     
    +##Working with Kerberized Solr
    +If your topology is going to interact with kerberized Solr, your bolts/states need to be authenticated by Solr Server. We can enable
    +authentication by distributing keytabs for solr user on all worker hosts. We can configure the solr bolt to use keytabs by setting
    +SolrConfig.enableKerberos config property.
    +
    +On worker hosts the bolt/trident-state code will use the keytab file with principal provided in the jaas config to authenticate with
    +Solr. You need to specify a Kerberos principal for the client and a corresponding keytab in the JAAS client configuration file.
    +Also make sure the provided principal is configured with required permissions to access solr collections.
    +
    +Here’s an example JAAS config:
    +
    +`SolrJClient {
    +  com.sun.security.auth.module.Krb5LoginModule required
    +  useKeyTab=true
    +  keyTab="/keytabs/foo.keytab"
    --- End diff --
    
    We don't (maybe shouldn't) rely on other project configuration. It looks fine.


---