You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@storm.apache.org by HeartSaVioR <gi...@git.apache.org> on 2018/01/02 23:49:38 UTC
[GitHub] storm pull request #2467: STORM-2860: Add Kerberos support to Solr bolt
Github user HeartSaVioR commented on a diff in the pull request:
https://github.com/apache/storm/pull/2467#discussion_r159340988
--- Diff: external/storm-solr/README.md ---
@@ -97,6 +97,29 @@ field separates each value with the token % instead of the default | . To use th
.setMultiValueFieldToken("%").build();
```
+##Working with Kerberized Solr
+If your topology is going to interact with kerberized Solr, your bolts/states need to be authenticated by Solr Server. We can enable
+authentication by distributing keytabs for solr user on all worker hosts. We can configure the solr bolt to use keytabs by setting
+SolrConfig.enableKerberos config property.
+
+On worker hosts the bolt/trident-state code will use the keytab file with principal provided in the jaas config to authenticate with
+Solr. You need to specify a Kerberos principal for the client and a corresponding keytab in the JAAS client configuration file.
+Also make sure the provided principal is configured with required permissions to access solr collections.
+
+Here’s an example JAAS config:
+
+`SolrJClient {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ keyTab="/keytabs/foo.keytab"
--- End diff --
We don't (maybe shouldn't) rely on other project configuration. It looks fine.
---