You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by rohit sinha <ta...@gmail.com> on 2016/04/11 09:41:51 UTC
How to configure Solr Auditing for new Ranger Plugin
Hello,
I followed the installation documentation (
https://cwiki.apache.org/confluence/display/RANGER/Install+and+Configure+Solr+for+Ranger+Audits+-+Apache+Ranger+0.5)
to install Solr Standalone and have configurered ranger-admind with the
solr url. The config also have username and password properties. What will
be the values of these field ? I can access the Solr web ui without any
login information so I am guessing there is no authentication for it.
Also, the documentation here (
https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation#ApacheRanger0.5.0Installation-EnablingAuditLoggingToSOLR)
describes how to enable solr auditing for a plugin through
install.properties configuration. I don't have this file for my service. I
have one look up jar which is running inside ranger and another
authorization jar running inside my service and the security.xml, audit.xml
files in the classpath of my service.
Where should I define these values ?
PROPERTY
VALUE
XAAUDIT.SOLR.IS_ENABLED true
XAAUDIT.SOLR.ENABLE true
XAAUDIT.SOLR.URL
http://solr_host:6083/solr/ranger_audits
XAAUDIT.SOLR.USER ranger_solr
XAAUDIT.SOLR.PASSWORD NONE
XAAUDIT.SOLR.FILE_SPOOL_DIR var/log/hadoop/hdfs/audit/solr/spool
Currently, I don't see any documents in my Solr installation under
ranger_audits.
Any help will be appreciated.
Thanks,
Rohit Sinha
Re: How to configure Solr Auditing for new Ranger Plugin
Posted by Gautam Borad <gb...@gmail.com>.
Rohit, You can put the properties in the ranger-<component>-audit.xml file.
The properties can be something like this :
<property>
<name>xasecure.audit.destination.solr</name>
<value>true</value>
</property>
<property>
<name>xasecure.audit.destination.solr.batch.filespool.dir</name>
<value>/var/log/hadoop/hdfs/audit/solr/spool</value>
</property>
<property>
<name>xasecure.audit.destination.solr.urls</name>
<value>http://<solr-host>:6083/solr/ranger_audits</value>
</property>
<property>
<name>xasecure.audit.destination.solr.zookeepers</name>
<value>NONE</value>
</property>
HTH, Thanks.
On Tue, Apr 12, 2016 at 12:12 AM, rohit sinha <ta...@gmail.com>
wrote:
> Hello,
> Thanks for the reply.
> I have ranger.audit.source.type set properly. I followed this guideline to
> install Solr Standalone (
>
> https://cwiki.apache.org/confluence/display/RANGER/Install+and+Configure+Solr+for+Ranger+Audits+-+Apache+Ranger+0.5
> )
> In this case I am guessing the ranger.solr.audit.user should be solr,
> password should be NONE and the zoopkeepers can be empty since its a
> standalone install. Please correct me if I am wrong.
>
>
> In the plugin side:
> XAAUDIT.SOLR.USERranger_solr
> XAAUDIT.SOLR.PASSWORDNONE
> XAAUDIT.SOLR.FILE_SPOOL_DIRvar/log/hadoop/hdfs/audit/solr/spool
>
> Where should these properties go ? I don't have a install.properties or
> setup script for my plugin.
>
> Thanks.
>
>
>
> Thanks,
> Rohit Sinha
>
>
> On Mon, Apr 11, 2016 at 2:55 AM, Gautam Borad <gb...@gmail.com> wrote:
>
> > Hi Rohit,
> > There are two set of properties we are talking about to enable audit
> to
> > solr.
> >
> > Part 1 (Ranger Admin side):
> >
> > - These properties can be provided in the install.properties file.
> > Please note that the setup.sh needs to be run again for the properties
> > to
> > take effect
> >
> >
> > - Other option is to put the following properties in
> > ranger-admin-site.xml in the conf/ (*btw, this is what setup.sh will
> > eventually do*)
> >
> >
> > - Please find below the mapping of properties between the two :
> > *ranger-admin-site.xml install.properties *
> > ranger.audit.source.type audit_store
> > ranger.audit.solr.urls audit_solr_urls
> > ranger.solr.audit.user audit_solr_user
> > ranger.solr.audit.user.password audit_solr_password
> > ranger.audit.solr.zookeepers audit_solr_zookeepers
> >
> >
> > - Make sure the ranger.audit.source.type is set to "solr" for the
> Ranger
> > Admin to fetch audits from SOLR and show them on UI
> >
> >
> > Part 2 (Plugin side) :
> >
> > - These properties need to be provided on the plugin side.
> > - XAAUDIT.SOLR.IS_ENABLEDtrue XAAUDIT.SOLR.ENABLEtrue XAAUDIT.SOLR.URL
> >
> > http://solr_host:6083/solr/ranger_audits
> > XAAUDIT.SOLR.USERranger_solr
> > XAAUDIT.SOLR.PASSWORDNONE
> > XAAUDIT.SOLR.FILE_SPOOL_DIRvar/log/hadoop/hdfs/audit/solr/spool
> >
> >
> >
> > HTH, Thanks.
> >
> >
> > On Mon, Apr 11, 2016 at 1:11 PM, rohit sinha <ta...@gmail.com>
> > wrote:
> >
> > > Hello,
> > >
> > > I followed the installation documentation (
> > >
> > >
> >
> https://cwiki.apache.org/confluence/display/RANGER/Install+and+Configure+Solr+for+Ranger+Audits+-+Apache+Ranger+0.5
> > > )
> > > to install Solr Standalone and have configurered ranger-admind with the
> > > solr url. The config also have username and password properties. What
> > will
> > > be the values of these field ? I can access the Solr web ui without any
> > > login information so I am guessing there is no authentication for it.
> > >
> > > Also, the documentation here (
> > >
> > >
> >
> https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation#ApacheRanger0.5.0Installation-EnablingAuditLoggingToSOLR
> > > )
> > > describes how to enable solr auditing for a plugin through
> > > install.properties configuration. I don't have this file for my
> service.
> > I
> > > have one look up jar which is running inside ranger and another
> > > authorization jar running inside my service and the security.xml,
> > audit.xml
> > > files in the classpath of my service.
> > >
> > > Where should I define these values ?
> > >
> > > PROPERTY
> > > VALUE
> > > XAAUDIT.SOLR.IS_ENABLED true
> > > XAAUDIT.SOLR.ENABLE true
> > > XAAUDIT.SOLR.URL
> > >
> > > http://solr_host:6083/solr/ranger_audits
> > > XAAUDIT.SOLR.USER ranger_solr
> > > XAAUDIT.SOLR.PASSWORD NONE
> > > XAAUDIT.SOLR.FILE_SPOOL_DIR var/log/hadoop/hdfs/audit/solr/spool
> > >
> > > Currently, I don't see any documents in my Solr installation under
> > > ranger_audits.
> > >
> > > Any help will be appreciated.
> > >
> > > Thanks,
> > > Rohit Sinha
> > >
> >
> >
> >
> > --
> > Regards,
> > Gautam.
> >
>
--
Regards,
Gautam.
Re: How to configure Solr Auditing for new Ranger Plugin
Posted by rohit sinha <ta...@gmail.com>.
Hello,
Thanks for the reply.
I have ranger.audit.source.type set properly. I followed this guideline to
install Solr Standalone (
https://cwiki.apache.org/confluence/display/RANGER/Install+and+Configure+Solr+for+Ranger+Audits+-+Apache+Ranger+0.5
)
In this case I am guessing the ranger.solr.audit.user should be solr,
password should be NONE and the zoopkeepers can be empty since its a
standalone install. Please correct me if I am wrong.
In the plugin side:
XAAUDIT.SOLR.USERranger_solr
XAAUDIT.SOLR.PASSWORDNONE
XAAUDIT.SOLR.FILE_SPOOL_DIRvar/log/hadoop/hdfs/audit/solr/spool
Where should these properties go ? I don't have a install.properties or
setup script for my plugin.
Thanks.
Thanks,
Rohit Sinha
On Mon, Apr 11, 2016 at 2:55 AM, Gautam Borad <gb...@gmail.com> wrote:
> Hi Rohit,
> There are two set of properties we are talking about to enable audit to
> solr.
>
> Part 1 (Ranger Admin side):
>
> - These properties can be provided in the install.properties file.
> Please note that the setup.sh needs to be run again for the properties
> to
> take effect
>
>
> - Other option is to put the following properties in
> ranger-admin-site.xml in the conf/ (*btw, this is what setup.sh will
> eventually do*)
>
>
> - Please find below the mapping of properties between the two :
> *ranger-admin-site.xml install.properties *
> ranger.audit.source.type audit_store
> ranger.audit.solr.urls audit_solr_urls
> ranger.solr.audit.user audit_solr_user
> ranger.solr.audit.user.password audit_solr_password
> ranger.audit.solr.zookeepers audit_solr_zookeepers
>
>
> - Make sure the ranger.audit.source.type is set to "solr" for the Ranger
> Admin to fetch audits from SOLR and show them on UI
>
>
> Part 2 (Plugin side) :
>
> - These properties need to be provided on the plugin side.
> - XAAUDIT.SOLR.IS_ENABLEDtrue XAAUDIT.SOLR.ENABLEtrue XAAUDIT.SOLR.URL
>
> http://solr_host:6083/solr/ranger_audits
> XAAUDIT.SOLR.USERranger_solr
> XAAUDIT.SOLR.PASSWORDNONE
> XAAUDIT.SOLR.FILE_SPOOL_DIRvar/log/hadoop/hdfs/audit/solr/spool
>
>
>
> HTH, Thanks.
>
>
> On Mon, Apr 11, 2016 at 1:11 PM, rohit sinha <ta...@gmail.com>
> wrote:
>
> > Hello,
> >
> > I followed the installation documentation (
> >
> >
> https://cwiki.apache.org/confluence/display/RANGER/Install+and+Configure+Solr+for+Ranger+Audits+-+Apache+Ranger+0.5
> > )
> > to install Solr Standalone and have configurered ranger-admind with the
> > solr url. The config also have username and password properties. What
> will
> > be the values of these field ? I can access the Solr web ui without any
> > login information so I am guessing there is no authentication for it.
> >
> > Also, the documentation here (
> >
> >
> https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation#ApacheRanger0.5.0Installation-EnablingAuditLoggingToSOLR
> > )
> > describes how to enable solr auditing for a plugin through
> > install.properties configuration. I don't have this file for my service.
> I
> > have one look up jar which is running inside ranger and another
> > authorization jar running inside my service and the security.xml,
> audit.xml
> > files in the classpath of my service.
> >
> > Where should I define these values ?
> >
> > PROPERTY
> > VALUE
> > XAAUDIT.SOLR.IS_ENABLED true
> > XAAUDIT.SOLR.ENABLE true
> > XAAUDIT.SOLR.URL
> >
> > http://solr_host:6083/solr/ranger_audits
> > XAAUDIT.SOLR.USER ranger_solr
> > XAAUDIT.SOLR.PASSWORD NONE
> > XAAUDIT.SOLR.FILE_SPOOL_DIR var/log/hadoop/hdfs/audit/solr/spool
> >
> > Currently, I don't see any documents in my Solr installation under
> > ranger_audits.
> >
> > Any help will be appreciated.
> >
> > Thanks,
> > Rohit Sinha
> >
>
>
>
> --
> Regards,
> Gautam.
>
Re: How to configure Solr Auditing for new Ranger Plugin
Posted by Gautam Borad <gb...@gmail.com>.
Hi Rohit,
There are two set of properties we are talking about to enable audit to
solr.
Part 1 (Ranger Admin side):
- These properties can be provided in the install.properties file.
Please note that the setup.sh needs to be run again for the properties to
take effect
- Other option is to put the following properties in
ranger-admin-site.xml in the conf/ (*btw, this is what setup.sh will
eventually do*)
- Please find below the mapping of properties between the two :
*ranger-admin-site.xml install.properties *
ranger.audit.source.type audit_store
ranger.audit.solr.urls audit_solr_urls
ranger.solr.audit.user audit_solr_user
ranger.solr.audit.user.password audit_solr_password
ranger.audit.solr.zookeepers audit_solr_zookeepers
- Make sure the ranger.audit.source.type is set to "solr" for the Ranger
Admin to fetch audits from SOLR and show them on UI
Part 2 (Plugin side) :
- These properties need to be provided on the plugin side.
- XAAUDIT.SOLR.IS_ENABLEDtrue XAAUDIT.SOLR.ENABLEtrue XAAUDIT.SOLR.URL
http://solr_host:6083/solr/ranger_audits
XAAUDIT.SOLR.USERranger_solr
XAAUDIT.SOLR.PASSWORDNONE
XAAUDIT.SOLR.FILE_SPOOL_DIRvar/log/hadoop/hdfs/audit/solr/spool
HTH, Thanks.
On Mon, Apr 11, 2016 at 1:11 PM, rohit sinha <ta...@gmail.com>
wrote:
> Hello,
>
> I followed the installation documentation (
>
> https://cwiki.apache.org/confluence/display/RANGER/Install+and+Configure+Solr+for+Ranger+Audits+-+Apache+Ranger+0.5
> )
> to install Solr Standalone and have configurered ranger-admind with the
> solr url. The config also have username and password properties. What will
> be the values of these field ? I can access the Solr web ui without any
> login information so I am guessing there is no authentication for it.
>
> Also, the documentation here (
>
> https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation#ApacheRanger0.5.0Installation-EnablingAuditLoggingToSOLR
> )
> describes how to enable solr auditing for a plugin through
> install.properties configuration. I don't have this file for my service. I
> have one look up jar which is running inside ranger and another
> authorization jar running inside my service and the security.xml, audit.xml
> files in the classpath of my service.
>
> Where should I define these values ?
>
> PROPERTY
> VALUE
> XAAUDIT.SOLR.IS_ENABLED true
> XAAUDIT.SOLR.ENABLE true
> XAAUDIT.SOLR.URL
>
> http://solr_host:6083/solr/ranger_audits
> XAAUDIT.SOLR.USER ranger_solr
> XAAUDIT.SOLR.PASSWORD NONE
> XAAUDIT.SOLR.FILE_SPOOL_DIR var/log/hadoop/hdfs/audit/solr/spool
>
> Currently, I don't see any documents in my Solr installation under
> ranger_audits.
>
> Any help will be appreciated.
>
> Thanks,
> Rohit Sinha
>
--
Regards,
Gautam.