You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@bigtop.apache.org by gu...@apache.org on 2022/09/13 06:00:06 UTC
[bigtop] branch master updated: BIGTOP-3792: Mpack solr fail to start when kerberos enabled (#1005)
This is an automated email from the ASF dual-hosted git repository.
guyuqi pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bigtop.git
The following commit(s) were added to refs/heads/master by this push:
new fb9ef5da BIGTOP-3792: Mpack solr fail to start when kerberos enabled (#1005)
fb9ef5da is described below
commit fb9ef5da82d6528eef649f594faf87ea2edd7854
Author: timyuer <52...@qq.com>
AuthorDate: Tue Sep 13 14:00:00 2022 +0800
BIGTOP-3792: Mpack solr fail to start when kerberos enabled (#1005)
---
.../stacks/BGTP/1.0/services/SOLR/kerberos.json | 53 ++++++++++++++++++++++
.../SOLR/package/templates/solr-security.json.j2 | 5 +-
2 files changed, 55 insertions(+), 3 deletions(-)
diff --git a/bigtop-packages/src/common/bigtop-ambari-mpack/bgtp-ambari-mpack/src/main/resources/stacks/BGTP/1.0/services/SOLR/kerberos.json b/bigtop-packages/src/common/bigtop-ambari-mpack/bgtp-ambari-mpack/src/main/resources/stacks/BGTP/1.0/services/SOLR/kerberos.json
new file mode 100644
index 00000000..736387cd
--- /dev/null
+++ b/bigtop-packages/src/common/bigtop-ambari-mpack/bgtp-ambari-mpack/src/main/resources/stacks/BGTP/1.0/services/SOLR/kerberos.json
@@ -0,0 +1,53 @@
+{
+ "services": [
+ {
+ "name": "SOLR",
+ "identities": [
+ {
+ "name": "solr_smokeuser",
+ "reference": "/smokeuser"
+ },
+ {
+ "name": "solr_spnego",
+ "reference": "/spnego",
+ "principal": {
+ "configuration": "solr-env/solr_web_kerberos_principal"
+ },
+ "keytab": {
+ "configuration": "solr-env/solr_web_kerberos_keytab"
+ }
+ }
+ ],
+ "components": [
+ {
+ "name": "SOLR",
+ "identities": [
+ {
+ "name": "solr",
+ "principal": {
+ "value": "solr/_HOST@${realm}",
+ "type": "service",
+ "configuration": "solr-env/solr_kerberos_principal"
+ },
+ "keytab": {
+ "file": "${keytab_dir}/solr.service.keytab",
+ "owner": {
+ "name": "${solr-env/solr_user}",
+ "access": "r"
+ },
+ "group": {
+ "name": "${cluster-env/user_group}",
+ "access": ""
+ },
+ "configuration": "solr-env/solr_kerberos_keytab"
+ }
+ }
+ ]
+ },
+ {
+ "name": "SOLR_CLIENT"
+ }
+ ]
+ }
+ ]
+ }
\ No newline at end of file
diff --git a/bigtop-packages/src/common/bigtop-ambari-mpack/bgtp-ambari-mpack/src/main/resources/stacks/BGTP/1.0/services/SOLR/package/templates/solr-security.json.j2 b/bigtop-packages/src/common/bigtop-ambari-mpack/bgtp-ambari-mpack/src/main/resources/stacks/BGTP/1.0/services/SOLR/package/templates/solr-security.json.j2
index 9bdf9734..2c91516f 100644
--- a/bigtop-packages/src/common/bigtop-ambari-mpack/bgtp-ambari-mpack/src/main/resources/stacks/BGTP/1.0/services/SOLR/package/templates/solr-security.json.j2
+++ b/bigtop-packages/src/common/bigtop-ambari-mpack/bgtp-ambari-mpack/src/main/resources/stacks/BGTP/1.0/services/SOLR/package/templates/solr-security.json.j2
@@ -20,7 +20,7 @@
"class": "org.apache.solr.security.KerberosPlugin"
},
"authorization": {
- "class": "org.apache.solr.security.InfraRuleBasedAuthorizationPlugin",
+ "class": "org.apache.solr.security.RuleBasedAuthorizationPlugin",
"user-role": {
"{{solr_kerberos_service_user}}@{{kerberos_realm}}": "admin",
{% if solr_logsearch_service_users %}
@@ -28,7 +28,6 @@
"{{logsearch_kerberos_service_user}}@{{kerberos_realm}}": ["{{solr_role_logsearch}}", "{{solr_role_ranger_admin}}", "{{solr_role_dev}}"],
{% endfor %}
{% endif %}
- "{{logfeeder_kerberos_service_user}}@{{kerberos_realm}}": ["{{solr_role_logfeeder}}", "{{solr_role_dev}}"],
"{{atlas_kerberos_service_user}}@{{kerberos_realm}}": ["{{solr_role_atlas}}", "{{solr_role_ranger_audit}}", "{{solr_role_dev}}"],
{% if solr_ranger_audit_service_users %}
{% for ranger_audit_service_user in solr_ranger_audit_service_users %}
@@ -51,7 +50,7 @@
"role": "{{solr_role_dev}}"
},
{
- "collection": ["{{logsearch_service_logs_collection}}", "{{logsearch_audit_logs_collection}}", "history"],
+ "collection": ["history"],
"role": ["admin", "{{solr_role_logsearch}}", "{{solr_role_logfeeder}}"],
"name": "logsearch-manager",
"path": "/*"