You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ranger.apache.org by Jon Morisi <Jo...@hsc.utah.edu> on 2018/07/03 16:45:56 UTC
Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Hi,
I'm having a heck of a time getting Solr (6.6.2) to talk to Ranger (0.7.0) when Ranger is SSL enabled. (Solr is also SSL enabled)
Anyone seen a walkthrough on configuring this?
Are the versions I've mentioned compatible over SSL?
I just can't seem to get my settings right in the ranger-policymgr-ssl.xml file. I receive errors like these:
org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider (RangerCredentialProvider.java:72) - Unable to get the Credential Provider from the Configuration
org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:286) - Unable to obtain keystore from file .../ranger-admin-keystore.jks]
org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:341) - Unable to read the necessary SSL Keystore and TrustStore Files
java.io.IOException: Keystore was tampered with, or password was incorrect
I received that last one when I know I had the correct password.
Thanks,
Jon
Re: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Posted by Ramesh Mani <rm...@hortonworks.com>.
Jon,
One question is when did you get this error? Is it that the Solr Ranger plugin failed to download the policy? Do you see the error in Solr log?
If so you can refer this https://www.ibm.com/support/knowledgecenter/en/SSPT3X_4.2.0/com.ibm.swg.im.infosphere.biginsights.admin.doc/doc/admin_ranger_ssl_selfsigned_plugins.html where it gives the steps to configure Ranger plugin for SSL. Here you will refer both Ranger Admin and plugins Keystore / truststore.
If you are seeing this error while Ranger admin is coming up after enabling SSL for ranger then, you can refer https://www.ibm.com/support/knowledgecenter/en/SSPT3X_4.2.0/com.ibm.swg.im.infosphere.biginsights.admin.doc/doc/admin_ranger_ssl_selfsigned_admin.html
This is for Self-signed certificate and for testing you can do the same.
Regards,
Ramesh
From: Jon Morisi <Jo...@hsc.utah.edu>>
Reply-To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Date: Tuesday, July 3, 2018 at 12:59 PM
To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Subject: RE: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
I’ve disabled Solr SSL and restarted solr services. I am referencing the ranger-plugin-keystore and ranger-plugin-truststore files. I’ve set permissions to 777 on those, but I can’t seem to get past this error:
“Unable to read the necessary SSL Keystore and TrustStore Files”.
Should I be referencing the admin keystore / truststore files vs. the plugin keystore / truststore files?
From: Ramesh Mani [mailto:rmani@hortonworks.com]
Sent: Tuesday, July 03, 2018 12:32 PM
To: user@ranger.apache.org<ma...@ranger.apache.org>
Subject: Re: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Jon,
One more thing you might need to check is the SSL configuration on the Ranger side. Please check that ranger-admin-keystore.jks is there
Config are correctly having the path to the files and file had correct permission. You can also check with key tool -v -list -keystore /etc/security/clientKeys/ranger-admin-keystore.jks , keystrokes are correct, else export from solr server to trust store of Ranger admin.
xasecure.policymgr.clientssl.keystore.credential.file
xasecure.policymgr.clientssl.truststore.credential.file
These all will help in your debug.
Refer this https://community.hortonworks.com/articles/92987/setup-ranger-to-use-ambari-infra-solr-enabled-in-s.html Even thought it is for Solr configuring for ranger audit, in your case also it should help.
Regards,
Ramesh
From: Jon Morisi <Jo...@hsc.utah.edu>>
Reply-To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Date: Tuesday, July 3, 2018 at 10:22 AM
To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Subject: RE: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
? This is NOT audit to solr
? I am running solr cloud
? My cluster is kerberized
Taken from here: https://community.hortonworks.com/articles/15159/securing-solr-collections-with-ranger-kerberos.html
yum -y install ranger_*-solr-plugin.x86_64
./enable-solr-plugin.sh
I’m then editing two files:
1. ranger-policymgr-ssl.xml
2. security.json
ranger-policymgr-ssl.xml has my ssl config values for:
xasecure.policymgr.clientssl.keystore
xasecure.policymgr.clientssl.keystore.credential.file
xasecure.policymgr.clientssl.keystore.password
xasecure.policymgr.clientssl.truststore
xasecure.policymgr.clientssl.truststore.credential.file
xasecure.policymgr.clientssl.truststore.password
security.json is uploaded to ZK to enable authorization.
{"authentication": {"class": "org.apache.solr.security.KerberosPlugin"},"authorization":{"class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"}}
From: Don Bosco Durai [mailto:bosco@apache.org]
Sent: Tuesday, July 03, 2018 11:09 AM
To: user@ranger.apache.org<ma...@ranger.apache.org>
Subject: Re: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Hi Jon
How are you installing the Ranger plugin for Solr?
Thanks
Bosco
From: Jon Morisi <Jo...@hsc.utah.edu>>
Reply-To: <us...@ranger.apache.org>>
Date: Tuesday, July 3, 2018 at 9:46 AM
To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Subject: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Hi,
I'm having a heck of a time getting Solr (6.6.2) to talk to Ranger (0.7.0) when Ranger is SSL enabled. (Solr is also SSL enabled)
Anyone seen a walkthrough on configuring this?
Are the versions I’ve mentioned compatible over SSL?
I just can’t seem to get my settings right in the ranger-policymgr-ssl.xml file. I receive errors like these:
org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider (RangerCredentialProvider.java:72) - Unable to get the Credential Provider from the Configuration
org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:286) - Unable to obtain keystore from file …/ranger-admin-keystore.jks]
org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:341) - Unable to read the necessary SSL Keystore and TrustStore Files
java.io.IOException: Keystore was tampered with, or password was incorrect
I received that last one when I know I had the correct password.
Thanks,
Jon
RE: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Posted by Jon Morisi <Jo...@hsc.utah.edu>.
I've disabled Solr SSL and restarted solr services. I am referencing the ranger-plugin-keystore and ranger-plugin-truststore files. I've set permissions to 777 on those, but I can't seem to get past this error:
"Unable to read the necessary SSL Keystore and TrustStore Files".
Should I be referencing the admin keystore / truststore files vs. the plugin keystore / truststore files?
From: Ramesh Mani [mailto:rmani@hortonworks.com]
Sent: Tuesday, July 03, 2018 12:32 PM
To: user@ranger.apache.org
Subject: Re: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Jon,
One more thing you might need to check is the SSL configuration on the Ranger side. Please check that ranger-admin-keystore.jks is there
Config are correctly having the path to the files and file had correct permission. You can also check with key tool -v -list -keystore /etc/security/clientKeys/ranger-admin-keystore.jks , keystrokes are correct, else export from solr server to trust store of Ranger admin.
xasecure.policymgr.clientssl.keystore.credential.file
xasecure.policymgr.clientssl.truststore.credential.file
These all will help in your debug.
Refer this https://community.hortonworks.com/articles/92987/setup-ranger-to-use-ambari-infra-solr-enabled-in-s.html Even thought it is for Solr configuring for ranger audit, in your case also it should help.
Regards,
Ramesh
From: Jon Morisi <Jo...@hsc.utah.edu>>
Reply-To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Date: Tuesday, July 3, 2018 at 10:22 AM
To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Subject: RE: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
? This is NOT audit to solr
? I am running solr cloud
? My cluster is kerberized
Taken from here: https://community.hortonworks.com/articles/15159/securing-solr-collections-with-ranger-kerberos.html
yum -y install ranger_*-solr-plugin.x86_64
./enable-solr-plugin.sh
I'm then editing two files:
1. ranger-policymgr-ssl.xml
2. security.json
ranger-policymgr-ssl.xml has my ssl config values for:
xasecure.policymgr.clientssl.keystore
xasecure.policymgr.clientssl.keystore.credential.file
xasecure.policymgr.clientssl.keystore.password
xasecure.policymgr.clientssl.truststore
xasecure.policymgr.clientssl.truststore.credential.file
xasecure.policymgr.clientssl.truststore.password
security.json is uploaded to ZK to enable authorization.
{"authentication": {"class": "org.apache.solr.security.KerberosPlugin"},"authorization":{"class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"}}
From: Don Bosco Durai [mailto:bosco@apache.org]
Sent: Tuesday, July 03, 2018 11:09 AM
To: user@ranger.apache.org<ma...@ranger.apache.org>
Subject: Re: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Hi Jon
How are you installing the Ranger plugin for Solr?
Thanks
Bosco
From: Jon Morisi <Jo...@hsc.utah.edu>>
Reply-To: <us...@ranger.apache.org>>
Date: Tuesday, July 3, 2018 at 9:46 AM
To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Subject: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Hi,
I'm having a heck of a time getting Solr (6.6.2) to talk to Ranger (0.7.0) when Ranger is SSL enabled. (Solr is also SSL enabled)
Anyone seen a walkthrough on configuring this?
Are the versions I've mentioned compatible over SSL?
I just can't seem to get my settings right in the ranger-policymgr-ssl.xml file. I receive errors like these:
org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider (RangerCredentialProvider.java:72) - Unable to get the Credential Provider from the Configuration
org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:286) - Unable to obtain keystore from file .../ranger-admin-keystore.jks]
org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:341) - Unable to read the necessary SSL Keystore and TrustStore Files
java.io.IOException: Keystore was tampered with, or password was incorrect
I received that last one when I know I had the correct password.
Thanks,
Jon
Re: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Posted by Ramesh Mani <rm...@hortonworks.com>.
Jon,
One more thing you might need to check is the SSL configuration on the Ranger side. Please check that ranger-admin-keystore.jks is there
Config are correctly having the path to the files and file had correct permission. You can also check with key tool -v -list -keystore /etc/security/clientKeys/ranger-admin-keystore.jks , keystrokes are correct, else export from solr server to trust store of Ranger admin.
xasecure.policymgr.clientssl.keystore.credential.file
xasecure.policymgr.clientssl.truststore.credential.file
These all will help in your debug.
Refer this https://community.hortonworks.com/articles/92987/setup-ranger-to-use-ambari-infra-solr-enabled-in-s.html Even thought it is for Solr configuring for ranger audit, in your case also it should help.
Regards,
Ramesh
From: Jon Morisi <Jo...@hsc.utah.edu>>
Reply-To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Date: Tuesday, July 3, 2018 at 10:22 AM
To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Subject: RE: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
· This is NOT audit to solr
· I am running solr cloud
· My cluster is kerberized
Taken from here: https://community.hortonworks.com/articles/15159/securing-solr-collections-with-ranger-kerberos.html
yum -y install ranger_*-solr-plugin.x86_64
./enable-solr-plugin.sh
I'm then editing two files:
1. ranger-policymgr-ssl.xml
2. security.json
ranger-policymgr-ssl.xml has my ssl config values for:
xasecure.policymgr.clientssl.keystore
xasecure.policymgr.clientssl.keystore.credential.file
xasecure.policymgr.clientssl.keystore.password
xasecure.policymgr.clientssl.truststore
xasecure.policymgr.clientssl.truststore.credential.file
xasecure.policymgr.clientssl.truststore.password
security.json is uploaded to ZK to enable authorization.
{"authentication": {"class": "org.apache.solr.security.KerberosPlugin"},"authorization":{"class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"}}
From: Don Bosco Durai [mailto:bosco@apache.org]
Sent: Tuesday, July 03, 2018 11:09 AM
To: user@ranger.apache.org<ma...@ranger.apache.org>
Subject: Re: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Hi Jon
How are you installing the Ranger plugin for Solr?
Thanks
Bosco
From: Jon Morisi <Jo...@hsc.utah.edu>>
Reply-To: <us...@ranger.apache.org>>
Date: Tuesday, July 3, 2018 at 9:46 AM
To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Subject: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Hi,
I'm having a heck of a time getting Solr (6.6.2) to talk to Ranger (0.7.0) when Ranger is SSL enabled. (Solr is also SSL enabled)
Anyone seen a walkthrough on configuring this?
Are the versions I've mentioned compatible over SSL?
I just can't seem to get my settings right in the ranger-policymgr-ssl.xml file. I receive errors like these:
org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider (RangerCredentialProvider.java:72) - Unable to get the Credential Provider from the Configuration
org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:286) - Unable to obtain keystore from file .../ranger-admin-keystore.jks]
org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:341) - Unable to read the necessary SSL Keystore and TrustStore Files
java.io.IOException: Keystore was tampered with, or password was incorrect
I received that last one when I know I had the correct password.
Thanks,
Jon
RE: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Posted by Jon Morisi <Jo...@hsc.utah.edu>.
HDP-2.6.4.0
Solr (6.6.2)
Ranger (0.7.0)
From: Don Bosco Durai [mailto:bosco@apache.org]
Sent: Tuesday, July 03, 2018 12:11 PM
To: user@ranger.apache.org
Subject: Re: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Ideally you shouldn’t update the properties manually. You should set the properties in install.properties before running enable-solr-plugin.sh and it would automatically create the final properties files. You can do minor tweaking if needed.
https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation#ApacheRanger0.5.0Installation-EnablingRangerSolrPlugin
The above link was originally tested on Solr 5.2. I have not tried out Solr 6+. Not sure anyone else in the community have tried it.
Also, it seems you are using Solr plugin from HDP. Which version of HDP are you using?
Thanks
Bosco
From: Jon Morisi <Jo...@hsc.utah.edu>>
Reply-To: <us...@ranger.apache.org>>
Date: Tuesday, July 3, 2018 at 10:22 AM
To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Subject: RE: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
* This is NOT audit to solr
* I am running solr cloud
* My cluster is kerberized
Taken from here: https://community.hortonworks.com/articles/15159/securing-solr-collections-with-ranger-kerberos.html
yum -y install ranger_*-solr-plugin.x86_64
./enable-solr-plugin.sh
I’m then editing two files:
1. ranger-policymgr-ssl.xml
2. security.json
ranger-policymgr-ssl.xml has my ssl config values for:
xasecure.policymgr.clientssl.keystore
xasecure.policymgr.clientssl.keystore.credential.file
xasecure.policymgr.clientssl.keystore.password
xasecure.policymgr.clientssl.truststore
xasecure.policymgr.clientssl.truststore.credential.file
xasecure.policymgr.clientssl.truststore.password
security.json is uploaded to ZK to enable authorization.
{"authentication": {"class": "org.apache.solr.security.KerberosPlugin"},"authorization":{"class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"}}
From: Don Bosco Durai [mailto:bosco@apache.org]
Sent: Tuesday, July 03, 2018 11:09 AM
To: user@ranger.apache.org<ma...@ranger.apache.org>
Subject: Re: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Hi Jon
How are you installing the Ranger plugin for Solr?
Thanks
Bosco
From: Jon Morisi <Jo...@hsc.utah.edu>>
Reply-To: <us...@ranger.apache.org>>
Date: Tuesday, July 3, 2018 at 9:46 AM
To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Subject: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Hi,
I'm having a heck of a time getting Solr (6.6.2) to talk to Ranger (0.7.0) when Ranger is SSL enabled. (Solr is also SSL enabled)
Anyone seen a walkthrough on configuring this?
Are the versions I’ve mentioned compatible over SSL?
I just can’t seem to get my settings right in the ranger-policymgr-ssl.xml file. I receive errors like these:
org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider (RangerCredentialProvider.java:72) - Unable to get the Credential Provider from the Configuration
org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:286) - Unable to obtain keystore from file …/ranger-admin-keystore.jks]
org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:341) - Unable to read the necessary SSL Keystore and TrustStore Files
java.io.IOException: Keystore was tampered with, or password was incorrect
I received that last one when I know I had the correct password.
Thanks,
Jon
Re: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Posted by Don Bosco Durai <bo...@apache.org>.
Ideally you shouldn’t update the properties manually. You should set the properties in install.properties before running enable-solr-plugin.sh and it would automatically create the final properties files. You can do minor tweaking if needed.
https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation#ApacheRanger0.5.0Installation-EnablingRangerSolrPlugin
The above link was originally tested on Solr 5.2. I have not tried out Solr 6+. Not sure anyone else in the community have tried it.
Also, it seems you are using Solr plugin from HDP. Which version of HDP are you using?
Thanks
Bosco
From: Jon Morisi <Jo...@hsc.utah.edu>
Reply-To: <us...@ranger.apache.org>
Date: Tuesday, July 3, 2018 at 10:22 AM
To: "user@ranger.apache.org" <us...@ranger.apache.org>
Subject: RE: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
This is NOT audit to solr
I am running solr cloud
My cluster is kerberized
Taken from here: https://community.hortonworks.com/articles/15159/securing-solr-collections-with-ranger-kerberos.html
yum -y install ranger_*-solr-plugin.x86_64
./enable-solr-plugin.sh
I’m then editing two files:
ranger-policymgr-ssl.xml
security.json
ranger-policymgr-ssl.xml has my ssl config values for:
xasecure.policymgr.clientssl.keystore
xasecure.policymgr.clientssl.keystore.credential.file
xasecure.policymgr.clientssl.keystore.password
xasecure.policymgr.clientssl.truststore
xasecure.policymgr.clientssl.truststore.credential.file
xasecure.policymgr.clientssl.truststore.password
security.json is uploaded to ZK to enable authorization.
{"authentication": {"class": "org.apache.solr.security.KerberosPlugin"},"authorization":{"class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"}}
From: Don Bosco Durai [mailto:bosco@apache.org]
Sent: Tuesday, July 03, 2018 11:09 AM
To: user@ranger.apache.org
Subject: Re: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Hi Jon
How are you installing the Ranger plugin for Solr?
Thanks
Bosco
From: Jon Morisi <Jo...@hsc.utah.edu>
Reply-To: <us...@ranger.apache.org>
Date: Tuesday, July 3, 2018 at 9:46 AM
To: "user@ranger.apache.org" <us...@ranger.apache.org>
Subject: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Hi,
I'm having a heck of a time getting Solr (6.6.2) to talk to Ranger (0.7.0) when Ranger is SSL enabled. (Solr is also SSL enabled)
Anyone seen a walkthrough on configuring this?
Are the versions I’ve mentioned compatible over SSL?
I just can’t seem to get my settings right in the ranger-policymgr-ssl.xml file. I receive errors like these:
org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider (RangerCredentialProvider.java:72) - Unable to get the Credential Provider from the Configuration
org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:286) - Unable to obtain keystore from file …/ranger-admin-keystore.jks]
org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:341) - Unable to read the necessary SSL Keystore and TrustStore Files
java.io.IOException: Keystore was tampered with, or password was incorrect
I received that last one when I know I had the correct password.
Thanks,
Jon
RE: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Posted by Jon Morisi <Jo...@hsc.utah.edu>.
· This is NOT audit to solr
· I am running solr cloud
· My cluster is kerberized
Taken from here: https://community.hortonworks.com/articles/15159/securing-solr-collections-with-ranger-kerberos.html
yum -y install ranger_*-solr-plugin.x86_64
./enable-solr-plugin.sh
I’m then editing two files:
1. ranger-policymgr-ssl.xml
2. security.json
ranger-policymgr-ssl.xml has my ssl config values for:
xasecure.policymgr.clientssl.keystore
xasecure.policymgr.clientssl.keystore.credential.file
xasecure.policymgr.clientssl.keystore.password
xasecure.policymgr.clientssl.truststore
xasecure.policymgr.clientssl.truststore.credential.file
xasecure.policymgr.clientssl.truststore.password
security.json is uploaded to ZK to enable authorization.
{"authentication": {"class": "org.apache.solr.security.KerberosPlugin"},"authorization":{"class": "org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"}}
From: Don Bosco Durai [mailto:bosco@apache.org]
Sent: Tuesday, July 03, 2018 11:09 AM
To: user@ranger.apache.org
Subject: Re: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Hi Jon
How are you installing the Ranger plugin for Solr?
Thanks
Bosco
From: Jon Morisi <Jo...@hsc.utah.edu>>
Reply-To: <us...@ranger.apache.org>>
Date: Tuesday, July 3, 2018 at 9:46 AM
To: "user@ranger.apache.org<ma...@ranger.apache.org>" <us...@ranger.apache.org>>
Subject: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Hi,
I'm having a heck of a time getting Solr (6.6.2) to talk to Ranger (0.7.0) when Ranger is SSL enabled. (Solr is also SSL enabled)
Anyone seen a walkthrough on configuring this?
Are the versions I’ve mentioned compatible over SSL?
I just can’t seem to get my settings right in the ranger-policymgr-ssl.xml file. I receive errors like these:
org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider (RangerCredentialProvider.java:72) - Unable to get the Credential Provider from the Configuration
org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:286) - Unable to obtain keystore from file …/ranger-admin-keystore.jks]
org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:341) - Unable to read the necessary SSL Keystore and TrustStore Files
java.io.IOException: Keystore was tampered with, or password was incorrect
I received that last one when I know I had the correct password.
Thanks,
Jon
Re: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Posted by Don Bosco Durai <bo...@apache.org>.
Hi Jon
How are you installing the Ranger plugin for Solr?
Thanks
Bosco
From: Jon Morisi <Jo...@hsc.utah.edu>
Reply-To: <us...@ranger.apache.org>
Date: Tuesday, July 3, 2018 at 9:46 AM
To: "user@ranger.apache.org" <us...@ranger.apache.org>
Subject: Solr (6.6.2) to Ranger (0.7.0) with SSL enabled
Hi,
I'm having a heck of a time getting Solr (6.6.2) to talk to Ranger (0.7.0) when Ranger is SSL enabled. (Solr is also SSL enabled)
Anyone seen a walkthrough on configuring this?
Are the versions I’ve mentioned compatible over SSL?
I just can’t seem to get my settings right in the ranger-policymgr-ssl.xml file. I receive errors like these:
org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider (RangerCredentialProvider.java:72) - Unable to get the Credential Provider from the Configuration
org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:286) - Unable to obtain keystore from file …/ranger-admin-keystore.jks]
org.apache.ranger.plugin.util.RangerRESTClient (RangerRESTClient.java:341) - Unable to read the necessary SSL Keystore and TrustStore Files
java.io.IOException: Keystore was tampered with, or password was incorrect
I received that last one when I know I had the correct password.
Thanks,
Jon