[AMBARI-17621] Kerberized Solr support for Atlas - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.4.0
Component/s: None
Labels:
None

Description

Currently Atlas does not support kerberized Solr communication.
To make kerberized Solr client work:
1\. Set `java.security.auth.login.config` property, which points to a jaas-
file (with Client block)
2\. Use Kerberos http client configurer.

This option should be bind to a new property (e.g.:
"atlas.solr.kerberos.enable")

call this before creating CloudSolrClient instance: (most likely
Solr5Index.java)

boolean securityEnabled = PropertiesUtil.getBooleanProperty("atlas.solr.kerberos.enable", false);
if (securityEnabled)

{ System.setProperty("java.security.auth.login.config", "/etc/atlas/conf/atlas-jaas.conf"); HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer()); }

some useful documentation from Ranger:
<https://cwiki.apache.org/confluence/display/RANGER/How+to+configure+Solr+Clou
d+with+Kerberos+for+Ranger+0.5>

On ambari side: we should handle this property if kerberos is enabled. The new
property should be added only if Solr is used for Atlas

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-17621.patch
08/Jul/16 10:32
2 kB
Andrew Onischuk

Issue Links

links to

ReviewBoard

Activity

People

Assignee:: Andrew Onischuk

Reporter:: Andrew Onischuk

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/Jul/16 10:32

Updated:: 08/Jul/16 14:03

Resolved:: 08/Jul/16 12:06