Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-15617

How to get rid of this Warning "WARN (qtp1533985074-57) [ ] o.a.h.s.a.u.KerberosName auth_to_local rule mechanism not set.Using default of hadoop"

    XMLWordPrintableJSON

Details

    Description

      Hello, I wrote to the mailing list because I don't know how to get rid of that warning properly. A person who replied me in the mailing list asked me to open a Jira issue for this:

      https://www.mail-archive.com/users@solr.apache.org/msg01463.html

      I configured Solr authentication this guide:

      https://solr.apache.org/guide/8_9/kerberos-authentication-plugin.html

      Everything is working OK, I just receive this warning message so often:

      2021-09-01 20:29:46.789 WARN  (qtp1533985074-61) [   ] o.a.h.s.a.u.KerberosName auth_to_local rule mechanism not set.Using default of hadoop

      I don't know what to do to get rid of this. I personally want to make a right configuration in the right fil*e instead of just disabling the warning*.

      I just configured the "solr.kerberos.name <http://solr.kerberos.name>.rules" in the solr.in.sh <http://solr.in.sh>; but it seems to be ignored.  I don't know if I have to make an extra configuration in the FreeIPA or maybe I am missing another configuration file. As I understand this warning should be if I use HDFS or Hadoop Authentication but this is not the case.

      This is the content of my "solr.in.sh"  file:

      SOLR_PID_DIR="/opt/var/solr"
      SOLR_HOME="/opt/var/solr/data"
      LOG4J_PROPS="/opt/var/solr/log4j2.xml"
      SOLR_LOGS_DIR="/opt/var/solr/logs"
      SOLR_PORT="8983"
      SOLR_HEAP="6g"
      SOLR_HOST="sa3secglbsolr01.a3sec.local"
      ZK_HOST="sa3secglbzkpt01.a3sec.local:2181,sa3secglbzkpt02.a3sec.local:2181,sa3secglbzkpt03.a3sec.local:2181/solr"
      
      # Settings for ZK ACL
      SOLR_ZK_CREDS_AND_ACLS="-DzkACLProvider=org.apache.solr.common.cloud.VMParamsAllAndReadonlyDigestZkACLProvider \
        -DzkCredentialsProvider=org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider \
        -DzkDigestUsername=admin-user -DzkDigestPassword=anypassword \
        -DzkDigestReadonlyUsername=readonly-user -DzkDigestReadonlyPassword=anypassword"
      SOLR_OPTS="$SOLR_OPTS $SOLR_ZK_CREDS_AND_ACLS"
      
      # Enables HTTPS. It is implicitly true if you set SOLR_SSL_KEY_STORE. Use this config
      # to enable https module with custom jetty configuration.
      SOLR_SSL_ENABLED=true
      # Uncomment to set SSL-related system properties
      # Be sure to update the paths to the correct keystore for your environment
      SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.p12
      SOLR_SSL_KEY_STORE_PASSWORD=<Anypassword>
      SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.p12
      SOLR_SSL_TRUST_STORE_PASSWORD=<Anypassword>
      # Require clients to authenticate
      SOLR_SSL_NEED_CLIENT_AUTH=false
      # Enable clients to authenticate (but not require)
      SOLR_SSL_WANT_CLIENT_AUTH=false
      # SSL Certificates contain host/ip "peer name" information that is validated by default. Setting
      # this to false can be useful to disable these checks when re-using a certificate on many hosts
      SOLR_SSL_CHECK_PEER_NAME=true
      
      KERBEROS_RULE="RULE:[1:\$1@\$0](.*A3SEC.LOCAL)s/@.*//"
      SOLR_AUTH_TYPE="kerberos"
      SOLR_AUTHENTICATION_OPTS="-Djava.security <http://Djava.security>.auth.login.config=/home/debian/jaas-client.conf -Dsolr.kerberos.cookie.domain=sa3secglbsolr01.a3sec.local -Dsolr.kerberos.cookie.portaware=true -Dsolr.kerberos.principal=HTTP/sa3secglbsolr01.a3sec.local@A3SEC.LOCAL -Dsolr.kerberos.keytab=/home/debian/sa3secglbsolr01.keytab -Dsolr.kerberos.name <http://Dsolr.kerberos.name>.rules=$KERBEROS_RULE"

       

       

      At the moment I just modified the file log4j2.xml with this content:

       

      <AsyncLogger name="org.apache.hadoop.security.authentication.util.KerberosName" level="off"/>

       

      I could disable the warning but as I said I would like to know another way different to this.

       

      Best regards.

      Attachments

        Issue Links

          Activity

            People

              krisden Kevin Risden
              jrballesteros05 Jesús Ricardo Ballesteros Molina
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m