SolrCloudが必要(Standaloneモードではうまくいかなかった)
基本的には、Ambari 2.4.xでの方法とほぼ同じ:
https://community.hortonworks.com/articles/108020/how-to-disable-spnego-authentication-for-solr.html
具体的には、setup_solr_kerberos_auth.pyの代わりに/var/lib/ambari-server/resources/common-services/AMBARI_INFRA/0.1.0/package/templates/infra-solr-security.json.j2 と、それに該当するキャッシュ/var/lib/ambari-agent/cache/common-services/AMBARI_INFRA/0.1.0/package/templates/infra-solr-security.json.j2 を変更する。
また、infra-solr-env templateのSOLR_AUTHENTICATION_OPTSラインから、-DauthenticationPlugin=org.apache.solr.security.KerberosPluginを削除する。
Authenticationだけでなく、Authorizationもからにする必要あり。
cp -p /var/lib/ambari-server/resources/common-services/AMBARI_INFRA/0.1.0/package/templates/infra-solr-security.json.j2 /var/lib/ambari-server/resources/common-services/AMBARI_INFRA/0.1.0/package/templates/infra-solr-security.json.j2.bak
echo '{}' > /var/lib/ambari-server/resources/common-services/AMBARI_INFRA/0.1.0/package/templates/infra-solr-security.json.j2
echo '{}' > /var/lib/ambari-agent/cache/common-services/AMBARI_INFRA/0.1.0/package/templates/infra-solr-security.json.j2
補足:
https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.5/bk_security/content/manually_updating_ambari_solr_audit_settings.html
Verify that the Ranger audit logs are being passed to Solr by opening one of the following URLs in a web browser:
http://{RANGER_HOST_NAME}:6080/index.html#!/reports/audit/bigData
For HDP Search's Solr Instance:
http:{SOLR_HOST}:8983/solr/ranger_audits
For Ambari Infra's Solr Instance:
http:{SOLR_HOST}:8886/solr/ranger_audits
https://cwiki.apache.org/confluence/display/solr/Hadoop+Authentication+Plugin
補足2:
AmbariからAtlasが起動しなくなる可能性あり
/usr/lib/ambari-agent/lib/resource_management/libraries/functions/solr_cloud_util.py
/usr/lib/ambari-server/lib/resource_management/libraries/functions/solr_cloud_util.py
[root@sandbox ~]# grep -F /solr/admin/authorization /usr/lib/ambari-server/lib/resource_management/libraries/functions/solr_cloud_util.py
solr_url = format("{solr_protocol}://{solr_host}:{solr_port}/solr/admin/authorization")
solr_authorization_enabled_cmd=format("{sudo} {solr_user_kinit_cmd} {sudo} curl -k -s --negotiate -u : {solr_protocol}://{solr_host}:{solr_port}/solr/admin/authorization | grep authorization.enabled")
基本的には、Ambari 2.4.xでの方法とほぼ同じ:
https://community.hortonworks.com/articles/108020/how-to-disable-spnego-authentication-for-solr.html
具体的には、setup_solr_kerberos_auth.pyの代わりに/var/lib/ambari-server/resources/common-services/AMBARI_INFRA/0.1.0/package/templates/infra-solr-security.json.j2 と、それに該当するキャッシュ/var/lib/ambari-agent/cache/common-services/AMBARI_INFRA/0.1.0/package/templates/infra-solr-security.json.j2 を変更する。
また、infra-solr-env templateのSOLR_AUTHENTICATION_OPTSラインから、-DauthenticationPlugin=org.apache.solr.security.KerberosPluginを削除する。
Authenticationだけでなく、Authorizationもからにする必要あり。
cp -p /var/lib/ambari-server/resources/common-services/AMBARI_INFRA/0.1.0/package/templates/infra-solr-security.json.j2 /var/lib/ambari-server/resources/common-services/AMBARI_INFRA/0.1.0/package/templates/infra-solr-security.json.j2.bak
echo '{}' > /var/lib/ambari-server/resources/common-services/AMBARI_INFRA/0.1.0/package/templates/infra-solr-security.json.j2
echo '{}' > /var/lib/ambari-agent/cache/common-services/AMBARI_INFRA/0.1.0/package/templates/infra-solr-security.json.j2
補足:
https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.5/bk_security/content/manually_updating_ambari_solr_audit_settings.html
Verify that the Ranger audit logs are being passed to Solr by opening one of the following URLs in a web browser:
http://{RANGER_HOST_NAME}:6080/index.html#!/reports/audit/bigData
For HDP Search's Solr Instance:
http:{SOLR_HOST}:8983/solr/ranger_audits
For Ambari Infra's Solr Instance:
http:{SOLR_HOST}:8886/solr/ranger_audits
https://cwiki.apache.org/confluence/display/solr/Hadoop+Authentication+Plugin
補足2:
AmbariからAtlasが起動しなくなる可能性あり
/usr/lib/ambari-agent/lib/resource_management/libraries/functions/solr_cloud_util.py
/usr/lib/ambari-server/lib/resource_management/libraries/functions/solr_cloud_util.py
[root@sandbox ~]# grep -F /solr/admin/authorization /usr/lib/ambari-server/lib/resource_management/libraries/functions/solr_cloud_util.py
solr_url = format("{solr_protocol}://{solr_host}:{solr_port}/solr/admin/authorization")
solr_authorization_enabled_cmd=format("{sudo} {solr_user_kinit_cmd} {sudo} curl -k -s --negotiate -u : {solr_protocol}://{solr_host}:{solr_port}/solr/admin/authorization | grep authorization.enabled")
0 件のコメント:
コメントを投稿