subject:"\[jira\] \[Commented\] \(RANGER\-2894\) Plugins cannot interact with Solr with basic auth as audit targer"

[jira] [Commented] (RANGER-2894) Plugins cannot interact with Solr with basic auth as audit targer

2023-03-28 Thread Jiayi Liu (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-2894?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17706210#comment-17706210
 ] 

Jiayi Liu commented on RANGER-2894:
---

[~rmani] I submitted a patch, can you take a look?

> Plugins cannot interact with Solr with basic auth as audit targer
> -
>
> Key: RANGER-2894
> URL: https://issues.apache.org/jira/browse/RANGER-2894
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 1.1.0, 2.0.0
>Reporter: Nikita Ilyushkin
>Priority: Major
> Attachments: 001-RANGER-2894.patch
>
>
> There seems to be a problem with audit to Solr with [basic 
> authentication|https://lucene.apache.org/solr/guide/8_1/basic-authentication-plugin.html].
>  With the simple Solr cloud setup with basic auth every plugin I tried (HDFS, 
> YARN, HBase, Hive) failed to write audit to it with the similar errors:
> {code:java}
> 2020-06-25T19:39:35,248 ERROR 
> [hiveServer2.async.batch_hiveServer2.async.batch.solr_destWriter] 
> impl.CloudSolrClient: Request to collection [ranger_audits] failed due to 
> (401) org.apache.solr.client.solrj.impl.H
> ttpSolrClient$RemoteSolrException: Error from server at 
> http://nilyushkin-hadoop-dev-0.ru-central1.internal:8983/solr/ranger_audits_shard1_replica_n1:
>  Expected mime type application/octet-stream but got text/htm
> l. 
> 
> 
> Error 401 require authentication
> 
> HTTP ERROR 401
> Problem accessing /solr/ranger_audits_shard1_replica_n1/update. Reason:
> require authentication
> 
> 
> {code}
> tcpdump confirms that no auth headers are in requests.
>  Content of ranger--audit.xml:
> {code:java}
> 
> xasecure.audit.is.enabled
> true
> 
> 
> xasecure.audit.destination.solr
> true
> 
> 
> xasecure.audit.destination.solr.urls
> http://fqdn:8983/solr/ranger_audits
> 
> 
> xasecure.audit.destination.solr.user
> rangeraudit
> 
> 
> xasecure.audit.destination.solr.password
> admin
> 
> 
> xasecure.audit.destination.solr.zookeepers
> fqdn:2181/solr.server
> 
> 
> xasecure.audit.destination.solr.batch.filespool.dir
> /srv/audit_solr_spool
> 
> {code}
> The same results with xasecure.audit.destination.solr.urls instead 
> xasecure.audit.destination.solr.zookeepers.
> Ranger Admin on the other hand writes audit just fine with given credentials 
> to the same Solr.
>  Unsurprisingly, following Solr documentation (underlying solrj really) and 
> adding:
> {code:java}
> -Dsolr.httpclient.builder.factory=org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory
>  -Dbasicauth=rangeraudit:admin
> {code}
> to the audited daemon (like HiveServer2) solves the problem.
>  I also haven't found setBasicAuthCredentials (the second method of auth 
> solrj provides) in the plugin sources or packages, so I assume it's just not 
> implemented or bugged.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-2894) Plugins cannot interact with Solr with basic auth as audit targer

2023-03-28 Thread Jiayi Liu (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-2894?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705984#comment-17705984
 ] 

Jiayi Liu commented on RANGER-2894:
---

[~rmani] Hi, I solved this problem by using System.setProperty to set 
solr.httpclient.builder.factory and basicauth  in SolrAuditDestination. Do you 
think it's ok to do this? I can submit a PR, thanks.

> Plugins cannot interact with Solr with basic auth as audit targer
> -
>
> Key: RANGER-2894
> URL: https://issues.apache.org/jira/browse/RANGER-2894
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 1.1.0, 2.0.0
>Reporter: Nikita Ilyushkin
>Priority: Major
>
> There seems to be a problem with audit to Solr with [basic 
> authentication|https://lucene.apache.org/solr/guide/8_1/basic-authentication-plugin.html].
>  With the simple Solr cloud setup with basic auth every plugin I tried (HDFS, 
> YARN, HBase, Hive) failed to write audit to it with the similar errors:
> {code:java}
> 2020-06-25T19:39:35,248 ERROR 
> [hiveServer2.async.batch_hiveServer2.async.batch.solr_destWriter] 
> impl.CloudSolrClient: Request to collection [ranger_audits] failed due to 
> (401) org.apache.solr.client.solrj.impl.H
> ttpSolrClient$RemoteSolrException: Error from server at 
> http://nilyushkin-hadoop-dev-0.ru-central1.internal:8983/solr/ranger_audits_shard1_replica_n1:
>  Expected mime type application/octet-stream but got text/htm
> l. 
> 
> 
> Error 401 require authentication
> 
> HTTP ERROR 401
> Problem accessing /solr/ranger_audits_shard1_replica_n1/update. Reason:
> require authentication
> 
> 
> {code}
> tcpdump confirms that no auth headers are in requests.
>  Content of ranger--audit.xml:
> {code:java}
> 
> xasecure.audit.is.enabled
> true
> 
> 
> xasecure.audit.destination.solr
> true
> 
> 
> xasecure.audit.destination.solr.urls
> http://fqdn:8983/solr/ranger_audits
> 
> 
> xasecure.audit.destination.solr.user
> rangeraudit
> 
> 
> xasecure.audit.destination.solr.password
> admin
> 
> 
> xasecure.audit.destination.solr.zookeepers
> fqdn:2181/solr.server
> 
> 
> xasecure.audit.destination.solr.batch.filespool.dir
> /srv/audit_solr_spool
> 
> {code}
> The same results with xasecure.audit.destination.solr.urls instead 
> xasecure.audit.destination.solr.zookeepers.
> Ranger Admin on the other hand writes audit just fine with given credentials 
> to the same Solr.
>  Unsurprisingly, following Solr documentation (underlying solrj really) and 
> adding:
> {code:java}
> -Dsolr.httpclient.builder.factory=org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory
>  -Dbasicauth=rangeraudit:admin
> {code}
> to the audited daemon (like HiveServer2) solves the problem.
>  I also haven't found setBasicAuthCredentials (the second method of auth 
> solrj provides) in the plugin sources or packages, so I assume it's just not 
> implemented or bugged.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-2894) Plugins cannot interact with Solr with basic auth as audit targer

2020-09-13 Thread Ramesh Mani (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-2894?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17195175#comment-17195175
 ] 

Ramesh Mani commented on RANGER-2894:
-

[~mallniya] Basic auth is no supported for now.  If you working on a basic auth 
client, please provide a patch for the same.   Also recommend way to to use SSL 
also along with basic auth because of security concerns, for this its better to 
use kerberos. 

Following doc have kerberos configuration detailed.

https://community.cloudera.com/t5/Community-Articles/Securing-Solr-Collections-with-Ranger-Kerberos/ta-p/245519

> Plugins cannot interact with Solr with basic auth as audit targer
> -
>
> Key: RANGER-2894
> URL: https://issues.apache.org/jira/browse/RANGER-2894
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 1.1.0, 2.0.0
>Reporter: Nikita Ilyushkin
>Priority: Major
>
> There seems to be a problem with audit to Solr with [basic 
> authentication|https://lucene.apache.org/solr/guide/8_1/basic-authentication-plugin.html].
>  With the simple Solr cloud setup with basic auth every plugin I tried (HDFS, 
> YARN, HBase, Hive) failed to write audit to it with the similar errors:
> {code:java}
> 2020-06-25T19:39:35,248 ERROR 
> [hiveServer2.async.batch_hiveServer2.async.batch.solr_destWriter] 
> impl.CloudSolrClient: Request to collection [ranger_audits] failed due to 
> (401) org.apache.solr.client.solrj.impl.H
> ttpSolrClient$RemoteSolrException: Error from server at 
> http://nilyushkin-hadoop-dev-0.ru-central1.internal:8983/solr/ranger_audits_shard1_replica_n1:
>  Expected mime type application/octet-stream but got text/htm
> l. 
> 
> 
> Error 401 require authentication
> 
> HTTP ERROR 401
> Problem accessing /solr/ranger_audits_shard1_replica_n1/update. Reason:
> require authentication
> 
> 
> {code}
> tcpdump confirms that no auth headers are in requests.
>  Content of ranger--audit.xml:
> {code:java}
> 
> xasecure.audit.is.enabled
> true
> 
> 
> xasecure.audit.destination.solr
> true
> 
> 
> xasecure.audit.destination.solr.urls
> http://fqdn:8983/solr/ranger_audits
> 
> 
> xasecure.audit.destination.solr.user
> rangeraudit
> 
> 
> xasecure.audit.destination.solr.password
> admin
> 
> 
> xasecure.audit.destination.solr.zookeepers
> fqdn:2181/solr.server
> 
> 
> xasecure.audit.destination.solr.batch.filespool.dir
> /srv/audit_solr_spool
> 
> {code}
> The same results with xasecure.audit.destination.solr.urls instead 
> xasecure.audit.destination.solr.zookeepers.
> Ranger Admin on the other hand writes audit just fine with given credentials 
> to the same Solr.
>  Unsurprisingly, following Solr documentation (underlying solrj really) and 
> adding:
> {code:java}
> -Dsolr.httpclient.builder.factory=org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory
>  -Dbasicauth=rangeraudit:admin
> {code}
> to the audited daemon (like HiveServer2) solves the problem.
>  I also haven't found setBasicAuthCredentials (the second method of auth 
> solrj provides) in the plugin sources or packages, so I assume it's just not 
> implemented or bugged.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (RANGER-2894) Plugins cannot interact with Solr with basic auth as audit targer

2020-09-13 Thread Nikita Ilyushkin (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-2894?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17195137#comment-17195137
 ] 

Nikita Ilyushkin commented on RANGER-2894:
--

No. Neither I wanted it in this installation nor I found requirement of 
Kerberos in documentation.

> Plugins cannot interact with Solr with basic auth as audit targer
> -
>
> Key: RANGER-2894
> URL: https://issues.apache.org/jira/browse/RANGER-2894
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 1.1.0, 2.0.0
>Reporter: Nikita Ilyushkin
>Priority: Major
>
> There seems to be a problem with audit to Solr with [basic 
> authentication|https://lucene.apache.org/solr/guide/8_1/basic-authentication-plugin.html].
>  With the simple Solr cloud setup with basic auth every plugin I tried (HDFS, 
> YARN, HBase, Hive) failed to write audit to it with the similar errors:
> {code:java}
> 2020-06-25T19:39:35,248 ERROR 
> [hiveServer2.async.batch_hiveServer2.async.batch.solr_destWriter] 
> impl.CloudSolrClient: Request to collection [ranger_audits] failed due to 
> (401) org.apache.solr.client.solrj.impl.H
> ttpSolrClient$RemoteSolrException: Error from server at 
> http://nilyushkin-hadoop-dev-0.ru-central1.internal:8983/solr/ranger_audits_shard1_replica_n1:
>  Expected mime type application/octet-stream but got text/htm
> l. 
> 
> 
> Error 401 require authentication
> 
> HTTP ERROR 401
> Problem accessing /solr/ranger_audits_shard1_replica_n1/update. Reason:
> require authentication
> 
> 
> {code}
> tcpdump confirms that no auth headers are in requests.
>  Content of ranger--audit.xml:
> {code:java}
> 
> xasecure.audit.is.enabled
> true
> 
> 
> xasecure.audit.destination.solr
> true
> 
> 
> xasecure.audit.destination.solr.urls
> http://fqdn:8983/solr/ranger_audits
> 
> 
> xasecure.audit.destination.solr.user
> rangeraudit
> 
> 
> xasecure.audit.destination.solr.password
> admin
> 
> 
> xasecure.audit.destination.solr.zookeepers
> fqdn:2181/solr.server
> 
> 
> xasecure.audit.destination.solr.batch.filespool.dir
> /srv/audit_solr_spool
> 
> {code}
> The same results with xasecure.audit.destination.solr.urls instead 
> xasecure.audit.destination.solr.zookeepers.
> Ranger Admin on the other hand writes audit just fine with given credentials 
> to the same Solr.
>  Unsurprisingly, following Solr documentation (underlying solrj really) and 
> adding:
> {code:java}
> -Dsolr.httpclient.builder.factory=org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory
>  -Dbasicauth=rangeraudit:admin
> {code}
> to the audited daemon (like HiveServer2) solves the problem.
>  I also haven't found setBasicAuthCredentials (the second method of auth 
> solrj provides) in the plugin sources or packages, so I assume it's just not 
> implemented or bugged.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (RANGER-2894) Plugins cannot interact with Solr with basic auth as audit targer

2020-09-11 Thread Velmurugan Periasamy (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-2894?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17194301#comment-17194301
 ] 

Velmurugan Periasamy commented on RANGER-2894:
--

Have you tried with kerberos? CC [~rmani]

> Plugins cannot interact with Solr with basic auth as audit targer
> -
>
> Key: RANGER-2894
> URL: https://issues.apache.org/jira/browse/RANGER-2894
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 1.1.0, 2.0.0
>Reporter: Nikita Ilyushkin
>Priority: Major
>
> There seems to be a problem with audit to Solr with [basic 
> authentication|https://lucene.apache.org/solr/guide/8_1/basic-authentication-plugin.html].
>  With the simple Solr cloud setup with basic auth every plugin I tried (HDFS, 
> YARN, HBase, Hive) failed to write audit to it with the similar errors:
> {code:java}
> 2020-06-25T19:39:35,248 ERROR 
> [hiveServer2.async.batch_hiveServer2.async.batch.solr_destWriter] 
> impl.CloudSolrClient: Request to collection [ranger_audits] failed due to 
> (401) org.apache.solr.client.solrj.impl.H
> ttpSolrClient$RemoteSolrException: Error from server at 
> http://nilyushkin-hadoop-dev-0.ru-central1.internal:8983/solr/ranger_audits_shard1_replica_n1:
>  Expected mime type application/octet-stream but got text/htm
> l. 
> 
> 
> Error 401 require authentication
> 
> HTTP ERROR 401
> Problem accessing /solr/ranger_audits_shard1_replica_n1/update. Reason:
> require authentication
> 
> 
> {code}
> tcpdump confirms that no auth headers are in requests.
>  Content of ranger--audit.xml:
> {code:java}
> 
> xasecure.audit.is.enabled
> true
> 
> 
> xasecure.audit.destination.solr
> true
> 
> 
> xasecure.audit.destination.solr.urls
> http://fqdn:8983/solr/ranger_audits
> 
> 
> xasecure.audit.destination.solr.user
> rangeraudit
> 
> 
> xasecure.audit.destination.solr.password
> admin
> 
> 
> xasecure.audit.destination.solr.zookeepers
> fqdn:2181/solr.server
> 
> 
> xasecure.audit.destination.solr.batch.filespool.dir
> /srv/audit_solr_spool
> 
> {code}
> The same results with xasecure.audit.destination.solr.urls instead 
> xasecure.audit.destination.solr.zookeepers.
> Ranger Admin on the other hand writes audit just fine with given credentials 
> to the same Solr.
>  Unsurprisingly, following Solr documentation (underlying solrj really) and 
> adding:
> {code:java}
> -Dsolr.httpclient.builder.factory=org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory
>  -Dbasicauth=rangeraudit:admin
> {code}
> to the audited daemon (like HiveServer2) solves the problem.
>  I also haven't found setBasicAuthCredentials (the second method of auth 
> solrj provides) in the plugin sources or packages, so I assume it's just not 
> implemented or bugged.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (RANGER-2894) Plugins cannot interact with Solr with basic auth as audit targer

[jira] [Commented] (RANGER-2894) Plugins cannot interact with Solr with basic auth as audit targer

[jira] [Commented] (RANGER-2894) Plugins cannot interact with Solr with basic auth as audit targer

[jira] [Commented] (RANGER-2894) Plugins cannot interact with Solr with basic auth as audit targer

[jira] [Commented] (RANGER-2894) Plugins cannot interact with Solr with basic auth as audit targer

5 matches

Site Navigation

Mail list logo

Footer information