Connect to Apache Solr Data Stores That Use Kerberos Authentication
This applies to: Visual Data Discovery
A secure standalone or cloud Apache Solr can use Kerberos authentication to validate and confirm access requests. You can set up Symphony to connect to the secure Solr using the following instructions.
Configure Symphony Microservices
Obtain Kerberos Credentials
Each microservice must have its own unique identifier called a principal. Perform the following steps:
Install the Kerberos client on the CentOS or Ubuntu machine where the Symphony server resides.
-
Generate the Kerberos principal and corresponding keytab for Symphony microservice. Before you proceed, make sure that:
-
Symphony microservice is running on a node with proper Kerberos configuration:
/etc/krb5.conf
or similar location for your Linux distribution. - The Kerberos realm on your environment is the same as the realm specified in the
kdc.conf
file from the Apache Solr server.
-
Symphony microservice is running on a node with proper Kerberos configuration:
-
Check the Kerberos configuration (that is,
krb5.conf
) and validity of the principal and keytab pair using MIT Kerberos client:kinit -V -k -t <composer_principal>.keytab <composer_principal@KERBEROS.REALM>
-
Make the keytab accessible for Symphony's Apache Solr connector:
sudo mkdir /etc/zoomdata sudo mv <composer_principal>.keytab /etc/zoomdata sudo chown zoomdata:zoomdata /etc/zoomdata/<composer_principal>.keytab sudo chmod 600 /etc/zoomdata/<composer_principal>.keytab
Configure the Apache Solr Connector
-
Create or update the file named
/etc/zoomdata/edc-apache-solr.properties
. If this file already exists, verify that the information below exists in the file:kerberos.krb5.conf.location=/etc/krb5.conf kerberos.service.account.authentication=true kerberos.service.account.principal=<composer_principal@KERBEROS.REALM> kerberos.service.account.keytab.location=/etc/zoomdata/<composer_principal>.keytab -
Restart the Apache Solr connector:
sudo systemctl restart zoomdata-edc-apache-solr
After you have obtained Kerberos credentials and configured the connector properties, follow the instructions provided in Connect to Apache Solr to complete the connection.
Comments
0 comments
Please sign in to leave a comment.