Connect to Apache Solr Data Stores That Use Kerberos Authentication

This applies to: Visual Data Discovery

A secure standalone or cloud Apache Solr can use Kerberos authentication to validate and confirm access requests. You can set up Symphony to connect to the secure Solr using the following instructions.

Configure Symphony Microservices

Obtain Kerberos Credentials

Each microservice must have its own unique identifier called a principal. Perform the following steps:

  1. Install the Kerberos client on the CentOS or Ubuntu machine where the Symphony server resides.

  2. Generate the Kerberos principal and corresponding keytab for Symphony microservice. Before you proceed, make sure that:

    • Symphony microservice is running on a node with proper Kerberos configuration: /etc/krb5.conf or similar location for your Linux distribution.
    • The Kerberos realm on your environment is the same as the realm specified in the kdc.conf file from the Apache Solr server.

  3. Check the Kerberos configuration (that is, krb5.conf) and validity of the principal and keytab pair using MIT Kerberos client:

    kinit -V -k -t <composer_principal>.keytab <composer_principal@KERBEROS.REALM>

  4. Make the keytab accessible for Symphony's Apache Solr connector:

    sudo mkdir /etc/zoomdata
    sudo mv <composer_principal>.keytab /etc/zoomdata
    sudo chown zoomdata:zoomdata /etc/zoomdata/<composer_principal>.keytab
    sudo chmod 600 /etc/zoomdata/<composer_principal>.keytab

Configure the Symphony Apache Solr Connector

  1. Create or update the file named /etc/zoomdata/edc-apache-solr.properties. If this file already exists, verify that the information below exists in the file:

    kerberos.krb5.conf.location=/etc/krb5.conf
    kerberos.service.account.authentication=true
    kerberos.service.account.principal=<composer_principal@KERBEROS.REALM>
    kerberos.service.account.keytab.location=/etc/zoomdata/<composer_principal>.keytab

  2. Restart the Apache Solr connector:

    sudo systemctl restart zoomdata-edc-apache-solr

After you have obtained Kerberos credentials and configured the connector properties, follow the instructions provided in Connect to Apache Solr to complete the connection.