Connecting to Apache Solr Data Stores That Use Kerberos Authentication

A secure standalone or cloud Apache Solr can use Kerberos authentication to validate and confirm access requests. You can set up Composer to connect to the secure Solr using the following instructions.

Configuring Composer Microservices

Obtaining Kerberos Credentials

Each microservice must have its own unique identifier called a principal. Perform the following steps:

  1. Install the Kerberos client on the CentOS or Ubuntu machine where the Composer server resides.

  2. Generate the Kerberos principal and corresponding keytab for Composer microservice. Before you proceed, make sure that:

    • Composer microservice is running on a node with proper Kerberos configuration: /etc/krb5.conf or similar location for your Linux distribution.
    • The Kerberos realm on your environment is the same as the realm specified in the kdc.conf file from the Apache Solr server.
  3. Check the Kerberos configuration (that is, krb5.conf) and validity of the principal and keytab pair using MIT Kerberos client:

    kinit -V -k -t <composer_principal>.keytab <composer_principal@KERBEROS.REALM>
  4. Make the keytab accessible for Composer's Apache Solr connector:

    sudo mkdir /etc/zoomdata
    sudo mv <composer_principal>.keytab /etc/zoomdata
    sudo chown zoomdata:zoomdata /etc/zoomdata/<composer_principal>.keytab
    sudo chmod 600 /etc/zoomdata/<composer_principal>.keytab

Configuring the Composer Apache Solr Connector

  1. Create or update the file named /etc/zoomdata/ If this file already exists, verify that the information below exists in the file:

  2. Restart the Apache Solr connector:

    sudo systemctl restart zoomdata-edc-apache-solr

After you have obtained Kerberos credentials and configured the connector properties, follow the instructions provided in Connecting to Apache Solr to complete the connection.