Secure Communication with a SolrCloud Cluster

You can configure Fusion and an external SolrCloud cluster so that communication between Fusion and the SolrCloud cluster is secured. Use either Kerberos or basic authentication. You can secure communication for both the default search cluster and for other SolrCloud clusters.

Note: Securing communication between Fusion and a bundled default search cluster is not supported.

Prerequisite: Secure the default search cluster. Use either Solr’s Basic Authentication Plugin or Kerberos Authentication Plugin.

The required steps differ. These are the high-level steps. Detailed steps follow.

  • Default search cluster – Define configuration parameters for bootstrapping Fusion, and then bootstrap Fusion.

  • Other SolrCloud clusters – In the Fusion UI, add the external SolrCloud cluster.

Default Search Cluster

If your default search cluster is in an external SolrCloud cluster, then you can secure the cluster with Kerberos or basic authentication, and then configure Fusion to communicate securely with the cluster.

Prerequisite

Secure the default search cluster. Use either Solr’s Basic Authentication Plugin or Kerberos Authentication Plugin.

Don’t start Fusion yet. Below, you will define bootstrap properties, and then bootstrap Fusion.

Configure and Bootstrap Fusion

  1. Create a .properties file for the initial bootstrap of Fusion. Place the file outside of the Fusion installation, for example, in /tmp. You will delete the file at the end of this procedure:

    $ touch /tmp/fusion-bootstrap.properties
  2. Edit the fusion-bootstrap.properties file to define Fusion initial-bootstrap configuration properties. Example strings are in bold italics. Replace those with your own values.

    Caution: Consult with your Kerberos administrator about the correct configuration properties.

    • Kerberos authentication – Specify the authentication type (kerberos), the Kerberos principal, and the Kerberos keytab file:

      default-search-cluster.auth-type=kerberos
      default-search-cluster.auth-principal=fusion@MYORG.ORG
      default-search-cluster.auth-keytab=/path-to-file/keytab.kt
    • Basic authentication: – Specify the authentication type (basic), the username of the Solr user to use for authentication, and the password of that user:

      default-search-cluster.auth-type=basic
      default-search-cluster.auth-user=admin
      default-search-cluster.auth-password=admin-password

      The Solr user must be the admin user or a different user with full administrative privileges.

    Note: Fusion doesn’t support Solr authorization plugins.

  3. Edit the fusion.properties file:

    1. Uncomment and change the value of this property to point to an external ZooKeeper:

      # default.zk.connect = localhost:9983
    2. Uncomment and change the value of this property to use an external SolrCloud cluster:

      # default.solrZk.connect = localhost:2181/solr-zk-namespace
    3. Remove zookeeper and solr from the group.default property:

      group.default = api, connectors, ui
    4. Add a configuration property for the path to the initial-bootstrap properties file:

      initial-bootstrap-properties-path = /tmp/fusion-bootstrap.properties
  4. Change your working directory to the directory that contains the Fusion binaries:

    $ cd ~//path/to/fusion/3.1.x/bin
  5. Bootstrap Fusion:

    $ ./fusion start
  6. After Fusion starts:

    1. Delete the initial-bootstrap properties file:

      $ rm /tmp/fusion-bootstrap.properties
    2. Edit the fusion.properties file to remove the entry for the initial-bootstrap properties file:

      initial-bootstrap-properties-path = /tmp/fusion-bootstrap.properties

Other SolrCloud Cluster

You can secure an external SolrCloud cluster with Kerberos or basic authentication, and then configure Fusion to communicate securely with the cluster.

Prerequisite

Secure the SolrCloud cluster. Use either Solr’s Kerberos Authentication Plugin or Basic Authentication Plugin.

Add the secure SolrCloud cluster in the Fusion UI (Basic Auth)

  1. log in to the Fusion UI as the user admin.

  2. Click Devops > Home > System > Solr Clusters > New Solr Cluster.

  3. Click Advanced.

  4. Specify the required values ID and Connect String. Under Solr Cluster Authentication, check include. Choose Authentication Type basic, and specify a username and password for authentication.

  5. Click Save new.

Add the secure SolrCloud cluster in the Fusion UI (Kerberos)

  1. log in to the Fusion UI as the user admin.

  2. Click Devops > Home > System > Solr Clusters > New Solr Cluster.

  3. Click Advanced.

  4. Specify the required values ID and Connect String. Under Solr Cluster Authentication, check include. Choose Authentication Type kerberos, and specify a Kerberos keytab file and Kerberos principal for authentication.

  5. Click Save new.