Product Selector

Fusion 5.9
    Fusion 5.9

    Secure Communication with a SolrCloud Cluster

    You can configure Fusion and an external SolrCloud cluster so that communication between Fusion and the SolrCloud cluster is secured. Use either Kerberos or basic authentication. You can secure communication for both the default search cluster and for other SolrCloud clusters.

    Note: Securing communication between Fusion and a bundled default search cluster is not supported.

    The required steps differ. These are the high-level steps. Detailed steps follow.

    • Default search cluster. Define configuration parameters for bootstrapping Fusion, and then bootstrap Fusion.

    • Other SolrCloud clusters. In the Fusion UI, add the external SolrCloud cluster.

    Default Search Cluster

    If your default search cluster is in an external SolrCloud cluster, then you can secure the cluster with Kerberos or basic authentication, and then configure Fusion to communicate securely with the cluster.

    Prerequisite

    Prerequisite: Secure the default search cluster. Use either Solr’s Basic Authentication Plugin or Kerberos Authentication Plugin.

    Don’t start Fusion yet. Below, you will define bootstrap properties, and then bootstrap Fusion.

    Configure and Bootstrap Fusion

    1. Create a .properties file for the initial bootstrap of Fusion. Place the file outside of the Fusion installation, for example, in /tmp. You will delete the file at the end of this procedure:

      touch /tmp/fusion-bootstrap.properties

    2. Edit the fusion-bootstrap.properties file to define Fusion initial-bootstrap configuration properties. Example strings are in bold italics. Replace those with your own values.

      Consult with your Kerberos administrator about the correct configuration properties.

      • Kerberos authentication – Specify the authentication type (kerberos), the Kerberos principal, and the Kerberos keytab file:

        default-search-cluster.auth-type=kerberos
default-search-cluster.auth-principal=fusion@MYORG.ORG
default-search-cluster.auth-keytab=/path-to-file/keytab.kt

      • Basic authentication: – Specify the authentication type (basic), the username of the Solr user to use for authentication, and the password of that user:

        default-search-cluster.auth-type=basic
default-search-cluster.auth-user=admin
default-search-cluster.auth-password=admin-password

        The Solr user must be the admin user or a different user with full administrative privileges.

        Fusion doesn’t support Solr authorization plugins.

    3. Edit the fusion.cors file:

      1. Uncomment and change the value of this property to point to an external ZooKeeper:

        # default.zk.connect = localhost:9983

      2. Uncomment and change the value of this property to use an external SolrCloud cluster:

        # default.solrZk.connect = localhost:2181/solr-zk-namespace

      3. Remove zookeeper and solr from the group.default property:

        group.default = api, connectors, ui

      4. Add a configuration property for the path to the initial-bootstrap properties file:

        initial-bootstrap-properties-path = /tmp/fusion-bootstrap.properties

    4. Change your working directory to the directory that contains the Fusion binaries:

      $ cd ~/{path_to}https://FUSION_HOST:FUSION_PORT/bin

    5. Bootstrap Fusion:

      ./fusion start

    6. After Fusion starts:

      1. Delete the initial-bootstrap properties file:

        $ rm /tmp/fusion-bootstrap.properties

      2. Edit the fusion.cors (fusion.properties in Fusion 4.x) file to remove the entry for the initial-bootstrap properties file:

        initial-bootstrap-properties-path = /tmp/fusion-bootstrap.properties

    Other SolrCloud Cluster

    You can secure an external SolrCloud cluster with Kerberos or basic authentication, and then configure Fusion to communicate securely with the cluster.

    Prerequisite

    Prerequisite: Secure the default search cluster. Use either Solr’s Basic Authentication Plugin or Kerberos Authentication Plugin.

    Add the secure SolrCloud cluster in the Fusion UI (Basic Auth)

    1. log in to the Fusion UI as the user admin.

    2. Click System > Home > System > Solr Clusters > New Solr Cluster.

    3. Click Advanced.

    4. Specify the required values ID and Connect String. Under Solr Cluster Authentication, check include. Choose Authentication Type basic, and specify a username and password for authentication.

    5. Click Save new.

    Add the secure SolrCloud cluster in the Fusion UI (Kerberos)

    1. log in to the Fusion UI as the user admin.

    2. Click System > Home > System > Solr Clusters > New Solr Cluster.

    3. Click Advanced.

    4. Specify the required values ID and Connect String. Under Solr Cluster Authentication, check include. Choose Authentication Type kerberos, and specify a Kerberos keytab file and Kerberos principal for authentication.

    5. Click Save new.