Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Solr Permission denied with OpenLDAP + Open-Source Ranger example #2

Closed
heng2j opened this issue Mar 2, 2023 · 3 comments
Closed

Solr Permission denied with OpenLDAP + Open-Source Ranger example #2

heng2j opened this issue Mar 2, 2023 · 3 comments

Comments

@heng2j
Copy link

heng2j commented Mar 2, 2023

Hi Laurence,

Thank you so much for putting together this wonderful repo and the tutorial on DZone. I am following the "Apache Ranger and AWS EMR Automated Installation and Integration Series (4): OpenLDAP + Open-Source Ranger", and I got stuck on step 2.3.3 Install Ranger with permission denied on starting Solr.

Here the log output of what I am seeing now.

======================================================================================    INIT SOLR AS RANGER AUDIT STORE    ======================================================================================

Fri Mar  3 00:13:18 CST 2023|INFO|Solr Ranger Home </opt/solr/ranger_audit_server> exists. Will overwrite configurations
Fri Mar  3 00:13:18 CST 2023|INFO|Configuring standalone instance
Fri Mar  3 00:13:18 CST 2023|INFO|Copying Ranger Audit Server configuration to /opt/solr/ranger_audit_server
Fri Mar  3 00:13:18 CST 2023|INFO|Done configuring Solr for Apache Ranger Audit
Fri Mar  3 00:13:18 CST 2023|INFO|Solr HOME for Ranger Audit is /opt/solr/ranger_audit_server
Fri Mar  3 00:13:18 CST 2023|INFO|Data folder for Audit logs is /opt/solr/ranger_audit_server/data
Fri Mar  3 00:13:18 CST 2023|INFO|To start Solr run /opt/solr/ranger_audit_server/scripts/start_solr.sh
Fri Mar  3 00:13:18 CST 2023|INFO|To stop Solr run /opt/solr/ranger_audit_server/scripts/stop_solr.sh
Fri Mar  3 00:13:18 CST 2023|INFO|After starting Solr for RangerAudit, it will listen at 8983. E.g http://ip-____.ec2.internal:8983
Fri Mar  3 00:13:18 CST 2023|INFO|Configure Ranger to use the following URL http://ip-____.ec2.internal:8983/solr/ranger_audits
Fri Mar  3 00:13:18 CST 2023|INFO| ** NOTE: If Solr is Secured then solrclient JAAS configuration has to be added to Ranger Admin and Ranger Plugin properties
Fri Mar  3 00:13:18 CST 2023|INFO| ** Refer documentation on how to configure Ranger for audit to Secure Solr
########## Done ###################
Created file /opt/solr/ranger_audit_server/install_notes.txt with instructions to start and stop
###################################
No process found for Solr node running on port 8983
/opt/solr/bin/solr: line 2246: /opt/solr/bin/solr-8983.pid: Permission denied
Warning: Available entropy is low. As a result, use of the UUIDField, SSL, or any other features that require
RNG might not work properly. To check for the amount of available entropy, use 'cat /proc/sys/kernel/random/entropy_avail'.

Waiting up to 180 seconds to see Solr running on port 8983 [\]  Still not seeing Solr listening on 8983 after 180 seconds!
tail: cannot open ‘/var/log/solr/ranger_audits/solr.log’ for reading: No such file or directory
    
============================================================================    TEST SOLR CONNECTIVITY    ============================================================================

I was running the following shell command on my Ranger server EC2 instance.

sudo sh ./ranger-emr-cli-installer/bin/setup.sh install-ranger \
    --region "$REGION" \
    --access-key-id "$ACCESS_KEY_ID" \
    --secret-access-key "$SECRET_ACCESS_KEY" \
    --solution 'open-source' \
    --auth-provider 'openldap' \
    --openldap-host "$OPENLDAP_HOST" \
    --openldap-base-dn 'dc=example,dc=com' \
    --ranger-bind-dn 'cn=ranger,ou=services,dc=example,dc=com' \
    --ranger-bind-password 'Admin1234!' \
    --openldap-user-dn-pattern 'uid={0},ou=users,dc=example,dc=com' \
    --openldap-group-search-filter '(member=uid={0},ou=users,dc=example,dc=com)' \
    --openldap-user-object-class 'inetOrgPerson'

My shell script and linux permissions are rusty, so any insights or recommendation on how to solve this problem will be great.

Thank you,
Heng
@heng2j
Copy link
Author

heng2j commented Mar 2, 2023

The issue may not due to permissions, since I just changed the permissions for the entire /opt/solr/ folder.

By looking at the /var/log/solr/ranger_audits/solr-8983-console.log the issue may due to lack of memory in my t2.micro instance.

OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00000000a0000000, 1610612736, 0) failed; error='Cannot allocate memory' (errno=12)
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (mmap) failed to map 1610612736 bytes for committing reserved memory.
# An error report file with more information is saved as:
# /opt/solr-8.6.2/server/hs_err_pid20672.log

@bluishglc
Copy link
Owner

hi @heng2j , it seems your host has no enough memory to start solr. it is recommended that 4 vCore / 16 GB or above.

@heng2j
Copy link
Author

heng2j commented Mar 21, 2023

Yes indeed @bluishglc! Thank you for your confirmation.

@heng2j heng2j closed this as completed Mar 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bluishglc @heng2j