-- solr plugin

SOLR_KERB_PRINCIPAL=HTTP/${SOLR_HOST}@EXAMPLE.COM
SOLR_KERB_KEYTAB=/etc/security/keytabs/solr-spnego.service.keytab
SOLR_JAAS_FILE=/opt/lucidworks-hdpsearch/solr/bin/jaas.conf

SOLR_AUTHENTICATION_CLIENT_CONFIGURER=org.apache.solr.client.solrj.impl.Krb5HttpCli
entConfigurer

SOLR_AUTHENTICATION_OPTS="
-DauthenticationPlugin=org.apache.solr.security.KerberosPlugin

/opt/lucidworks-hdpsearch/solr/server/scripts/cloud-scripts/zkcli.sh -server
m107.example.com:2181,m105.example.com:2181,m104.example.com:2181

m107.example.com:2181,m105.example.com:2181,m104.example.com:2181

set /solr/security.json {"authentication":

{"class":"org.apache.solr.security.KerberosPlugin"},"authorization":
{"class":"org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"}}

/opt/lucidworks-hdpsearch/solr/server/scripts/cloud-scripts/zkcli.sh -zkhost
m107.example.com:2181,m105.example.com:2181,m104.example.com:2181 -cmd put
/solr/security.json '{"authentication":
{"class":"org.apache.solr.security.KerberosPlugin"},"authorization":
{"class":"org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"}}'

get /solr/security.json
rmr /solr/security.json

-- original
{"authentication":{"class": "org.apache.solr.security.KerberosPlugin"}}
cZxid = 0x300000191
ctime = Tue May 29 17:19:58 EDT 2018
mZxid = 0x500000f50
mtime = Wed May 30 13:43:18 EDT 2018
pZxid = 0x300000191
cversion = 0
dataVersion = 17
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 71
numChildren = 0

dataprevpoc_solr
/opt/lucidworks-hdpsearch/solr/server

-- jas original
Client {
com.sun.security.auth.module.Krb5LoginModule required
 useKeyTab=true
keyTab="/etc/security/keytabs/solr.service.keytab"
storeKey=true
useTicketCache=false
debug=false
principal="solr/m105.example.com@EXAMPLE.COM";

https://community.hortonworks.com/articles/55429/installing-apache-ranger-with-
ambari-postgresql.html.
https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+Installation
#ApacheRanger0.5.0Installation-EnablingRangerSolrPlugin

kdestroy; kinit -kt /etc/security/keytabs/solr.service.keytab

solr/m108.example.com@EXAMPLE.COM; curl --negotiate -u : -i
'http://m105.example.com:8983/solr/collection1_shard2_replica1/select?
q=*:*&wt=json&indent=true'

kdestroy; kinit -kt /etc/security/keytabs/hbase.service.keytab

hbase/m108.example.com@EXAMPLE.COM; curl --negotiate -u : -i
'http://m105.example.com:8983/solr/collection1_shard2_replica1/select?
q=*:*&wt=json&indent=true'

xasecure.audit.jaas.Client.option.useKeyTab=true   
xasecure.audit.jaas.Client.option.storeKey=false    
xasecure.audit.jaas.Client.option.serviceName=Infra    
xasecure.audit.jaas.Client.option.principal=infra-solr/m104.example.com@EXAMPLE.COM
xasecure.audit.jaas.Client.option.keyTab=/etc/security/keytabs/ambari-infra-
solr.service.keytab
xasecure.audit.jaas.Client.loginModuleName=com.sun.security.auth.module.Krb5LoginMo
dule    
xasecure.audit.jaas.Client.loginModuleControlFlag=required
xasecure.audit.destination.solr.force.use.inmemory.jaas.config=true

https://community.hortonworks.com/questions/61392/ranger-solr-plugin-cant-work.html
https://community.hortonworks.com/questions/32410/making-the-ranger-solr-plugin-
work-with-ha-hdfs.html

--add no solr.in.sh
/opt/lucidworks-hdpsearch/solr/server/scripts/cloud-scripts/zkcli.sh -zkhost
m107.example.com:2181,m105.example.com:2181,m104.example.com:2181 -cmd put
/solr/security.json '{"authentication":
{"class":"org.apache.solr.security.KerberosPlugin"},"authorization":
{"class":"org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"}}'