From 5863aa85688c96b4dea29fe7cf863475b4105721 Mon Sep 17 00:00:00 2001
From: ramk <ramk@cloudera.com>
Date: Sun, 14 Jun 2026 13:19:37 +0530
Subject: [PATCH] RANGER-5643: Fix docker Kerberos for Solr audit dispatcher

Use Solr FQDN in dispatcher site XML for SPNEGO and align Solr
kerberos.cookie.domain with HTTP/ranger-solr.rangernw@REALM.

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 .../audit-dispatcher/ranger-audit-dispatcher-solr-site.xml    | 2 +-
 dev-support/ranger-docker/scripts/solr/ranger-solr.sh         | 2 +-
 dev-support/ranger-docker/scripts/solr/solr-security.json     | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/dev-support/ranger-docker/scripts/audit-dispatcher/ranger-audit-dispatcher-solr-site.xml b/dev-support/ranger-docker/scripts/audit-dispatcher/ranger-audit-dispatcher-solr-site.xml
index f051edce16..3f19c69a99 100644
--- a/dev-support/ranger-docker/scripts/audit-dispatcher/ranger-audit-dispatcher-solr-site.xml
+++ b/dev-support/ranger-docker/scripts/audit-dispatcher/ranger-audit-dispatcher-solr-site.xml
@@ -106,7 +106,7 @@
     <!-- SOLR DESTINATION CONFIGURATION -->
     <property>
         <name>xasecure.audit.destination.solr.urls</name>
-        <value>http://ranger-solr:8983/solr/ranger_audits</value>
+        <value>http://ranger-solr.rangernw:8983/solr/ranger_audits</value>
         <description>
             Solr URLs for audits when SolrCloud is not enabled.
             Docker supports only standalone mode for now,
diff --git a/dev-support/ranger-docker/scripts/solr/ranger-solr.sh b/dev-support/ranger-docker/scripts/solr/ranger-solr.sh
index 7284de9acc..512379b979 100755
--- a/dev-support/ranger-docker/scripts/solr/ranger-solr.sh
+++ b/dev-support/ranger-docker/scripts/solr/ranger-solr.sh
@@ -33,7 +33,7 @@ then
   KRB5_CONF="-Djava.security.krb5.conf=/etc/krb5.conf"
   KERBEROS_KEYTAB="-Dsolr.kerberos.keytab=/etc/keytabs/HTTP.keytab"
   KERBEROS_PRINCIPAL="-Dsolr.kerberos.principal=HTTP/ranger-solr.rangernw@EXAMPLE.COM"
-  COOKIE_DOMAIN="-Dsolr.kerberos.cookie.domain=ranger-solr"
+  COOKIE_DOMAIN="-Dsolr.kerberos.cookie.domain=ranger-solr.rangernw"
   KERBEROS_NAME_RULES="-Dsolr.kerberos.name.rules=RULE:[2:\$1/\$2@\$0]([ndj]n/.*@EXAMPLE\.COM)s/.*/hdfs/\
 RULE:[2:\$1/\$2@\$0]([rn]m/.*@EXAMPLE\.COM)s/.*/yarn/\
 RULE:[2:\$1/\$2@\$0](jhs/.*@EXAMPLE\.COM)s/.*/mapred/\
diff --git a/dev-support/ranger-docker/scripts/solr/solr-security.json b/dev-support/ranger-docker/scripts/solr/solr-security.json
index cf2d07cf0f..22cf3391ca 100644
--- a/dev-support/ranger-docker/scripts/solr/solr-security.json
+++ b/dev-support/ranger-docker/scripts/solr/solr-security.json
@@ -4,8 +4,8 @@
     "kerberos.principal":     "HTTP/ranger-solr.rangernw@EXAMPLE.COM",
     "kerberos.keytab":        "/etc/keytabs/HTTP.keytab",
     "kerberos.name.rules":    "RULE:[2:$1@$0](.*@EXAMPLE.COM)s/@.*//\nRULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT",
-    "kerberos.cookie.domain": "ranger-solr",
-    "cookie.domain":          "ranger-solr",
+    "kerberos.cookie.domain": "ranger-solr.rangernw",
+    "cookie.domain":          "ranger-solr.rangernw",
     "token.valid":            3600
   },
   "authorization": {