Documentation

Solr installations

Suggest Edits

ℹ️

Note

As of version 23.1, Solr is deprecated. EPM-UL no longer supports installing Solr, but features that use an existing Solr installation will continue to work.

Solr can be used to index Endpoint Privilege Management for Unix and Linux I/O logs to provide improved search capability. Indexing can be done on the I/O log files on the Endpoint Privilege Management for Unix and Linux log server.

Installation considerations

Solr is installed in a user-defined directory, and logs to a second user-defined directory. The defaults are /opt/pbul-Solr and /var/log/Solr.

Supported platforms

Solr is supported on various Linux, AIX, HPUX and Solaris platfoms.

ℹ️

Note

For more information on the specific platforms supported, see the Endpoint Privilege Management for Unix and Linux Supported platforms.

Solr Java requirements

  • Solr 4.1 (included)
  • Java 1.6+ JRE or JDK

System requirements

  • Disk: pmul Solr 4.1: 18MB
  • Disk: Java 1.7: 58MB
  • RAM: Solr - 2GB dedicated
  • RAM: Java 1.7 - 64MB

Unix/Linux utilities

The Endpoint Privilege Management for Unix and Linux installer requires the following Unix and Linux utilities and built-in commands:

awkcutgetoptpssortunset
basenamedategreppwdsttyvi
catdiffidreadtarwc
cddirnamekillrmteexargs
chmoddflsrmdirtouch 
chownechomkdirsedtr 
cksumevalmoresettrap 
clearexecmvshiftumask 
cpexportodsleepuname 

System file modifications

AIX: /etc/inittab modified, backed up prior as inittab.bak.####.

SSL certificates and search interface

Solr can be installed with either BeyondInsight, or BeyondInsight for Unix and Linux. At this time, Solr cannot work with both, and cannot be changed from working with one to working with the other.

Prerequisites when installing with BeyondInsight

Obtain the BeyondInsight Cert and CA files by copying the certificates from the BeyondInsight Windows Server machine to the Solr host machine:

  1. Start the BeyondInsight Configuration Tool on the BeyondInsight Windows Server machine.

    An image of the Generate Certificate Zip option in the BeyondInsight Configuration Tool.

  2. Click Generate Certificate Zip in the BeyondInsight Configuration Tool.

    An image of the Zip File Info screen in the BeyondInsight Configuration Tool.

  3. Select the output folder for the ZIP file and a password to apply to the exported .pfx file. This password is not used during the Solr install.

  4. Select a folder where you can securely copy the file, and move it to your Unix or Linux server where you are planning to install Solr.

Command line options

When installing with BeyondInsight, an installation menu can be used to specify all options. When installing with BeyondInsight for Unix and Linux, or with manually generated certificates, the -M option at a minimum must be specified on the command line. Other options are available both on the command line and via menu.

Options for use with BeyondInsight

OptionDescription
-a rcsuserSpecify RCS Admin user.
-A fileSpecify file containing rcs admin password.
-sConfigure local pb.settings.
-rRe-install with BeyondInsight, without generating new certificates.

Options for use with BeyondInsight for Unix and Linux

OptionDescription
-MInstall via BeyondInsight for Unix and Linux (skip BeyondInsight registration and certficates).
-KFilename of SSL Server certificate PEM file containing the private key.
May also contain the public certificate.
-kFilename of SSL Server certificate PEM file containing public certificate.
-CFilename of any CA certificate PEM file containing the CA public certificate.
May be used multiple time for multiple CA files.
-oFully qualified path for openssl.

Command options

OptionDescription
-b basedirSet Solr installation base directory.
-p portSet Solr/jetty port.
-j javahome Set JAVA_HOME.
-u userSet Solr user.
-cIf specified, create Solr user.
-I uidIf creating Solr user, specify the UID.
-G gidIf creating Solr user, specify the GID.
-iConfigure init script/SMF/inittab.
-l logdirSpecify Solr log directory.
a rcsuerSpecificy RCS Admin user.
sConfigure local pb.settings.
A fileSpecify file containing the RCS admin password.
-P fileSpecify file containing java keystore password.
MInstall via PBSMC (skip BI registration and certificates).
KSpecify the filename of the SSL server certificate PEM file containing the private key.
This may also contain the public key.
kSpecify the filename of any CA certifcate PEM file contain the CA public certificate.
This filename may be used multiple times for multiple CA files.
oSpecify the fully qualified path for openssl.
t tmpdirSpecify the TMPDIR directory for Solrinstall temporary files.
rRe-install.
-qQuiet mode.
-hDisplay help.

Installation

ℹ️

Note

As of version 23.1, Solr is deprecated. EPM-UL no longer supports installing Solr, but features that use an existing Solr installation will continue to work.

Solr is provided as a tarball named pmul-Solr_multiarch-{version}.tar.Z. As root:

  1. Make sure you have Java 1.6+ installed and know the home directory of Java.

  2. Create directory /opt/beyondtrust and cd to that directory.

  3. Extract the Solr installation files:

    # gunzip -c pmul-Solr_multiarch-{version}.tar.Z | tar xvf -

  4. Navigate to the install directory:

    # cd powerbroker-Solr/v7.5/install

  5. Copy the file certificate.zip generated by BeyondInsight.

  6. Start the Solrinstall script with the following command; Solrinstall has no command line options:

    # ./Solrinstall

    The Solrinstall menu displays options similar to the following:

Solr Installation Menu
OptDescription[Value]
1Solr installation directory[/opt/pbul-Solr]
2Solr SSL port number[8443]
3JAVA_HOME environmental variable[/usr/java/jre1.7.0_40]
4Solr user[Solr]
5Create Solr user?[yes]
6Solr user UID[]
7Solr user GID[]
8Configure init?[yes]
9Solr log directory[/var/log/Solr]
10BeyondInsight certificate admin user name[administrator]*
11Configure local pb.settings with Solr[no]
C to continue, X to exit
Please enter a menu option
  1. During the install, you are prompted for the keystore password:

Enter a keystore password (minimum 6 characters).

ℹ️

Note

This is a new password you must provide. Enter this password during the Post-Install when you import the Solr certificates using the BeyondInsight Configuration Tool.

ℹ️

Note

For more information, see Prerequisites when installing with BeyondInsight.

Menu options

1. PowerBroker Solr installation directory

This is the directory where the Solr installation files are placed. The default value is /opt/pbul-Solr.

2. Solr port number

The port number to be used for the Solr service. The default is 8983.

3. JAVA_HOME environmental variable

The value of $JAVA_HOME. This is set if environmental variable $JAVA_HOME is set. Prior to installation, $JAVA_HOME/bin/java is tested for version compatibility.

4. Solr user

The non-root user that runs the Solr server. The default is Solr. If user Solr does not exist, the menu displays options 5, 6, and 7 specifying whether to create the Solr user, and optionally specifying the uid/gid. The Solr user requires bash shell in order to run the Solr (jetty) startup script.

8. Configure init (Linux/HP-UX; AIX uses inittab, Solaris 10+ uses SMF)

Solr startup and shutdown are accomplished via init. Selecting yes to this menu option configures init to startup and shutdown Solr.

9. Solr log directory

This is the directory where the Solr log files are placed. The default value is /var/log/Solr (Linux). Other operating systems may use /var/adm or /usr/adm rather than /var/log.

10. BeyondInsight Certificate Administrator user name

The BeyondInsight Admin user; admin user password is prompted for.

11. Configure local pb.settings with Solr

Answering yes configures the local pb.settings file with the Solr related keywords, configured for this Solr installation. The keywords are:

  • Solrhost
  • Solrport
  • Solrcafile
  • Solrclientkeyfile
  • Solrclientcertfile

Post-install when installing with BeyondInsight

ℹ️

Note

As of version 23.1, Solr is deprecated. EPM-UL no longer supports installing Solr, but features that use an existing Solr installation will continue to work.

After Solrinstall has installed and started Solr, Solr is registered with BeyondInsight.

To give the Solr server a heartbeat, a script called pbrcsSolrupdate is launched at the Solr installation, and with each restart of Solr services (jetty), where a Solr asset update event is sent to BeyondInsight daily.

Follow the instructions as listed after a successful Solr install are displayed at the end of the installation.

In order for the log server and policy server hosts to communicate with this Solr server, for indexing Endpoint Privilege Management for Unix and Linux I/O log data, you must do the following:

  1. On your BeyondInsight Windows server, start the BeyondInsight Configuration Tool.

    An image of the Import Certificates option in the BeyondInsight Configuration Tool.

  2. Click Import Certificates to import the certificates created during the Solr install and grant privileges to the certificates for use by the Solr search.

    An image of the Zip File Info screen in the BeyondInsight Configuration Tool.

  3. Enter the password that you provided when you created the Certificates ZIP file.

  4. Securely copy the following files from /opt/pbul-Solr/etc to a secure directory on the Endpoint Privilege Management for Unix and Linux policy server and log server hosts:

    • Solr..client.pem
    • Solr..ssl.CA.pem

ℹ️

Note

A tarball (Solr.${shorthostname}.pbsettings.tar) is created with the certificate files and related settings, for convenient copying to other hosts. When the tarball is extracted from the root directory, the certificate files and Solr.pb.settings are placed in /etc/. The settings contained in /etc/Solr.pb.settings must be manually merged into /etc/pb.settings.

  1. In pb.settings of the policy server or log server hosts, add the following parameters:
Solrhost <host>
Solrport 8443
Solrcafile <secure_directory>/Solr.<host>.ssl.CA.pem
Solrclientkeyfile <secure_directory>/Solr.<host>.client.pem
Solrclientcertfile <secure_directory>/Solr.<host>.client.pem

ℹ️

Note

A tarball (Solr.${shorthostname}.pbsettings.tar) is created with the certificate files and related settings, for convenient copying to other hosts. When the tarball is extracted from the root directory, the certificate files and Solr.pb.settings are placed in /etc/. The settings contained in /etc/Solr.pb.settings must be manually merged into /etc/pb.settings.

Re-installation when installing with BeyondInsight

ℹ️

Note

As of version 23.1, Solr is deprecated. EPM-UL no longer supports installing Solr, but features that use an existing Solr installation will continue to work.

Starting with v9.4, when re-installing Solr, the installation script recognizes that certificates have already been generated, and the registration with BeyondInsight is skipped. This prevents regeneration of certificates by BeyondInsight. In the case where regeneration of certificates is desired, the certificates must be manually cleared from BeyondInsight, and removed from the etc directory of the Solr installation (default: /opt/pbul-Solr/etc).

Solr uninstall

As root:

  1. Create directory /opt/beyondtrust and cd to that directory.

  2. Extract the Solr installation files:

    # gunzip –c pmul-Solr_multiarch-{version}.tar.Z | tar xvf –

  3. Navigate to the install directory:

    # cd /opt/beyondtrust/powerbroker-Solr/v7.5/install

  4. Start the Solruninstall script with either of the following commands; Solruninstall has 1 command line option:

    # ./Solruninstall

    # ./Solruninstall –clean

Updated 13 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.