Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13510

Intermittent 401's for internode requests with basicauth enabled

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: master (9.0)
    • Fix Version/s: master (9.0), 8.2, 8.1.2
    • Component/s: Authentication
    • Labels:
      None

      Description

      We recently got a bug report on the mailing list:

      On Solr 8.1.1, using our previously working security.json, running queries
      (through the admin UI currently) I non-deterministically get 401 responses
      on queries when a collection has more than 1 shard. Increasing the number
      of shards in the collection makes the errors more likely.

      {
      "responseHeader":{
      "zkConnected":true,
      "status":401,
      "QTime":30,
      "params":{
      "q":":",
      "_":"1559474550365"}},
      "error":{
      "metadata":[

      "error-class","org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException",

      "root-error-class","org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException"],
      "msg":"Error from server at null: Expected mime type
      application/octet-stream but got text/html. <html>\n<head>\n<meta
      http-equiv=\"Content-Type\"
      content=\"text/html;charset=utf-8\"/>\n<title>Error 401 require
      authentication</title>\n</head>\n<body><h2>HTTP ERROR 401</h2>\n<p>Problem
      accessing /solr/gettingstarted_shard4_replica_n6/select. Reason:\n<pre>
      require authentication</pre></p>\n</body>\n</html>\n",
      "code":401}}

      The reporter (credit to Colvin Cowie) also gives reproduction steps:

      1. Extract solr 8.1.1.
      2. bin\solr start -e cloud
        1 node / [default port] / [default collection name] / 4 shards / 1
        replica / [_default configuration]
      3. server\scripts\cloud-scripts\zkcli -zkhost localhost:9983 -cmd putfile
        /security.json <path-to-security-json-file-with-content-below>

      {
      "authentication": {
      "blockUnknown": true,
      "class": "solr.BasicAuthPlugin",
      "credentials":

      Unknown macro: { "solradmin"}

      },
      "authorization": {
      "class": "solr.RuleBasedAuthorizationPlugin",
      "permissions": [

      Unknown macro: { "name"}

      ],
      "user-role":

      Unknown macro: {"solradmin"}

      }
      }

      (Minor edits for conciseness)

      I'm able to reproduce this bug as well. Other auth issues (SOLR-13472) look like they're impacted by the topography of the collection and cluster. But this doesn't seem affected by that at all (401's occur on inter-node requests regardless of the recipient of the initial request, and even when all nodes have a shard replica).

        Attachments

        1. SOLR-13510.patch
          6 kB
          Cao Manh Dat

          Issue Links

            Activity

              People

              • Assignee:
                caomanhdat Cao Manh Dat
                Reporter:
                gerlowskija Jason Gerlowski
              • Votes:
                0 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: