Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13510

Intermittent 401's for internode requests with basicauth enabled

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 9.0
    • 8.1.2, 8.2, 9.0
    • Authentication
    • None

    Description

      We recently got a bug report on the mailing list:

      On Solr 8.1.1, using our previously working security.json, running queries
      (through the admin UI currently) I non-deterministically get 401 responses
      on queries when a collection has more than 1 shard. Increasing the number
      of shards in the collection makes the errors more likely.

      {
      "responseHeader":{
      "zkConnected":true,
      "status":401,
      "QTime":30,
      "params":{
      "q":":",
      "_":"1559474550365"}},
      "error":{
      "metadata":[

      "error-class","org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException",

      "root-error-class","org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException"],
      "msg":"Error from server at null: Expected mime type
      application/octet-stream but got text/html. <html>\n<head>\n<meta
      http-equiv=\"Content-Type\"
      content=\"text/html;charset=utf-8\"/>\n<title>Error 401 require
      authentication</title>\n</head>\n<body><h2>HTTP ERROR 401</h2>\n<p>Problem
      accessing /solr/gettingstarted_shard4_replica_n6/select. Reason:\n<pre>
      require authentication</pre></p>\n</body>\n</html>\n",
      "code":401}}

      The reporter (credit to Colvin Cowie) also gives reproduction steps:

      1. Extract solr 8.1.1.
      2. bin\solr start -e cloud
        1 node / [default port] / [default collection name] / 4 shards / 1
        replica / [_default configuration]
      3. server\scripts\cloud-scripts\zkcli -zkhost localhost:9983 -cmd putfile
        /security.json <path-to-security-json-file-with-content-below>

      {
      "authentication": {
      "blockUnknown": true,
      "class": "solr.BasicAuthPlugin",
      "credentials":

      Unknown macro: { "solradmin"}

      },
      "authorization": {
      "class": "solr.RuleBasedAuthorizationPlugin",
      "permissions": [

      Unknown macro: { "name"}

      ],
      "user-role":

      Unknown macro: {"solradmin"}

      }
      }

      (Minor edits for conciseness)

      I'm able to reproduce this bug as well. Other auth issues (SOLR-13472) look like they're impacted by the topography of the collection and cluster. But this doesn't seem affected by that at all (401's occur on inter-node requests regardless of the recipient of the initial request, and even when all nodes have a shard replica).

      Attachments

        1. SOLR-13510.patch
          6 kB
          Cao Manh Dat

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. SOLR-13421 Intermittent error 401 with JSON Facet query to retrieve count all collections

          • Major - Major loss of function.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. SOLR-13526 BasicAuthIntegrationTest and JWTAuthIntegrationTest fails metrics tests

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. SOLR-14569 Configuring a shardHandlerFactory on the /select requestHandler results in HTTP 401 when searching on alias in secured Solr

          • Major - Major loss of function.
          • Closed

          Activity

            People

              caomanhdat Cao Manh Dat
              gerlowskija Jason Gerlowski
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: