Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.2, 6.0
    • Component/s: None
    • Labels:
      None

      Description

      We should provide some examples of running Solr+Jetty with SSL enabled, and have some basic tests using jetty over SSL

      1. SOLR-4394__phase2.patch
        17 kB
        Hoss Man
      2. SOLR-4394.patch
        14 kB
        Hoss Man
      3. SOLR-4394.patch
        14 kB
        Hoss Man
      4. SOLR-4394.patch
        12 kB
        Hoss Man

        Issue Links

          Activity

          Hide
          Hoss Man added a comment -

          Patch with the basics. After applying this patch you need to run the following commends to generate the keystore...

          cd solr/example/etc/ && ./create-solrtest.keystore.sh
          

          (The keystore file can be committed in SVN, but as a binary file it can't be part of hte patch)

          There is still a nocommit to randomize if/when we use SSL, and also some TODOs – in particular arround whether we ant to consider promoting the SSL test logic up to SolrJettyTestBase so it's (randomly) used in more tests, but i wanted to put this out there as a starting point for discussion. (and because i'm going offline for a week on vacation and i don't wnat to lose track of what i was doing)

          If/when we get basics like this committed, we can then move towards some SSL related cloud tests for SOLR-3854

          Show
          Hoss Man added a comment - Patch with the basics. After applying this patch you need to run the following commends to generate the keystore... cd solr/example/etc/ && ./create-solrtest.keystore.sh (The keystore file can be committed in SVN, but as a binary file it can't be part of hte patch) There is still a nocommit to randomize if/when we use SSL, and also some TODOs – in particular arround whether we ant to consider promoting the SSL test logic up to SolrJettyTestBase so it's (randomly) used in more tests, but i wanted to put this out there as a starting point for discussion. (and because i'm going offline for a week on vacation and i don't wnat to lose track of what i was doing) If/when we get basics like this committed, we can then move towards some SSL related cloud tests for SOLR-3854
          Hide
          Hoss Man added a comment -

          revised patch...

          • fixes nocommit by randomizing when we use SSL (50%)
          • only randomize SSL if none of the ssl related properties have already been explicitly set
          • improve cleanup of properties that get set when randomizing ssl
          • if the random logic decides to use ssl, then 50% of the time randomly require client auth

          The client auth changes make this patch dependent on the changes in SOLR-4451 (using SystemDefaultHttpClient so solrj's httpclient pays attention to the javax.* props)

          there is still a TODO about promoting the SSL randomization code up into SolrJettyTestBase, but i think it would be best to commit as is and let it soak for a few days and see if anyone notices problems running tests before randomizing SSL across all jetty related tests.

          Show
          Hoss Man added a comment - revised patch... fixes nocommit by randomizing when we use SSL (50%) only randomize SSL if none of the ssl related properties have already been explicitly set improve cleanup of properties that get set when randomizing ssl if the random logic decides to use ssl, then 50% of the time randomly require client auth The client auth changes make this patch dependent on the changes in SOLR-4451 (using SystemDefaultHttpClient so solrj's httpclient pays attention to the javax.* props) there is still a TODO about promoting the SSL randomization code up into SolrJettyTestBase, but i think it would be best to commit as is and let it soak for a few days and see if anyone notices problems running tests before randomizing SSL across all jetty related tests.
          Hide
          Hoss Man added a comment -

          minor improvement based on something that haunted me in my dreams: don't silently ignore the choice to ignore ssl if the keystore doesn't exist – instead fail the test.

          Show
          Hoss Man added a comment - minor improvement based on something that haunted me in my dreams: don't silently ignore the choice to ignore ssl if the keystore doesn't exist – instead fail the test.
          Hide
          Hoss Man added a comment -

          Committed revision 1445971.

          current state commited to trunk. my plan is to let this soak for a few days, make sure there no weird problems show up from using/setting these javax.* sys properties on any systems i don't have personal access to.

          assuming all goes well, i'll refactor the SSL randomization up to SolrJettyTestBase and merge back to 4x.

          Show
          Hoss Man added a comment - Committed revision 1445971. current state commited to trunk. my plan is to let this soak for a few days, make sure there no weird problems show up from using/setting these javax.* sys properties on any systems i don't have personal access to. assuming all goes well, i'll refactor the SSL randomization up to SolrJettyTestBase and merge back to 4x.
          Hide
          Commit Tag Bot added a comment -

          [trunk commit] Chris M. Hostetter
          http://svn.apache.org/viewvc?view=revision&revision=1445971

          SOLR-4394: Tests and example configs demonstrating SSL with both server and client certs

          Show
          Commit Tag Bot added a comment - [trunk commit] Chris M. Hostetter http://svn.apache.org/viewvc?view=revision&revision=1445971 SOLR-4394 : Tests and example configs demonstrating SSL with both server and client certs
          Hide
          Hoss Man added a comment -

          Phase #2: promotes SSL randomization logic up to SolrJettyTestBase so all (non-distributed) jetty tests now randomly use SSL.

          i think this is solid, and ready to commit & backport to 4x

          Show
          Hoss Man added a comment - Phase #2: promotes SSL randomization logic up to SolrJettyTestBase so all (non-distributed) jetty tests now randomly use SSL. i think this is solid, and ready to commit & backport to 4x
          Hide
          Hoss Man added a comment -

          phase#2 patch committed to trunk: r1447885

          CHANGES.txt updated on trunk to reflect 4x backmerge: r1447952

          merge r1445971 + r1447885 + r1447952 to 4x: r1447956

          Show
          Hoss Man added a comment - phase#2 patch committed to trunk: r1447885 CHANGES.txt updated on trunk to reflect 4x backmerge: r1447952 merge r1445971 + r1447885 + r1447952 to 4x: r1447956
          Hide
          Commit Tag Bot added a comment -

          [branch_4x commit] Chris M. Hostetter
          http://svn.apache.org/viewvc?view=revision&revision=1447956

          SOLR-4394: Tests and example configs demonstrating SSL with both server and client certs (merge r1445971 + r1447885 + r1447952)

          Show
          Commit Tag Bot added a comment - [branch_4x commit] Chris M. Hostetter http://svn.apache.org/viewvc?view=revision&revision=1447956 SOLR-4394 : Tests and example configs demonstrating SSL with both server and client certs (merge r1445971 + r1447885 + r1447952)
          Hide
          Commit Tag Bot added a comment -

          [trunk commit] Chris M. Hostetter
          http://svn.apache.org/viewvc?view=revision&revision=1447952

          SOLR-4394: move CHANGES entry in prep for backporting

          Show
          Commit Tag Bot added a comment - [trunk commit] Chris M. Hostetter http://svn.apache.org/viewvc?view=revision&revision=1447952 SOLR-4394 : move CHANGES entry in prep for backporting
          Hide
          Commit Tag Bot added a comment -

          [trunk commit] Chris M. Hostetter
          http://svn.apache.org/viewvc?view=revision&revision=1447885

          SOLR-4394: phase 2, promoted SSL randomization logic up to SolrJettyTestBase

          Show
          Commit Tag Bot added a comment - [trunk commit] Chris M. Hostetter http://svn.apache.org/viewvc?view=revision&revision=1447885 SOLR-4394 : phase 2, promoted SSL randomization logic up to SolrJettyTestBase
          Hide
          Ludovic Boutros added a comment -

          Hi Hoss Man,

          Since the commit in the branch 4x, I have some trouble to run my unit tests which extends the SolrJettyTestBase.
          The TEST_KEYSTORE variable initialization is crashing with an NPE in the loop:

          ExternalPaths.java
          static String determineSourceHome() {
              // ugly, ugly hack to determine the example home without depending on the CWD
              // this is needed for example/multicore tests which reside outside the classpath
              File file;
              try {
                file = new File("solr/conf");
                if (!file.exists()) {
                  file = new File(Thread.currentThread().getContextClassLoader().getResource("solr/conf").toURI());
                }
              } catch (Exception e) {
                // If there is no "solr/conf" in the classpath, fall back to searching from the current directory.
                file = new File(".");
              }
              File base = file.getAbsoluteFile();
              while (!new File(base, "solr/CHANGES.txt").exists()) {
                base = base.getParentFile();
              }
              return new File(base, "solr/").getAbsolutePath();
            }
          

          Could you please create a public function getKeyStore that I could bypass like the getSolrHome function ?

          Show
          Ludovic Boutros added a comment - Hi Hoss Man, Since the commit in the branch 4x, I have some trouble to run my unit tests which extends the SolrJettyTestBase. The TEST_KEYSTORE variable initialization is crashing with an NPE in the loop: ExternalPaths.java static String determineSourceHome() { // ugly, ugly hack to determine the example home without depending on the CWD // this is needed for example/multicore tests which reside outside the classpath File file; try { file = new File( "solr/conf" ); if (!file.exists()) { file = new File( Thread .currentThread().getContextClassLoader().getResource( "solr/conf" ).toURI()); } } catch (Exception e) { // If there is no "solr/conf" in the classpath, fall back to searching from the current directory. file = new File( "." ); } File base = file.getAbsoluteFile(); while (! new File(base, "solr/CHANGES.txt" ).exists()) { base = base.getParentFile(); } return new File(base, "solr/" ).getAbsolutePath(); } Could you please create a public function getKeyStore that I could bypass like the getSolrHome function ?
          Hide
          Uwe Schindler added a comment -

          Closed after release.

          Show
          Uwe Schindler added a comment - Closed after release.

            People

            • Assignee:
              Hoss Man
              Reporter:
              Hoss Man
            • Votes:
              3 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development