Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-9313

Solr 6.1.0 SSL, and Basic Auth - shards index failed

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Invalid
    • Affects Version/s: 6.1
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
    • Environment:

      RHEL 7.2, Solr 6.1.0, Java 1.8, zk 3.4.8

      Description

      Hi,

      This is a blocker, shards collection seeking for auth with 401 error.
      I have provided auth details in my java client then too failing to index on shards collection

      I have 2 boxes (dev01,dev02)

      Zookeeper with chroot (/solr)
      ------------------------------------
      dev01 - zoo1:2181, zoo2:2182
      dev02 - zoo3:2183

      solr jvm instances:
      -----------------------
      dev01 - solrjvm1 - 8983, solrjvm2 - 8984
      dev02 - solrjvm1 - 8983, solrjvm2 - 8984

      I enabled solr SSL channel, followed below link, i have used self signed certificate

      https://cwiki.apache.org/confluence/display/solr/Enabling+SSL

      Basic auth:
      https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin

      security.json
      ----------------
      {
      "authentication":{
      "blockUnknown": true,
      "class":"solr.BasicAuthPlugin",
      "credentials":

      {"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}

      },
      "authorization":{
      "class":"solr.RuleBasedAuthorizationPlugin",
      "user-role":

      {"solr":"admin"}

      ,
      "permissions":[

      {"name":"security-edit", "role":"admin"}

      ,

      {"name":"config-edit", "role":"admin"}

      ,

      {"name":"collection-admin-edit", "role":"admin"}

      ,

      {"name":"all", "collection":null, "path":"/*", "role":"admin"}

      ,

      {"name":"update", "collection":null, "path":"/*", "role":"admin"}

      ]
      }
      }

      Collection CREATE/DELETE via browser
      https://pcam-dev-app-01:8983/solr/admin/collections?action=DELETE&name=scdata_test
      https://pcam-dev-app-01:8983/solr/admin/collections?action=CREATE&name=scdata_test&numShards=1&replicationFactor=2&createNodeSet=pcam-dev-app-01:8983_solr,pcam-dev-app-01:8984_solr&collection.configName=scdata

      Two shards created:
      -------------------------
      scdata_test_shard1_replica1
      scdata_test_shard1_replica2

      Sample Java client
      ------------------------
      package com.test.solr.auth;

      import java.util.concurrent.TimeUnit;

      import org.apache.solr.client.solrj.SolrRequest;
      import org.apache.solr.client.solrj.impl.CloudSolrClient;
      import org.apache.solr.client.solrj.request.QueryRequest;
      import org.apache.solr.common.SolrInputDocument;

      public class SolrPopulateWithSSLAndBasicAuth {

      public SolrPopulateWithSSLAndBasicAuth() {
      }

      @SuppressWarnings("rawtypes")
      public static void main(String[] args) {
      // https://cwiki.apache.org/confluence/display/solr/Using+SolrJ
      //Standalone client
      //String urlString = "http://localhost:8983/solr/techproducts";
      //SolrClient solr = new HttpSolrClient.Builder(urlString).build();
      try {
      System.setProperty("javax.net.ssl.keyStore", "C:/Users/nbasetty/Desktop/Solr-Dev-Cluster/solr-ssl.keystore.dev01.jks");
      System.setProperty("javax.net.ssl.keyStorePassword", "secret");
      System.setProperty("javax.net.ssl.trustStore", "C:/Users/nbasetty/Desktop/Solr-Dev-Cluster/solr-ssl.keystore.dev01.jks");
      System.setProperty("javax.net.ssl.trustStorePassword", "secret");
      System.out.println(" Certificates setup done..");
      String zkHosts = "pcam-dev-app-01:2181,pcam-dev-app-01:2182,pcam-dev-app-02:2183/solr";
      CloudSolrClient solrClient = new CloudSolrClient.Builder().withZkHost(zkHosts).build();
      solrClient.setDefaultCollection("scdata_test");
      System.out.println(" ZooKeeper nodes setup done..");
      SolrRequest solrRequest = new QueryRequest();
      solrRequest.setBasicAuthCredentials("solr", "SolrRocks");
      solrClient.request(solrRequest);
      //solrClient.request(solrRequest, solrClient.getDefaultCollection());
      //QueryResponse response = solrClient.query(query, METHOD.POST);
      long start = System.nanoTime();
      for (int i = 1; i <= 500; ++i) {
      SolrInputDocument doc = new SolrInputDocument();
      doc.addField("cat_s", "book");
      doc.addField("id", "book-" + i);
      doc.addField("name_s", "The Legend of the Hobbit part " + i);
      solrClient.add(doc);
      System.out.println(" Object id : " + i);
      if (i % 100 == 0)

      { System.out.println(" Every 100 records flush it"); solrClient.commit(); // periodically flush }

      }
      solrClient.commit();
      solrClient.close();
      long end = System.nanoTime();
      long seconds = TimeUnit.NANOSECONDS.toSeconds(end - start);
      System.out.println(" All records are indexed, took " + seconds + " seconds");
      } catch (Exception e)

      { e.printStackTrace(); }

      }

      }

      ERROR
      ----------

      SLF4J: See http://www.slf4j.org/codes.html#no_static_mdc_binder for further details.
      org.apache.solr.client.solrj.impl.CloudSolrClient$RouteException: Error from server at https://pcam-dev-app-01:8984/solr/scdata_test_shard1_replica1: Expected mime type application/octet-stream but got text/html. <html>
      <head>
      <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
      <title>Error 401 require authentication</title>
      </head>
      <body><h2>HTTP ERROR 401</h2>
      <p>Problem accessing /solr/scdata_test_shard1_replica1/update. Reason:
      <pre> require authentication</pre></p>
      </body>
      </html>

      at org.apache.solr.client.solrj.impl.CloudSolrClient.directUpdate(CloudSolrClient.java:697)
      at org.apache.solr.client.solrj.impl.CloudSolrClient.sendRequest(CloudSolrClient.java:1109)
      at org.apache.solr.client.solrj.impl.CloudSolrClient.requestWithRetryOnStaleState(CloudSolrClient.java:998)
      at org.apache.solr.client.solrj.impl.CloudSolrClient.request(CloudSolrClient.java:934)
      at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:149)
      at org.apache.solr.client.solrj.SolrClient.add(SolrClient.java:173)
      at org.apache.solr.client.solrj.SolrClient.add(SolrClient.java:138)
      at org.apache.solr.client.solrj.SolrClient.add(SolrClient.java:152)
      at com.test.solr.auth.SolrPopulateWithSSLAndBasicAuth.main(SolrPopulateWithSSLAndBasicAuth.java:42)
      Caused by: org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at https://pcam-dev-app-01:8984/solr/scdata_test_shard1_replica1: Expected mime type application/octet-stream but got text/html. <html>
      <head>
      <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
      <title>Error 401 require authentication</title>
      </head>
      <body><h2>HTTP ERROR 401</h2>
      <p>Problem accessing /solr/scdata_test_shard1_replica1/update. Reason:
      <pre> require authentication</pre></p>
      </body>
      </html>

      at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:558)
      at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:259)
      at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:248)
      at org.apache.solr.client.solrj.impl.LBHttpSolrClient.doRequest(LBHttpSolrClient.java:404)
      at org.apache.solr.client.solrj.impl.LBHttpSolrClient.request(LBHttpSolrClient.java:357)
      at org.apache.solr.client.solrj.impl.CloudSolrClient.lambda$directUpdate$14(CloudSolrClient.java:674)
      at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$22(ExecutorUtil.java:229)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      at java.lang.Thread.run(Thread.java:745)

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              narayanab16 narayana b
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: