lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ishan Chattopadhyaya (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SOLR-9518) Kerberos Delegation Tokens doesn't work without a chrooted ZK
Date Mon, 26 Sep 2016 05:00:27 GMT

     [ https://issues.apache.org/jira/browse/SOLR-9518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ishan Chattopadhyaya updated SOLR-9518:
---------------------------------------
    Description: 
Starting up Solr 6.2.0 (with delegation tokens enabled) that doesn't have a chrooted ZK, I
see the following in the startup logs:

{code}
2016-09-15 07:08:22.453 ERROR (main) [   ] o.a.s.s.SolrDispatchFilter Could not start Solr.
Check solr/home property and the logs
2016-09-15 07:08:22.477 ERROR (main) [   ] o.a.s.c.SolrCore null:java.lang.StringIndexOutOfBoundsException:
String index out of range: -1
        at java.lang.String.substring(String.java:1927)
        at org.apache.solr.security.KerberosPlugin.init(KerberosPlugin.java:138)
        at org.apache.solr.core.CoreContainer.initializeAuthenticationPlugin(CoreContainer.java:316)
        at org.apache.solr.core.CoreContainer.load(CoreContainer.java:442)
        at org.apache.solr.servlet.SolrDispatchFilter.createCoreContainer(SolrDispatchFilter.java:158)
        at org.apache.solr.servlet.SolrDispatchFilter.init(SolrDispatchFilter.java:134)
        at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:137)
        at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:856)
        at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:348)
        at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1379)
        at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1341)
        at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:772)
        at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:261)
        at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:517)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at org.eclipse.jetty.deploy.bindings.StandardStarter.processBinding(StandardStarter.java:41)
        at org.eclipse.jetty.deploy.AppLifeCycle.runBindings(AppLifeCycle.java:188)
        at org.eclipse.jetty.deploy.DeploymentManager.requestAppGoal(DeploymentManager.java:499)
        at org.eclipse.jetty.deploy.DeploymentManager.addApp(DeploymentManager.java:147)
        at org.eclipse.jetty.deploy.providers.ScanningAppProvider.fileAdded(ScanningAppProvider.java:180)
at org.eclipse.jetty.deploy.providers.WebAppProvider.fileAdded(WebAppProvider.java:458)
at org.eclipse.jetty.deploy.providers.ScanningAppProvider$1.fileAdded(ScanningAppProvider.java:64)
at org.eclipse.jetty.util.Scanner.reportAddition(Scanner.java:610)
at org.eclipse.jetty.util.Scanner.reportDifferences(Scanner.java:529)
{code}

To me, it seems that adding a check for the presence of a chrooted ZK, and, calculating the
relative ZK path only if it exists should suffice. I'll add a patch for this shortly.

  was:
Starting up Solr 6.2.0 that doesn't have a chrooted ZK, I see the following in the startup
logs:

{code}
2016-09-15 07:08:22.453 ERROR (main) [   ] o.a.s.s.SolrDispatchFilter Could not start Solr.
Check solr/home property and the logs
2016-09-15 07:08:22.477 ERROR (main) [   ] o.a.s.c.SolrCore null:java.lang.StringIndexOutOfBoundsException:
String index out of range: -1
        at java.lang.String.substring(String.java:1927)
        at org.apache.solr.security.KerberosPlugin.init(KerberosPlugin.java:138)
        at org.apache.solr.core.CoreContainer.initializeAuthenticationPlugin(CoreContainer.java:316)
        at org.apache.solr.core.CoreContainer.load(CoreContainer.java:442)
        at org.apache.solr.servlet.SolrDispatchFilter.createCoreContainer(SolrDispatchFilter.java:158)
        at org.apache.solr.servlet.SolrDispatchFilter.init(SolrDispatchFilter.java:134)
        at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:137)
        at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:856)
        at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:348)
        at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1379)
        at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1341)
        at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:772)
        at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:261)
        at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:517)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at org.eclipse.jetty.deploy.bindings.StandardStarter.processBinding(StandardStarter.java:41)
        at org.eclipse.jetty.deploy.AppLifeCycle.runBindings(AppLifeCycle.java:188)
        at org.eclipse.jetty.deploy.DeploymentManager.requestAppGoal(DeploymentManager.java:499)
        at org.eclipse.jetty.deploy.DeploymentManager.addApp(DeploymentManager.java:147)
        at org.eclipse.jetty.deploy.providers.ScanningAppProvider.fileAdded(ScanningAppProvider.java:180)
at org.eclipse.jetty.deploy.providers.WebAppProvider.fileAdded(WebAppProvider.java:458)
at org.eclipse.jetty.deploy.providers.ScanningAppProvider$1.fileAdded(ScanningAppProvider.java:64)
at org.eclipse.jetty.util.Scanner.reportAddition(Scanner.java:610)
at org.eclipse.jetty.util.Scanner.reportDifferences(Scanner.java:529)
{code}

To me, it seems that adding a check for the presence of a chrooted ZK, and, calculating the
relative ZK path only if it exists should suffice. I'll add a patch for this shortly.


> Kerberos Delegation Tokens doesn't work without a chrooted ZK
> -------------------------------------------------------------
>
>                 Key: SOLR-9518
>                 URL: https://issues.apache.org/jira/browse/SOLR-9518
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Ishan Chattopadhyaya
>         Attachments: SOLR-9518.patch, SOLR-9518.patch
>
>
> Starting up Solr 6.2.0 (with delegation tokens enabled) that doesn't have a chrooted
ZK, I see the following in the startup logs:
> {code}
> 2016-09-15 07:08:22.453 ERROR (main) [   ] o.a.s.s.SolrDispatchFilter Could not start
Solr. Check solr/home property and the logs
> 2016-09-15 07:08:22.477 ERROR (main) [   ] o.a.s.c.SolrCore null:java.lang.StringIndexOutOfBoundsException:
String index out of range: -1
>         at java.lang.String.substring(String.java:1927)
>         at org.apache.solr.security.KerberosPlugin.init(KerberosPlugin.java:138)
>         at org.apache.solr.core.CoreContainer.initializeAuthenticationPlugin(CoreContainer.java:316)
>         at org.apache.solr.core.CoreContainer.load(CoreContainer.java:442)
>         at org.apache.solr.servlet.SolrDispatchFilter.createCoreContainer(SolrDispatchFilter.java:158)
>         at org.apache.solr.servlet.SolrDispatchFilter.init(SolrDispatchFilter.java:134)
>         at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:137)
>         at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:856)
>         at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:348)
>         at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1379)
>         at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1341)
>         at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:772)
>         at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:261)
>         at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:517)
>         at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>         at org.eclipse.jetty.deploy.bindings.StandardStarter.processBinding(StandardStarter.java:41)
>         at org.eclipse.jetty.deploy.AppLifeCycle.runBindings(AppLifeCycle.java:188)
>         at org.eclipse.jetty.deploy.DeploymentManager.requestAppGoal(DeploymentManager.java:499)
>         at org.eclipse.jetty.deploy.DeploymentManager.addApp(DeploymentManager.java:147)
>         at org.eclipse.jetty.deploy.providers.ScanningAppProvider.fileAdded(ScanningAppProvider.java:180)
> at org.eclipse.jetty.deploy.providers.WebAppProvider.fileAdded(WebAppProvider.java:458)
> at org.eclipse.jetty.deploy.providers.ScanningAppProvider$1.fileAdded(ScanningAppProvider.java:64)
> at org.eclipse.jetty.util.Scanner.reportAddition(Scanner.java:610)
> at org.eclipse.jetty.util.Scanner.reportDifferences(Scanner.java:529)
> {code}
> To me, it seems that adding a check for the presence of a chrooted ZK, and, calculating
the relative ZK path only if it exists should suffice. I'll add a patch for this shortly.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message