lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <>
Subject [jira] [Created] (SOLR-10202) Auto resolve urlScheme, remove cluster property
Date Fri, 24 Feb 2017 12:05:45 GMT
Jan Høydahl created SOLR-10202:

             Summary: Auto resolve urlScheme, remove cluster property
                 Key: SOLR-10202
             Project: Solr
          Issue Type: Improvement
      Security Level: Public (Default Security Level. Issues are Public)
          Components: SolrCloud
            Reporter: Jan Høydahl

Spinoff from SOLR-9640.

Today we need to explicitly set {{urlScheme}} cluster property to enable SSL, at the same
time as we need to set all the SSL env variables on each node. As discussed in SOLR-9640,
we could be smarter about this so an admin only need to setup {{}} with keystore
to enable SSL.

h3. How
Perhaps simplified a bit, but in principle, at node start, if {{solr.jetty.keystore}} (one
out of several possiilities) is defined then use https, else http :-) Then, if the administrator
has mixed it up and failed to configure {{solr.jetty.keystore}} on one of the nodes, then
that node will not be able to communicate with the others over {{http}}, it will get {{curl:
(52) Empty reply from server}}. Opposite, an SSL enabled node trying to talk to a Solr node
that is not SSL enabled over {{https}}, will get {{curl: (35) Unknown SSL protocol error in
connection to localhost:-9847}} (not the curl error of course, but similar).

I don't think the nodes need to tell ZK about SSL at all?

So my claim is that this will not give bigger risk of misconfiguration, cause if you add a
new node to the cluster without SSL, it will generate a lot of BUZZ in the logs and it will
never receive any unencrypted data from the other nodes since connections will fail. Agree?

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message