lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Behera, Pranaya P" <pbeh...@jcp.com>
Subject Enabling SSL in solr server. (Single mode or Cloud mode) Getting Errors & How to add parameters to service script.
Date Mon, 02 Jan 2017 08:17:00 GMT
Hi,
     I have followed the documentation and executed in a fresh machine to enable the ssl in
the server. It is an ec2 instance of centos 7. I have installed solr which is working fine.
But as soon as I modify /etc/default/solr.in.sh file to incorporate the ssl related variables,
the server never starts. Here is the command used to get it up and running but alas no result
till now.

[centos@ip-xx-xxx-xx-xxx ~]$ sudo bash ./install_solr_service.sh solr-6.2.1.tgz

Extracting solr-6.2.1.tgz to /opt


Installing symlink /opt/solr -> /opt/solr-6.2.1 ...


Installing /etc/init.d/solr script ...


Installing /etc/default/solr.in.sh ...

Waiting up to 30 seconds to see Solr running on port 8983 [/]
Started Solr server on port 8983 (pid=6683). Happy searching!

Found 1 Solr nodes:

Solr process 6683 running on port 8983
{
  "solr_home":"/var/solr/data",
  "version":"6.2.1 43ab70147eb494324a1410f7a9f16a896a59bc6f - shalin - 2016-09-15 05:20:53",
  "startTime":"2017-01-02T07:56:25.414Z",
  "uptime":"0 days, 0 hours, 0 minutes, 10 seconds",
  "memory":"82.3 MB (%16.8) of 490.7 MB"}

Service solr installed.
[centos@ip-xx-xxx-xx-xxx ~]$ ps -ef | grep solr
solr      6683     1 15 01:56 ?        00:00:02 java -server -Xms512m -Xmx512m -XX:NewRatio=3
-XX:SurvivorRatio=4 -XX:TargetSurvivorRatio=90 -XX:MaxTenuringThreshold=8 -XX:+UseConcMarkSweepGC
-XX:+UseParNewGC -XX:ConcGCThreads=4 -XX:ParallelGCThreads=4 -XX:+CMSScavengeBeforeRemark
-XX:PretenureSizeThreshold=64m -XX:+UseCMSInitiatingOccupancyOnly -XX:CMSInitiatingOccupancyFraction=50
-XX:CMSMaxAbortablePrecleanTime=6000 -XX:+CMSParallelRemarkEnabled -XX:+ParallelRefProcEnabled
-verbose:gc -XX:+PrintHeapAtGC -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps
-XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime -Xloggc:/var/solr/logs/solr_gc.log
-Djetty.port=8983 -DSTOP.PORT=7983 -DSTOP.KEY=solrrocks -Duser.timezone=UTC -Djetty.home=/opt/solr/server
-Dsolr.solr.home=/var/solr/data -Dsolr.install.dir=/opt/solr -Dlog4j.configuration=file:/var/solr/log4j.properties
-Xss256k -XX:OnOutOfMemoryError=/opt/solr/bin/oom_solr.sh 8983 /var/solr/logs -jar start.jar
--module=http
centos    6856  1837  0 01:56 pts/0    00:00:00 grep --color=auto solr
[centos@ip-xx-xxx-xx-xxx ~]$ cd /opt/solr
[centos@ip-xx-xxx-xx-xxx solr]$ cd server/etc/
[centos@ip-xx-xxx-xx-xxx etc]$ ls
jetty-https.xml  jetty-http.xml  jetty-ssl.xml  jetty.xml  webdefault.xml
[centos@ip-xx-xxx-xx-xxx etc]$ ls
jetty-https.xml  jetty-http.xml  jetty-ssl.xml  jetty.xml  webdefault.xml
[centos@ip-xx-xxx-xx-xxx etc]$ sudo keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize
2048 -keypass secret -storepass secret -validity 9999 -keystore solr-ssl.keystore.jks -ext
SAN=DNS:localhost,IP:xx.xxx.xxx.xxx,IP:127.0.0.1 -dname "CN=zksolr, OU=Search, O=OK, L=Newyork,
ST=Newyork, C=USA"
[centos@ip-xx-xxx-xx-xxx etc]$ ls -al
total 60
drwxr-xr-x.  2 root docker  4096 Jan  2 02:02 .
drwxr-xr-x. 11 root docker  4096 Jan  2 01:56 ..
-rw-r--r--.  1 root docker  3055 Sep 13 20:26 jetty-https.xml
-rw-r--r--.  1 root docker  2684 Sep 13 20:26 jetty-http.xml
-rw-r--r--.  1 root docker  2449 Jul 14 12:13 jetty-ssl.xml
-rw-r--r--.  1 root docker  9389 Sep 14 14:26 jetty.xml
-rw-------.  1 root docker  2258 Jan  2 02:02 solr-ssl.keystore.jks
-rw-r--r--.  1 root docker 24425 Jul 14 12:13 webdefault.xml
[centos@ip-xx-xxx-xx-xxx etc]$ sudo keytool -importkeystore -srckeystore solr-ssl.keystore.jks
-destkeystore solr-ssl.keystore.p12 -srcstoretype jks -deststoretype pkcs12
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
Entry for alias solr-ssl successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
[centos@ip-xx-xxx-xx-xxx etc]$ sudo openssl pkcs12 -in solr-ssl.keystore.p12 -out solr-ssl.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
[centos@ip-xx-xxx-xx-xxx etc]$ ls -al
total 68
drwxr-xr-x.  2 root docker  4096 Jan  2 02:03 .
drwxr-xr-x. 11 root docker  4096 Jan  2 01:56 ..
-rw-r--r--.  1 root docker  3055 Sep 13 20:26 jetty-https.xml
-rw-r--r--.  1 root docker  2684 Sep 13 20:26 jetty-http.xml
-rw-r--r--.  1 root docker  2449 Jul 14 12:13 jetty-ssl.xml
-rw-r--r--.  1 root docker  9389 Sep 14 14:26 jetty.xml
-rw-------.  1 root docker  2258 Jan  2 02:02 solr-ssl.keystore.jks
-rw-------.  1 root docker  2608 Jan  2 02:02 solr-ssl.keystore.p12
-rw-------.  1 root docker  1662 Jan  2 02:03 solr-ssl.pem
-rw-r--r--.  1 root docker 24425 Jul 14 12:13 webdefault.xml
[centos@ip-xx-xxx-xx-xxx etc]$ vi /etc/default/solr.in.sh
[centos@ip-xx-xxx-xx-xxx etc]$ sudo vi /etc/default/solr.in.sh
[centos@ip-xx-xxx-xx-xxx etc]$ sudo service solr stop
Sending stop command to Solr running on port 8983 ... waiting 5 seconds to allow Jetty process
6683 to stop gracefully.
[centos@ip-xx-xxx-xx-xxx etc]$ sudo service solr start
Waiting up to 30 seconds to see Solr running on port 8983 [-]  Still not seeing Solr listening
on 8983 after 30 seconds!
2017-01-02 08:06:02.702 INFO  (main) [   ] o.e.j.u.log Logging initialized @324ms
2017-01-02 08:06:02.913 INFO  (main) [   ] o.e.j.s.Server jetty-9.3.8.v20160314
2017-01-02 08:06:02.931 INFO  (main) [   ] o.e.j.d.p.ScanningAppProvider Deployment monitor
[file:///opt/solr-6.2.1/server/contexts/] at interval 0
2017-01-02 08:06:03.214 INFO  (main) [   ] o.e.j.w.StandardDescriptorProcessor NO JSP Support
for /solr, did not find org.apache.jasper.servlet.JspServlet
2017-01-02 08:06:03.226 WARN  (main) [   ] o.e.j.s.SecurityHandler ServletContext@o.e.j.w.WebAppContext@67784306{/solr,file:///opt/solr-6.2.1/server/solr-webapp/webapp/,STARTING}{/opt/solr-6.2.1/server/solr-webapp/webapp}
has uncovered http methods for path: /
2017-01-02 08:06:03.237 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter SolrDispatchFilter.init():
WebAppClassLoader=1037324811@3dd4520b
2017-01-02 08:06:03.254 INFO  (main) [   ] o.a.s.c.SolrResourceLoader JNDI not configured
for solr (NoInitialContextEx)
2017-01-02 08:06:03.254 INFO  (main) [   ] o.a.s.c.SolrResourceLoader using system property
solr.solr.home: /var/solr/data
2017-01-02 08:06:03.255 INFO  (main) [   ] o.a.s.c.SolrResourceLoader new SolrResourceLoader
for directory: '/var/solr/data'
2017-01-02 08:06:03.255 INFO  (main) [   ] o.a.s.c.SolrResourceLoader JNDI not configured
for solr (NoInitialContextEx)
2017-01-02 08:06:03.255 INFO  (main) [   ] o.a.s.c.SolrResourceLoader using system property
solr.solr.home: /var/solr/data
2017-01-02 08:06:03.260 INFO  (main) [   ] o.a.s.c.SolrXmlConfig Loading container configuration
from /var/solr/data/solr.xml
2017-01-02 08:06:03.320 INFO  (main) [   ] o.a.s.c.CorePropertiesLocator Config-defined core
root directory: /var/solr/data
2017-01-02 08:06:03.346 INFO  (main) [   ] o.a.s.c.CoreContainer New CoreContainer 1256440269
2017-01-02 08:06:03.346 INFO  (main) [   ] o.a.s.c.CoreContainer Loading cores into CoreContainer
[instanceDir=/var/solr/data]
2017-01-02 08:06:03.346 WARN  (main) [   ] o.a.s.c.CoreContainer Couldn't add files from /var/solr/data/lib
to classpath: /var/solr/data/lib
2017-01-02 08:06:03.359 INFO  (main) [   ] o.a.s.h.c.HttpShardHandlerFactory created with
socketTimeout : 600000,connTimeout : 60000,maxConnectionsPerHost : 20,maxConnections : 10000,corePoolSize
: 0,maximumPoolSize : 2147483647,maxThreadIdleTime : 5,sizeOfQueue : -1,fairnessPolicy : false,useRetries
: false,connectionsEvictorSleepDelay : 5000,maxConnectionIdleTime : 40000,
2017-01-02 08:06:03.548 INFO  (main) [   ] o.a.s.u.UpdateShardHandler Creating UpdateShardHandler
HTTP client with params: socketTimeout=600000&connTimeout=60000&retry=true
2017-01-02 08:06:03.552 INFO  (main) [   ] o.a.s.l.LogWatcher SLF4J impl is org.slf4j.impl.Log4jLoggerFactory
2017-01-02 08:06:03.553 INFO  (main) [   ] o.a.s.l.LogWatcher Registering Log Listener [Log4j
(org.slf4j.impl.Log4jLoggerFactory)]
2017-01-02 08:06:03.555 INFO  (main) [   ] o.a.s.c.CoreContainer Security conf doesn't exist.
Skipping setup for authorization module.
2017-01-02 08:06:03.555 INFO  (main) [   ] o.a.s.c.CoreContainer No authentication plugin
used.
2017-01-02 08:06:03.607 INFO  (main) [   ] o.a.s.c.CorePropertiesLocator Looking for core
definitions underneath /var/solr/data
2017-01-02 08:06:03.607 INFO  (main) [   ] o.a.s.c.CorePropertiesLocator Found 0 core definitions
2017-01-02 08:06:03.611 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter user.dir=/opt/solr-6.2.1/server
2017-01-02 08:06:03.611 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter SolrDispatchFilter.init()
done
2017-01-02 08:06:03.625 INFO  (main) [   ] o.e.j.s.h.ContextHandler Started o.e.j.w.WebAppContext@67784306{/solr,file:///opt/solr-6.2.1/server/solr-webapp/webapp/,AVAILABLE}{/opt/solr-6.2.1/server/solr-webapp/webapp}<mailto:o.e.j.w.WebAppContext@67784306%7b/solr,file:///opt/solr-6.2.1/server/solr-webapp/webapp/,AVAILABLE%7d%7b/opt/solr-6.2.1/server/solr-webapp/webapp%7d>
[centos@ip-xx-xxx-xx-xxx etc]$


What would be the issue ? Please let me know how do I fix this ? Also I am running through
service script not the bin/solr script.
How do I run the service script with additional parameters, such as adding this to the bin/solr
script -Dsolr.ssl.checkPeerName=false, how would someone incorporate the same in the service
script ?



Thanks & Regards
Pranaya Behera

The information transmitted is intended only for the person or entity to which it is addressed
and may contain confidential and/or privileged material. If the reader of this message is
not the intended recipient, you are hereby notified that your access is unauthorized, and
any review, dissemination, distribution or copying of this message including any attachments
is strictly prohibited. If you are not the intended recipient, please contact the sender and
delete the material from any computer.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message