lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin NotMyRealNameDuh <marvin.the.paran...@gmail.com>
Subject DbVisualizer challenges with a secured solr
Date Thu, 16 Mar 2017 13:09:45 GMT
Hi,

    I'm working with a product which includes solr under the covers, and
this has been secured using a custom authentication scheme. The admin UI on
port 8983 works correct once authenticated. I've also hacked the zkcli.sh
script thusly:

SOLR_ZK_CREDS_AND_ACLS="-DzkACLProvider=com.i2group.disco.search.solr.common.zookeeper.auth.internal.EncodedZkCredentialsACLProvider
\

-DzkCredentialsProvider=com.i2group.disco.search.solr.common.zookeeper.auth.internal.EncodedZkCredentialsProvider
\
  -Dsolr.solr.home=/data/cluster-nodes/clusters/is_cluster/nodes/node1"

CLASSPATH=
for i in $(ls
/i2a/deploy/wlp/usr/servers/awc/apps/awc.war/WEB-INF/lib/*.jar); do
    CLASSPATH=$CLASSPATH:$i
done
for i in $(ls /i2a/deploy/wlp/usr/shared/resources/i2-common/lib/*.jar); do
    CLASSPATH=$CLASSPATH:$i
done

PATH=$JAVA_HOME/bin:$PATH /opt/IBM/i2analyze/deploy/java/bin/java
$SOLR_ZK_CREDS_AND_ACLS  -Dlog4j.configuration=$log4j_config \
-classpath $CLASSPATH org.apache.solr.cloud.ZkCLI ${1+"$@"}

......and it works.

    The credentials to authenticate to solr are stored in a file in
solr.solr.home - which is why that system property is needed.

     I've also hacked the launch script for dbvis to add the properties:

#!/bin/sh

# Uncomment the following line to override the JVM search sequence
# INSTALL4J_JAVA_HOME_OVERRIDE=
# Uncomment the following line to add additional VM parameters
# INSTALL4J_ADD_VM_PARAMS=
INSTALL4J_ADD_VM_PARAMS="-DzkACLProvider=com.i2group.disco.search.solr.common.zookeeper.auth.internal.EncodedZkCredentialsACLProvider
\

-DzkCredentialsProvider=com.i2group.disco.search.solr.common.zookeeper.auth.internal.EncodedZkCredentialsProvider
\
  -Dsolr.solr.home=/data/cluster-nodes/clusters/is_cluster/nodes/node1"

    (no, adding these as database properties doesn't get me authenticated
to zookeeper)

.....and now when I try to connect, DbVisualizer seems to connect to
zookeeper, but then I get:

2017-03-16 06:06:07.375 INFO   897 [ExecutorRunner-pool-3-thread-1 - H.??]
Exception while connecting kstephe-eia-reco
org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error
from server at http://kstephe-eia-reco.softlayer.com:8983/solr: Expected
mime type application/octet-stream but got text/html. <html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 401 Unauthorized request, Response code: 401</title>
</head>
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /solr/admin/info/system. Reason:
<pre>    Unauthorized request, Response code: 401</pre></p>
</body>
</html>

    at
org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:560)
    at
org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:261)
    at
org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:250)
    at
org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:149)
    at org.apache.solr.client.solrj.SolrClient.query(SolrClient.java:942)
    at org.apache.solr.client.solrj.SolrClient.query(SolrClient.java:957)
    at
org.apache.solr.client.solrj.io.sql.DatabaseMetaDataImpl.getDatabaseProductVersion(DatabaseMetaDataImpl.java:124)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)

     .....and the URL is weird, because its talking to port 8983 - which is
solr, not zookeeper. Once authenticated to solr, I can validate that the
/solr/admin/info/system URL responds correctly, but the problem seems to be
that when DbVisualizer asks zookeeper for the db metadata, it doesn't seem
to know how to authenticate to solr.

    So.....(1) is there something I can do to fix things or (2) is there a
problem in the solr / zookeeper code or (3) are the problems somewhere in
zkCredentialsProvider or zkACLProvider (where I can't fix a thing)?

Thanks
Marvin the paranoid

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message