lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn Heisey <apa...@elyograg.org>
Subject Re: Confusing error when creating a new core with TLS, service enabled
Date Tue, 10 Apr 2018 14:16:40 GMT
On 4/10/2018 7:32 AM, Christopher Schultz wrote:
>> What happened is that the new core directory was created as root,
>> owned by root.
> Was it? If my server is running as solr, how can it create directories
> as root?

Unless you run Solr in cloud mode (which means using zookeeper), the 
server cannot create the core directories itself. When running in 
standalone mode, the core directory is created by the bin/solr program 
doing the "create" -- which was running as root.  I know that because 
you needed the "-force" option.  So the core directory and its "conf" 
subdirectory (with the config) are created by the script, then Solr is 
asked (using the CoreAdmin API via http) to add that core.  It can't, 
because the new directory was created by root, and Solr can't write the 
core.properties file that defines the core for Solr.

When running Solr in cloud mode, the configs are in zookeeper, so the 
create command on the script doesn't have to make the core directory in 
order for Solr to find the configuration.  It can simply upload the 
config to zookeeper and then tell Solr to create the collection, and 
Solr will do so, locating the configuration in ZooKeeper.

See the big warning in the CREATE section of the CoreAdmin API 
documentation about the CREATE action needing to be able to find a 
configuration:

https://lucene.apache.org/solr/guide/7_3/coreadmin-api.html

You might be wondering why Solr can't create the core directories itself 
using the CoreAdmin API except in cloud mode.  This is because the 
CoreAdmin API is *OLD* and its functionality has not really changed 
since it was created.  Historically, it was only designed to add a core 
that had already been created.  We probably need to "fix" this ... but 
it has never been a priority.  There are bigger problems and features to 
work on.  Cloud mode is much newer, and although the Collections API 
does utilize the CoreAdmin API behind the scenes, the user typically 
doesn't use CoreAdmin directly in cloud mode.

> The client may be running as root, but the server is running as 'solr'.
> And the error occurs on the server, not the client. So, what's really
> going on, here?

I hope I've explained that clearly above.

Thanks,
Shawn


Mime
View raw message