lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl <jan....@cominvent.com>
Subject Re: Solr unable to start up after setting up SSL in Solr 7.4.0
Date Mon, 20 Aug 2018 13:11:37 GMT
Hi,

Can you please try to reproduce your issue on a completely empty cluster, and a single node
Solr instance, following the refguide instructions at https://lucene.apache.org/solr/guide/7_4/enabling-ssl.html
<https://lucene.apache.org/solr/guide/7_4/enabling-ssl.html> with all default configurations,
just to sort out any custom changes you may have introduced? If that works, then you can try
to change things step by step until you find the difference in config causing your issue.

--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com

> 20. aug. 2018 kl. 11:04 skrev Zheng Lin Edwin Yeo <edwinyeozl@gmail.com>:
> 
> Hi,
> 
> So far it is still not able to work with the files from Solr 7.4.0. I found
> that the jetty-ssl.xml is the file with the difference that causes the
> issue.
> 
> This is the jetty-ssl.xml from Solr 7.3.1:
>  <Set name="KeyStorePath"><Property name="solr.jetty.keystore"
> default="./etc/solr-ssl.keystore.jks"/></Set>
>  <Set name="KeyStorePassword"><Env name="SOLR_SSL_KEY_STORE_PASSWORD"
> default="secret"/></Set>
>  <Set name="TrustStorePath"><Property name="solr.jetty.truststore"
> default="./etc/solr-ssl.keystore.jks"/></Set>
>  <Set name="TrustStorePassword"><Env name="SOLR_SSL_TRUST_STORE_PASSWORD"
> default="secret"/></Set>
>  <Set name="NeedClientAuth"><Property name="solr.jetty.ssl.needClientAuth"
> default="false"/></Set>
>  <Set name="WantClientAuth"><Property name="solr.jetty.ssl.wantClientAuth"
> default="false"/></Set>
>  <Set name="KeyStoreType"><Property name="solr.jetty.keystore.type"
> default="JKS"/></Set>
> 
> This is the jetty-ssl.xml from Solr 7.4.0:
>  <Call class="org.apache.solr.util.configuration.SSLConfigurationsFactory"
> name="current">
>    <Get name="keyStorePassword" id="keyStorePassword"/>
>    <Get name="trustStorePassword" id="trustStorePassword"/>
>  </Call>
>  <Set name="KeyStorePath"><Property name="solr.jetty.keystore"
> default="./etc/solr-ssl.keystore.jks"/></Set>
>  <Set name="KeyStorePassword"><Ref refid="keyStorePassword"/></Set>
>  <Set name="TrustStorePath"><Property name="solr.jetty.truststore"
> default="./etc/solr-ssl.keystore.jks"/></Set>
>  <Set name="TrustStorePassword"><Ref refid="trustStorePassword"/></Set>
>  <Set name="NeedClientAuth"><Property name="solr.jetty.ssl.needClientAuth"
> default="false"/></Set>
>  <Set name="WantClientAuth"><Property name="solr.jetty.ssl.wantClientAuth"
> default="false"/></Set>
>  <Set name="KeyStoreType"><Property name="solr.jetty.keystore.type"
> default="JKS"/></Set>
> 
> 
> I have set up Solr from downloading the package from
> http://www-eu.apache.org/dist/lucene/solr/7.4.0/.
> 
> I started Solr with the following command:
> bin\solr.cmd start -cloud -p 8983 -s solrMain\node1 -m 8g -z
> "localhost:2181,localhost:2182,localhost:2183" -Dsolr.ltr.enabled=true
> pause
> bin\solr.cmd start -cloud -p 8984 -s solrMain\node2 -m 8g -z
> "localhost:2181,localhost:2182,localhost:2183" -Dsolr.ltr.enabled=true
> pause
> 
> Below is the portion of the solr.in that is enabled:
> REM Enables HTTPS. It is implictly true if you set SOLR_SSL_KEY_STORE. Use
> this config
> REM to enable https module with custom jetty configuration.
> set SOLR_SSL_ENABLED=false
> REM Uncomment to set SSL-related system properties
> REM Be sure to update the paths to the correct keystore for your environment
> set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks
> set SOLR_SSL_KEY_STORE_PASSWORD=secret
> set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks
> set SOLR_SSL_TRUST_STORE_PASSWORD=secret
> REM Require clients to authenticate
> set SOLR_SSL_NEED_CLIENT_AUTH=false
> REM Enable clients to authenticate (but not require)
> set SOLR_SSL_WANT_CLIENT_AUTH=false
> REM SSL Certificates contain host/ip "peer name" information that is
> validated by default. Setting
> REM this to false can be useful to disable these checks when re-using a
> certificate on many hosts
> set SOLR_SSL_CHECK_PEER_NAME=true
> REM Override Key/Trust Store types if necessary
> set SOLR_SSL_KEY_STORE_TYPE=JKS
> set SOLR_SSL_TRUST_STORE_TYPE=JKS
> 
> Regards,
> Edwin
> 
> On Fri, 10 Aug 2018 at 23:04, Jan Høydahl <jan.asf@cominvent.com> wrote:
> 
>> Hi,
>> 
>> Did you solve your issue? SSL should work ootb in 7.4, the class that your
>> error says is not found exists, so there must be some setup issues.
>> How did you install Solr, how do you start it, what is the content of your
>> solr.in <http://solr.in/>.sh etc
>> 
>> --
>> Jan Høydahl, search solution architect
>> Cominvent AS - www.cominvent.com
>> 
>>> 11. jul. 2018 kl. 17:23 skrev Zheng Lin Edwin Yeo <edwinyeozl@gmail.com
>>> :
>>> 
>>> Hi,
>>> 
>>> I found that if we replace the following files with the copy from Solr
>>> 7.3.1, the SSL can work
>>> - jetty.xml
>>> - jetty-http.xml
>>> - jetty-https.xml
>>> - jetty-ssl.xml
>>> 
>>> But the copies that comes with Solr 7.4.0 are not working.
>>> 
>>> I found there are some differences in the file, but not sure if there are
>>> other changes required, or if there are bugs in the copies in Solr 7.4.0?
>>> 
>>> Regards,
>>> Edwin
>>> 
>>> On 4 July 2018 at 11:20, Zheng Lin Edwin Yeo <edwinyeozl@gmail.com>
>> wrote:
>>> 
>>>> Hi,
>>>> 
>>>> Would like to check, if there are any major changes in the way the SSL
>>>> works for Solr 7.4.0?
>>>> 
>>>> I have tried to set up with the same method that I used for Solr 7.3.1,
>>>> but after setting it up, the Solr is unable to load.
>>>> 
>>>> Below is the error message that I get.
>>>> 
>>>> Caused by: java.security.PrivilegedActionException:
>>>> java.lang.ClassNotFoundExcep
>>>> tion: org.apache.solr.util.configuration.SSLConfigurationsFactory
>>>>       at java.security.AccessController.doPrivileged(Native Method)
>>>>       at org.eclipse.jetty.xml.XmlConfiguration.main(
>>>> XmlConfiguration.java:150
>>>> 8)
>>>>       ... 7 more
>>>> Caused by: java.lang.ClassNotFoundException: org.apache.solr.util.
>>>> configuration.
>>>> SSLConfigurationsFactory
>>>>       at java.net.URLClassLoader.findClass(Unknown Source)
>>>>       at java.lang.ClassLoader.loadClass(Unknown Source)
>>>>       at java.lang.ClassLoader.loadClass(Unknown Source)
>>>>       at org.eclipse.jetty.util.Loader.loadClass(Loader.java:65)
>>>>       at org.eclipse.jetty.xml.XmlConfiguration$
>>>> JettyXmlConfiguration.call(Xml
>>>> Configuration.java:784)
>>>>       at org.eclipse.jetty.xml.XmlConfiguration$
>>>> JettyXmlConfiguration.configur
>>>> e(XmlConfiguration.java:469)
>>>>       at org.eclipse.jetty.xml.XmlConfiguration$
>>>> JettyXmlConfiguration.configur
>>>> e(XmlConfiguration.java:410)
>>>>       at org.eclipse.jetty.xml.XmlConfiguration.configure(
>>>> XmlConfiguration.jav
>>>> a:308)
>>>>       at org.eclipse.jetty.xml.XmlConfiguration$1.run(
>>>> XmlConfiguration.java:15
>>>> 55)
>>>>       at org.eclipse.jetty.xml.XmlConfiguration$1.run(
>>>> XmlConfiguration.java:15
>>>> 09)
>>>>       ... 9 more
>>>> java.lang.reflect.InvocationTargetException
>>>>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>>>>       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
>> Source)
>>>>       at java.lang.reflect.Method.invoke(Unknown Source)
>>>>       at org.eclipse.jetty.start.Main.invokeMain(Main.java:220)
>>>>       at org.eclipse.jetty.start.Main.start(Main.java:486)
>>>>       at org.eclipse.jetty.start.Main.main(Main.java:77)
>>>> Caused by: java.security.PrivilegedActionException:
>>>> java.lang.ClassNotFoundExcep
>>>> tion: org.apache.solr.util.configuration.SSLConfigurationsFactory
>>>>       at java.security.AccessController.doPrivileged(Native Method)
>>>>       at org.eclipse.jetty.xml.XmlConfiguration.main(
>>>> XmlConfiguration.java:150
>>>> 8)
>>>>       ... 7 more
>>>> Caused by: java.lang.ClassNotFoundException: org.apache.solr.util.
>>>> configuration.
>>>> SSLConfigurationsFactory
>>>>       at java.net.URLClassLoader.findClass(Unknown Source)
>>>>       at java.lang.ClassLoader.loadClass(Unknown Source)
>>>>       at java.lang.ClassLoader.loadClass(Unknown Source)
>>>>       at org.eclipse.jetty.util.Loader.loadClass(Loader.java:65)
>>>>       at org.eclipse.jetty.xml.XmlConfiguration$
>>>> JettyXmlConfiguration.call(Xml
>>>> Configuration.java:784)
>>>>       at org.eclipse.jetty.xml.XmlConfiguration$
>>>> JettyXmlConfiguration.configur
>>>> e(XmlConfiguration.java:469)
>>>>       at org.eclipse.jetty.xml.XmlConfiguration$
>>>> JettyXmlConfiguration.configur
>>>> e(XmlConfiguration.java:410)
>>>>       at org.eclipse.jetty.xml.XmlConfiguration.configure(
>>>> XmlConfiguration.jav
>>>> a:308)
>>>>       at org.eclipse.jetty.xml.XmlConfiguration$1.run(
>>>> XmlConfiguration.java:15
>>>> 55)
>>>>       at org.eclipse.jetty.xml.XmlConfiguration$1.run(
>>>> XmlConfiguration.java:15
>>>> 09)
>>>>       ... 9 more
>>>> 
>>>> Usage: java -jar $JETTY_HOME/start.jar [options] [properties] [configs]
>>>>      java -jar $JETTY_HOME/start.jar --help  # for more information
>>>> 
>>>> 
>>>> Regards,
>>>> Edwin
>>>> 
>> 
>> 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message