lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pete Ryland (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-12777) Solr server directory needs to be writable by the user running solr
Date Tue, 18 Sep 2018 12:17:00 GMT

    [ https://issues.apache.org/jira/browse/SOLR-12777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16619033#comment-16619033
] 

Pete Ryland commented on SOLR-12777:
------------------------------------

Hi [~janhoy], thanks for the response and apologies in advance for this rambling reply.

So, documented or not, I think it's a really strange default to put the pid file and logs
alongside the program files.  This might very well be normal on Windows, but in the Linux
world, it's really not normal at all, especially in production systems.

Like most serious sysadmins, I won't run installers on prod systems since they can install
files all over the system in an untracked way, which might be fine for developers, but is
not tenable on well-maintained production systems.  We generally use system packages (i.e.
.deb and .rpm files) which track the files they install and are checked by the distribution
teams to ensure they put the files in the correct places.  We also use puppet for any configuration
of those packages, or for software that doesn't have packages available.  This allows us to
be systematic about what software is installed on which machines.  These days, this is part
of what is called "DevOps", but is historically just considered good practice.  Software that
makes it hard to adhere to good practice is in my mind buggy and should be fixed.

My suggestion would be indeed firstly to add command-line options to specify the location
of the logs and pids (that overrode the env vars).  One can specify other locations on the
command line, so why not these too?

My second suggestion would be to work more with the distribution package maintainers to keep
the versions of solr in the distros more up to date.  They will also likely have other great
suggestions that will make solr more usable for non-distro users too, since they need to make
the packages conform to standards like the FHS.  The distros can be quite strict with what
they allow in, but that just adds exponentially to user trust.

> Solr server directory needs to be writable by the user running solr
> -------------------------------------------------------------------
>
>                 Key: SOLR-12777
>                 URL: https://issues.apache.org/jira/browse/SOLR-12777
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: scripts and tools
>    Affects Versions: 7.3.1
>            Reporter: Pete Ryland
>            Priority: Major
>
> When starting solr, an optional {{-d}} parameter can be provided.  This specifies the
"Solr server directory" which needs to be the {{server}} directory from the raw distribution. 
This clearly contains the program files, so as per common practice should not be writable
by the user running the program.  However, when specified, an error results because it tries
to create a log directory within the program directory!  This is really really bad practice.
 One should be able to specify a directory for the runtime files and log files on the command
line.  It would be even better if the defaults conformed to the filesystem hierarchy standard
when run on a Linux system.  I understand that you want to make it easy for developers to
use your software, but when deploying on actual production systems, these things are really
important.  It's also important to understand that the people deploying your software to production
are different to the ones who develop with your software, and a deep understanding of your
software shouldn't be necessary for the former to be able to deploy it.
> A wholly-unsatisfactory workaround is to set the pid and log directories by environment
variable before starting the server:
> {{$ export SOLR_PID_DIR=/var/lib/celum-search}}
> {{$ export SOLR_LOGS_DIR=/var/log/celum-search}}
> This can also be done in {{/etc/default/solr.in.sh}}.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message