lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl <jan....@cominvent.com>
Subject Re: bin/post and self-signed SSL
Date Mon, 13 Feb 2017 13:58:00 GMT
Thanks for your answers. I was also able to work around it using cURL, but
we should obviously fix bin/post to be as smart as bin/solr in parsing env.variables
related to SSL and auth.

--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com

> 7. feb. 2017 kl. 01.23 skrev Kevin Risden <compuwizard123@gmail.com>:
> 
> I expect that the commands work the same or very close from 5.5.x through
> 6.4.x. There have been some cleaning up of the bin/solr and bin/post
> commands but not many security changes. If you find differently then please
> let us know.
> 
> Kevin Risden
> 
> On Feb 5, 2017 21:02, "alias" <524839460@qq.com> wrote:
> 
>> You mean this can only be used in this version 5.5.x? Other versions
>> invalid?
>> 
>> 
>> 
>> 
>> ------------------ 原始邮件 ------------------
>> 发件人: "Kevin Risden";<compuwizard123@gmail.com>;
>> 发送时间: 2017年2月6日(星期一) 上午9:44
>> 收件人: "solr-user"<solr-user@lucene.apache.org>;
>> 
>> 主题: Re: bin/post and self-signed SSL
>> 
>> 
>> 
>> Originally formatted as MarkDown. This was tested against Solr 5.5.x
>> packaged as Lucidworks HDP Search. It would be the same as Solr 5.5.x.
>> 
>> # Using Solr
>> *
>> https://cwiki.apache.org/confluence/display/solr/Solr+
>> Start+Script+Reference
>> * https://cwiki.apache.org/confluence/display/solr/Running+Solr
>> * https://cwiki.apache.org/confluence/display/solr/Collections+API
>> 
>> ## Create collection (w/o Kerberos)
>> ```bash
>> /opt/lucidworks-hdpsearch/solr/bin/solr create -c test
>> ```
>> 
>> ## Upload configuration directory (w/ SSL and Kerberos)
>> ```bash
>> /opt/lucidworks-hdpsearch/solr/server/scripts/cloud-scripts/zkcli.sh
>> -zkhost ZK_CONNECTION_STRING -cmd upconfig -confname basic_config -confdir
>> /opt/lucidworks-hdpsearch/solr/server/solr/configsets/basic_configs/conf
>> ```
>> 
>> ## Create Collection (w/ SSL and Kerberos)
>> ```bash
>> curl -k --negotiate -u : "
>> https://SOLR_HOST:8983/solr/admin/collections?action=
>> CREATE&name=newCollection&numShards=1&replicationFactor=
>> 1&collection.configName=basic_config
>> "
>> ```
>> 
>> ## Delete collection (w/o Kerberos)
>> ```bash
>> /opt/lucidworks-hdpsearch/solr/bin/solr delete -c test
>> ```
>> 
>> ## Delete Collection (w/ SSL and Kerberos)
>> ```bash
>> curl -k --negotiate -u : "
>> https://SOLR_HOST:8983/solr/admin/collections?action=
>> DELETE&name=newCollection
>> "
>> ```
>> 
>> ## Adding some test docs (w/o SSL)
>> ```bash
>> /opt/lucidworks-hdpsearch/solr/bin/post -c test
>> /opt/lucidworks-hdpsearch/solr/example/exampledocs/*.xml
>> ```
>> 
>> ## Adding documents (w/ SSL and Kerberos)
>> ```bash
>> curl -k --negotiate -u : "
>> https://SOLR_HOST:8983/solr/newCollection/update?commit=true" -H
>> "Content-Type: application/json" --data-binary
>> @/opt/lucidworks-hdpsearch/solr/example/exampledocs/books.json
>> ```
>> 
>> ## List Collections (w/ SSL and Kerberos)
>> ```bash
>> curl -k --negotiate -u : "
>> https://SOLR_HOST:8983/solr/admin/collections?action=LIST"
>> ```
>> 
>> Kevin Risden
>> 
>> On Sun, Feb 5, 2017 at 5:55 PM, Kevin Risden <compuwizard123@gmail.com>
>> wrote:
>> 
>>> Last time I looked at this, there was no way to pass any Java properties
>>> to the bin/post command. This made it impossible to even set the SSL
>>> properties manually. I checked master just now and still there is no
>> place
>>> to enter Java properties that would make it to the Java command.
>>> 
>>> I came up with a chart of commands previously that worked with standard
>>> (no SSL or Kerberos), SSL only, and SSL with Kerberos. Only the standard
>>> solr setup worked for the bin/solr and bin/post commands. Errors popped
>> up
>>> that I couldn't work around. I've been meaning to get back to it just
>>> haven't had a chance.
>>> 
>>> I'll try to share that info when I get back to my laptop.
>>> 
>>> Kevin Risden
>>> 
>>> On Feb 5, 2017 12:31, "Jan Høydahl" <jan.asf@cominvent.com> wrote:
>>> 
>>>> Hi,
>>>> 
>>>> I’m trying to post a document to Solr using bin/post after enabling SSL
>>>> with self signed certificate. Result is:
>>>> 
>>>> $ post -url https://localhost:8983/solr/sslColl *.html
>>>> /usr/lib/jvm/java-8-openjdk-amd64/bin/java -classpath
>>>> /opt/solr/dist/solr-core-6.4.0.jar -Dauto=yes -Durl=
>>>> https://localhost:8983/solr/sslColl -Dc= -Ddata=files
>>>> org.apache.solr.util.SimplePostTool lab-index.html lab-ops1.html
>>>> lab-ops2.html lab-ops3.html lab-ops4.html lab-ops6.html lab-ops8.html
>>>> SimplePostTool version 5.0.0
>>>> Posting files to [base] url https://localhost:8983/solr/sslColl...
>>>> Entering auto mode. File endings considered are
>>>> xml,json,jsonl,csv,pdf,doc,docx,ppt,pptx,xls,xlsx,odt,odp,
>>>> ods,ott,otp,ots,rtf,htm,html,txt,log
>>>> POSTing file lab-index.html (text/html) to [base]/extract
>>>> SimplePostTool: FATAL: Connection error (is Solr running at
>>>> https://localhost:8983/solr/sslColl ?): javax.net.ssl.
>> SSLHandshakeException:
>>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>>> find valid certification path to requested target
>>>> 
>>>> 
>>>> Do anyone know a workaround for letting bin/post accept self-signed
>> cert?
>>>> Have not tested it against a CA signed Solr...
>>>> 
>>>> --
>>>> Jan Høydahl, search solution architect
>>>> Cominvent AS - www.cominvent.com
>>>> 
>>>> 


Mime
View raw message