nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Bende <bbe...@gmail.com>
Subject Re: putsolrcontentstream and kerberos
Date Fri, 12 Oct 2018 19:07:38 GMT
I've only done it against Solr cloud, but I don't know a reason why it
wouldn't work against standalone Solr.

Nothing is jumping out at me as being wrong with your config. My JAAS
config was the following:

SolrJClient {
  com.sun.security.auth.module.Krb5LoginModule required
  useKeyTab=true
  keyTab="/Users/bbende/Projects/docker-kdc/krb5.keytab"
  storeKey=true
  useTicketCache=false
  debug=true
  principal="nifi@SOLR.ORG";
};

Can you successfully access Solr from a curl command?

curl --negotiate -u :
"http://vmsol001.epg.nam.gm.com:8983/solr/collection1/select"

Assuming you did a kinit first.

On Fri, Oct 12, 2018 at 2:48 PM Dan Caulfield <dan.caulfield@gm.com> wrote:
>
> When attempting to use the putsolrcontentstream (Version 1.6.0) to load json file into
a Solr 6.3 cluster that requires Kerberos authentication.
>
>
>
> I have set the -D java.security.auth.login.config=/disk-1/nifi/jaas/jaas.conf
>
>
>
> And the jass file looks like this -
>
> MicroServicesSolrClient {
>
>   com.sun.security.auth.module.Krb5LoginModule required
>
>   useKeyTab=true
>
>   storeKey=true
>
>   keyTab="/disk-1/nifi/keytabs/MSSolrClient"
>
>   serviceName="solr"
>
>   principal="MSSOLRUSER@XXXXX.GM.COM";
>
> };
>
> GMASTSolrClient {
>
>   com.sun.security.auth.module.Krb5LoginModule required
>
>   useKeyTab=true
>
>   storeKey=true
>
>   useTicketCache=true
>
>   debug=true
>
>   keyTab="/disk-1/nifi/keytabs/GMSolrClient"
>
>   serviceName="solr"
>
>   principal="GMSOLRUSER@XXXXX.GM.COM";
>
> };
>
>
>
> The Processor is set to –
>
> Solr Type – Standard
>
> Solr Location - http://vmsol001.epg.nam.gm.com:8983/solr/collection1/
>
> Content Stream Path - /update/json/docs
>
> Content-Type – application/json
>
> JAAS Client App Name – GMASTSolrClient
>
>
>
> Does the 1.6 version of the PutSolrContentStream support Kerberos?  We are getting the
401 authentication error -
>
>
>
>
>
> 198730787914459,size=119100] to Solr due to org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
Error from server at http://vmsol001.epg.nam.gm.com:8983/solr: Expected mime type application/octet-stream
but got text/html. <html>
>
> <head>
>
> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
>
> <title>Error 401 Authentication required</title>
>
> </head>
>
> <body><h2>HTTP ERROR 401</h2>
>
> <p>Problem accessing /solr/select. Reason:
>
> <pre>    Authentication required</pre></p>
>
> </body>
>
> </html>
>
> ; routing to failure: org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
Error from server at http://vmsol001.epg.nam.gm.com:8983/solr: Expected mime type application/octet-stream
but got text/html. <html>
>
> <head>
>
> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
>
> <title>Error 401 Authentication required</title>
>
> </head>
>
> <body><h2>HTTP ERROR 401</h2>
>
> <p>Problem accessing /solr/select. Reason:
>
> <pre>    Authentication required</pre></p>
>
> </body>
>
> </html>
>
>
>
> org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server
at http://vmsol001.epg.nam.gm.com:8983/solr: Expected mime type application/octet-stream but
got text/html. <html>
>
> <head>
>
> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
>
> <title>Error 401 Authentication required</title>
>
> </head>
>
> <body><h2>HTTP ERROR 401</h2>
>
> org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server
at http://vmsol001.epg.nam.gm.com:8983/solr: Expected mime type application/octet-stream but
got text/html. <html>
>
> <head>
>
> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
>
> <title>Error 401 Authentication required</title>
>
> </head>
>
> <body><h2>HTTP ERROR 401</h2>
>
> <p>Problem accessing /solr/select. Reason:
>
> <pre>    Authentication required</pre></p>
>
> </body>
>
> </html>
>
>
>
>         at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:560)
>
>         at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:261)
>
>         at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:250)
>
>         at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:149)
>
>         at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:166)
>
>         at org.apache.nifi.processors.solr.PutSolrContentStream$1.process(PutSolrContentStream.java:242)
>
>         at org.apache.nifi.controller.repository.StandardProcessSession.read(StandardProcessSession.java:2207)
>
>         at org.apache.nifi.controller.repository.StandardProcessSession.read(StandardProcessSession.java:2175)
>
>         at org.apache.nifi.processors.solr.PutSolrContentStream.onTrigger(PutSolrContentStream.java:199)
>
>         at org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27)
>
>         at org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1147)
>
>         at org.apache.nifi.controller.tasks.ConnectableTask.invoke(ConnectableTask.java:175)
>
>         at org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:117)
>
>         at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>
>         at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
>
>         at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
>
>         at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
>
>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>
>         at java.lang.Thread.run(Thread.java:748)
>
>
> Dan Caulfield
> Hyper Scale Engineer
>
> GM – NA Information Technology – Hyper Scale Data Solutions
>
> dan.caulfield@gm.com
>
>
>
>
>
> Nothing in this message is intended to constitute an electronic signature unless a specific
statement to the contrary is included in this message.
>
> Confidentiality Note: This message is intended only for the person or entity to which
it is addressed. It may contain confidential and/or privileged material. Any review, transmission,
dissemination or other use, or taking of any action in reliance upon this message by persons
or entities other than the intended recipient is prohibited and may be unlawful. If you received
this message in error, please contact the sender and delete it from your computer.

Mime
View raw message