nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Bende <bbe...@gmail.com>
Subject Re: [EXTERNAL] Re: putsolrcontentstream and kerberos
Date Mon, 15 Oct 2018 17:20:38 GMT
I'm running Oracle JDK 1.8.0_162 and NiFi should be using SolrJ 6.2.0 [1].

Not sure if it is worth trying to upgrade, but the 1.7.0 release
re-factored how the kerberos auth is handled for the Solr processors
so that it no longer relies on the JAAS configuration [2]. It's
possible that could resolve your issue, but hard to say.

[1] https://github.com/apache/nifi/blob/rel/nifi-1.6.0/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/pom.xml#L26
[2] https://issues.apache.org/jira/browse/NIFI-5148

On Mon, Oct 15, 2018 at 1:00 PM Dan Caulfield <dan.caulfield@gm.com> wrote:
>
> Yes, curl works fine.  Just out of curiosity, what version of java are you running? 
Does anyone know which version of SolrJ is using the the 1.6 putsolrcontentstream?
>
> -----Original Message-----
> From: Bryan Bende [mailto:bbende@gmail.com]
> Sent: Friday, October 12, 2018 2:08 PM
> To: users@nifi.apache.org
> Subject: [EXTERNAL] Re: putsolrcontentstream and kerberos
>
> I've only done it against Solr cloud, but I don't know a reason why it wouldn't work
against standalone Solr.
>
> Nothing is jumping out at me as being wrong with your config. My JAAS config was the
following:
>
> SolrJClient {
>   com.sun.security.auth.module.Krb5LoginModule required
>   useKeyTab=true
>   keyTab="/Users/bbende/Projects/docker-kdc/krb5.keytab"
>   storeKey=true
>   useTicketCache=false
>   debug=true
>   principal="nifi@SOLR.ORG";
> };
>
> Can you successfully access Solr from a curl command?
>
> curl --negotiate -u :
> "http://vmsol001.epg.nam.gm.com:8983/solr/collection1/select"
>
> Assuming you did a kinit first.
>
> On Fri, Oct 12, 2018 at 2:48 PM Dan Caulfield <dan.caulfield@gm.com> wrote:
> >
> > When attempting to use the putsolrcontentstream (Version 1.6.0) to load json file
into a Solr 6.3 cluster that requires Kerberos authentication.
> >
> >
> >
> > I have set the -D
> > java.security.auth.login.config=/disk-1/nifi/jaas/jaas.conf
> >
> >
> >
> > And the jass file looks like this -
> >
> > MicroServicesSolrClient {
> >
> >   com.sun.security.auth.module.Krb5LoginModule required
> >
> >   useKeyTab=true
> >
> >   storeKey=true
> >
> >   keyTab="/disk-1/nifi/keytabs/MSSolrClient"
> >
> >   serviceName="solr"
> >
> >   principal="MSSOLRUSER@XXXXX.GM.COM";
> >
> > };
> >
> > GMASTSolrClient {
> >
> >   com.sun.security.auth.module.Krb5LoginModule required
> >
> >   useKeyTab=true
> >
> >   storeKey=true
> >
> >   useTicketCache=true
> >
> >   debug=true
> >
> >   keyTab="/disk-1/nifi/keytabs/GMSolrClient"
> >
> >   serviceName="solr"
> >
> >   principal="GMSOLRUSER@XXXXX.GM.COM";
> >
> > };
> >
> >
> >
> > The Processor is set to –
> >
> > Solr Type – Standard
> >
> > Solr Location - http://vmsol001.epg.nam.gm.com:8983/solr/collection1/
> >
> > Content Stream Path - /update/json/docs
> >
> > Content-Type – application/json
> >
> > JAAS Client App Name – GMASTSolrClient
> >
> >
> >
> > Does the 1.6 version of the PutSolrContentStream support Kerberos?  We
> > are getting the 401 authentication error -
> >
> >
> >
> >
> >
> > 198730787914459,size=119100] to Solr due to
> > org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
> > Error from server at http://vmsol001.epg.nam.gm.com:8983/solr:
> > Expected mime type application/octet-stream but got text/html. <html>
> >
> > <head>
> >
> > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> >
> > <title>Error 401 Authentication required</title>
> >
> > </head>
> >
> > <body><h2>HTTP ERROR 401</h2>
> >
> > <p>Problem accessing /solr/select. Reason:
> >
> > <pre>    Authentication required</pre></p>
> >
> > </body>
> >
> > </html>
> >
> > ; routing to failure:
> > org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
> > Error from server at http://vmsol001.epg.nam.gm.com:8983/solr:
> > Expected mime type application/octet-stream but got text/html. <html>
> >
> > <head>
> >
> > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> >
> > <title>Error 401 Authentication required</title>
> >
> > </head>
> >
> > <body><h2>HTTP ERROR 401</h2>
> >
> > <p>Problem accessing /solr/select. Reason:
> >
> > <pre>    Authentication required</pre></p>
> >
> > </body>
> >
> > </html>
> >
> >
> >
> > org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
> > Error from server at http://vmsol001.epg.nam.gm.com:8983/solr:
> > Expected mime type application/octet-stream but got text/html. <html>
> >
> > <head>
> >
> > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> >
> > <title>Error 401 Authentication required</title>
> >
> > </head>
> >
> > <body><h2>HTTP ERROR 401</h2>
> >
> > org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
> > Error from server at http://vmsol001.epg.nam.gm.com:8983/solr:
> > Expected mime type application/octet-stream but got text/html. <html>
> >
> > <head>
> >
> > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> >
> > <title>Error 401 Authentication required</title>
> >
> > </head>
> >
> > <body><h2>HTTP ERROR 401</h2>
> >
> > <p>Problem accessing /solr/select. Reason:
> >
> > <pre>    Authentication required</pre></p>
> >
> > </body>
> >
> > </html>
> >
> >
> >
> >         at
> > org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSol
> > rClient.java:560)
> >
> >         at
> > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClien
> > t.java:261)
> >
> >         at
> > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClien
> > t.java:250)
> >
> >         at
> > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:149)
> >
> >         at
> > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:166)
> >
> >         at
> > org.apache.nifi.processors.solr.PutSolrContentStream$1.process(PutSolr
> > ContentStream.java:242)
> >
> >         at
> > org.apache.nifi.controller.repository.StandardProcessSession.read(Stan
> > dardProcessSession.java:2207)
> >
> >         at
> > org.apache.nifi.controller.repository.StandardProcessSession.read(Stan
> > dardProcessSession.java:2175)
> >
> >         at
> > org.apache.nifi.processors.solr.PutSolrContentStream.onTrigger(PutSolr
> > ContentStream.java:199)
> >
> >         at
> > org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcesso
> > r.java:27)
> >
> >         at
> > org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardPro
> > cessorNode.java:1147)
> >
> >         at
> > org.apache.nifi.controller.tasks.ConnectableTask.invoke(ConnectableTas
> > k.java:175)
> >
> >         at
> > org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run
> > (TimerDrivenSchedulingAgent.java:117)
> >
> >         at
> > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511
> > )
> >
> >         at
> > java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
> >
> >         at
> > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.a
> > ccess$301(ScheduledThreadPoolExecutor.java:180)
> >
> >         at
> > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.r
> > un(ScheduledThreadPoolExecutor.java:294)
> >
> >         at
> > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j
> > ava:1149)
> >
> >         at
> > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.
> > java:624)
> >
> >         at java.lang.Thread.run(Thread.java:748)
> >
> >
> > Dan Caulfield
> > Hyper Scale Engineer
> >
> > GM – NA Information Technology – Hyper Scale Data Solutions
> >
> > dan.caulfield@gm.com
> >
> >
> >
> >
> >
> > Nothing in this message is intended to constitute an electronic signature unless
a specific statement to the contrary is included in this message.
> >
> > Confidentiality Note: This message is intended only for the person or entity to
which it is addressed. It may contain confidential and/or privileged material. Any review,
transmission, dissemination or other use, or taking of any action in reliance upon this message
by persons or entities other than the intended recipient is prohibited and may be unlawful.
If you received this message in error, please contact the sender and delete it from your computer.
>
>
> Nothing in this message is intended to constitute an electronic signature unless a specific
statement to the contrary is included in this message.
>
> Confidentiality Note: This message is intended only for the person or entity to which
it is addressed. It may contain confidential and/or privileged material. Any review, transmission,
dissemination or other use, or taking of any action in reliance upon this message by persons
or entities other than the intended recipient is prohibited and may be unlawful. If you received
this message in error, please contact the sender and delete it from your computer.

Mime
View raw message