You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Nirmala Venkatraman (JIRA)" <ji...@apache.org> on 2015/12/18 04:58:46 UTC
[jira] [Comment Edited] (SOLR-8422) Basic Authentication plugin is
not working correctly in solrcloud
[ https://issues.apache.org/jira/browse/SOLR-8422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15063381#comment-15063381 ]
Nirmala Venkatraman edited comment on SOLR-8422 at 12/18/15 3:58 AM:
---------------------------------------------------------------------
Noble - We tried your patch and it works with our indexing now. But occassionally while indexing I do see 401 Exceptions still.
Here is solr.log snippet thats throwing the 401 error, as part of ConcurrentUpdateSolrClient
2015-12-17 18:22:37.262 WARN (updateExecutor-2-thread-78-processing-http:////sgdsolar4.swg.usma.ibm.com:8983//solr//collection54_shard1_replica2 x:collection54_shard1_replica1 r:core_node1 n:sgdsolar1.swg.usma.ibm.com:8983_solr s:shard1 c:collection54) [c:collection54 s:shard1 r:core_node1 x:collection54_shard1_replica1] o.a.s.c.s.i.ConcurrentUpdateSolrClient Failed to parse error response from http://sgdsolar4.swg.usma.ibm.com:8983/solr/collection54_shard1_replica2 due to: java.lang.RuntimeException: Invalid version (expected 2, but 60) or the data in not in 'javabin' format
2015-12-17 18:22:37.264 ERROR (updateExecutor-2-thread-78-processing-http:////sgdsolar4.swg.usma.ibm.com:8983//solr//collection54_shard1_replica2 x:collection54_shard1_replica1 r:core_node1 n:sgdsolar1.swg.usma.ibm.com:8983_solr s:shard1 c:collection54) [c:collection54 s:shard1 r:core_node1 x:collection54_shard1_replica1] o.a.s.u.StreamingSolrClients error
org.apache.solr.common.SolrException: Unauthorized request, Response code: 401
request: http://sgdsolar4.swg.usma.ibm.com:8983/solr/collection54_shard1_replica2/update?update.distrib=TOLEADER&distrib.from=http%3A%2F%2Fsgdsolar1.swg.usma.ibm.com%3A8983%2Fsolr%2Fcollection54_shard1_replica1%2F&wt=javabin&version=2
at org.apache.solr.client.solrj.impl.ConcurrentUpdateSolrClient$Runner.run(ConcurrentUpdateSolrClient.java:251)
at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor$1.run(ExecutorUtil.java:210)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Will this cause any real issues with index replicas?
was (Author: nirmalav):
Noble - We tried your patch and it works with our indexing now. But occassionally while indexing I do see 401 Exceptions still.
Here is solr.log snippet thats throwing the 401 error, as part of ConcurrentUpdateSolrClient
2015-12-17 18:22:37.262 WARN (updateExecutor-2-thread-78-processing-http:////sgdsolar4.swg.usma.ibm.com:8983//solr//collection54_shard1_replica2 x:collection54_shard1_replica1 r:core_node1 n:sgdsolar1.swg.usma.ibm.com:8983_solr s:shard1 c:collection54) [c:collection54 s:shard1 r:core_node1 x:collection54_shard1_replica1] o.a.s.c.s.i.ConcurrentUpdateSolrClient Failed to parse error response from http://sgdsolar4.swg.usma.ibm.com:8983/solr/collection54_shard1_replica2 due to: java.lang.RuntimeException: Invalid version (expected 2, but 60) or the data in not in 'javabin' format
2015-12-17 18:22:37.264 ERROR (updateExecutor-2-thread-78-processing-http:////sgdsolar4.swg.usma.ibm.com:8983//solr//collection54_shard1_replica2 x:collection54_shard1_replica1 r:core_node1 n:sgdsolar1.swg.usma.ibm.com:8983_solr s:shard1 c:collection54) [c:collection54 s:shard1 r:core_node1 x:collection54_shard1_replica1] o.a.s.u.StreamingSolrClients error
org.apache.solr.common.SolrException: Unauthorized request, Response code: 401
request: http://sgdsolar4.swg.usma.ibm.com:8983/solr/collection54_shard1_replica2/update?update.distrib=TOLEADER&distrib.from=http%3A%2F%2Fsgdsolar1.swg.usma.ibm.com%3A8983%2Fsolr%2Fcollection54_shard1_replica1%2F&wt=javabin&version=2
at org.apache.solr.client.solrj.impl.ConcurrentUpdateSolrClient$Runner.run(ConcurrentUpdateSolrClient.java:251)
at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor$1.run(ExecutorUtil.java:210)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Will this cause any real issues with index replicas
> Basic Authentication plugin is not working correctly in solrcloud
> -----------------------------------------------------------------
>
> Key: SOLR-8422
> URL: https://issues.apache.org/jira/browse/SOLR-8422
> Project: Solr
> Issue Type: Bug
> Components: Authentication
> Affects Versions: 5.3.1
> Environment: Solrcloud
> Reporter: Nirmala Venkatraman
> Assignee: Noble Paul
> Attachments: SOLR-8422.patch
>
>
> Iam seeing a problem with basic auth on Solr5.3.1 . We have 5 node solrcloud with basic auth configured on sgdsolar1/2/3/4/7 , listening on port 8984. We have 64 collections, each having 2 replicas distributed across the 5 servers in the solr cloud. A sample screen shot of the collections/shard locations shown below:-
> Step 1 - Our solr indexing tool sends a request to say any one of the solr servers in the solrcloud and the request is sent to a server which doesn't have the collection
> Here is the request sent by the indexing tool to sgdsolar1, that includes the correct BasicAuth credentials
> Step2 - Now sgdsolar1 routes the request to sgdsolar2 that has the collection1, but no basic auth header is being passed.
> As a results sgdsolar2 throws a 401 error back to source server sgdsolar1 and all the way back to solr indexing tool
> 9.32.182.53 - - [15/Dec/2015:00:45:18 +0000] "GET /solr/collection1/get?_route_=Q049c2dkbWFpbDMwL089U0dfVVMx20093510!&ids=Q049c2dkbWFpbDMwL089U0dfVVMx20093510!08D9EACCA5AE663400257EB6005A5CFF,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!9057B828F841C41F00257EB6005A7421,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!F3FB9305A00A0E1200257EB6005AAA99,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!E9815A6F3CBC3D0E00257EB6005ACA02,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!FEB43AC9F648AFC500257EB6005AE4EB,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!4CF37E73A18F9D9F00257E590016CBD9,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!61D5457FEA1EBE5C00257E5900188729,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!6B0D89B9A7EEBC4600257E590019CEDA,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!360B9B52D9C6DFE400257EB2007FCD8B,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!D86D4CED01F66AF300257EB2008305A4&fl=unid,sequence,folderunid&wt=xml&rows=10 HTTP/1.1" 401 366
> 2015-12-15 00:45:18.112 INFO (qtp1214753695-56) [c:collection1 s:shard1 r:core_node1 x:collection1_shard1_replica1] o.a.s.s.RuleBasedAuthorizationPlugin request has come without principal. failed permission org.apache.solr.security.RuleBasedAuthorizationPlugin$Permission@5ebe8fca
> 2015-12-15 00:45:18.113 INFO (qtp1214753695-56) [c:collection1 s:shard1 r:core_node1 x:collection1_shard1_replica1] o.a.s.s.HttpSolrCall USER_REQUIRED auth header null context : userPrincipal: [null] type: [READ], collections: [collection1,], Path: [/get] path : /get params :fl=unid,sequence,folderunid&ids=Q049c2dkbWFpbDMwL089U0dfVVMx20093510!08D9EACCA5AE663400257EB6005A5CFF,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!9057B828F841C41F00257EB6005A7421,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!F3FB9305A00A0E1200257EB6005AAA99,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!E9815A6F3CBC3D0E00257EB6005ACA02,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!FEB43AC9F648AFC500257EB6005AE4EB,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!4CF37E73A18F9D9F00257E590016CBD9,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!61D5457FEA1EBE5C00257E5900188729,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!6B0D89B9A7EEBC4600257E590019CEDA,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!360B9B52D9C6DFE400257EB2007FCD8B,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!D86D4CED01F66AF300257EB2008305A4&rows=10&wt=xml&_route_=Q049c2dkbWFpbDMwL089U0dfVVMx20093510!
> Step 3 - In another solrcloud , if the indexing tool sends the solr get request to the server that has the collection1, I see that basic authentication working as expected.
> I double checked and see both sgdsolar1/sgdsolar2 servers have the patched solr-core and solr-solrj jar files under the solr-webapp folder that were provided via earlier patches that Anshum/Noble worked on:-
> SOLR-8167 fixes the POST issue
> SOLR-8326 fixing PKIAuthenticationPlugin.
> SOLR-8355
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org