You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by yaswanth kumar <ya...@gmail.com> on 2020/09/02 02:51:27 UTC
Addreplica throwing error when authentication is enabled
Can some one please help me on the below error??
Solr 8.2; zookeeper 3.4
Enabled authentication and authentication and make sure that the role gets all access
Now just add a collection with single replica and once done .. now try to add another replica with addreplica solr api and that’s throwing error .. note: this is happening only when security.json was enabled with authentication
Below is the error
Collection: test operation: restore failed:org.apache.solr.common.SolrException: ADDREPLICA failed to create replicaCollection: test operation: restore failed:org.apache.solr.common.SolrException: ADDREPLICA failed to create replica at org.apache.solr.cloud.api.collections.OverseerCollectionMessageHandler$ShardRequestTracker.processResponses(OverseerCollectionMessageHandler.java:1030) at org.apache.solr.cloud.api.collections.OverseerCollectionMessageHandler$ShardRequestTracker.processResponses(OverseerCollectionMessageHandler.java:1013) at org.apache.solr.cloud.api.collections.AddReplicaCmd.lambda$addReplica$1(AddReplicaCmd.java:177) at org.apache.solr.cloud.api.collections.AddReplicaCmd$$Lambda$798/0000000000000000.run(Unknown Source) at org.apache.solr.cloud.api.collections.AddReplicaCmd.addReplica(AddReplicaCmd.java:199) at org.apache.solr.cloud.api.collections.OverseerCollectionMessageHandler.addReplica(OverseerCollectionMessageHandler.java:708) at org.apache.solr.cloud.api.collections.RestoreCmd.call(RestoreCmd.java:286) at org.apache.solr.cloud.api.collections.OverseerCollectionMessageHandler.processMessage(OverseerCollectionMessageHandler.java:264) at org.apache.solr.cloud.OverseerTaskProcessor$Runner.run(OverseerTaskProcessor.java:505) at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:209) at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor$$Lambda$142/0000000000000000.run(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834)Caused by: org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA private key operation failed at org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys.java:325) at org.apache.solr.security.PKIAuthenticationPlugin.generateToken(PKIAuthenticationPlugin.java:305) at org.apache.solr.security.PKIAuthenticationPlugin.access$200(PKIAuthenticationPlugin.java:61) at org.apache.solr.security.PKIAuthenticationPlugin$2.onQueued(PKIAuthenticationPlugin.java:239) at org.apache.solr.client.solrj.impl.Http2SolrClient.decorateRequest(Http2SolrClient.java:468) at org.apache.solr.client.solrj.impl.Http2SolrClient.makeRequest(Http2SolrClient.java:455) at org.apache.solr.client.solrj.impl.Http2SolrClient.request(Http2SolrClient.java:364) at org.apache.solr.client.solrj.impl.Http2SolrClient.request(Http2SolrClient.java:746) at org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1274) at org.apache.solr.handler.component.HttpShardHandler.request(HttpShardHandler.java:238) at org.apache.solr.handler.component.HttpShardHandler.lambda$submit$0(HttpShardHandler.java:199) at org.apache.solr.handler.component.HttpShardHandler$$Lambda$512/0000000000000000.call(Unknown Source) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:181) ... 5 moreCaused by: javax.crypto.BadPaddingException: RSA private key operation failed at java.base/sun.security.rsa.NativeRSACore.crtCrypt_Native(NativeRSACore.java:149) at java.base/sun.security.rsa.NativeRSACore.rsa(NativeRSACore.java:91) at java.base/sun.security.rsa.RSACore.rsa(RSACore.java:149) at java.base/com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:355) at java.base/com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:392) at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2260) at org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys.java:323) ... 20 more
That's the error stack trace I am seeing, as soon as I call the restore API I am seeing the collection test with a single core on the cloud but its in down state.
No of nodes that I configured with solr cloud is : 2
Testing on a single collection with 2 replicas
Here is my security.json looks like
{
"authentication":{
"class":"solr.BasicAuthPlugin",
"credentials":
{ "admin":"xxxx", "dev":"xxxx"}
,
"":{"v":11},
"blockUnknown":true,
"forwardCredentials":true},
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"user-role":
{ "solradmin":[ "admin", "dev"], "dev":["read"]}
,
"":{"v":9},
"permissions":[
{ "name":"read", "role":"*", "index":1}
,
{ "name":"security-read", "role":"admin", "index":2}
,
{ "name":"security-edit", "role":"admin", "index":3}
,
{ "name":"all", "role":"admin", "index":4}
]}}
I tried with false on forwardcreds but no luck
Please help me as this looks like a blocker
Sent from my iPhone
Re: Addreplica throwing error when authentication is enabled
Posted by yaswanth kumar <ya...@gmail.com>.
Hi Ben
Thanks for looking.. but I am not understanding about the file encrypted stuff that you mentioned?? Which file are you saying encrypted ? Security.json??
Sent from my iPhone
> On Sep 1, 2020, at 10:56 PM, Ben <ne...@gmail.com> wrote:
>
> It appears the issue is with the encrypted file. Are these files encrypted?
> If yes, you need to decrypt it first.
>
> moreCaused by: javax.crypto.BadPaddingException: RSA private key operation
> failed
>
> Best,
> Ben
>
>> On Tue, Sep 1, 2020, 10:51 PM yaswanth kumar <ya...@gmail.com> wrote:
>>
>> Can some one please help me on the below error??
>>
>> Solr 8.2; zookeeper 3.4
>>
>> Enabled authentication and authentication and make sure that the role gets
>> all access
>>
>> Now just add a collection with single replica and once done .. now try to
>> add another replica with addreplica solr api and that’s throwing error ..
>> note: this is happening only when security.json was enabled with
>> authentication
>>
>> Below is the error
>> Collection: test operation: restore
>> failed:org.apache.solr.common.SolrException: ADDREPLICA failed to create
>> replicaCollection: test operation: restore
>> failed:org.apache.solr.common.SolrException: ADDREPLICA failed to create
>> replica at
>> org.apache.solr.cloud.api.collections.OverseerCollectionMessageHandler$ShardRequestTracker.processResponses(OverseerCollectionMessageHandler.java:1030)
>> at
>> org.apache.solr.cloud.api.collections.OverseerCollectionMessageHandler$ShardRequestTracker.processResponses(OverseerCollectionMessageHandler.java:1013)
>> at
>> org.apache.solr.cloud.api.collections.AddReplicaCmd.lambda$addReplica$1(AddReplicaCmd.java:177)
>> at
>> org.apache.solr.cloud.api.collections.AddReplicaCmd$$Lambda$798/0000000000000000.run(Unknown
>> Source) at
>> org.apache.solr.cloud.api.collections.AddReplicaCmd.addReplica(AddReplicaCmd.java:199)
>> at
>> org.apache.solr.cloud.api.collections.OverseerCollectionMessageHandler.addReplica(OverseerCollectionMessageHandler.java:708)
>> at
>> org.apache.solr.cloud.api.collections.RestoreCmd.call(RestoreCmd.java:286)
>> at
>> org.apache.solr.cloud.api.collections.OverseerCollectionMessageHandler.processMessage(OverseerCollectionMessageHandler.java:264)
>> at
>> org.apache.solr.cloud.OverseerTaskProcessor$Runner.run(OverseerTaskProcessor.java:505)
>> at
>> org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:209)
>> at
>> org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor$$Lambda$142/0000000000000000.run(Unknown
>> Source) at
>> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
>> at
>> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
>> at java.base/java.lang.Thread.run(Thread.java:834)Caused by:
>> org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA
>> private key operation failed at
>> org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys.java:325) at
>> org.apache.solr.security.PKIAuthenticationPlugin.generateToken(PKIAuthenticationPlugin.java:305)
>> at
>> org.apache.solr.security.PKIAuthenticationPlugin.access$200(PKIAuthenticationPlugin.java:61)
>> at
>> org.apache.solr.security.PKIAuthenticationPlugin$2.onQueued(PKIAuthenticationPlugin.java:239)
>> at
>> org.apache.solr.client.solrj.impl.Http2SolrClient.decorateRequest(Http2SolrClient.java:468)
>> at
>> org.apache.solr.client.solrj.impl.Http2SolrClient.makeRequest(Http2SolrClient.java:455)
>> at
>> org.apache.solr.client.solrj.impl.Http2SolrClient.request(Http2SolrClient.java:364)
>> at
>> org.apache.solr.client.solrj.impl.Http2SolrClient.request(Http2SolrClient.java:746)
>> at org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1274) at
>> org.apache.solr.handler.component.HttpShardHandler.request(HttpShardHandler.java:238)
>> at
>> org.apache.solr.handler.component.HttpShardHandler.lambda$submit$0(HttpShardHandler.java:199)
>> at
>> org.apache.solr.handler.component.HttpShardHandler$$Lambda$512/0000000000000000.call(Unknown
>> Source) at
>> java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at
>> java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
>> at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at
>> com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:181)
>> ... 5 moreCaused by: javax.crypto.BadPaddingException: RSA private key
>> operation failed at
>> java.base/sun.security.rsa.NativeRSACore.crtCrypt_Native(NativeRSACore.java:149)
>> at java.base/sun.security.rsa.NativeRSACore.rsa(NativeRSACore.java:91) at
>> java.base/sun.security.rsa.RSACore.rsa(RSACore.java:149) at
>> java.base/com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:355) at
>> java.base/com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:392)
>> at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2260) at
>> org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys.java:323) ...
>> 20 more
>>
>> That's the error stack trace I am seeing, as soon as I call the restore
>> API I am seeing the collection test with a single core on the cloud but its
>> in down state.
>>
>> No of nodes that I configured with solr cloud is : 2
>> Testing on a single collection with 2 replicas
>> Here is my security.json looks like
>> {
>> "authentication":{
>> "class":"solr.BasicAuthPlugin",
>> "credentials":
>> { "admin":"xxxx", "dev":"xxxx"}
>> ,
>> "":{"v":11},
>> "blockUnknown":true,
>> "forwardCredentials":true},
>> "authorization":{
>> "class":"solr.RuleBasedAuthorizationPlugin",
>> "user-role":
>> { "solradmin":[ "admin", "dev"], "dev":["read"]}
>> ,
>> "":{"v":9},
>> "permissions":[
>> { "name":"read", "role":"*", "index":1}
>> ,
>> { "name":"security-read", "role":"admin", "index":2}
>> ,
>> { "name":"security-edit", "role":"admin", "index":3}
>> ,
>> { "name":"all", "role":"admin", "index":4}
>> ]}}
>> I tried with false on forwardcreds but no luck
>> Please help me as this looks like a blocker
>>
>> Sent from my iPhone
Re: Addreplica throwing error when authentication is enabled
Posted by Ben <ne...@gmail.com>.
It appears the issue is with the encrypted file. Are these files encrypted?
If yes, you need to decrypt it first.
moreCaused by: javax.crypto.BadPaddingException: RSA private key operation
failed
Best,
Ben
On Tue, Sep 1, 2020, 10:51 PM yaswanth kumar <ya...@gmail.com> wrote:
> Can some one please help me on the below error??
>
> Solr 8.2; zookeeper 3.4
>
> Enabled authentication and authentication and make sure that the role gets
> all access
>
> Now just add a collection with single replica and once done .. now try to
> add another replica with addreplica solr api and that’s throwing error ..
> note: this is happening only when security.json was enabled with
> authentication
>
> Below is the error
> Collection: test operation: restore
> failed:org.apache.solr.common.SolrException: ADDREPLICA failed to create
> replicaCollection: test operation: restore
> failed:org.apache.solr.common.SolrException: ADDREPLICA failed to create
> replica at
> org.apache.solr.cloud.api.collections.OverseerCollectionMessageHandler$ShardRequestTracker.processResponses(OverseerCollectionMessageHandler.java:1030)
> at
> org.apache.solr.cloud.api.collections.OverseerCollectionMessageHandler$ShardRequestTracker.processResponses(OverseerCollectionMessageHandler.java:1013)
> at
> org.apache.solr.cloud.api.collections.AddReplicaCmd.lambda$addReplica$1(AddReplicaCmd.java:177)
> at
> org.apache.solr.cloud.api.collections.AddReplicaCmd$$Lambda$798/0000000000000000.run(Unknown
> Source) at
> org.apache.solr.cloud.api.collections.AddReplicaCmd.addReplica(AddReplicaCmd.java:199)
> at
> org.apache.solr.cloud.api.collections.OverseerCollectionMessageHandler.addReplica(OverseerCollectionMessageHandler.java:708)
> at
> org.apache.solr.cloud.api.collections.RestoreCmd.call(RestoreCmd.java:286)
> at
> org.apache.solr.cloud.api.collections.OverseerCollectionMessageHandler.processMessage(OverseerCollectionMessageHandler.java:264)
> at
> org.apache.solr.cloud.OverseerTaskProcessor$Runner.run(OverseerTaskProcessor.java:505)
> at
> org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:209)
> at
> org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor$$Lambda$142/0000000000000000.run(Unknown
> Source) at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> at java.base/java.lang.Thread.run(Thread.java:834)Caused by:
> org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA
> private key operation failed at
> org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys.java:325) at
> org.apache.solr.security.PKIAuthenticationPlugin.generateToken(PKIAuthenticationPlugin.java:305)
> at
> org.apache.solr.security.PKIAuthenticationPlugin.access$200(PKIAuthenticationPlugin.java:61)
> at
> org.apache.solr.security.PKIAuthenticationPlugin$2.onQueued(PKIAuthenticationPlugin.java:239)
> at
> org.apache.solr.client.solrj.impl.Http2SolrClient.decorateRequest(Http2SolrClient.java:468)
> at
> org.apache.solr.client.solrj.impl.Http2SolrClient.makeRequest(Http2SolrClient.java:455)
> at
> org.apache.solr.client.solrj.impl.Http2SolrClient.request(Http2SolrClient.java:364)
> at
> org.apache.solr.client.solrj.impl.Http2SolrClient.request(Http2SolrClient.java:746)
> at org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1274) at
> org.apache.solr.handler.component.HttpShardHandler.request(HttpShardHandler.java:238)
> at
> org.apache.solr.handler.component.HttpShardHandler.lambda$submit$0(HttpShardHandler.java:199)
> at
> org.apache.solr.handler.component.HttpShardHandler$$Lambda$512/0000000000000000.call(Unknown
> Source) at
> java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at
> java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
> at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at
> com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:181)
> ... 5 moreCaused by: javax.crypto.BadPaddingException: RSA private key
> operation failed at
> java.base/sun.security.rsa.NativeRSACore.crtCrypt_Native(NativeRSACore.java:149)
> at java.base/sun.security.rsa.NativeRSACore.rsa(NativeRSACore.java:91) at
> java.base/sun.security.rsa.RSACore.rsa(RSACore.java:149) at
> java.base/com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:355) at
> java.base/com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:392)
> at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2260) at
> org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys.java:323) ...
> 20 more
>
> That's the error stack trace I am seeing, as soon as I call the restore
> API I am seeing the collection test with a single core on the cloud but its
> in down state.
>
> No of nodes that I configured with solr cloud is : 2
> Testing on a single collection with 2 replicas
> Here is my security.json looks like
> {
> "authentication":{
> "class":"solr.BasicAuthPlugin",
> "credentials":
> { "admin":"xxxx", "dev":"xxxx"}
> ,
> "":{"v":11},
> "blockUnknown":true,
> "forwardCredentials":true},
> "authorization":{
> "class":"solr.RuleBasedAuthorizationPlugin",
> "user-role":
> { "solradmin":[ "admin", "dev"], "dev":["read"]}
> ,
> "":{"v":9},
> "permissions":[
> { "name":"read", "role":"*", "index":1}
> ,
> { "name":"security-read", "role":"admin", "index":2}
> ,
> { "name":"security-edit", "role":"admin", "index":3}
> ,
> { "name":"all", "role":"admin", "index":4}
> ]}}
> I tried with false on forwardcreds but no luck
> Please help me as this looks like a blocker
>
> Sent from my iPhone