You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by Justin Knoll <jk...@bittorrent.com> on 2007/11/30 01:48:30 UTC
Distribution without SSH?
Hello,
I recently set up Solr with distribution on a couple of servers. I
just learned that our network policies do not permit us to use SSH
with passphraseless keys, and the snappuller script uses SSH to
examine the master Solr instance's state before it pulls the newest
index via rsync.
We plan to attempt to rewrite the snappuller (and possibly other
distribution scripts, as required) to eliminate this dependency on
SSH. I thought I ask the list in case anyone has experience with this
same situation or any insights into the reasoning behind requiring
SSH access to the master instance.
Thanks,
Justin Knoll
Re: Distribution without SSH?
Posted by Chris Hostetter <ho...@fucit.org>.
: I recently set up Solr with distribution on a couple of servers. I just
: learned that our network policies do not permit us to use SSH with
: passphraseless keys, and the snappuller script uses SSH to examine the master
: Solr instance's state before it pulls the newest index via rsync.
you may want to question/clarify this policy ... while it's generally a
good idea to have a policy like this for *users* there's very little
reason for it when you're dealing with "role users" ... accounts that
exists solely to execute specific applications nad have limitited
permissions. if you have a "solruser" with a passphraseless key, which
only works on the specific machines running solr, and solruser can only
read/write the specific files it needs to for replication, there's very
little downside.
: scripts, as required) to eliminate this dependency on SSH. I thought I ask the
: list in case anyone has experience with this same situation or any insights
: into the reasoning behind requiring SSH access to the master instance.
i haven't looked at those scripts in a while, but i believe it's two fold:
1) get the name of hte most current snapshoot
2) notify the master which snapshot is being used (for the status page)
-Hoss
Re: Distribution without SSH?
Posted by Marcus Stratmann <st...@gmx.de>.
Justin Knoll wrote:
> We plan to attempt to rewrite the snappuller (and possibly other
> distribution scripts, as required) to eliminate this dependency on SSH.
> I thought I ask the list in case anyone has experience with this same
> situation or any insights into the reasoning behind requiring SSH access
> to the master instance.
We use our database to store the master's state. Both master and
slave(s) have access to the database and can exchange "messages" using a
field in a table where we store miscellaneous information about our
system. After an update of the master's index a flag in that field
signals that a new index is available. The slaves regularly read this
field an pull the new index on demand.
Marcus
Re: Distribution without SSH?
Posted by Matt Kangas <ka...@gmail.com>.
Your company's network policies seem to be a good thing. I've worked
at places with this same policy, for good reason. But it does tend to
complicate operations sometimes. Some options you might pursue:
* Set up ssh-agent on the clients and use passphrase-protected keys.
Downside to this, someone on your ops team will be inevitably awoken
at 4am to type in the password.
* Try to get an exception to the policy by running Solr under a new
user account inside a jail. Use a restricted login shell to make sure
it can do only what you intend. So when the key is compromised,
damage is contained.
Or, write a custom server/client running on a different port. In this
case you lose over-the-wire encryption, and if your server is buggy,
you get pwn3d anyway.
--Matt
On Nov 29, 2007, at 7:48 PM, Justin Knoll wrote:
> Hello,
> I recently set up Solr with distribution on a couple of servers. I
> just learned that our network policies do not permit us to use SSH
> with passphraseless keys, and the snappuller script uses SSH to
> examine the master Solr instance's state before it pulls the newest
> index via rsync.
>
> We plan to attempt to rewrite the snappuller (and possibly other
> distribution scripts, as required) to eliminate this dependency on
> SSH. I thought I ask the list in case anyone has experience with
> this same situation or any insights into the reasoning behind
> requiring SSH access to the master instance.
>
> Thanks,
> Justin Knoll
--
Matt Kangas / kangas@gmail.com