You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@solr.apache.org by Jigar Pandya <ji...@venafi.com> on 2021/04/13 18:16:43 UTC
Re: Regarding internode TLS enablement...
Thanks Cassandra. This is great that there is an API which can be utilized to mark existing collection for https…
I have follow up question, as per the link – this API needs to be run - http://localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https
above API will require solr to be up and running – what I am not sure what should be the order – this is the order which is what I have taken in past:
1. Bring down solr server on each node
2. Configure solr.in.sh with ssl configuration
3. Restart solr
my question is, when this API needs to be done - http://localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https in above listed step.
Can we do above API call after step #3 or before step #1 considering it needs solr server to be up and running on atleast one node.
OR
just before step #1, can we just keep one server running and do this step and then bring down that server
OR
Bring only one server up after step #4 and run this step.
I really apologize if I have confused you but unfortunately it is not very clear…
As per the link – “Once this and all other steps are complete, you can go ahead and start Solr” but for above API call to work solr needs to be up on atleast one node.
Thanks
Jigar
From: Cassandra Targett <ca...@gmail.com>
Date: Monday, April 12, 2021 at 1:29 PM
To: users@solr.apache.org <us...@solr.apache.org>
Subject: Re: Regarding internode TLS enablement...
At some point after 8.3, we added instructions for what to do with existing collections: https://urldefense.com/v3/__https://solr.apache.org/guide/8_8/enabling-ssl.html*update-cluster-properties-for-existing-collections__;Iw!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdVfEAsUMo$<https://urldefense.com/v3/__https:/solr.apache.org/guide/8_8/enabling-ssl.html*update-cluster-properties-for-existing-collections__;Iw!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdVfEAsUMo$> . I don’t see any reason why that wouldn't be valid for 8.3 also.
On Apr 12, 2021, 2:58 PM -0500, Jigar Pandya <ji...@venafi.com>, wrote:
> Hello,
>
> We use solr cloud 8.3, we have a cluster of 6 VMs.
>
> We are trying to enable SSL for internode communication. I followed the document - https://urldefense.com/v3/__https://solr.apache.org/guide/8_3/enabling-ssl.html__;!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdV_uzEdv0$<https://urldefense.com/v3/__https:/solr.apache.org/guide/8_3/enabling-ssl.html__;!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdV_uzEdv0$> . We have collection with data loaded, doc talks about solrCloud cluster with no initial collection – can you refer me to a link / document which explains what needs to be done to enable internode ssl communication for a solr cloud cluster which has collections with data.
>
> once we enable the clusterschema to https in zknode, I believe all the baseurl’s for collections needs to be changed to https. Is there a command which I can utilize to change all collection baseurls to https ?
>
> Thanks
> Jigar
>
Re: Regarding internode TLS enablement...
Posted by Jigar Pandya <ji...@venafi.com>.
Thanks Cassandra.
Here is another question I have:
I don’t know what is the difference between following 2 commands listed on https://solr.apache.org/guide/8_8/enabling-ssl.html:
To me, they both are modifying same - clusterprop urlscheme property – one is modifying using zkclient and other is using solr API…
$ server/scripts/cloud-scripts/zkcli.sh -zkhost server1:2181,server2:2181,server3:2181 -cmd clusterprop -name urlScheme -val https
AND
$ http://localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https
Are they both needed to be run or 1 will suffice ?
Thanks
Jigar
From: Cassandra Targett <ca...@gmail.com>
Date: Wednesday, April 14, 2021 at 12:27 PM
To: users@solr.apache.org <us...@solr.apache.org>, Jigar Pandya <ji...@venafi.com>
Subject: Re: Regarding internode TLS enablement...
Ah, right, good point - one node does need to be up in order to run the API command. I don’t recall now what I did when I wrote those docs, but if I had to guess now I would recommend bring up one node, run the CLUSTERPROP command, then bring up the rest of the nodes.
On Apr 13, 2021, 1:53 PM -0500, Jigar Pandya <ji...@venafi.com>, wrote:
Looks like the urls’ which I sent being adjusted by prrofpoint..
Here is the API, I am talking about – “ http://localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https [localhost]<https://urldefense.com/v3/__http:/localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https__;!!Ati4tGle!8JELFLeMZn7ukSZhfWHpAq0CJi5TkNQP8oOl4enTdR9zDtawNNSATzg1QBs4eXzTROs$> “
Thanks
Jigar
From: Jigar Pandya <ji...@venafi.com>
Date: Tuesday, April 13, 2021 at 11:17 AM
To: users@solr.apache.org <us...@solr.apache.org>, Cassandra Targett <ca...@gmail.com>
Subject: Re: Regarding internode TLS enablement...
Thanks Cassandra. This is great that there is an API which can be utilized to mark existing collection for https…
I have follow up question, as per the link – this API needs to be run - https://urldefense.com/v3/__http://localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https__;!!Ati4tGle!5xcXScwuDrBUAbaCwQA6Pwp_joWVIld6TRTcuRGSnwC3vr2EevEzykxUWjwlnrbUXFY$<https://urldefense.com/v3/__http:/localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https__;!!Ati4tGle!5xcXScwuDrBUAbaCwQA6Pwp_joWVIld6TRTcuRGSnwC3vr2EevEzykxUWjwlnrbUXFY$>
above API will require solr to be up and running – what I am not sure what should be the order – this is the order which is what I have taken in past:
1. Bring down solr server on each node
2. Configure solr.in.sh with ssl configuration
3. Restart solr
my question is, when this API needs to be done - https://urldefense.com/v3/__http://localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https__;!!Ati4tGle!5xcXScwuDrBUAbaCwQA6Pwp_joWVIld6TRTcuRGSnwC3vr2EevEzykxUWjwlnrbUXFY$<https://urldefense.com/v3/__http:/localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https__;!!Ati4tGle!5xcXScwuDrBUAbaCwQA6Pwp_joWVIld6TRTcuRGSnwC3vr2EevEzykxUWjwlnrbUXFY$> in above listed step.
Can we do above API call after step #3 or before step #1 considering it needs solr server to be up and running on atleast one node.
OR
just before step #1, can we just keep one server running and do this step and then bring down that server
OR
Bring only one server up after step #4 and run this step.
I really apologize if I have confused you but unfortunately it is not very clear…
As per the link – “Once this and all other steps are complete, you can go ahead and start Solr” but for above API call to work solr needs to be up on atleast one node.
Thanks
Jigar
From: Cassandra Targett <ca...@gmail.com>
Date: Monday, April 12, 2021 at 1:29 PM
To: users@solr.apache.org <us...@solr.apache.org>
Subject: Re: Regarding internode TLS enablement...
At some point after 8.3, we added instructions for what to do with existing collections: https://urldefense.com/v3/__https://solr.apache.org/guide/8_8/enabling-ssl.html*update-cluster-properties-for-existing-collections__;Iw!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdVfEAsUMo$<https://urldefense.com/v3/__https:/solr.apache.org/guide/8_8/enabling-ssl.html*update-cluster-properties-for-existing-collections__;Iw!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdVfEAsUMo$<https://urldefense.com/v3/__https:/solr.apache.org/guide/8_8/enabling-ssl.html*update-cluster-properties-for-existing-collections__;Iw!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdVfEAsUMo$%3chttps:/urldefense.com/v3/__https:/solr.apache.org/guide/8_8/enabling-ssl.html*update-cluster-properties-for-existing-collections__;Iw!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdVfEAsUMo$>> . I don’t see any reason why that wouldn't be valid for 8.3 also.
On Apr 12, 2021, 2:58 PM -0500, Jigar Pandya <ji...@venafi.com>, wrote:
> Hello,
>
> We use solr cloud 8.3, we have a cluster of 6 VMs.
>
> We are trying to enable SSL for internode communication. I followed the document - https://urldefense.com/v3/__https://solr.apache.org/guide/8_3/enabling-ssl.html__;!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdV_uzEdv0$<https://urldefense.com/v3/__https:/solr.apache.org/guide/8_3/enabling-ssl.html__;!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdV_uzEdv0$<https://urldefense.com/v3/__https:/solr.apache.org/guide/8_3/enabling-ssl.html__;!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdV_uzEdv0$%3chttps:/urldefense.com/v3/__https:/solr.apache.org/guide/8_3/enabling-ssl.html__;!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdV_uzEdv0$>> . We have collection with data loaded, doc talks about solrCloud cluster with no initial collection – can you refer me to a link / document which explains what needs to be done to enable internode ssl communication for a solr cloud cluster which has collections with data.
>
> once we enable the clusterschema to https in zknode, I believe all the baseurl’s for collections needs to be changed to https. Is there a command which I can utilize to change all collection baseurls to https ?
>
> Thanks
> Jigar
>
Re: Regarding internode TLS enablement...
Posted by Cassandra Targett <ca...@gmail.com>.
Ah, right, good point - one node does need to be up in order to run the API command. I don’t recall now what I did when I wrote those docs, but if I had to guess now I would recommend bring up one node, run the CLUSTERPROP command, then bring up the rest of the nodes.
On Apr 13, 2021, 1:53 PM -0500, Jigar Pandya <ji...@venafi.com>, wrote:
> Looks like the urls’ which I sent being adjusted by prrofpoint..
>
> Here is the API, I am talking about – “ http://localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https “
>
> Thanks
> Jigar
>
>
>
> From: Jigar Pandya <ji...@venafi.com>
> Date: Tuesday, April 13, 2021 at 11:17 AM
> To: users@solr.apache.org <us...@solr.apache.org>, Cassandra Targett <ca...@gmail.com>
> Subject: Re: Regarding internode TLS enablement...
> Thanks Cassandra. This is great that there is an API which can be utilized to mark existing collection for https…
>
> I have follow up question, as per the link – this API needs to be run - https://urldefense.com/v3/__http://localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https__;!!Ati4tGle!5xcXScwuDrBUAbaCwQA6Pwp_joWVIld6TRTcuRGSnwC3vr2EevEzykxUWjwlnrbUXFY$
>
> above API will require solr to be up and running – what I am not sure what should be the order – this is the order which is what I have taken in past:
>
> 1. Bring down solr server on each node
> 2. Configure solr.in.sh with ssl configuration
> 3. Restart solr
>
> my question is, when this API needs to be done - https://urldefense.com/v3/__http://localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https__;!!Ati4tGle!5xcXScwuDrBUAbaCwQA6Pwp_joWVIld6TRTcuRGSnwC3vr2EevEzykxUWjwlnrbUXFY$ in above listed step.
>
> Can we do above API call after step #3 or before step #1 considering it needs solr server to be up and running on atleast one node.
> OR
> just before step #1, can we just keep one server running and do this step and then bring down that server
> OR
>
> Bring only one server up after step #4 and run this step.
>
> I really apologize if I have confused you but unfortunately it is not very clear…
>
> As per the link – “Once this and all other steps are complete, you can go ahead and start Solr” but for above API call to work solr needs to be up on atleast one node.
>
> Thanks
>
> Jigar
>
>
>
> From: Cassandra Targett <ca...@gmail.com>
> Date: Monday, April 12, 2021 at 1:29 PM
> To: users@solr.apache.org <us...@solr.apache.org>
> Subject: Re: Regarding internode TLS enablement...
> At some point after 8.3, we added instructions for what to do with existing collections: https://urldefense.com/v3/__https://solr.apache.org/guide/8_8/enabling-ssl.html*update-cluster-properties-for-existing-collections__;Iw!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdVfEAsUMo$<https://urldefense.com/v3/__https:/solr.apache.org/guide/8_8/enabling-ssl.html*update-cluster-properties-for-existing-collections__;Iw!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdVfEAsUMo$> . I don’t see any reason why that wouldn't be valid for 8.3 also.
> On Apr 12, 2021, 2:58 PM -0500, Jigar Pandya <ji...@venafi.com>, wrote:
> > Hello,
> >
> > We use solr cloud 8.3, we have a cluster of 6 VMs.
> >
> > We are trying to enable SSL for internode communication. I followed the document - https://urldefense.com/v3/__https://solr.apache.org/guide/8_3/enabling-ssl.html__;!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdV_uzEdv0$<https://urldefense.com/v3/__https:/solr.apache.org/guide/8_3/enabling-ssl.html__;!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdV_uzEdv0$> . We have collection with data loaded, doc talks about solrCloud cluster with no initial collection – can you refer me to a link / document which explains what needs to be done to enable internode ssl communication for a solr cloud cluster which has collections with data.
> >
> > once we enable the clusterschema to https in zknode, I believe all the baseurl’s for collections needs to be changed to https. Is there a command which I can utilize to change all collection baseurls to https ?
> >
> > Thanks
> > Jigar
> >
Re: Regarding internode TLS enablement...
Posted by Jigar Pandya <ji...@venafi.com>.
Looks like the urls’ which I sent being adjusted by prrofpoint..
Here is the API, I am talking about – “ http://localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https “
Thanks
Jigar
From: Jigar Pandya <ji...@venafi.com>
Date: Tuesday, April 13, 2021 at 11:17 AM
To: users@solr.apache.org <us...@solr.apache.org>, Cassandra Targett <ca...@gmail.com>
Subject: Re: Regarding internode TLS enablement...
Thanks Cassandra. This is great that there is an API which can be utilized to mark existing collection for https…
I have follow up question, as per the link – this API needs to be run - https://urldefense.com/v3/__http://localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https__;!!Ati4tGle!5xcXScwuDrBUAbaCwQA6Pwp_joWVIld6TRTcuRGSnwC3vr2EevEzykxUWjwlnrbUXFY$<https://urldefense.com/v3/__http:/localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https__;!!Ati4tGle!5xcXScwuDrBUAbaCwQA6Pwp_joWVIld6TRTcuRGSnwC3vr2EevEzykxUWjwlnrbUXFY$>
above API will require solr to be up and running – what I am not sure what should be the order – this is the order which is what I have taken in past:
1. Bring down solr server on each node
2. Configure solr.in.sh with ssl configuration
3. Restart solr
my question is, when this API needs to be done - https://urldefense.com/v3/__http://localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https__;!!Ati4tGle!5xcXScwuDrBUAbaCwQA6Pwp_joWVIld6TRTcuRGSnwC3vr2EevEzykxUWjwlnrbUXFY$<https://urldefense.com/v3/__http:/localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https__;!!Ati4tGle!5xcXScwuDrBUAbaCwQA6Pwp_joWVIld6TRTcuRGSnwC3vr2EevEzykxUWjwlnrbUXFY$> in above listed step.
Can we do above API call after step #3 or before step #1 considering it needs solr server to be up and running on atleast one node.
OR
just before step #1, can we just keep one server running and do this step and then bring down that server
OR
Bring only one server up after step #4 and run this step.
I really apologize if I have confused you but unfortunately it is not very clear…
As per the link – “Once this and all other steps are complete, you can go ahead and start Solr” but for above API call to work solr needs to be up on atleast one node.
Thanks
Jigar
From: Cassandra Targett <ca...@gmail.com>
Date: Monday, April 12, 2021 at 1:29 PM
To: users@solr.apache.org <us...@solr.apache.org>
Subject: Re: Regarding internode TLS enablement...
At some point after 8.3, we added instructions for what to do with existing collections: https://urldefense.com/v3/__https://solr.apache.org/guide/8_8/enabling-ssl.html*update-cluster-properties-for-existing-collections__;Iw!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdVfEAsUMo$<https://urldefense.com/v3/__https:/solr.apache.org/guide/8_8/enabling-ssl.html*update-cluster-properties-for-existing-collections__;Iw!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdVfEAsUMo$<https://urldefense.com/v3/__https:/solr.apache.org/guide/8_8/enabling-ssl.html*update-cluster-properties-for-existing-collections__;Iw!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdVfEAsUMo$%3chttps:/urldefense.com/v3/__https:/solr.apache.org/guide/8_8/enabling-ssl.html*update-cluster-properties-for-existing-collections__;Iw!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdVfEAsUMo$>> . I don’t see any reason why that wouldn't be valid for 8.3 also.
On Apr 12, 2021, 2:58 PM -0500, Jigar Pandya <ji...@venafi.com>, wrote:
> Hello,
>
> We use solr cloud 8.3, we have a cluster of 6 VMs.
>
> We are trying to enable SSL for internode communication. I followed the document - https://urldefense.com/v3/__https://solr.apache.org/guide/8_3/enabling-ssl.html__;!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdV_uzEdv0$<https://urldefense.com/v3/__https:/solr.apache.org/guide/8_3/enabling-ssl.html__;!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdV_uzEdv0$<https://urldefense.com/v3/__https:/solr.apache.org/guide/8_3/enabling-ssl.html__;!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdV_uzEdv0$%3chttps:/urldefense.com/v3/__https:/solr.apache.org/guide/8_3/enabling-ssl.html__;!!Ati4tGle!7osP7nNU35PQjvJam7Ik8ipo46nc_Y8LsGntQcC55903oTvd2-jlHySqHNdV_uzEdv0$>> . We have collection with data loaded, doc talks about solrCloud cluster with no initial collection – can you refer me to a link / document which explains what needs to be done to enable internode ssl communication for a solr cloud cluster which has collections with data.
>
> once we enable the clusterschema to https in zknode, I believe all the baseurl’s for collections needs to be changed to https. Is there a command which I can utilize to change all collection baseurls to https ?
>
> Thanks
> Jigar
>