You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by Ana Maria <ir...@yahoo.com.INVALID> on 2018/08/28 19:08:06 UTC
Issues enabling zk 3.4.10 ACLs for Solr 7.2
Hello, I am working on a project implementing Zookeeper and Solr cloud on a cluster with 3 servers. I need to secure my zookeeper nodes so that they can only communicate among themselves, I tried implementing ACLs according to the documentation (https://lucene.apache.org/solr/guide/7_2/zookeeper-access-control.html) but I am still able to update a file on the cluster from another server outside the cluster, which means ACLs are not working properly. Here are the changes I made: solr-7.2.1/server/solr/solr.xml <solrcloud> <str name="host">${host:}</str> <int name="hostPort">${jetty.port:8983}</int> <str name="hostContext">${hostContext:solr}</str> <bool name="genericCoreNodeNames">${genericCoreNodeNames:true}</bool> <int name="zkClientTimeout">${zkClientTimeout:30000}</int> <int name="distribUpdateSoTimeout">${distribUpdateSoTimeout:600000}</int> <int name="distribUpdateConnTimeout">${distribUpdateConnTimeout:60000}</int> #<str name="zkCredentialsProvider">${zkCredentialsProvider:org.apache.solr.common.cloud.DefaultZkCredentialsProvider}</str> <str name="zkCredentialsProvider">${zkCredentialsProvider:org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider}</str> #<str name="zkACLProvider">${zkACLProvider:org.apache.solr.common.cloud.DefaultZkACLProvider}</str> <str name="zkACLProvider">${zkACLProvider:org.apache.solr.common.cloud.VMParamsAllAndReadonlyDigestZkACLProvider}</str>
/solr-7.2.1/server/scripts/cloud-scripts/zkcli.sh:
# Settings for ZK ACL
SOLR_ZK_CREDS_AND_ACLS="-DzkACLProvider=org.apache.solr.common.cloud.VMParamsAllAndReadonlyDigestZkACLProvider \
-DzkCredentialsProvider=org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider \
-DzkDigestUsername=admin -DzkDigestPassword=CHANGE"
# -DzkDigestReadonlyUsername=readonly-user -DzkDigestReadonlyPassword=CHANGEME-READONLY-PASSWORD"
/solr-7.2.1/bin/solr.in.sh:
# Settings for ZK ACL
SOLR_ZK_CREDS_AND_ACLS="-DzkACLProvider=org.apache.solr.common.cloud.VMParamsAllAndReadonlyDigestZkACLProvider \
-DzkCredentialsProvider=org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider \
-DzkDigestUsername=admin -DzkDigestPassword=CHANGE"
# -DzkDigestReadonlyUsername=readonly-user -DzkDigestReadonlyPassword=CHANGEME-READONLY-PASSWORD"
SOLR_OPTS="$SOLR_OPTS $SOLR_ZK_CREDS_AND_ACLS"
I would appreciate some input as to enabling ACLs and securing the zookeeper cluster.
Thank you,Ana