You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Nils Cant (JIRA)" <ji...@apache.org> on 2017/12/13 17:20:00 UTC
[jira] [Updated] (SOLR-11759) DocExpirationUpdateProcessorFactory
causes unauthenticated inter-node requests
[ https://issues.apache.org/jira/browse/SOLR-11759?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nils Cant updated SOLR-11759:
-----------------------------
Description:
When configuring a collection with a DocExpirationUpdateProcessorFactory, this causes inter-node calls to no longer authenticate.
config extract from solrconfig.xml:
{code:xml}
<processor class="solr.processor.DocExpirationUpdateProcessorFactory">
<int name="autoDeletePeriodSeconds">60</int>
<null name="ttlFieldName" />
<str name="expirationFieldName">expiration</str>
</processor>
{code}
solr.log exception:
{code}
2017-12-13 17:07:07.328 WARN (autoExpireDocs-22-thread-1) [c:anpr-search s:shard1 r:core_node1 x:anpr-search_shard1_replica1] o.a.s.u.p.DistributedUpdateProcessor Error sending update to http://X.X.X.242:8983/s
olr
org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://X.X.X.242:8983/solr/anpr-search_shard1_replica1: Expected mime type application/octet-stream but got text/html. <
html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 401 require authentication</title>
</head>
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /solr/anpr-search_shard1_replica1/update. Reason:
<pre> require authentication</pre></p>
</body>
</html>
at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:578)
at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:279)
at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:268)
at org.apache.solr.client.solrj.impl.ConcurrentUpdateSolrClient.request(ConcurrentUpdateSolrClient.java:430)
at org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1219)
at org.apache.solr.update.SolrCmdDistributor.doRequest(SolrCmdDistributor.java:299)
at org.apache.solr.update.SolrCmdDistributor.lambda$submit$0(SolrCmdDistributor.java:288)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176)
at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:229)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
{code}
The following screenshots show how another collection (vervoermiddelen) properly sends the SolrAuth header, while the anrp-search collection doesn't:
https://imgur.com/a/kJ4Ut
This causes replica shards to become (and stay) down.
If I remove the DocExpirationUpdateProcessorFactory configuration from solrconfig.xml, the problem doesn't occur.
was:
When configuring a collection with a DocExpirationUpdateProcessorFactory, this causes inter-node calls to no longer authenticate.
config extract from solrconfig.xml:
{{ <processor class="solr.processor.DocExpirationUpdateProcessorFactory">
<int name="autoDeletePeriodSeconds">60</int>
<null name="ttlFieldName" />
<str name="expirationFieldName">expiration</str>
</processor>}}
solr.log exception:
{{2017-12-13 17:07:07.328 WARN (autoExpireDocs-22-thread-1) [c:anpr-search s:shard1 r:core_node1 x:anpr-search_shard1_replica1] o.a.s.u.p.DistributedUpdateProcessor Error sending update to http://X.X.X.242:8983/s
olr
org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://X.X.X.242:8983/solr/anpr-search_shard1_replica1: Expected mime type application/octet-stream but got text/html. <
html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 401 require authentication</title>
</head>
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /solr/anpr-search_shard1_replica1/update. Reason:
<pre> require authentication</pre></p>
</body>
</html>
at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:578)
at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:279)
at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:268)
at org.apache.solr.client.solrj.impl.ConcurrentUpdateSolrClient.request(ConcurrentUpdateSolrClient.java:430)
at org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1219)
at org.apache.solr.update.SolrCmdDistributor.doRequest(SolrCmdDistributor.java:299)
at org.apache.solr.update.SolrCmdDistributor.lambda$submit$0(SolrCmdDistributor.java:288)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176)
at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:229)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)}}
The following screenshots show how another collection (vervoermiddelen) properly sends the SolrAuth header, while the anrp-search collection doesn't:
https://imgur.com/a/kJ4Ut
This causes replica shards to become (and stay) down.
If I remove the DocExpirationUpdateProcessorFactory configuration from solrconfig.xml, the problem doesn't occur.
> DocExpirationUpdateProcessorFactory causes unauthenticated inter-node requests
> ------------------------------------------------------------------------------
>
> Key: SOLR-11759
> URL: https://issues.apache.org/jira/browse/SOLR-11759
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Authentication
> Environment: solr 6.6.0
> jre1.8.0_101
> Ubuntu 14.04
> SolrCloud with zookeeper 3.4.5
> Reporter: Nils Cant
>
> When configuring a collection with a DocExpirationUpdateProcessorFactory, this causes inter-node calls to no longer authenticate.
> config extract from solrconfig.xml:
> {code:xml}
> <processor class="solr.processor.DocExpirationUpdateProcessorFactory">
> <int name="autoDeletePeriodSeconds">60</int>
> <null name="ttlFieldName" />
> <str name="expirationFieldName">expiration</str>
> </processor>
> {code}
> solr.log exception:
> {code}
> 2017-12-13 17:07:07.328 WARN (autoExpireDocs-22-thread-1) [c:anpr-search s:shard1 r:core_node1 x:anpr-search_shard1_replica1] o.a.s.u.p.DistributedUpdateProcessor Error sending update to http://X.X.X.242:8983/s
> olr
> org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://X.X.X.242:8983/solr/anpr-search_shard1_replica1: Expected mime type application/octet-stream but got text/html. <
> html>
> <head>
> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> <title>Error 401 require authentication</title>
> </head>
> <body><h2>HTTP ERROR 401</h2>
> <p>Problem accessing /solr/anpr-search_shard1_replica1/update. Reason:
> <pre> require authentication</pre></p>
> </body>
> </html>
> at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:578)
> at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:279)
> at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:268)
> at org.apache.solr.client.solrj.impl.ConcurrentUpdateSolrClient.request(ConcurrentUpdateSolrClient.java:430)
> at org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1219)
> at org.apache.solr.update.SolrCmdDistributor.doRequest(SolrCmdDistributor.java:299)
> at org.apache.solr.update.SolrCmdDistributor.lambda$submit$0(SolrCmdDistributor.java:288)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176)
> at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:229)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> {code}
> The following screenshots show how another collection (vervoermiddelen) properly sends the SolrAuth header, while the anrp-search collection doesn't:
> https://imgur.com/a/kJ4Ut
> This causes replica shards to become (and stay) down.
> If I remove the DocExpirationUpdateProcessorFactory configuration from solrconfig.xml, the problem doesn't occur.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org