[
https://issues.apache.org/jira/browse/SOLR-13985?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17009813#comment-17009813
]
Jason Gerlowski edited comment on SOLR-13985 at 1/7/20 3:11 PM:
----------------------------------------------------------------
The issue I found is a real problem. You can see it trivially with this commit
in place by running {{bin/solr start -c && bin/solr create -c foo}}.
Collection creation fails with this error in the logs:
{code}
2020-01-07 14:26:14.582 INFO
(OverseerStateUpdate-72132527041150976-192.168.1.194:8983_solr-n_0000000000) [
] o.a.s.c.o.SliceMutator createReplica() {
"operation":"ADDREPLICA",
...
"base_url":"http://192.168.1.194:8983/solr"}
2020-01-07 14:26:14.790 ERROR
(OverseerThreadFactory-9-thread-3-processing-n:192.168.1.194:8983_solr) [ ]
o.a.s.c.a.c.OverseerCollectionMessageHandler Error from shard:
http://192.168.1.194:8983/solr =>
org.apache.solr.client.solrj.SolrServerException: Server refused connection at:
http://192.168.1.194:8983/solr
at
org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:672)
org.apache.solr.client.solrj.SolrServerException: Server refused connection at:
http://192.168.1.194:8983/solr
at
org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:672)
~[?:?]
at
org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:265)
~[?:?]
at
org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:248)
~[?:?]
at
org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1290) ~[?:?]
at
org.apache.solr.handler.component.HttpShardHandlerFactory$1.request(HttpShardHandlerFactory.java:178)
~[?:?]
at
org.apache.solr.handler.component.HttpShardHandler.lambda$submit$0(HttpShardHandler.java:195)
~[?:?]
{code}
The issue is pretty clear. Solr only accepts connections on localhost, but
puts a public IP address in live_nodes, overseer messages, etc. So when Solr
goes to make requests to itself, those requests will fail. This is a pretty
big problem and one I should have caught earlier. But no harm no foul
hopefully.
As a hack, the problem can be worked around by setting
{{SOLR_HOST="127.0.0.1"}} in solr.in.sh. Maybe we could auto-set SOLR_HOST to
127.0.0.1 in {{bin/solr}} if localhost-only binding is configured. But that
seems a bit brittle to me: how would conflicts be handled, etc? I'll do some
more testing on this today to try and figure out whether this is a reasonable
solution.
Anyone have any thoughts?
was (Author: gerlowskija):
The issue I found is a real problem. You can see it trivially with this commit
in place by running {{bin/solr start -c && bin/solr create -c foo}}.
Collection creation fails with this error in the logs:
{code}
2020-01-07 14:26:14.582 INFO
(OverseerStateUpdate-72132527041150976-192.168.1.194:8983_solr-n_0000000000) [
] o.a.s.c.o.SliceMutator createReplica() {
"operation":"ADDREPLICA",
...
"base_url":"http://192.168.1.194:8983/solr"}
2020-01-07 14:26:14.790 ERROR
(OverseerThreadFactory-9-thread-3-processing-n:192.168.1.194:8983_solr) [ ]
o.a.s.c.a.c.OverseerCollectionMessageHandler Error from shard:
http://192.168.1.194:8983/solr =>
org.apache.solr.client.solrj.SolrServerException: Server refus
ed connection at: http://192.168.1.194:8983/solr
at
org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:672)
org.apache.solr.client.solrj.SolrServerException: Server refused connection at:
http://192.168.1.194:8983/solr
at
org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:672)
~[?:?]
at
org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:265)
~[?:?]
at
org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:248)
~[?:?]
at
org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1290) ~[?:?]
at
org.apache.solr.handler.component.HttpShardHandlerFactory$1.request(HttpShardHandlerFactory.java:178)
~[?:?]
at
org.apache.solr.handler.component.HttpShardHandler.lambda$submit$0(HttpShardHandler.java:195)
~[?:?]
{code}
The issue is pretty clear. Solr only accepts connections on localhost, but
puts a public IP address in live_nodes, overseer messages, etc. So when Solr
goes to make requests to itself, those requests will fail. This is a pretty
big problem and one I should have caught earlier. But no harm no foul
hopefully.
As a hack, the problem can be worked around by setting
{{SOLR_HOST="127.0.0.1"}} in solr.in.sh. Maybe we could auto-set SOLR_HOST to
127.0.0.1 in {{bin/solr}} if localhost-only binding is configured. But that
seems a bit brittle to me: how would conflicts be handled, etc? I'll do some
more testing on this today to try and figure out whether this is a reasonable
solution.
Anyone have any thoughts?
> bind to localhost by default
> ----------------------------
>
> Key: SOLR-13985
> URL: https://issues.apache.org/jira/browse/SOLR-13985
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Robert Muir
> Assignee: Jason Gerlowski
> Priority: Major
> Fix For: master (9.0)
>
> Attachments: SOLR-13985.patch, SOLR-13985.patch, SOLR-13985.patch,
> SOLR-13985.patch
>
>
> Currently solr binds to all interfaces by default.
> The default should be safer, so that e.g. the user is not exposed to the
> internet until they make an explicit step to do so.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
