Problems with restricting access to users using Basic auth

[Salmaan Rashid Syed]

Hi Solr Users,

I want to create a user that has restricted access to Solr. I did the
follwowing:-


   1. {
   2. "authentication":{
   3."blockUnknown": true,
   4."class":"solr.BasicAuthPlugin",
   5."credentials":{
   6. "solr-admin":
   "2IUJD9dxRhxSXaJGdMP5z8ggSn4I285Ty9GCWeRNMUg=
/sSNJJufPtj4baRizoJshJawFsWvopvZSqZpQ/Nwd78="
   ,
   7. "solr-user":
   "p+XwOh15p/rvFltv2LXP1CwtbvwBgGlC9qcDKxV73B4=
DcNsjfA6Wf16V1XKT+YraosSFQ5Cr3eRUX6BQnx9XKA="

   8.  }
   9. },
   10. "authorization":{
   11."class":"solr.RuleBasedAuthorizationPlugin",
   12."user-role":{"solr-admin":"admin", "solr-user":"dev"},
   13."permissions":[
   14.   {
   15."name":"security-edit",
   16."role":"admin"
   17.   },
   18.   {
   19. "collection": ["Collection1", "Collection2"],
   20. "name": ["update", "read"],
   21. "role": "dev"
   22.   }
   23.   ]
   24. }}


But when Login intot the Solr admin dash-board using Solr-user credentials,
I can read, select, write, update, delete collections and do all sorts of
things like a solr-admin can do.

I want solr-user to be able to access only *Collection1* and *Collection2*
and be able to only *update *and *read*. He should not be able to access
other collections and do anything apart from the above mentioned role.

Where am I exactly going wrong?

Thanks and Regards,
Salmaan

Re: 8.2.0 getting warning - unable to load jetty,​ not starting JettyAdminServer

[Furkan KAMACI]

Hi Arnold,

Such errors may arise due to file permission issues. I can run latest
version without of Solr via docker image without any errors. Could you
write which steps do you follow to run Solr docker?

Kind Regards,
Furkan KAMACI

On Tue, Aug 20, 2019 at 1:25 AM Arnold Bronley 
wrote:

> Hi,
>
> I am getting following warning in Solr admin UI logs. I did not get this
> warning in Solr 8.1.1
> Please note that I am using Solr docker slim image from here -
> https://hub.docker.com/_/solr/
>
> Unable to load jetty,​ not starting JettyAdminServer
>

Re: HttpShardHandlerFactory

[Mark Robinson]

Hello Shawn,

Thank you so much for the detailed response.
It was so helpful!

Thanks!
Mark.

On Fri, Aug 16, 2019 at 9:40 AM Shawn Heisey  wrote:

> On 8/16/2019 3:51 AM, Mark Robinson wrote:
> > I am trying to understand the socket time out and connection time out in
> > the HttpShardHandlerFactory:-
> >
> > 
> >10
> >20
> > 
>
> The shard handler is used when that Solr instance needs to make
> connections to another Solr instance (which could be itself, as odd as
> that might sound).  It does not apply to the requests that you make from
> outside Solr.
>
> > 1.Could some one please help me understand the effect of using such low
> > values of 10 ms
> >  and 20ms as given above inside my /select handler?
>
> A connection timeout of 10 milliseconds *might* result in connections
> not establishing at all.  This is translated down to the TCP socket as
> the TCP connection timeout -- the time limit imposed on making the TCP
> connection itself.  Which as I understand it, is the completion of the
> "SYN", "SYN/ACK", and "ACK" sequence.  If the two endpoints of the
> connection are on a LAN, you might never see a problem from this -- LAN
> connections are very low latency.  But if they are across the Internet,
> they might never work.
>
> The socket timeout of 20 milliseconds means that if the connection goes
> idle for 20 milliseconds, it will be forcibly closed.  So if it took 25
> milliseconds for the remote Solr instance to respond, this Solr instance
> would have given up and closed the connection.  It is extremely common
> for requests to take 100, 500, 2000, or more milliseconds to respond.
>
> > 2. What is the guidelines for setting these parameters? Should they be
> low
> > or high
>
> I would probably use a value of about 5000 (five seconds) for the
> connection timeout if everything's on a local LAN.  I might go as high
> as 15 seconds if there's a high latency network between them, but five
> seconds is probably long enough too.
>
> For the socket timeout, you want a value that's considerably longer than
> you expect requests to ever take.  Probably somewhere between two and
> five minutes.
>
> > 3. How can I test the effect of this chunk of code after adding it to my
> > /select handler ie I want to
> >   make sure the above code snippet is working. That is why I gave
> such
> > low values and
> >   thought when I fire a query I would get both time out errors in the
> > logs. But did not!
> >   Or is it that within the above time frame (10 ms, 20ms) if no
> request
> > comes the socket will
> >   time out and the connection will be lost. So to test this should I
> > give a say 100 TPS load with
> >   these low values and then increase the values to maybe 1000 ms and
> > 1500 ms respectively
> >   and see lesser time out error messages?
>
> If you were running a multi-server SolrCloud setup (or a single-server
> setup with multiple shards and/or replicas), you probably would see
> problems from values that low.  But if Solr never has any need to make
> connections to satisfy a request, then the values will never take effect.
>
> If you want to control these values for requests made from outside Solr,
> you will need to do it in your client software that is making the request.
>
> Thanks,
> Shawn
>

Re: HttpShardHandlerFactory

[Mark Robinson]

Hello Michael,

Thank you for pointing that out.
Today I am planning to try this out along with the insights Shawn had
shared.

Thanks!
Mark.

On Mon, Aug 19, 2019 at 9:21 AM Michael Gibney 
wrote:

> Mark,
>
> Another thing to check is that I believe the configuration you posted may
> not actually be taking effect. Unless I'm mistaken, I think the correct
> element name to configure the shardHandler is "shardHandler*Factory*", not
> "shardHandler" ... as in, ' class="HttpShardHandlerFactory">...'
>
> The element name is documented correctly in the refGuide page for "Format
> of solr.xml":
>
> https://lucene.apache.org/solr/guide/8_1/format-of-solr-xml.html#the-shardhandlerfactory-element
>
> ... but the incorrect (?) element name is included in the refGuide page for
> "Distributed Requests":
>
> https://lucene.apache.org/solr/guide/8_1/distributed-requests.html#configuring-the-shardhandlerfactory
>
> Michael
>
> On Fri, Aug 16, 2019 at 9:40 AM Shawn Heisey  wrote:
>
> > On 8/16/2019 3:51 AM, Mark Robinson wrote:
> > > I am trying to understand the socket time out and connection time out
> in
> > > the HttpShardHandlerFactory:-
> > >
> > > 
> > >10
> > >20
> > > 
> >
> > The shard handler is used when that Solr instance needs to make
> > connections to another Solr instance (which could be itself, as odd as
> > that might sound).  It does not apply to the requests that you make from
> > outside Solr.
> >
> > > 1.Could some one please help me understand the effect of using such low
> > > values of 10 ms
> > >  and 20ms as given above inside my /select handler?
> >
> > A connection timeout of 10 milliseconds *might* result in connections
> > not establishing at all.  This is translated down to the TCP socket as
> > the TCP connection timeout -- the time limit imposed on making the TCP
> > connection itself.  Which as I understand it, is the completion of the
> > "SYN", "SYN/ACK", and "ACK" sequence.  If the two endpoints of the
> > connection are on a LAN, you might never see a problem from this -- LAN
> > connections are very low latency.  But if they are across the Internet,
> > they might never work.
> >
> > The socket timeout of 20 milliseconds means that if the connection goes
> > idle for 20 milliseconds, it will be forcibly closed.  So if it took 25
> > milliseconds for the remote Solr instance to respond, this Solr instance
> > would have given up and closed the connection.  It is extremely common
> > for requests to take 100, 500, 2000, or more milliseconds to respond.
> >
> > > 2. What is the guidelines for setting these parameters? Should they be
> > low
> > > or high
> >
> > I would probably use a value of about 5000 (five seconds) for the
> > connection timeout if everything's on a local LAN.  I might go as high
> > as 15 seconds if there's a high latency network between them, but five
> > seconds is probably long enough too.
> >
> > For the socket timeout, you want a value that's considerably longer than
> > you expect requests to ever take.  Probably somewhere between two and
> > five minutes.
> >
> > > 3. How can I test the effect of this chunk of code after adding it to
> my
> > > /select handler ie I want to
> > >   make sure the above code snippet is working. That is why I gave
> > such
> > > low values and
> > >   thought when I fire a query I would get both time out errors in
> the
> > > logs. But did not!
> > >   Or is it that within the above time frame (10 ms, 20ms) if no
> > request
> > > comes the socket will
> > >   time out and the connection will be lost. So to test this should
> I
> > > give a say 100 TPS load with
> > >   these low values and then increase the values to maybe 1000 ms
> and
> > > 1500 ms respectively
> > >   and see lesser time out error messages?
> >
> > If you were running a multi-server SolrCloud setup (or a single-server
> > setup with multiple shards and/or replicas), you probably would see
> > problems from values that low.  But if Solr never has any need to make
> > connections to satisfy a request, then the values will never take effect.
> >
> > If you want to control these values for requests made from outside Solr,
> > you will need to do it in your client software that is making the
> request.
> >
> > Thanks,
> > Shawn
> >
>

Re: question about solrCloud joining

[Erick Erickson]

None of your images came through, the mail server aggressively strips 
attachments. You’ll have to put them somewhere and provide a link.

Given that, I’m guessing without much data so this may be totally misguided. 
You mention ports 8984 and 8984. Assuming those are two different Solr JVMs, 
the fact that they’re running on the same machine is irrelevant; As far as 
SolrCloud is concerned, they are two separate machines. Your directors 
collection must be completely resident on both Solr instances for 
cross-collection join to work.

Best,
Erick

> On Aug 19, 2019, at 9:39 PM, 王立生  wrote:
> 
> Hello,
> 
> I have a question about solrCloud joining. i knew solrCloud joining can do 
> join only when index is  not splited to shards, but when i test it, i found a 
> problem which make me confused. 
> 
> i tested it on version 8.2
> 
> assuming i have 2 collections like sample about "joining" on solr offcial 
> website,
> 
> one collection called "movies", another called "movieDirectors".
> 
> movies's fields: id, title, director_id
> movieDirectors's fields: id, name, has_oscar
> 
> the information of shards and replicas as below, i started two nodes on my 
> laptop:
> 
>  moviesDirectors have 2 docs:
> 
> movies also have 2 docs:
> 
> everything is ok when i run query with "{!join from=id 
> fromIndex=movieDirectors to=director_id}has_oscar:true" on both 8983 and 
> 8984, i can got expacted result:
> 
> but when i run "{!join from=director_id fromIndex=movies 
> to=id}title:"Dunkirk"" on 8983
> got 1 doc and if i filter by "title:Get Out", i got nothing.  i understood 
> "Get Out" is not exist in 8983.
> 
> 
> but question is coming, when i run "{!join from=director_id fromIndex=movies 
> to=id}title:"Dunkirk"" on 8984, i got "SolrCloud join: multiple shards not 
> yet supported movies"
> no matter what filter value is.
> 
> i found following code:
> 
> 
> when i run joining from movies on 8983, slice length is 2 as movies have 2 
> shards. "fromReplica " was assigned in second cycle,  because zkController 
> name is 8983 and replica name is 8984 in first cycle.
> 
> but when run on 8984, "fromReplica" was assigned in first cycle, because 
> zkController name isand replica name both are 8984 in first cycle, so throw 
> "SolrCloud join: multiple shards not yet supported" in second cycle.
> 
> Thanks for your patience, it's too long. i'm confused about why use this way 
> to judge "multiple shards", because the result is also wrong running on 8983 
> even if didnt throw exception. why dont use  slice length>1 to judge 
> "multiple shards" ? or maybe have other better way?
> 
> Please advise.
> 
> Thanks in advance!
> 
> 
> 

Re: question about solrCloud joining

[Lisheng Wang]

Hi Erick

Thanks for your quick response and remaining me about attachment issue.

Yes, i run on 2 different jvms that not related to if they are on same
machine or not.

let me describe my scenario, i have two collection:

i start 2 nodes on my laptop on 2 different JVM, ports are 8983 and 8984.

1. movieDirectors: 1 shard, 2 replica, master is on 8984, slave is on 8983
2. movies: 2 shard, 1 replica/shardshard1 is on 8983, shard2 is on 8984.

collection movieDirectors has 2 docs:
{
"id":"1", "title":"Dunkirk", "director_id":"1", "_version_":
1642343781358370816
}, { "id":"2", "title":"Get Out", "director_id":"2", "_version_":
1642343828930166784
}
collection movies has 2 docs too:
{ "id":"1", "title":"Dunkirk", "director_id":"1", "_version_":
1642343781358370816
}, { "id":"2", "title":"Get Out", "director_id":"2", "_version_":
1642343828930166784
}
everything is ok when i run query with "{!join from=id
fromIndex=movieDirectors to=director_id}has_oscar:true" on both 8983 and
8984, i can got expected result:
{ "responseHeader":{ "zkConnected":true, "status":0, "QTime":79, "params":{
"q":"*:*", "fq":"{!join from=id fromIndex=movieDirectors
to=director_id}has_oscar:true", "_":"1566313944099"}}, "response":{"numFound
":2,"start":0,"maxScore":1.0,"docs":[ { "id":"1", "title":"Dunkirk", "
director_id":"1", "_version_":1642343781358370816}, { "id":"2", "title":"Get
Out", "director_id":"2", "_version_":1642343828930166784}] }}
but when i run "{!join from=director_id fromIndex=movies
to=id}title:"Dunkirk"" on 8983 got 1 doc,
 if i filter by "title:Get Out", i got nothing.  i understood "Get Out" is
not exist in 8983.
{ "responseHeader":{ "zkConnected":true, "status":0, "QTime":3, "params":{ "
q":"*:*", "fq":"{!join from=director_id fromIndex=movies
to=id}title:\"Dunkirk\"", "_":"1566261450613"}}, "response":{"numFound":1,"
start":0,"docs":[ { "id":"1", "name":"Christopher Nolan", "has_oscar":true,
"_version_":1642343436642156544}] }}

but question is coming, when i run "{!join from=director_id
fromIndex=movies to=id}title:"Dunkirk"" on 8984, i got "SolrCloud join:
multiple shards not yet supported movies"
no matter what filter value is.

i found following code:

private static String findLocalReplicaForFromIndex(ZkController
zkController, String fromIndex) {
  String fromReplica = null;

  String nodeName = zkController.getNodeName();
  for (Slice slice :
zkController.getClusterState().getCollection(fromIndex).getActiveSlicesArr())
{
if (fromReplica != null)
  throw new SolrException(SolrException.ErrorCode.BAD_REQUEST,
  "SolrCloud join: multiple shards not yet supported " + fromIndex);
for (Replica replica : slice.getReplicas()) {
  if (replica.getNodeName().equals(nodeName)) {
fromReplica = replica.getStr(ZkStateReader.CORE_NAME_PROP);
// found local replica, but is it Active?
if (replica.getState() != Replica.State.ACTIVE)
  throw new SolrException(SolrException.ErrorCode.BAD_REQUEST,
  "SolrCloud join: "+fromIndex+" has a local replica ("+fromReplica+
  ") on "+nodeName+", but it is "+replica.getState());

break;
  }
}
  }

  if (fromReplica == null)
throw new SolrException(SolrException.ErrorCode.BAD_REQUEST,
"SolrCloud join: No active replicas for "+fromIndex+
" found in node " + nodeName);

  return fromReplica;
}


when i run joining from movies on 8983, slice length is 2 as movies have 2
shards. "fromReplica " was assigned in second cycle,  because zkController
name is 8983 and replica name is 8984 in first cycle.

but when run on 8984, "fromReplica" was assigned in first cycle, because
zkController name isand replica name both are 8984 in first cycle, so throw
"SolrCloud join: multiple shards not yet supported" in second cycle.

Thanks for your patience, it's too long. i'm confused about why use this
way to judge "multiple shards", because the result is also wrong running on
8983 even if didnt throw exception. why dont use  slice length>1 to judge
"multiple shards" ? or maybe have other better way?

Please advise.

Thanks in advance!

Erick Erickson  于2019年8月20日周二 下午7:39写道：

> None of your images came through, the mail server aggressively strips
> attachments. You’ll have to put them somewhere and provide a link.
>
> Given that, I’m guessing without much data so this may be totally
> misguided. You mention ports 8984 and 8984. Assuming those are two
> different Solr JVMs, the fact that they’re running on the same machine is
> irrelevant; As far as SolrCloud is concerned, they are two separate
> machines. Your directors collection must be completely resident on both
> Solr instances for cross-collection join to work.
>
> Best,
> Erick
>
> > On Aug 19, 2019, at 9:39 PM, 王立生  wrote:
> >
> > Hello,
> >
> > I have a question about solrCloud joining. i knew solrCloud joining can
> do join only when index is  not splited to shards, but when i test it, i
> found a problem which make me 

Re: 8.2.0 getting warning - unable to load jetty,​ not starting JettyAdminServer

[Arnold Bronley]

Hi,

I am using 8.2.0-slim version. I wrap it in my own image by specifying some
additional settings in Dockerfile (all it does is specify a custom Solr
home, copy my config files and custom Solr plugins to container and boot in
SolrCloud mode).
All things same, if I just change version from 8.2.0-slim to 8.1.1-slim
then I do not get any such warning.

On Tue, Aug 20, 2019 at 5:01 AM Furkan KAMACI 
wrote:

> Hi Arnold,
>
> Such errors may arise due to file permission issues. I can run latest
> version without of Solr via docker image without any errors. Could you
> write which steps do you follow to run Solr docker?
>
> Kind Regards,
> Furkan KAMACI
>
> On Tue, Aug 20, 2019 at 1:25 AM Arnold Bronley 
> wrote:
>
> > Hi,
> >
> > I am getting following warning in Solr admin UI logs. I did not get this
> > warning in Solr 8.1.1
> > Please note that I am using Solr docker slim image from here -
> > https://hub.docker.com/_/solr/
> >
> > Unable to load jetty,​ not starting JettyAdminServer
> >
>

sorl 8.1.1 all of sudden requiring https

[Russell Bahr]

Hi All,
I have a solr 8.1.1 cloud that I set up and have been testing to replace
our solr 4.10.4 cloud implementation.

I have been testing on the solr 8.1.1 cloud for a couple of weeks now and
needed to shut down temporarily and then restart the cluster.  When I did
this the members would not come back from recovering.  As I trouble shot
further I noticed the follwoing error messages
"null:org.apache.solr.common.SolrException:
Error trying to proxy request for url:
https://p-solr-e-be-d-20.c.domain.internal:8983/solr/content/select/"; . I
have not enabled security on this as it is behind a firewall and not
exposed to the outside.

solr 8.1.1
lucene 8.1.1
OpenJDK 12
Debian 9.8

6 shards, 5 replica each shard

here is a snip from the solr cloud graph.  as you can see some are listing
https now and some still show http as it was before the restart.

shard1
https://p-solr-e-be-d-20.c.domain.internal (N)
http://p-solr-e-be-d-16.c.domain.internal (N)
https://p-solr-e-be-d-17.c.domain.internal (N)
https://p-solr-e-be-d-28.c.domain.internal (N)
https://p-solr-e-be-d-23.c.domain.internal (N)

What would cause them to all of the sudden require https, and how do I
disable that and return to http?

Thank you,

Russ Bahr

Re: question about solrCloud joining

[Mikhail Khludnev]

Hello, Lisheng.
I barely follow, but couldn't the space symbol in "title:Get Out"
cause the problem
?
Check debugQuery and nested query in local param.


On Tue, Aug 20, 2019 at 6:35 PM Lisheng Wang 
wrote:

> Hi Erick
>
> Thanks for your quick response and remaining me about attachment issue.
>
> Yes, i run on 2 different jvms that not related to if they are on same
> machine or not.
>
> let me describe my scenario, i have two collection:
>
> i start 2 nodes on my laptop on 2 different JVM, ports are 8983 and 8984.
>
> 1. movieDirectors: 1 shard, 2 replica, master is on 8984, slave is on 8983
> 2. movies: 2 shard, 1 replica/shardshard1 is on 8983, shard2 is on
> 8984.
>
> collection movieDirectors has 2 docs:
> {
> "id":"1", "title":"Dunkirk", "director_id":"1", "_version_":
> 1642343781358370816
> }, { "id":"2", "title":"Get Out", "director_id":"2", "_version_":
> 1642343828930166784
> }
> collection movies has 2 docs too:
> { "id":"1", "title":"Dunkirk", "director_id":"1", "_version_":
> 1642343781358370816
> }, { "id":"2", "title":"Get Out", "director_id":"2", "_version_":
> 1642343828930166784
> }
> everything is ok when i run query with "{!join from=id
> fromIndex=movieDirectors to=director_id}has_oscar:true" on both 8983 and
> 8984, i can got expected result:
> { "responseHeader":{ "zkConnected":true, "status":0, "QTime":79, "params":{
> "q":"*:*", "fq":"{!join from=id fromIndex=movieDirectors
> to=director_id}has_oscar:true", "_":"1566313944099"}},
> "response":{"numFound
> ":2,"start":0,"maxScore":1.0,"docs":[ { "id":"1", "title":"Dunkirk", "
> director_id":"1", "_version_":1642343781358370816}, { "id":"2",
> "title":"Get
> Out", "director_id":"2", "_version_":1642343828930166784}] }}
> but when i run "{!join from=director_id fromIndex=movies
> to=id}title:"Dunkirk"" on 8983 got 1 doc,
>  if i filter by "title:Get Out", i got nothing.  i understood "Get Out" is
> not exist in 8983.
> { "responseHeader":{ "zkConnected":true, "status":0, "QTime":3, "params":{
> "
> q":"*:*", "fq":"{!join from=director_id fromIndex=movies
> to=id}title:\"Dunkirk\"", "_":"1566261450613"}}, "response":{"numFound":1,"
> start":0,"docs":[ { "id":"1", "name":"Christopher Nolan", "has_oscar":true,
> "_version_":1642343436642156544}] }}
>
> but question is coming, when i run "{!join from=director_id
> fromIndex=movies to=id}title:"Dunkirk"" on 8984, i got "SolrCloud join:
> multiple shards not yet supported movies"
> no matter what filter value is.
>
> i found following code:
>
> private static String findLocalReplicaForFromIndex(ZkController
> zkController, String fromIndex) {
>   String fromReplica = null;
>
>   String nodeName = zkController.getNodeName();
>   for (Slice slice :
>
> zkController.getClusterState().getCollection(fromIndex).getActiveSlicesArr())
> {
> if (fromReplica != null)
>   throw new SolrException(SolrException.ErrorCode.BAD_REQUEST,
>   "SolrCloud join: multiple shards not yet supported " +
> fromIndex);
> for (Replica replica : slice.getReplicas()) {
>   if (replica.getNodeName().equals(nodeName)) {
> fromReplica = replica.getStr(ZkStateReader.CORE_NAME_PROP);
> // found local replica, but is it Active?
> if (replica.getState() != Replica.State.ACTIVE)
>   throw new SolrException(SolrException.ErrorCode.BAD_REQUEST,
>   "SolrCloud join: "+fromIndex+" has a local replica
> ("+fromReplica+
>   ") on "+nodeName+", but it is "+replica.getState());
>
> break;
>   }
> }
>   }
>
>   if (fromReplica == null)
> throw new SolrException(SolrException.ErrorCode.BAD_REQUEST,
> "SolrCloud join: No active replicas for "+fromIndex+
> " found in node " + nodeName);
>
>   return fromReplica;
> }
>
>
> when i run joining from movies on 8983, slice length is 2 as movies have 2
> shards. "fromReplica " was assigned in second cycle,  because zkController
> name is 8983 and replica name is 8984 in first cycle.
>
> but when run on 8984, "fromReplica" was assigned in first cycle, because
> zkController name isand replica name both are 8984 in first cycle, so throw
> "SolrCloud join: multiple shards not yet supported" in second cycle.
>
> Thanks for your patience, it's too long. i'm confused about why use this
> way to judge "multiple shards", because the result is also wrong running on
> 8983 even if didnt throw exception. why dont use  slice length>1 to judge
> "multiple shards" ? or maybe have other better way?
>
> Please advise.
>
> Thanks in advance!
>
> Erick Erickson  于2019年8月20日周二 下午7:39写道：
>
> > None of your images came through, the mail server aggressively strips
> > attachments. You’ll have to put them somewhere and provide a link.
> >
> > Given that, I’m guessing without much data so this may be totally
> > misguided. You mention ports 8984 and 8984. Assuming those are two
> > different Solr JVMs, the fact that they’re running on the same machine is
> > irrelevant; As far as SolrCloud is

Re: sorl 8.1.1 all of sudden requiring https

[Jörn Franke]

You should definitely enable HTTPs even if it is not exposed to the Internet. 
Even within your own company network it is a good security practice to enable 
HTTPs.
About your error. This is due to a setting in Zookeeper:
https://lucene.apache.org/solr/guide/6_6/enabling-ssl.html#EnablingSSL-ConfigureZooKeeper

I do not recommend to do any setting for SolrCloud directly in Zookeeper, but 
use the corresponding Solr REST interfaces, e.g. for urlScheme in 
clusterprops.json
https://lucene.apache.org/solr/guide/8_1/collections-api.html#clusterprop-parameters

> Am 20.08.2019 um 21:46 schrieb Russell Bahr :
> 
> Hi All,
> I have a solr 8.1.1 cloud that I set up and have been testing to replace
> our solr 4.10.4 cloud implementation.
> 
> I have been testing on the solr 8.1.1 cloud for a couple of weeks now and
> needed to shut down temporarily and then restart the cluster.  When I did
> this the members would not come back from recovering.  As I trouble shot
> further I noticed the follwoing error messages
> "null:org.apache.solr.common.SolrException:
> Error trying to proxy request for url:
> https://p-solr-e-be-d-20.c.domain.internal:8983/solr/content/select/"; . I
> have not enabled security on this as it is behind a firewall and not
> exposed to the outside.
> 
> solr 8.1.1
> lucene 8.1.1
> OpenJDK 12
> Debian 9.8
> 
> 6 shards, 5 replica each shard
> 
> here is a snip from the solr cloud graph.  as you can see some are listing
> https now and some still show http as it was before the restart.
> 
> shard1
> https://p-solr-e-be-d-20.c.domain.internal (N)
> http://p-solr-e-be-d-16.c.domain.internal (N)
> https://p-solr-e-be-d-17.c.domain.internal (N)
> https://p-solr-e-be-d-28.c.domain.internal (N)
> https://p-solr-e-be-d-23.c.domain.internal (N)
> 
> What would cause them to all of the sudden require https, and how do I
> disable that and return to http?
> 
> Thank you,
> 
> Russ Bahr

Re: sorl 8.1.1 all of sudden requiring https

[Russell Bahr]

I am a very new to both solr and zookeeper.  I have inherited the existing
clusters from my predecessor without any training or explanation before he
left.  I have modeled the new zookeepers and solr cloud off of the basic
configuration that was in place in the existing cluster and zookeepers.

I loaded my collection into zookeeper, but did not set any security in
zookeeper.  is this possibly a bug in zookeeper then?  how would I change
it back to http for the time being to complete my other testing?  If I do
enable HTTPs will I have to rebuild anyway?

*Manzama*
a MODERN GOVERNANCE company

Russell Bahr
Lead Infrastructure Engineer

USA & CAN Office: +1 (541) 306 3271
USA & CAN Support: +1 (541) 706 9393
UK Office & Support: +44 (0)203 282 1633
AUS Office & Support: +61 (0) 2 8417 2339

543 NW York Drive, Suite 100, Bend, OR 97703

LinkedIn  | Twitter
 | Facebook
 | YouTube



On Tue, Aug 20, 2019 at 1:49 PM Jörn Franke  wrote:

> You should definitely enable HTTPs even if it is not exposed to the
> Internet. Even within your own company network it is a good security
> practice to enable HTTPs.
> About your error. This is due to a setting in Zookeeper:
>
> https://lucene.apache.org/solr/guide/6_6/enabling-ssl.html#EnablingSSL-ConfigureZooKeeper
>
> I do not recommend to do any setting for SolrCloud directly in Zookeeper,
> but use the corresponding Solr REST interfaces, e.g. for urlScheme in
> clusterprops.json
>
> https://lucene.apache.org/solr/guide/8_1/collections-api.html#clusterprop-parameters
>
> > Am 20.08.2019 um 21:46 schrieb Russell Bahr :
> >
> > Hi All,
> > I have a solr 8.1.1 cloud that I set up and have been testing to replace
> > our solr 4.10.4 cloud implementation.
> >
> > I have been testing on the solr 8.1.1 cloud for a couple of weeks now and
> > needed to shut down temporarily and then restart the cluster.  When I did
> > this the members would not come back from recovering.  As I trouble shot
> > further I noticed the follwoing error messages
> > "null:org.apache.solr.common.SolrException:
> > Error trying to proxy request for url:
> > https://p-solr-e-be-d-20.c.domain.internal:8983/solr/content/select/"; .
> I
> > have not enabled security on this as it is behind a firewall and not
> > exposed to the outside.
> >
> > solr 8.1.1
> > lucene 8.1.1
> > OpenJDK 12
> > Debian 9.8
> >
> > 6 shards, 5 replica each shard
> >
> > here is a snip from the solr cloud graph.  as you can see some are
> listing
> > https now and some still show http as it was before the restart.
> >
> > shard1
> > https://p-solr-e-be-d-20.c.domain.internal (N)
> > http://p-solr-e-be-d-16.c.domain.internal (N)
> > https://p-solr-e-be-d-17.c.domain.internal (N)
> > https://p-solr-e-be-d-28.c.domain.internal (N)
> > https://p-solr-e-be-d-23.c.domain.internal (N)
> >
> > What would cause them to all of the sudden require https, and how do I
> > disable that and return to http?
> >
> > Thank you,
> >
> > Russ Bahr
>

Re: sorl 8.1.1 all of sudden requiring https

[Russell Bahr]

I was able to change this setting in Zookeeper, and also using the Solr
REST interface. But even after restarting and verifying that the urlScheme
in clusterprops.json had http and not https, each of the servers still are
trying to talk to eachother and on the Cloud Graph are still showing as
https.  I am going to try to set up security and see if things are back to
working properly after I do that.  Is there a step by step guide or video
how to on setting up ssl on solr cloud with external zookeeper?  I have
searched and not found anything for 6.6 or newer to follow.  hopefully
something specific to 8.1.  Can you recommend something?


*Manzama*a MODERN GOVERNANCE company

Russell Bahr
Lead Infrastructure Engineer

USA & CAN Office: +1 (541) 306 3271
USA & CAN Support: +1 (541) 706 9393
UK Office & Support: +44 (0)203 282 1633
AUS Office & Support: +61 (0) 2 8417 2339

543 NW York Drive, Suite 100, Bend, OR 97703

LinkedIn  | Twitter
 | Facebook
 | YouTube



On Tue, Aug 20, 2019 at 2:31 PM Russell Bahr  wrote:

> I am a very new to both solr and zookeeper.  I have inherited the existing
> clusters from my predecessor without any training or explanation before he
> left.  I have modeled the new zookeepers and solr cloud off of the basic
> configuration that was in place in the existing cluster and zookeepers.
>
> I loaded my collection into zookeeper, but did not set any security in
> zookeeper.  is this possibly a bug in zookeeper then?  how would I change
> it back to http for the time being to complete my other testing?  If I do
> enable HTTPs will I have to rebuild anyway?
>
> *Manzama*
> a MODERN GOVERNANCE company
>
> Russell Bahr
> Lead Infrastructure Engineer
>
> USA & CAN Office: +1 (541) 306 3271
> USA & CAN Support: +1 (541) 706 9393
> UK Office & Support: +44 (0)203 282 1633
> AUS Office & Support: +61 (0) 2 8417 2339
>
> 543 NW York Drive, Suite 100, Bend, OR 97703
>
> LinkedIn  | Twitter
>  | Facebook
>  | YouTube
> 
>
>
> On Tue, Aug 20, 2019 at 1:49 PM Jörn Franke  wrote:
>
>> You should definitely enable HTTPs even if it is not exposed to the
>> Internet. Even within your own company network it is a good security
>> practice to enable HTTPs.
>> About your error. This is due to a setting in Zookeeper:
>>
>> https://lucene.apache.org/solr/guide/6_6/enabling-ssl.html#EnablingSSL-ConfigureZooKeeper
>>
>> I do not recommend to do any setting for SolrCloud directly in Zookeeper,
>> but use the corresponding Solr REST interfaces, e.g. for urlScheme in
>> clusterprops.json
>>
>> https://lucene.apache.org/solr/guide/8_1/collections-api.html#clusterprop-parameters
>>
>> > Am 20.08.2019 um 21:46 schrieb Russell Bahr :
>> >
>> > Hi All,
>> > I have a solr 8.1.1 cloud that I set up and have been testing to replace
>> > our solr 4.10.4 cloud implementation.
>> >
>> > I have been testing on the solr 8.1.1 cloud for a couple of weeks now
>> and
>> > needed to shut down temporarily and then restart the cluster.  When I
>> did
>> > this the members would not come back from recovering.  As I trouble shot
>> > further I noticed the follwoing error messages
>> > "null:org.apache.solr.common.SolrException:
>> > Error trying to proxy request for url:
>> > https://p-solr-e-be-d-20.c.domain.internal:8983/solr/content/select/";
>> . I
>> > have not enabled security on this as it is behind a firewall and not
>> > exposed to the outside.
>> >
>> > solr 8.1.1
>> > lucene 8.1.1
>> > OpenJDK 12
>> > Debian 9.8
>> >
>> > 6 shards, 5 replica each shard
>> >
>> > here is a snip from the solr cloud graph.  as you can see some are
>> listing
>> > https now and some still show http as it was before the restart.
>> >
>> > shard1
>> > https://p-solr-e-be-d-20.c.domain.internal (N)
>> > http://p-solr-e-be-d-16.c.domain.internal (N)
>> > https://p-solr-e-be-d-17.c.domain.internal (N)
>> > https://p-solr-e-be-d-28.c.domain.internal (N)
>> > https://p-solr-e-be-d-23.c.domain.internal (N)
>> >
>> > What would cause them to all of the sudden require https, and how do I
>> > disable that and return to http?
>> >
>> > Thank you,
>> >
>> > Russ Bahr
>>
>

Invalid Date in Date Math String

[Ritesh Kumar (Avanade)]

Hello,

We have been using solr 6.6.3 with Sitecore 9, however currently we seem to be 
observing the below issue while rebuilding the index "Invalid Date in Date Math 
String"
We already applied the patch located at the below location but it did not fix 
the issue:
https://github.com/SitecoreSupport/Sitecore.Support.178247/releases/tag/8.2.2.0

Please let me know if anyone was able to fix this issue with any other method. 
(Note: I have updated my Sitecore support ticket as well with the same details)

5980 22:10:20 WARN  [Index=xxx _index] Crawler : AddRecursive DoItemAdd 
failed - {F8057A68-6A5A-43ED-8781-BFA36D4DF3EE}
Exception: SolrNet.Exceptions.SolrConnectionException
Message: 

400325org.apache.solr.common.SolrExceptionjava.time.format.DateTimeParseExceptionorg.apache.solr.common.SolrExceptionjava.time.format.DateTimeParseExceptionorg.apache.solr.common.SolrExceptionjava.time.format.DateTimeParseExceptionorg.apache.solr.common.SolrExceptionjava.time.format.DateTimeParseExceptionorg.apache.solr.common.SolrExceptionjava.time.format.DateTimeParseExceptionorg.apache.solr.common.SolrExceptionjava.time.format.DateTimeParseExceptionorg.apache.solr.common.SolrExceptionjava.time.format.DateTimeParseExceptionorg.apache.solr.update.processor.DistributedUpdateProcessor$DistributedUpdatesAsyncExceptionorg.apache.solr.update.processor.DistributedUpdateProcessor$DistributedUpdatesAsyncException7 Async exceptions during distributed update:
Error from server at x.x.x.x:8983/solr/_index_shard2_replica2: Bad 
Request

request: 
x.x.x.x:8983/solr/_index_shard2_replica2/update?update.distrib=TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%_index_shard1_replica3%2F&wt=javabin&version=2
Remote error message: Invalid Date in Date Math String:'20180730T164926Z'
Error from server at x.x.x.x:8983/solr/x_index_shard1_replica2: Bad 
Request

request: 
x.x.x.x:8983/solr/xxx_index_shard1_replica2/update?update.distrib=TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%2Fxxx_index_shard1_replica3%2F&wt=javabin&version=2
Remote error message: Invalid Date in Date Math String:'20170901T183400Z'
Error from server at x.x.x.x:8983/solr/xxx_index_shard2_replica2: Bad 
Request

request: 
x.x.x.x:8983/solr/xxx_index_shard2_replica2/update?update.distrib=TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%2Fxxx_index_shard1_replica3%2F&wt=javabin&version=2
Remote error message: Invalid Date in Date Math String:'20171026T181027Z'
Error from server at x.x.x.x:8983/solr/xxx_index_shard2_replica2: Bad 
Request

request: 
x.x.x.x:8983/solr/xxx_index_shard2_replica2/update?update.distrib=TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%2Fxxx_index_shard1_replica3%2F&wt=javabin&version=2
Remote error message: Invalid Date in Date Math String:'20171028T07Z'
Error from server at x.x.x.x:8983/solr/xxx_index_shard1_replica2: Bad 
Request

request: 
x.x.x.x:8983/solr/xxx_index_shard1_replica2/update?update.distrib=TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%2Fxxx_index_shard1_replica3%2F&wt=javabin&version=2
Remote error message: Invalid Date in Date Math String:'20171004T07Z'
Error from server at x.x.x.x:8983/solr/xxx_index_shard2_replica2: Bad 
Request

request: 
x.x.x.x:8983/solr/xxx_index_shard2_replica2/update?update.distrib=TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%2Fxxx_index_shard1_replica3%2F&wt=javabin&version=2
Remote error message: Invalid Date in Date Math String:'20170314T00Z'
Error from server at x.x.x.x:8983/solr/xxx_index_shard1_replica2: Bad 
Request

request: 
x.x.x.x:8983/solr/xxx_index_shard1_replica2/update?update.distrib=TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%2Fxxx_index_shard1_replica3%2F&wt=javabin&version=2
Remote error message: Invalid Date in Date Math 
String:'20170626T00Z'400


Source: SolrNet
   at SolrNet.Impl.SolrConnection.PostStream(String relativeUrl, String 
contentType, Stream content, IEnumerable`1 parameters)
   at SolrNet.Impl.SolrConnection.Post(String relativeUrl, String s)
   at SolrNet.Impl.SolrBasicServer`1.SendAndParseHeader(ISolrCommand cmd)
   at 
Sitecore.ContentSearch.SolrProvider.SolrBatchUpdateContext.AddRange(IEnumerable`1
 group, Int32 groupSize)
  at 
Sitecore.ContentSearch.SolrProvider.SolrBatchUpdateContext.AddDocument(Object 
itemToAdd, IExecutionContext[] executionContexts)
   at 
Sitecore.ContentSearch.SolrProvider.SolrIndexOperations.ApplyPermissionsThenIndex(IProviderUpdateContext
 context, IIndexable version)
   at Sitecore.ContentSearch.SitecoreItemCrawler.DoAdd(IProviderUpdateContext 
context, SitecoreIndexableItem indexable)
   at Sitecore.ContentSearch.HierarchicalDataCrawler`1.CrawlItem(T indexable, 
IProviderUpdateContext context, CrawlState`1 state)

Nested Exception

Exception: System.Net.WebException
Message: The remote server return

Re: Invalid Date in Date Math String

[Erick Erickson]

You probably need to talk to the SiteCore people. The Apache project doesn’t 
have much insight into Sitecore, nor does it maintain the .net version of a 
Solr client…

Best,
Erick

> On Aug 20, 2019, at 7:16 PM, Ritesh Kumar (Avanade) 
>  wrote:
> 
> Hello,
> 
> We have been using solr 6.6.3 with Sitecore 9, however currently we seem to 
> be observing the below issue while rebuilding the index "Invalid Date in Date 
> Math String"
> We already applied the patch located at the below location but it did not fix 
> the issue:
> https://github.com/SitecoreSupport/Sitecore.Support.178247/releases/tag/8.2.2.0
> 
> Please let me know if anyone was able to fix this issue with any other 
> method. (Note: I have updated my Sitecore support ticket as well with the 
> same details)
> 
> 5980 22:10:20 WARN  [Index=xxx _index] Crawler : AddRecursive DoItemAdd 
> failed - {F8057A68-6A5A-43ED-8781-BFA36D4DF3EE}
> Exception: SolrNet.Exceptions.SolrConnectionException
> Message: 
> 
> 400 name="QTime">325 name="error-class">org.apache.solr.common.SolrException name="root-error-class">java.time.format.DateTimeParseException name="error-class">org.apache.solr.common.SolrException name="root-error-class">java.time.format.DateTimeParseException name="error-class">org.apache.solr.common.SolrException name="root-error-class">java.time.format.DateTimeParseException name="error-class">org.apache.solr.common.SolrException name="root-error-class">java.time.format.DateTimeParseException name="error-class">org.apache.solr.common.SolrException name="root-error-class">java.time.format.DateTimeParseException name="error-class">org.apache.solr.common.SolrException name="root-error-class">java.time.format.DateTimeParseException name="error-class">org.apache.solr.common.SolrException name="root-error-class">java.time.format.DateTimeParseException name="error-class">org.apache.solr.update.processor.DistributedUpdateProcessor$DistributedUpdatesAsyncException  
> name="root-error-class">org.apache.solr.update.processor.DistributedUpdateProcessor$DistributedUpdatesAsyncException  name="msg">7 Async exceptions during distributed update:
> Error from server at x.x.x.x:8983/solr/_index_shard2_replica2: Bad 
> Request
> 
> request: 
> x.x.x.x:8983/solr/_index_shard2_replica2/update?update.distrib=TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%_index_shard1_replica3%2F&wt=javabin&version=2
> Remote error message: Invalid Date in Date Math String:'20180730T164926Z'
> Error from server at x.x.x.x:8983/solr/x_index_shard1_replica2: Bad 
> Request
> 
> request: 
> x.x.x.x:8983/solr/xxx_index_shard1_replica2/update?update.distrib=TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%2Fxxx_index_shard1_replica3%2F&wt=javabin&version=2
> Remote error message: Invalid Date in Date Math String:'20170901T183400Z'
> Error from server at x.x.x.x:8983/solr/xxx_index_shard2_replica2: Bad 
> Request
> 
> request: 
> x.x.x.x:8983/solr/xxx_index_shard2_replica2/update?update.distrib=TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%2Fxxx_index_shard1_replica3%2F&wt=javabin&version=2
> Remote error message: Invalid Date in Date Math String:'20171026T181027Z'
> Error from server at x.x.x.x:8983/solr/xxx_index_shard2_replica2: Bad 
> Request
> 
> request: 
> x.x.x.x:8983/solr/xxx_index_shard2_replica2/update?update.distrib=TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%2Fxxx_index_shard1_replica3%2F&wt=javabin&version=2
> Remote error message: Invalid Date in Date Math String:'20171028T07Z'
> Error from server at x.x.x.x:8983/solr/xxx_index_shard1_replica2: Bad 
> Request
> 
> request: 
> x.x.x.x:8983/solr/xxx_index_shard1_replica2/update?update.distrib=TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%2Fxxx_index_shard1_replica3%2F&wt=javabin&version=2
> Remote error message: Invalid Date in Date Math String:'20171004T07Z'
> Error from server at x.x.x.x:8983/solr/xxx_index_shard2_replica2: Bad 
> Request
> 
> request: 
> x.x.x.x:8983/solr/xxx_index_shard2_replica2/update?update.distrib=TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%2Fxxx_index_shard1_replica3%2F&wt=javabin&version=2
> Remote error message: Invalid Date in Date Math String:'20170314T00Z'
> Error from server at x.x.x.x:8983/solr/xxx_index_shard1_replica2: Bad 
> Request
> 
> request: 
> x.x.x.x:8983/solr/xxx_index_shard1_replica2/update?update.distrib=TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%2Fxxx_index_shard1_replica3%2F&wt=javabin&version=2
> Remote error message: Invalid Date in Date Math 
> String:'20170626T00Z'400
> 
> 
> Source: SolrNet
>   at SolrNet.Impl.SolrConnection.PostStream(String relativeUrl, String 
> contentType, Stream content, IEnumerable`1 parameters)
>   at SolrNet.Impl.SolrConnection.Post(String relativeUrl, String s)
>   at SolrNet.Impl.SolrBasi

Re: Problems with restricting access to users using Basic auth

[Jason Gerlowski]

Hi Salmaan,

Solr's RuleBasedAuthorizationPlugin allows requests through if none of
the specified permissions apply.  I think that's what you're running
into in your example above.  If you want to lockdown a particular API
(or set of APIs) then you need to explicitly add a permission that
restricts those APIs to a particular role.

One way to get the behavior that it sounds like you're looking for
would be to add a catch-all permission at the bottom of your
permissions list that restricts all other APIs to "admin".  This would
look a bit like:

 "permissions":[
{
"name":"security-edit",
"role":"admin"
},
{
"collection": ["Collection1", "Collection2"],
"name": ["update", "read"],
"role": "dev"
},
{
"name": "all",
"role": "admin"
}
]

Hope that helps get you started.

Best,

Jason

On Tue, Aug 20, 2019 at 3:19 AM Salmaan Rashid Syed
 wrote:
>
> Hi Solr Users,
>
> I want to create a user that has restricted access to Solr. I did the
> follwowing:-
>
>
>1. {
>2. "authentication":{
>3."blockUnknown": true,
>4."class":"solr.BasicAuthPlugin",
>5."credentials":{
>6. "solr-admin":
>"2IUJD9dxRhxSXaJGdMP5z8ggSn4I285Ty9GCWeRNMUg=
> /sSNJJufPtj4baRizoJshJawFsWvopvZSqZpQ/Nwd78="
>,
>7. "solr-user":
>"p+XwOh15p/rvFltv2LXP1CwtbvwBgGlC9qcDKxV73B4=
> DcNsjfA6Wf16V1XKT+YraosSFQ5Cr3eRUX6BQnx9XKA="
>
>8.  }
>9. },
>10. "authorization":{
>11."class":"solr.RuleBasedAuthorizationPlugin",
>12."user-role":{"solr-admin":"admin", "solr-user":"dev"},
>13."permissions":[
>14.   {
>15."name":"security-edit",
>16."role":"admin"
>17.   },
>18.   {
>19. "collection": ["Collection1", "Collection2"],
>20. "name": ["update", "read"],
>21. "role": "dev"
>22.   }
>23.   ]
>24. }}
>
>
> But when Login intot the Solr admin dash-board using Solr-user credentials,
> I can read, select, write, update, delete collections and do all sorts of
> things like a solr-admin can do.
>
> I want solr-user to be able to access only *Collection1* and *Collection2*
> and be able to only *update *and *read*. He should not be able to access
> other collections and do anything apart from the above mentioned role.
>
> Where am I exactly going wrong?
>
> Thanks and Regards,
> Salmaan

RE: Invalid Date in Date Math String

[Ritesh Kumar (Avanade)]

Thanks Eric for the response!

Regards
Ritesh


-Original Message-
From: Erick Erickson  
Sent: Tuesday, August 20, 2019 4:34 PM
To: solr-user@lucene.apache.org
Subject: Re: Invalid Date in Date Math String

You probably need to talk to the SiteCore people. The Apache project doesn’t 
have much insight into Sitecore, nor does it maintain the .net version of a 
Solr client…

Best,
Erick

> On Aug 20, 2019, at 7:16 PM, Ritesh Kumar (Avanade) 
>  wrote:
> 
> Hello,
> 
> We have been using solr 6.6.3 with Sitecore 9, however currently we seem to 
> be observing the below issue while rebuilding the index "Invalid Date in Date 
> Math String"
> We already applied the patch located at the below location but it did not fix 
> the issue:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith
> ub.com%2FSitecoreSupport%2FSitecore.Support.178247%2Freleases%2Ftag%2F
> 8.2.2.0&data=02%7C01%7Cv-kurite%40microsoft.com%7Cf8ba7751ef5b413c
> c3de08d725c6da9f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63701940
> 8314524415&sdata=Y6rsPNdcpjIvgPFAGVsLYFJqW01fjkcGsxUqKloyvYc%3D&am
> p;reserved=0
> 
> Please let me know if anyone was able to fix this issue with any other 
> method. (Note: I have updated my Sitecore support ticket as well with 
> the same details)
> 
> 5980 22:10:20 WARN  [Index=xxx _index] Crawler : AddRecursive 
> DoItemAdd failed - {F8057A68-6A5A-43ED-8781-BFA36D4DF3EE}
> Exception: SolrNet.Exceptions.SolrConnectionException
> Message:name="responseHeader">400 name="QTime">325 name="error-class">org.apache.solr.common.SolrException name="root-error-class">java.time.format.DateTimeParseException name="error-class">org.apache.solr.common.SolrException name="root-error-class">java.time.format.DateTimeParseException name="error-class">org.apache.solr.common.SolrException name="root-error-class">java.time.format.DateTimeParseException name="error-class">org.apache.solr.common.SolrException name="root-error-class">java.time.format.DateTimeParseException name="error-class">org.apache.solr.common.SolrException name="root-error-class">java.time.format.DateTimeParseException name="error-class">org.apache.solr.common.SolrException name="root-error-class">java.time.format.DateTimeParseException name="error-class">org.apache.solr.common.SolrException name="root-error-class">java.time.format.DateTimeParseException name="error-class">org.apache.solr.update.processor.DistributedUpdateProcessor$DistributedUpdatesAsyncException  
> name="root-error-class">org.apache.solr.update.processor.DistributedUpdateProcessor$DistributedUpdatesAsyncException  name="msg">7 Async exceptions during distributed update:
> Error from server at x.x.x.x:8983/solr/_index_shard2_replica2: 
> Bad Request
> 
> request: 
> x.x.x.x:8983/solr/_index_shard2_replica2/update?update.distrib
> =TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%
> _index_shard1_replica3%2F&wt=javabin&version=2
> Remote error message: Invalid Date in Date Math String:'20180730T164926Z'
> Error from server at 
> x.x.x.x:8983/solr/x_index_shard1_replica2: Bad Request
> 
> request: 
> x.x.x.x:8983/solr/xxx_index_shard1_replica2/update?update.distrib=
> TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%2
> Fxxx_index_shard1_replica3%2F&wt=javabin&version=2
> Remote error message: Invalid Date in Date Math String:'20170901T183400Z'
> Error from server at x.x.x.x:8983/solr/xxx_index_shard2_replica2: 
> Bad Request
> 
> request: 
> x.x.x.x:8983/solr/xxx_index_shard2_replica2/update?update.distrib=
> TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%2
> Fxxx_index_shard1_replica3%2F&wt=javabin&version=2
> Remote error message: Invalid Date in Date Math String:'20171026T181027Z'
> Error from server at x.x.x.x:8983/solr/xxx_index_shard2_replica2: 
> Bad Request
> 
> request: 
> x.x.x.x:8983/solr/xxx_index_shard2_replica2/update?update.distrib=
> TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%2
> Fxxx_index_shard1_replica3%2F&wt=javabin&version=2
> Remote error message: Invalid Date in Date Math String:'20171028T07Z'
> Error from server at x.x.x.x:8983/solr/xxx_index_shard1_replica2: 
> Bad Request
> 
> request: 
> x.x.x.x:8983/solr/xxx_index_shard1_replica2/update?update.distrib=
> TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%2
> Fxxx_index_shard1_replica3%2F&wt=javabin&version=2
> Remote error message: Invalid Date in Date Math String:'20171004T07Z'
> Error from server at x.x.x.x:8983/solr/xxx_index_shard2_replica2: 
> Bad Request
> 
> request: 
> x.x.x.x:8983/solr/xxx_index_shard2_replica2/update?update.distrib=
> TOLEADER&distrib.from=https%3A%2F%2F40.113.227.147%3A8983%2Fsolr%2
> Fxxx_index_shard1_replica3%2F&wt=javabin&version=2
> Remote error message: Invalid Date in Date Math String:'20170314T00Z'
> Error from server at x.x.x.x:8983/solr/xxx_index_shard1_replica

Re: question about solrCloud joining

[Lisheng Wang]

Hi Mikhail

Thanks for your response,  but question is not related to "title:Get Out",
maybe i did not describe clearly.

I knew solrCloud joining is not working in index which is splited to
multiple shards.

but why i run "*{!join from=director_id fromIndex=movies
to=id}title:"Dunkirk"*" on 8984 (fromIndex=movies, movies has 2 shards)  i
got exception "SolrCloud join: multiple shards not yet supported movies"

but when run on 8983, i got result but it is incorrect without above
exception. i think should get same exception no matter run joining on 8983
or 8984.

Not sure my explanation is clear?

Please kindly let me know if you have any question.

Thanks!

Lisheng



Mikhail Khludnev  于2019年8月21日周三 上午4:41写道：

> Hello, Lisheng.
> I barely follow, but couldn't the space symbol in "title:Get Out"
> cause the problem
> ?
> Check debugQuery and nested query in local param.
>
>
> On Tue, Aug 20, 2019 at 6:35 PM Lisheng Wang 
> wrote:
>
> > Hi Erick
> >
> > Thanks for your quick response and remaining me about attachment issue.
> >
> > Yes, i run on 2 different jvms that not related to if they are on same
> > machine or not.
> >
> > let me describe my scenario, i have two collection:
> >
> > i start 2 nodes on my laptop on 2 different JVM, ports are 8983 and 8984.
> >
> > 1. movieDirectors: 1 shard, 2 replica, master is on 8984, slave is on
> 8983
> > 2. movies: 2 shard, 1 replica/shardshard1 is on 8983, shard2 is on
> > 8984.
> >
> > collection movieDirectors has 2 docs:
> > {
> > "id":"1", "title":"Dunkirk", "director_id":"1", "_version_":
> > 1642343781358370816
> > }, { "id":"2", "title":"Get Out", "director_id":"2", "_version_":
> > 1642343828930166784
> > }
> > collection movies has 2 docs too:
> > { "id":"1", "title":"Dunkirk", "director_id":"1", "_version_":
> > 1642343781358370816
> > }, { "id":"2", "title":"Get Out", "director_id":"2", "_version_":
> > 1642343828930166784
> > }
> > everything is ok when i run query with "{!join from=id
> > fromIndex=movieDirectors to=director_id}has_oscar:true" on both 8983 and
> > 8984, i can got expected result:
> > { "responseHeader":{ "zkConnected":true, "status":0, "QTime":79,
> "params":{
> > "q":"*:*", "fq":"{!join from=id fromIndex=movieDirectors
> > to=director_id}has_oscar:true", "_":"1566313944099"}},
> > "response":{"numFound
> > ":2,"start":0,"maxScore":1.0,"docs":[ { "id":"1", "title":"Dunkirk", "
> > director_id":"1", "_version_":1642343781358370816}, { "id":"2",
> > "title":"Get
> > Out", "director_id":"2", "_version_":1642343828930166784}] }}
> > but when i run "{!join from=director_id fromIndex=movies
> > to=id}title:"Dunkirk"" on 8983 got 1 doc,
> >  if i filter by "title:Get Out", i got nothing.  i understood "Get Out"
> is
> > not exist in 8983.
> > { "responseHeader":{ "zkConnected":true, "status":0, "QTime":3,
> "params":{
> > "
> > q":"*:*", "fq":"{!join from=director_id fromIndex=movies
> > to=id}title:\"Dunkirk\"", "_":"1566261450613"}},
> "response":{"numFound":1,"
> > start":0,"docs":[ { "id":"1", "name":"Christopher Nolan",
> "has_oscar":true,
> > "_version_":1642343436642156544}] }}
> >
> > but question is coming, when i run "{!join from=director_id
> > fromIndex=movies to=id}title:"Dunkirk"" on 8984, i got "SolrCloud join:
> > multiple shards not yet supported movies"
> > no matter what filter value is.
> >
> > i found following code:
> >
> > private static String findLocalReplicaForFromIndex(ZkController
> > zkController, String fromIndex) {
> >   String fromReplica = null;
> >
> >   String nodeName = zkController.getNodeName();
> >   for (Slice slice :
> >
> >
> zkController.getClusterState().getCollection(fromIndex).getActiveSlicesArr())
> > {
> > if (fromReplica != null)
> >   throw new SolrException(SolrException.ErrorCode.BAD_REQUEST,
> >   "SolrCloud join: multiple shards not yet supported " +
> > fromIndex);
> > for (Replica replica : slice.getReplicas()) {
> >   if (replica.getNodeName().equals(nodeName)) {
> > fromReplica = replica.getStr(ZkStateReader.CORE_NAME_PROP);
> > // found local replica, but is it Active?
> > if (replica.getState() != Replica.State.ACTIVE)
> >   throw new SolrException(SolrException.ErrorCode.BAD_REQUEST,
> >   "SolrCloud join: "+fromIndex+" has a local replica
> > ("+fromReplica+
> >   ") on "+nodeName+", but it is "+replica.getState());
> >
> > break;
> >   }
> > }
> >   }
> >
> >   if (fromReplica == null)
> > throw new SolrException(SolrException.ErrorCode.BAD_REQUEST,
> > "SolrCloud join: No active replicas for "+fromIndex+
> > " found in node " + nodeName);
> >
> >   return fromReplica;
> > }
> >
> >
> > when i run joining from movies on 8983, slice length is 2 as movies have
> 2
> > shards. "fromReplica " was assigned in second cycle,  because
> zkController
> > name is 8983 and replica name is 8984 in first cycle.
> >
> > but when run on 8984, "fromReplica" was assigned

Re: sorl 8.1.1 all of sudden requiring https

[Jörn Franke]

This is strange that it does not work. Have you checked the logs if there is a 
different error message?
Here is the guide:
https://lucene.apache.org/solr/guide/6_6/enabling-ssl.html

Please do not use self signed certificates, but certificates signed by the CA 
of your company.

> Am 21.08.2019 um 01:00 schrieb Russell Bahr :
> 
> I was able to change this setting in Zookeeper, and also using the Solr
> REST interface. But even after restarting and verifying that the urlScheme
> in clusterprops.json had http and not https, each of the servers still are
> trying to talk to eachother and on the Cloud Graph are still showing as
> https.  I am going to try to set up security and see if things are back to
> working properly after I do that.  Is there a step by step guide or video
> how to on setting up ssl on solr cloud with external zookeeper?  I have
> searched and not found anything for 6.6 or newer to follow.  hopefully
> something specific to 8.1.  Can you recommend something?
> 
> 
> *Manzama*a MODERN GOVERNANCE company
> 
> Russell Bahr
> Lead Infrastructure Engineer
> 
> USA & CAN Office: +1 (541) 306 3271
> USA & CAN Support: +1 (541) 706 9393
> UK Office & Support: +44 (0)203 282 1633
> AUS Office & Support: +61 (0) 2 8417 2339
> 
> 543 NW York Drive, Suite 100, Bend, OR 97703
> 
> LinkedIn  | Twitter
>  | Facebook
>  | YouTube
> 
> 
> 
>> On Tue, Aug 20, 2019 at 2:31 PM Russell Bahr  wrote:
>> 
>> I am a very new to both solr and zookeeper.  I have inherited the existing
>> clusters from my predecessor without any training or explanation before he
>> left.  I have modeled the new zookeepers and solr cloud off of the basic
>> configuration that was in place in the existing cluster and zookeepers.
>> 
>> I loaded my collection into zookeeper, but did not set any security in
>> zookeeper.  is this possibly a bug in zookeeper then?  how would I change
>> it back to http for the time being to complete my other testing?  If I do
>> enable HTTPs will I have to rebuild anyway?
>> 
>> *Manzama*
>> a MODERN GOVERNANCE company
>> 
>> Russell Bahr
>> Lead Infrastructure Engineer
>> 
>> USA & CAN Office: +1 (541) 306 3271
>> USA & CAN Support: +1 (541) 706 9393
>> UK Office & Support: +44 (0)203 282 1633
>> AUS Office & Support: +61 (0) 2 8417 2339
>> 
>> 543 NW York Drive, Suite 100, Bend, OR 97703
>> 
>> LinkedIn  | Twitter
>>  | Facebook
>>  | YouTube
>> 
>> 
>> 
>>> On Tue, Aug 20, 2019 at 1:49 PM Jörn Franke  wrote:
>>> 
>>> You should definitely enable HTTPs even if it is not exposed to the
>>> Internet. Even within your own company network it is a good security
>>> practice to enable HTTPs.
>>> About your error. This is due to a setting in Zookeeper:
>>> 
>>> https://lucene.apache.org/solr/guide/6_6/enabling-ssl.html#EnablingSSL-ConfigureZooKeeper
>>> 
>>> I do not recommend to do any setting for SolrCloud directly in Zookeeper,
>>> but use the corresponding Solr REST interfaces, e.g. for urlScheme in
>>> clusterprops.json
>>> 
>>> https://lucene.apache.org/solr/guide/8_1/collections-api.html#clusterprop-parameters
>>> 
 Am 20.08.2019 um 21:46 schrieb Russell Bahr :
 
 Hi All,
 I have a solr 8.1.1 cloud that I set up and have been testing to replace
 our solr 4.10.4 cloud implementation.
 
 I have been testing on the solr 8.1.1 cloud for a couple of weeks now
>>> and
 needed to shut down temporarily and then restart the cluster.  When I
>>> did
 this the members would not come back from recovering.  As I trouble shot
 further I noticed the follwoing error messages
 "null:org.apache.solr.common.SolrException:
 Error trying to proxy request for url:
 https://p-solr-e-be-d-20.c.domain.internal:8983/solr/content/select/";
>>> . I
 have not enabled security on this as it is behind a firewall and not
 exposed to the outside.
 
 solr 8.1.1
 lucene 8.1.1
 OpenJDK 12
 Debian 9.8
 
 6 shards, 5 replica each shard
 
 here is a snip from the solr cloud graph.  as you can see some are
>>> listing
 https now and some still show http as it was before the restart.
 
 shard1
 https://p-solr-e-be-d-20.c.domain.internal (N)
 http://p-solr-e-be-d-16.c.domain.internal (N)
 https://p-solr-e-be-d-17.c.domain.internal (N)
 https://p-solr-e-be-d-28.c.domain.internal (N)
 https://p-solr-e-be-d-23.c.domain.internal (N)
 
 What would cause them to all of the sudden require https, and how do I
 disable that and return to http?
 
 Thank you,
 
 Russ Bahr
>>> 
>>