php apache solr client - Solr HTTP Error 58: 'Problem with the local SSL certificate'

2017-04-21 Thread bay chae 
Hi,

Apologies if this is an inappropriate place to contact please redirect if this 
is the case.

I have successfully setup solr(6.5.0) with ssl in my dev environment and can 
get a proper response using the following curl request:

curl -E ./etc/solr-ssl.keystore.p12:secret --cacert ./etc/solr-ssl.cacert.pem 
"https://localhost:8984/solr/mycollection/select?q=*:*&wt=json&indent=on 
”

...as advised in the official solr docs: 

https://cwiki.apache.org/confluence/display/solr/Enabling+SSL#EnablingSSL-ExampleClientActions
 


I have also installed into my php environment the official php client for 
apache solr (2.4.0) using pecl to install.

I have tested the client works in non-ssl mode when solr server does not force 
ssl on the client.

The problem I am having is:

[21-Apr-2017 17:00:36 UTC] Solr HTTP Error 58: 'Problem with the local SSL 
certificate' 
#0 Controller.php(37): SolrClient->ping()

With options:

$options = array
(
'hostname' => "localhost",
'port' => 8984,
'timeout'  => 10,
'secure'   => true,
'path' => 'solr/mycollection',
'ssl_cert' => SITE_ROOT . 'apps/config/solr-ssl.crt',   
'ssl_key'  => SITE_ROOT . 'apps/config/solr-ssl.keystore.pem', 
'ssl_keypassword' => 'secret',
 'ssl_cainfo' => SITE_ROOT . 'apps/config/solr-ssl.cacert.pem'   
);

These options while advised in the docs appear to be incompatible with example 
usage of curl as advised in the case of using curl with OS X Mavericks+.

I was hoping you might able to shed some light onto the problem I am having and 
how I might be able to remedy it.

As far as I am aware I have added all certs into OS X keychain with access to 
all applications.

Any help would be gratefully received.

Baychae

Caused by: org.noggit.JSONParser$ParseException: Expected ',' or '}': char=",position=312 BEFORE='ssions"

2017-04-25 Thread bay chae 
https://stackoverflow.com/questions/43618000/solr-standalone-basicauth-org-noggit-jsonparserparseexception
 


Hi I am following guides on security.json in 
https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin
 
.

But when solr starts up I am getting:

Caused by: org.noggit.JSONParser$ParseException: Expected ',' or '}': 
char=",position=312 BEFORE='ssions":[{"name":"security-edit", "role":"admin"}] 
"' AFTER='user-role":{"solr":"admin"} }} '
at org.noggit.JSONParser.err(JSONParser.java:356)
at org.noggit.JSONParser.nextEvent(JSONParser.java:958)
at org.noggit.ObjectBuilder.getObject(ObjectBuilder.java:124)
at org.noggit.ObjectBuilder.getVal(ObjectBuilder.java:57)
at org.noggit.ObjectBuilder.getObject(ObjectBuilder.java:128)
at org.apache.solr.common.util.Utils.fromJSON(Utils.java:127)
at 
org.apache.solr.handler.admin.SecurityConfHandler$SecurityConfig.setData(SecurityConfHandler.java:311)
at 
org.apache.solr.handler.admin.SecurityConfHandlerLocal.getSecurityConfig(SecurityConfHandlerLocal.java:58)
... 46 more

Any help for a poor noob? This is for solr standalone.

==

2017-04-25 17:45:03.530 INFO  (main) [   ] o.e.j.s.Server jetty-9.3.14.v20161028
2017-04-25 17:45:03.870 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter  ___  
_   Welcome to Apache Solr™ version 6.5.0
2017-04-25 17:45:03.870 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter / __| 
___| |_ _   Starting in standalone mode on port 8984
2017-04-25 17:45:03.871 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter \__ \/ _ 
\ | '_|  Install dir: /usr/local/solr-6.5.0
2017-04-25 17:45:03.885 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter 
|___/\___/_|_|Start time: 2017-04-25T17:45:03.872Z
2017-04-25 17:45:03.885 INFO  (main) [   ] o.a.s.s.StartupLoggingUtils Property 
solr.log.muteconsole given. Muting ConsoleAppender named CONSOLE
2017-04-25 17:45:03.900 INFO  (main) [   ] o.a.s.c.SolrResourceLoader Using 
system property solr.solr.home: /usr/local/solr-6.5.0/server/solr
2017-04-25 17:45:03.908 INFO  (main) [   ] o.a.s.c.SolrXmlConfig Loading 
container configuration from /usr/local/solr-6.5.0/server/solr/solr.xml
2017-04-25 17:45:04.181 INFO  (main) [   ] o.a.s.u.UpdateShardHandler Creating 
UpdateShardHandler HTTP client with params: 
socketTimeout=60&connTimeout=6&retry=true
2017-04-25 17:45:04.193 ERROR (main) [   ] o.a.s.s.SolrDispatchFilter Could not 
start Solr. Check solr/home property and the logs
2017-04-25 17:45:04.217 ERROR (main) [   ] o.a.s.c.SolrCore 
null:org.apache.solr.common.SolrException: Failed opening existing 
security.json file: /usr/local/solr-6.5.0/server/solr/security.json

Re: Caused by: org.noggit.JSONParser$ParseException: Expected ',' or '}': char=",position=312 BEFORE='ssions"

2017-04-25 Thread bay chae 
doh

Thanks for the tip

It worked perfectly!!

> On 25 Apr 2017, at 19:28, Shawn Heisey  wrote:
> 
>

Securing solr web Client

2017-04-26 Thread bay chae 
I have secured solr using basic authentication so that php client and curl 
requests require the password. Using solr cloud as I gave up trying to setup on 
standalone.

However this does not secure the solr web client!!!

Where is the documentation to secure solr web client?

Any direction gratefully received

Newbie Zookeeper Access Control

2017-05-03 Thread bay chae 
Hi I amredacted following this guide:

https://cwiki.apache.org/confluence/display/solr/ZooKeeper+Access+Control 


My solr version is 6.5.1. My operating system is OS X macSierra.

My startup command is:

• bin/solr start -v -cloud -s ~/var/solr

in ~/var/solr I have default zoo.cfg and my solr.xml is:



  

${host:}
${jetty.port:8983}
${hostContext:solr}

${genericCoreNodeNames:true}

${zkClientTimeout:3}
${distribUpdateSoTimeout:60}
${distribUpdateConnTimeout:6}

${org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider}
${zkDigestUsername:admin-user}
${zkDigestPassword:secret}
${zkACLProvider:org.apache.solr.common.cloud.DefaultZkACLProvider}

  

  
${socketTimeout:60}
${connTimeout:6}
  


in solr.in.sh I have:
SOLR_ZK_CREDS_AND_ACLS="-DzkACLProvider=org.apache.solr.common.cloud.VMParamsAllAndReadonlyDigestZkACLProvider
 \
  
-DzkCredentialsProvider=org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider
 \
  -DzkDigestUsername=admin-user -DzkDigestPassword=secret \
  -DzkDigestReadonlyUsername=readonly-user 
-DzkDigestReadonlyPassword=CHANGEME-READONLY-PASSWORD"
But I am getting an error in the logs (please see below). Any help?
2017-05-03 13:17:20.689 INFO  (main) [   ] o.e.j.s.Server jetty-9.3.14.v20161028
2017-05-03 13:17:21.031 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter  ___  
_   Welcome to Apache Solr™ version 6.5.1
2017-05-03 13:17:21.031 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter / __| 
___| |_ _   Starting in cloud mode on port 8983
2017-05-03 13:17:21.032 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter \__ \/ _ 
\ | '_|  Install dir: /usr/local/solr-6.5.1
2017-05-03 13:17:21.044 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter 
|___/\___/_|_|Start time: 2017-05-03T13:17:21.033Z
2017-05-03 13:17:21.045 INFO  (main) [   ] o.a.s.s.StartupLoggingUtils Property 
solr.log.muteconsole given. Muting ConsoleAppender named CONSOLE
2017-05-03 13:17:21.045 INFO  (main) [   ] o.a.s.s.StartupLoggingUtils Log 
level override, property solr.log.level=DEBUG
2017-05-03 13:17:21.058 DEBUG (main) [   ] o.a.s.c.SolrResourceLoader JNDI not 
configured for solr (NoInitialContextEx)
2017-05-03 13:17:21.059 INFO  (main) [   ] o.a.s.c.SolrResourceLoader Using 
system property solr.solr.home: /Users/mredacted/var/solr
2017-05-03 13:17:21.060 DEBUG (main) [   ] o.a.s.c.SolrResourceLoader new 
SolrResourceLoader for directory: '/Users/mrsasdasdr/var/solr'
2017-05-03 13:17:21.060 DEBUG (main) [   ] o.a.s.c.SolrResourceLoader JNDI not 
configured for solr (NoInitialContextEx)
2017-05-03 13:17:21.065 INFO  (main) [   ] o.a.s.c.SolrXmlConfig Loading 
container configuration from /Users/mredacted/var/solr/solr.xml
2017-05-03 13:17:21.104 DEBUG (main) [   ] o.a.s.c.Config null missing optional 
solr/@coreLoadThreads
2017-05-03 13:17:21.105 DEBUG (main) [   ] o.a.s.c.Config null missing optional 
solr/@persistent
2017-05-03 13:17:21.106 DEBUG (main) [   ] o.a.s.c.Config null missing optional 
solr/@sharedLib
2017-05-03 13:17:21.107 DEBUG (main) [   ] o.a.s.c.Config null missing optional 
solr/@zkHost
2017-05-03 13:17:21.109 DEBUG (main) [   ] o.a.s.c.Config null missing optional 
solr/cores
2017-05-03 13:17:21.116 ERROR (main) [   ] o.a.s.s.SolrDispatchFilter Could not 
start Solr. Check solr/home property and the logs
2017-05-03 13:17:21.137 ERROR (main) [   ] o.a.s.c.SolrCore 
null:org.apache.solr.common.SolrException: No system property or default value 
specified for 
org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider
 
value:${org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider}
   at 
org.apache.solr.util.PropertiesUtil.substituteProperty(PropertiesUtil.java:65)
   at org.apache.solr.util.DOMUtil.substituteProperties(DOMUtil.java:303)
   at org.apache.solr.util.DOMUtil.substituteProperties(DOMUtil.java:311)
   at org.apache.solr.util.DOMUtil.substituteProperties(DOMUtil.java:311)
   at org.apache.solr.util.DOMUtil.substituteProperties(DOMUtil.java:311)
   at org.apache.solr.core.Config.substituteProperties(Config.java:231)
   at org.apache.solr.core.SolrXmlConfig.fromConfig(SolrXmlConfig.java:63)
   at org.apache.solr.core.SolrXmlConfig.fromInputStream(SolrXmlConfig.java:131)
   at org.apache.solr.core.SolrXmlConfig.fromFile(SolrXmlConfig.java:113)
   at org.apache.solr.core.SolrXmlConfig.fromSolrHome(SolrXmlConfig.java:141)
   at 
org.apache.solr.servlet.SolrDispatchFilter.loadNodeConfig(SolrDispatchFilter.java:267)
   at 
org.apache.solr.servlet.SolrDispatchFilter.createCoreContainer(SolrDispatchFilter.java:235)
   at 
org.apache.solr.servlet.SolrDispatchFilter.init(SolrDispatchFilter.java:169)
   at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:137)
   at 
org.eclipse.jetty.servlet.ServletHandler.initi

Tests for ZooKeeper Access Control

2017-05-03 Thread bay chae 
Can anyone provide any coherent tests at API level to test ZooKeeper Access 
Control?

Or have I missed the point on what ZooKeeper Access Control is?

In fact what is ZooKeeper Access Control and how should I see its affects?

Create core with bin/solr where BasicAuth is setup

2017-05-10 Thread bay chae 
Hi,

I have basic auth implemented in solr and can create a core with 'curl —user…’ 
and through the web interface with username and password entered.

I can create a core:

bin/solr create -c bore 

with this in solr.in.sh:

SOLR_AUTH_TYPE="basic"
SOLR_AUTHENTICATION_OPTS="-Dbasicauth=solr:SolrRocks”

But say I don’t want to store a plaintext password in solr.in.sh and would 
rather create a core on command with the following:

bin/solr create -c bore -Dbasicauth=solr:SolrRocks

Then I find i get the following error:

ERROR: Unrecognized or misplaced argument: -Dbasicauth=solr:SolrRocks!

I have tried other placements without success.

Could anyone help with this off the top of their head?