We have being following this wiki to enable ZooKeeper ACL control https://cwiki.apache.org/confluence/display/solr/ZooKeeper+Access+Control#ZooKeeperAccessControl-AboutZooKeeperACLs
It works fine for Solr service itself, but when you try to use scripts/cloud-scripts/zkcli.sh to put a zNode, it throws such exception: Exception in thread "main" org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /security.json at org.apache.zookeeper.KeeperException.create(KeeperException.java:113) at org.apache.zookeeper.KeeperException.create(KeeperException.java:51) at org.apache.zookeeper.ZooKeeper.setData(ZooKeeper.java:1270) at org.apache.solr.common.cloud.SolrZkClient$8.execute(SolrZkClient.java:362) at org.apache.solr.common.cloud.SolrZkClient$8.execute(SolrZkClient.java:359) at org.apache.solr.common.cloud.ZkCmdExecutor.retryOperation(ZkCmdExecutor.java:61) at org.apache.solr.common.cloud.SolrZkClient.setData(SolrZkClient.java:359) To fix the problem, the wiki needs to be updated(however I can not put a comment in that wiki): SOLR_ZK_CREDS_AND_ACLS="*-DzkACLProvider=org.apache.solr.common.cloud.VMParamsAllAndReadonlyDigestZkACLProvider -DzkCredentialsProvider=org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider* -DzkDigestUsername=admin-user -DzkDigestPassword=admin-password -DzkDigestReadonlyUsername=readonly-user -DzkDigestReadonlyPassword=readonly-password" I think the reason is zkcli.sh is a standard JVM process and does not read settings from solr.xml, so we must explicitly provide these parameters in order to make ZK ACL work. Could someone help to notify the wiki editor to update this? Right now this wiki will lead people to a dead end with zkcli.sh to put content to ZK ensemble with ACL enabled
