Thanks for your answers. I was also able to work around it using cURL, but we should obviously fix bin/post to be as smart as bin/solr in parsing env.variables related to SSL and auth.
-- Jan Høydahl, search solution architect Cominvent AS - www.cominvent.com > 7. feb. 2017 kl. 01.23 skrev Kevin Risden <compuwizard...@gmail.com>: > > I expect that the commands work the same or very close from 5.5.x through > 6.4.x. There have been some cleaning up of the bin/solr and bin/post > commands but not many security changes. If you find differently then please > let us know. > > Kevin Risden > > On Feb 5, 2017 21:02, "alias" <524839...@qq.com> wrote: > >> You mean this can only be used in this version 5.5.x? Other versions >> invalid? >> >> >> >> >> ------------------ 原始邮件 ------------------ >> 发件人: "Kevin Risden";<compuwizard...@gmail.com>; >> 发送时间: 2017年2月6日(星期一) 上午9:44 >> 收件人: "solr-user"<solr-user@lucene.apache.org>; >> >> 主题: Re: bin/post and self-signed SSL >> >> >> >> Originally formatted as MarkDown. This was tested against Solr 5.5.x >> packaged as Lucidworks HDP Search. It would be the same as Solr 5.5.x. >> >> # Using Solr >> * >> https://cwiki.apache.org/confluence/display/solr/Solr+ >> Start+Script+Reference >> * https://cwiki.apache.org/confluence/display/solr/Running+Solr >> * https://cwiki.apache.org/confluence/display/solr/Collections+API >> >> ## Create collection (w/o Kerberos) >> ```bash >> /opt/lucidworks-hdpsearch/solr/bin/solr create -c test >> ``` >> >> ## Upload configuration directory (w/ SSL and Kerberos) >> ```bash >> /opt/lucidworks-hdpsearch/solr/server/scripts/cloud-scripts/zkcli.sh >> -zkhost ZK_CONNECTION_STRING -cmd upconfig -confname basic_config -confdir >> /opt/lucidworks-hdpsearch/solr/server/solr/configsets/basic_configs/conf >> ``` >> >> ## Create Collection (w/ SSL and Kerberos) >> ```bash >> curl -k --negotiate -u : " >> https://SOLR_HOST:8983/solr/admin/collections?action= >> CREATE&name=newCollection&numShards=1&replicationFactor= >> 1&collection.configName=basic_config >> " >> ``` >> >> ## Delete collection (w/o Kerberos) >> ```bash >> /opt/lucidworks-hdpsearch/solr/bin/solr delete -c test >> ``` >> >> ## Delete Collection (w/ SSL and Kerberos) >> ```bash >> curl -k --negotiate -u : " >> https://SOLR_HOST:8983/solr/admin/collections?action= >> DELETE&name=newCollection >> " >> ``` >> >> ## Adding some test docs (w/o SSL) >> ```bash >> /opt/lucidworks-hdpsearch/solr/bin/post -c test >> /opt/lucidworks-hdpsearch/solr/example/exampledocs/*.xml >> ``` >> >> ## Adding documents (w/ SSL and Kerberos) >> ```bash >> curl -k --negotiate -u : " >> https://SOLR_HOST:8983/solr/newCollection/update?commit=true"; -H >> "Content-Type: application/json" --data-binary >> @/opt/lucidworks-hdpsearch/solr/example/exampledocs/books.json >> ``` >> >> ## List Collections (w/ SSL and Kerberos) >> ```bash >> curl -k --negotiate -u : " >> https://SOLR_HOST:8983/solr/admin/collections?action=LIST"; >> ``` >> >> Kevin Risden >> >> On Sun, Feb 5, 2017 at 5:55 PM, Kevin Risden <compuwizard...@gmail.com> >> wrote: >> >>> Last time I looked at this, there was no way to pass any Java properties >>> to the bin/post command. This made it impossible to even set the SSL >>> properties manually. I checked master just now and still there is no >> place >>> to enter Java properties that would make it to the Java command. >>> >>> I came up with a chart of commands previously that worked with standard >>> (no SSL or Kerberos), SSL only, and SSL with Kerberos. Only the standard >>> solr setup worked for the bin/solr and bin/post commands. Errors popped >> up >>> that I couldn't work around. I've been meaning to get back to it just >>> haven't had a chance. >>> >>> I'll try to share that info when I get back to my laptop. >>> >>> Kevin Risden >>> >>> On Feb 5, 2017 12:31, "Jan Høydahl" <jan....@cominvent.com> wrote: >>> >>>> Hi, >>>> >>>> I’m trying to post a document to Solr using bin/post after enabling SSL >>>> with self signed certificate. Result is: >>>> >>>> $ post -url https://localhost:8983/solr/sslColl *.html >>>> /usr/lib/jvm/java-8-openjdk-amd64/bin/java -classpath >>>> /opt/solr/dist/solr-core-6.4.0.jar -Dauto=yes -Durl= >>>> https://localhost:8983/solr/sslColl -Dc= -Ddata=files >>>> org.apache.solr.util.SimplePostTool lab-index.html lab-ops1.html >>>> lab-ops2.html lab-ops3.html lab-ops4.html lab-ops6.html lab-ops8.html >>>> SimplePostTool version 5.0.0 >>>> Posting files to [base] url https://localhost:8983/solr/sslColl... >>>> Entering auto mode. File endings considered are >>>> xml,json,jsonl,csv,pdf,doc,docx,ppt,pptx,xls,xlsx,odt,odp, >>>> ods,ott,otp,ots,rtf,htm,html,txt,log >>>> POSTing file lab-index.html (text/html) to [base]/extract >>>> SimplePostTool: FATAL: Connection error (is Solr running at >>>> https://localhost:8983/solr/sslColl ?): javax.net.ssl. >> SSLHandshakeException: >>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >>>> find valid certification path to requested target >>>> >>>> >>>> Do anyone know a workaround for letting bin/post accept self-signed >> cert? >>>> Have not tested it against a CA signed Solr... >>>> >>>> -- >>>> Jan Høydahl, search solution architect >>>> Cominvent AS - www.cominvent.com >>>> >>>>
