Hi, Anyone got a chance to have a look at the issue i had posted? Please throw some inputs.
-Sathish On Fri, 11 Jan 2019, 8:10 pm sathish kumar, <mailtosathish1...@gmail.com> wrote: > Hi, > > We have a two node Solr setup(version is 7.2.1) with embedded zookeeper > running in Solr Server 1. > > We have recently enabled SSL and also enabled basic authentication and > RuleBasedAuthorizationPlugin. > > As part of testing, created new user with admin role and assigned the > permissions "collection-admin-read" & “read” to this role. > > When I try to query a data for any collection name, the system is unable > to talk with shards of other server. > > I am getting the following error in both command line and Solr admin > browser. > > Can someone help me to identify what configurations I am missing? Let me > know if you need any more info. > > > > Followed this url for SSL setup: > https://lucene.apache.org/solr/guide/7_2/enabling-ssl.html > > Command used: curl --cacert solr-ssl.cacert.pem --user solr:SolrRocks > https://solr-node-1:8080/solr/<COLLECTION_NAME>/select?q=*:* > > > Error: > > { > > "error":{ > > "metadata":[ > > "error-class","org.apache.solr.common.SolrException", > > > > "root-error-class","sun.security.provider.certpath.SunCertPathBuilderException"], > > "msg":"Error trying to proxy request for url: > https://solr-node-2:8080/solr/ba_test/select";, > > "trace":"org.apache.solr.common.SolrException: Error trying to proxy > request for url: https://solr-node-2:8080/solr/ba_test/select\n\tat > org.apache.solr.servlet.HttpSolrCall.remoteQuery(HttpSolrCall.java:646)\n\tat > org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:500)\n\tat > org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:382)\n\tat > org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:326)\n\tat > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751)\n\tat > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582)\n\tat > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)\n\tat > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)\n\tat > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)\n\tat > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)\n\tat > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)\n\tat > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)\n\tat > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)\n\tat > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)\n\tat > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)\n\tat > org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)\n\tat > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)\n\tat > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335)\n\tat > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)\n\tat > org.eclipse.jetty.server.Server.handle(Server.java:534)\n\tat > org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)\n\tat > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)\n\tat > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)\n\tat > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)\n\tat > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:251)\n\tat > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)\n\tat > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)\n\tat > org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)\n\tat > org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)\n\tat > org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)\n\tat > org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)\n\tat > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)\n\tat > org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)\n\tat > java.lang.Thread.run(Thread.java:748)\nCaused by: > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target\n\tat > sun.security.ssl.Alerts.getSSLException(Alerts.java:192)\n\tat > sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)\n\tat > sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)\n\tat > sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)\n\tat > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)\n\tat > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)\n\tat > sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)\n\tat > sun.security.ssl.Handshaker.process_record(Handshaker.java:961)\n\tat > sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)\n\tat > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)\n\tat > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)\n\tat > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)\n\tat > org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)\n\tat > org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)\n\tat > org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)\n\tat > org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)\n\tat > org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)\n\tat > org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)\n\tat > org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)\n\tat > org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)\n\tat > org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)\n\tat > org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)\n\tat > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)\n\tat > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)\n\tat > org.apache.solr.servlet.HttpSolrCall.remoteQuery(HttpSolrCall.java:618)\n\t... > 33 more\nCaused by: sun.security.validator.ValidatorException: PKIX path > building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target\n\tat > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)\n\tat > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)\n\tat > sun.security.validator.Validator.validate(Validator.java:260)\n\tat > sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)\n\tat > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)\n\tat > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)\n\tat > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)\n\t... > 53 more\nCaused by: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target\n\tat > sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)\n\tat > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)\n\tat > java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)\n\tat > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)\n\t... > 59 more\n", > > "code":500}} > > > > > > Regards, > > Sathish. > > >
