Hi Franke, I suspect its because of the certificate encryption ?? But will wait for you to confirm the same. We are trying to generate a certs with RSA 2048 and finally combining them to a single JKS and that's what we are referring as a keystore and truststore, let me know if it doesn't work or if there is a standard procedure to do this certs.
Thanks, On Wed, Jun 3, 2020 at 8:25 AM yaswanth kumar <yaswanth...@gmail.com> wrote: > thanks Franke, > > I now made the use of the default jetty-ssl.xml that comes with the solr > package, but the issue is still happening when I try to push data to a > non-leader node. > > Do you still think if its something to do with the configurations ?? > > Thanks, > > On Wed, Jun 3, 2020 at 12:29 AM Jörn Franke <jornfra...@gmail.com> wrote: > >> Why in the jetty-ssl.xml? >> >> Should this not be configured in the solr.in.sh? >> >> > Am 03.06.2020 um 00:38 schrieb yaswanth kumar <yaswanth...@gmail.com>: >> > >> > Thanks Franke, but yes for all these questions I did configured it >> > properly, I made sure to include >> > >> > <Set name="KeyStoreType"><Property name="solr.jetty.keystore.type" >> > default="JKS"/></Set> >> > <Set name="TrustStoreType"><Property name="solr.jetty.truststore.type" >> > default="JKS"/></Set> >> > in the jetty-ssl.xml along with the path keystore and truststore. >> > >> > Also I have made sure that trusstore exists on all nodes and also I am >> > using the same file for both keystore and truststore as below >> > <Set name="KeyStorePath"><Property name="solr.jetty.keystore" >> > default="./etc/solr-keystore.jks"/></Set> >> > <Set name="KeyStorePassword"><Property >> > name="solr.jetty.keystore.password" default="xxxx"/></Set> >> > <Set name="TrustStorePath"><Property name="solr.jetty.truststore" >> > default="./etc/solr-keystore.jks"/></Set> >> > <Set name="TrustStorePassword"><Property >> > name="solr.jetty.truststore.password" default="xxxx"/></Set> >> > >> > also urlScheme for ZK is set to https >> > >> > >> > Also the main error that I posted is the one that I am seeing as a >> return >> > response where as the below one is what I see from solr logs >> > >> > 2020-06-02 22:32:04.472 ERROR (qtp984876512-93) [c:default s:shard1 >> > r:core_node3 x:default_shard1_replica_n1] o.a.s.s.HttpSolrCall >> > null:org.apache.solr.update.processor.Distr$ >> > at >> > >> org.apache.solr.update.processor.DistributedZkUpdateProcessor.doDistribFinish(DistributedZkUpdateProcessor.java:1189) >> > at >> > >> org.apache.solr.update.processor.DistributedUpdateProcessor.finish(DistributedUpdateProcessor.java:1096) >> > at >> > >> org.apache.solr.update.processor.LogUpdateProcessorFactory$LogUpdateProcessor.finish(LogUpdateProcessorFactory.java:182) >> > at >> > >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80) >> > at >> > >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80) >> > at >> > >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80) >> > at >> > >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80) >> > at >> > >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80) >> > at >> > >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80) >> > at >> > >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80) >> > at >> > >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80) >> > at >> > >> org.apache.solr.handler.ContentStreamHandlerBase.handleRequestBody(ContentStreamHandlerBase.java:78) >> > at >> > >> org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:211) >> > at org.apache.solr.core.SolrCore.execute(SolrCore.java:2596) >> > at >> > org.apache.solr.servlet.HttpSolrCall.execute(HttpSolrCall.java:799) >> > at >> org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:578) >> > at >> > >> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:419) >> > at >> > >> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:351) >> > at >> > >> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1602) >> > at >> > >> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540) >> > at >> > >> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) >> > at >> > >> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) >> > at >> > >> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) >> > at >> > >> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) >> > >> > >> > One strange observation is that when I hit update api on the leader node >> > its working without any error, and now immediately if I hit non-leader >> its >> > working fine (only once or twice), but if I keep on trying to hit this >> node >> > again and again its then throwing the above error and once the error >> > started happening , its consistent again. >> > >> > Please let me know if you need more information or if I am missing >> > something else >> > >> > Thanks, >> > >> >> On Tue, Jun 2, 2020 at 4:59 PM Jörn Franke <jornfra...@gmail.com> >> wrote: >> >> >> >> Have you looked in the logfiles? >> >> >> >> Keystore Type correctly defined on all nodes? >> >> >> >> Have you configured the truststore on all nodes correctly? >> >> >> >> Have you set clusterprop urlScheme to htttps in ZK? >> >> >> >> >> >> >> https://lucene.apache.org/solr/guide/7_5/enabling-ssl.html#configure-zookeeper >> >> >> >> >> >> >> >>>> Am 02.06.2020 um 18:57 schrieb yaswanth kumar <yaswanth...@gmail.com >> >: >> >>> >> >>> team, can someone help me on the above topic? >> >>> >> >>>> On Mon, Jun 1, 2020 at 10:00 PM yaswanth kumar < >> yaswanth...@gmail.com> >> >>>> wrote: >> >>>> >> >>>> Trying to setup solr 8.4.1 + open jdk 11 on centos , enabled the ssl >> >>>> configurations with all the certs in place, but the issue what I am >> >> seeing >> >>>> is when trying to hit /update api on non-leader solr node , its >> >> throwing an >> >>>> error >> >>>> >> >>>> configured 2 solr nodes with 1 zookeeper. >> >>>> >> >>>> metadata":[ >> >>>> >> >>>> >> >> >> "error-class","org.apache.solr.update.processor.DistributedUpdateProcessor$DistributedUpdatesAsyncException", >> >>>> >> >>>> >> >> >> "root-error-class","org.apache.solr.update.processor.DistributedUpdateProcessor$DistributedUpdatesAsyncException"], >> >>>> "msg":"Async exception during distributed update: >> >>>> javax.crypto.BadPaddingException: RSA private key operation failed", >> >>>> >> >> >> "trace":"org.apache.solr.update.processor.DistributedUpdateProcessor$DistributedUpdatesAsyncException: >> >>>> Async exception during distributed update: >> >>>> javax.crypto.BadPaddingException: RSA private key operation >> failed\n\tat >> >>>> >> >> >> org.apache.solr.update.processor.DistributedZkUpdateProcessor.doDistribFinish(DistributedZkUpdateProcessor.java:1189)\n\tat >> >>>> >> >> >> org.apache.solr.update.processor.DistributedUpdateProcessor.finish(DistributedUpdateProcessor.java:1096)\n\tat >> >>>> >> >> >> org.apache.solr.update.processor.LogUpdateProcessorFactory$LogUpdateProcessor.finish(LogUpdateProcessorFactory.java:182)\n\tat >> >>>> >> >> >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80)\n\tat >> >>>> >> org.apache.solr.update.processor.UpdateRequestProcessor.finish........ >> >>>> >> >>>> Strangely this is happening when we try to hit a non-leader node, >> >> hitting >> >>>> leader node its working fine without any issue and getting the data >> >> indexed. >> >>>> >> >>>> Not able to track down where the exact issue is happening. >> >>>> >> >>>> Thanks, >> >>>> >> >>>> -- >> >>>> Thanks & Regards, >> >>>> Yaswanth Kumar Konathala. >> >>>> yaswanth...@gmail.com >> >>>> >> >>> >> >>> >> >>> -- >> >>> Thanks & Regards, >> >>> Yaswanth Kumar Konathala. >> >>> yaswanth...@gmail.com >> >> >> > >> > >> > -- >> > Thanks & Regards, >> > Yaswanth Kumar Konathala. >> > yaswanth...@gmail.com >> > > > -- > Thanks & Regards, > Yaswanth Kumar Konathala. > yaswanth...@gmail.com > -- Thanks & Regards, Yaswanth Kumar Konathala. yaswanth...@gmail.com
