This is an automated email from the ASF dual-hosted git repository. dsmiley pushed a commit to branch branch_10x in repository https://gitbox.apache.org/repos/asf/solr.git
commit 6434c2b4c075c36b5bc4054d9bdefad7c5338aad Author: Vishnu Priya <[email protected]> AuthorDate: Fri May 8 23:43:10 2026 -0400 SOLR-18055: Improve SSL/HTTPS URL scheme detection (#4272) Prioritize the solr.ssl.enabled system property for determining the URL scheme used in inter-node communication. CloudSolrClient was recently also improved similarly. This makes SSL configuration more straightforward for users, although the urlScheme cluster property is still supported and so is the urlScheme config field of HttpShardHandlerFactory in solr.xml. Those might become deprecated if they don't have a purpose. Co-authored-by: David Smiley <[email protected]> --- changelog/unreleased/SOLR-18056-urlScheme-csp.yml | 4 +- solr/benchmark/src/resources/solr.xml | 1 - .../java/org/apache/solr/cloud/ZkController.java | 7 +-- .../apache/solr/cloud/overseer/ReplicaMutator.java | 8 ++- .../apache/solr/cloud/overseer/SliceMutator.java | 8 ++- .../solr/handler/admin/SystemInfoHandler.java | 3 +- .../handler/component/HttpShardHandlerFactory.java | 28 +++++++--- solr/core/src/test-files/solr/solr-jmxreporter.xml | 1 - .../test-files/solr/solr-trackingshardhandler.xml | 1 - solr/core/src/test-files/solr/solr.xml | 1 - .../org/apache/solr/cloud/LeaderElectionTest.java | 6 +-- .../solr/cloud/LeaderVoteWaitTimeoutTest.java | 9 +--- .../solr/cloud/TestMiniSolrCloudClusterSSL.java | 19 ++++--- .../solr/cloud/overseer/ZkStateReaderTest.java | 10 ++++ .../src/test-files/clustering/solr/solr.xml | 4 -- solr/modules/cuvs/src/test-files/solr/solr.xml | 1 - .../language-models/src/test-files/solr/solr.xml | 1 - solr/modules/ltr/src/test-files/solr/solr.xml | 1 - .../opentelemetry/src/test-files/solr/solr.xml | 1 - .../pages/configuring-solr-xml.adoc | 3 +- .../deployment-guide/pages/enabling-ssl.adoc | 59 ++-------------------- .../pages/major-changes-in-solr-10.adoc | 4 ++ .../src/test-files/solrj/solr/solr.xml | 1 - .../apache/solr/common/cloud/ZkStateReader.java | 21 ++++++-- .../src/resources/EnvToSyspropMappings.properties | 1 - .../src/test-files/solrj/solr/shared/solr.xml | 1 - .../test-files/solrj/solr/solr-metrics-enabled.xml | 1 - solr/solrj/src/test-files/solrj/solr/solr.xml | 1 - .../solrj/impl/ClusterStateProviderTest.java | 8 +-- .../src/java/org/apache/solr/SolrTestCaseJ4.java | 2 +- 30 files changed, 86 insertions(+), 130 deletions(-) diff --git a/changelog/unreleased/SOLR-18056-urlScheme-csp.yml b/changelog/unreleased/SOLR-18056-urlScheme-csp.yml index f7a3d2690b1..12691974908 100644 --- a/changelog/unreleased/SOLR-18056-urlScheme-csp.yml +++ b/changelog/unreleased/SOLR-18056-urlScheme-csp.yml @@ -1,8 +1,10 @@ # See https://github.com/apache/solr/blob/main/dev-docs/changelog.adoc -title: Improved CloudSolrClient's urlScheme detection by using the scheme of provided Solr URLs, or looking at "solr.ssl.enabled". +title: Improved CloudSolrClient's http/https (SSL) detection by using the scheme of provided Solr URLs, or looking at the "solr.ssl.enabled" system property. Likewise improved Solr itself to consider this property as an alternative to the urlScheme cluster property. type: changed authors: - name: Vishnu Priya Chandra Sekar links: - name: SOLR-18056 url: https://issues.apache.org/jira/browse/SOLR-18056 + - name: SOLR-18055 + url: https://issues.apache.org/jira/browse/SOLR-18055 diff --git a/solr/benchmark/src/resources/solr.xml b/solr/benchmark/src/resources/solr.xml index 38c9a776f53..9292940b222 100644 --- a/solr/benchmark/src/resources/solr.xml +++ b/solr/benchmark/src/resources/solr.xml @@ -28,7 +28,6 @@ <str name="allowUrls">${solr.tests.security.allow.urls:}</str> <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory"> - <str name="urlScheme">${urlScheme:}</str> <int name="socketTimeout">${socketTimeout:15000}</int> <int name="connTimeout">${connTimeout:15000}</int> </shardHandlerFactory> diff --git a/solr/core/src/java/org/apache/solr/cloud/ZkController.java b/solr/core/src/java/org/apache/solr/cloud/ZkController.java index 4b574750ede..a3702c1f1e3 100644 --- a/solr/core/src/java/org/apache/solr/cloud/ZkController.java +++ b/solr/core/src/java/org/apache/solr/cloud/ZkController.java @@ -365,13 +365,8 @@ public class ZkController implements Closeable { }); zkStateReader.createClusterStateWatchersAndUpdate(); // and reads cluster properties - // note: Can't read cluster properties until createClusterState ^ is called - final String urlSchemeFromClusterProp = - zkStateReader.getClusterProperty(ZkStateReader.URL_SCHEME, ZkStateReader.HTTP); - // this must happen after zkStateReader has initialized the cluster props - this.baseURL = URLUtil.getBaseUrlForNodeName(this.nodeName, urlSchemeFromClusterProp); - + this.baseURL = zkStateReader.getBaseUrlForNodeName(this.nodeName); // Now that zkStateReader is available, read OVERSEER_ENABLED. final boolean overseerEnabled = Boolean.parseBoolean( diff --git a/solr/core/src/java/org/apache/solr/cloud/overseer/ReplicaMutator.java b/solr/core/src/java/org/apache/solr/cloud/overseer/ReplicaMutator.java index 3b06bbe6df8..1536c5176fc 100644 --- a/solr/core/src/java/org/apache/solr/cloud/overseer/ReplicaMutator.java +++ b/solr/core/src/java/org/apache/solr/cloud/overseer/ReplicaMutator.java @@ -52,6 +52,7 @@ import org.apache.solr.common.cloud.ZkStateReader; import org.apache.solr.common.params.CollectionAdminParams; import org.apache.solr.common.util.CollectionUtil; import org.apache.solr.common.util.StrUtils; +import org.apache.solr.common.util.URLUtil; import org.apache.solr.common.util.Utils; import org.apache.solr.util.TestInjection; import org.slf4j.Logger; @@ -407,11 +408,8 @@ public class ReplicaMutator { String nodeName = (String) replicaProps.get(ZkStateReader.NODE_NAME_PROP); if (nodeName != null) { String baseUrl = - Utils.getBaseUrlForNodeName( - nodeName, - cloudManager - .getClusterStateProvider() - .getClusterProperty(ZkStateReader.URL_SCHEME, "http")); + URLUtil.getBaseUrlForNodeName( + nodeName, cloudManager.getClusterStateProvider().getUrlScheme()); replicaProps.put(ZkStateReader.BASE_URL_PROP, baseUrl); } Replica replica = new Replica(coreNodeName, replicaProps, collectionName, sliceName); diff --git a/solr/core/src/java/org/apache/solr/cloud/overseer/SliceMutator.java b/solr/core/src/java/org/apache/solr/cloud/overseer/SliceMutator.java index 962f7ea0b47..9b72410a114 100644 --- a/solr/core/src/java/org/apache/solr/cloud/overseer/SliceMutator.java +++ b/solr/core/src/java/org/apache/solr/cloud/overseer/SliceMutator.java @@ -39,6 +39,7 @@ import org.apache.solr.common.cloud.ZkCoreNodeProps; import org.apache.solr.common.cloud.ZkNodeProps; import org.apache.solr.common.cloud.ZkStateReader; import org.apache.solr.common.params.CollectionAdminParams; +import org.apache.solr.common.util.URLUtil; import org.apache.solr.common.util.Utils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -88,11 +89,8 @@ public class SliceMutator { } String nodeName = message.getStr(ZkStateReader.NODE_NAME_PROP); String baseUrl = - Utils.getBaseUrlForNodeName( - nodeName, - cloudManager - .getClusterStateProvider() - .getClusterProperty(ZkStateReader.URL_SCHEME, "http")); + URLUtil.getBaseUrlForNodeName( + nodeName, cloudManager.getClusterStateProvider().getUrlScheme()); Map<String, Object> replicaProps = Utils.makeMap( diff --git a/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoHandler.java b/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoHandler.java index eb0079b5080..f9353d9af6a 100644 --- a/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoHandler.java +++ b/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoHandler.java @@ -394,8 +394,7 @@ public class SystemInfoHandler extends RequestHandlerBase { } if (cc != null && cc.getZkController() != null) { - String urlScheme = - cc.getZkController().zkStateReader.getClusterProperty(ZkStateReader.URL_SCHEME, "http"); + String urlScheme = cc.getZkController().zkStateReader.getUrlScheme(); info.add("tls", ZkStateReader.HTTPS.equals(urlScheme)); } diff --git a/solr/core/src/java/org/apache/solr/handler/component/HttpShardHandlerFactory.java b/solr/core/src/java/org/apache/solr/handler/component/HttpShardHandlerFactory.java index fa2392c5a1d..574a0b266a3 100644 --- a/solr/core/src/java/org/apache/solr/handler/component/HttpShardHandlerFactory.java +++ b/solr/core/src/java/org/apache/solr/handler/component/HttpShardHandlerFactory.java @@ -48,6 +48,7 @@ import org.apache.solr.common.SolrException.ErrorCode; import org.apache.solr.common.cloud.ZkStateReader; import org.apache.solr.common.params.ShardParams; import org.apache.solr.common.params.SolrParams; +import org.apache.solr.common.util.EnvUtils; import org.apache.solr.common.util.ExecutorUtil; import org.apache.solr.common.util.IOUtils; import org.apache.solr.common.util.NamedList; @@ -109,6 +110,9 @@ public class HttpShardHandlerFactory extends ShardHandlerFactory // URL scheme to be used in distributed search. static final String INIT_URL_SCHEME = "urlScheme"; + // system property to enable ssl or tls for communication within Solr + static final String SOLR_SSL_ENABLED = "solr.ssl.enabled"; + // The core size of the threadpool servicing requests static final String INIT_CORE_POOL_SIZE = "corePoolSize"; @@ -227,12 +231,7 @@ public class HttpShardHandlerFactory extends ShardHandlerFactory public void init(PluginInfo info) { StringBuilder sb = new StringBuilder(); NamedList<?> args = info.initArgs; - // note: the sys prop is only used in testing - this.scheme = getParameter(args, INIT_URL_SCHEME, System.getProperty(INIT_URL_SCHEME), sb); - if (this.scheme != null && this.scheme.endsWith("://")) { - this.scheme = this.scheme.replace("://", ""); - } - + this.scheme = initUrlScheme(args, sb); String strategy = getParameter( args, "metricNameStrategy", UpdateShardHandlerConfig.DEFAULT_METRICNAMESTRATEGY, sb); @@ -436,6 +435,23 @@ public class HttpShardHandlerFactory extends ShardHandlerFactory return url; } + /** + * Get url scheme of host + * + * @return http or https or null + */ + private String initUrlScheme(NamedList<?> args, StringBuilder sb) { + final Boolean isSolrSslEnabled = EnvUtils.getPropertyAsBool(SOLR_SSL_ENABLED, null); + if (isSolrSslEnabled != null) { + return isSolrSslEnabled ? "https" : "http"; + } + String urlScheme = getParameter(args, INIT_URL_SCHEME, System.getProperty(INIT_URL_SCHEME), sb); + if (urlScheme != null && urlScheme.endsWith("://")) { + urlScheme = urlScheme.replace("://", ""); + } + return urlScheme; + } + @Override public void initializeMetrics(SolrMetricsContext parentContext, Attributes attributes) { solrMetricsContext = parentContext.getChildContext(this); diff --git a/solr/core/src/test-files/solr/solr-jmxreporter.xml b/solr/core/src/test-files/solr/solr-jmxreporter.xml index c5b296994a4..559b2e30348 100644 --- a/solr/core/src/test-files/solr/solr-jmxreporter.xml +++ b/solr/core/src/test-files/solr/solr-jmxreporter.xml @@ -18,7 +18,6 @@ <solr> <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory"> - <str name="urlScheme">${urlScheme:}</str> <int name="socketTimeout">${socketTimeout:90000}</int> <int name="connTimeout">${connTimeout:15000}</int> </shardHandlerFactory> diff --git a/solr/core/src/test-files/solr/solr-trackingshardhandler.xml b/solr/core/src/test-files/solr/solr-trackingshardhandler.xml index a0ff99a60db..90efdebde0e 100644 --- a/solr/core/src/test-files/solr/solr-trackingshardhandler.xml +++ b/solr/core/src/test-files/solr/solr-trackingshardhandler.xml @@ -36,7 +36,6 @@ <shardHandlerFactory name="shardHandlerFactory" class="org.apache.solr.handler.component.TrackingShardHandlerFactory"> - <str name="urlScheme">${urlScheme:}</str> <int name="socketTimeout">${socketTimeout:90000}</int> <int name="connTimeout">${connTimeout:15000}</int> </shardHandlerFactory> diff --git a/solr/core/src/test-files/solr/solr.xml b/solr/core/src/test-files/solr/solr.xml index 92e3d7d6bf3..d2210695e77 100644 --- a/solr/core/src/test-files/solr/solr.xml +++ b/solr/core/src/test-files/solr/solr.xml @@ -32,7 +32,6 @@ <int name="indexSearcherExecutorThreads">4</int> <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory"> - <str name="urlScheme">${urlScheme:}</str> <int name="socketTimeout">${socketTimeout:15000}</int> <int name="connTimeout">${connTimeout:15000}</int> </shardHandlerFactory> diff --git a/solr/core/src/test/org/apache/solr/cloud/LeaderElectionTest.java b/solr/core/src/test/org/apache/solr/cloud/LeaderElectionTest.java index 7bac68872a1..e95c1b41111 100644 --- a/solr/core/src/test/org/apache/solr/cloud/LeaderElectionTest.java +++ b/solr/core/src/test/org/apache/solr/cloud/LeaderElectionTest.java @@ -16,8 +16,6 @@ */ package org.apache.solr.cloud; -import static org.apache.solr.common.cloud.ZkStateReader.URL_SCHEME; - import java.lang.invoke.MethodHandles; import java.nio.file.Path; import java.util.ArrayList; @@ -233,7 +231,7 @@ public class LeaderElectionTest extends SolrTestCaseJ4 { elector, "shard2", "collection1", "dummynode1", props, zkController); elector.setup(context); elector.joinElection(context, false); - String urlScheme = zkStateReader.getClusterProperty(URL_SCHEME, "http"); + String urlScheme = zkStateReader.getUrlScheme(); assertEquals(urlScheme + "://127.0.0.1:80/solr/", getLeaderUrl("collection1", "shard2")); } @@ -259,7 +257,7 @@ public class LeaderElectionTest extends SolrTestCaseJ4 { Thread.sleep(1000); - String urlScheme = zkStateReader.getClusterProperty(URL_SCHEME, "http"); + String urlScheme = zkStateReader.getUrlScheme(); String url1 = Utils.getBaseUrlForNodeName("127.0.0.1:80_solr", urlScheme) + "/1/"; String url2 = Utils.getBaseUrlForNodeName("127.0.0.1:80_solr", urlScheme) + "/2/"; diff --git a/solr/core/src/test/org/apache/solr/cloud/LeaderVoteWaitTimeoutTest.java b/solr/core/src/test/org/apache/solr/cloud/LeaderVoteWaitTimeoutTest.java index 1c042c6f222..4deca8cebd5 100644 --- a/solr/core/src/test/org/apache/solr/cloud/LeaderVoteWaitTimeoutTest.java +++ b/solr/core/src/test/org/apache/solr/cloud/LeaderVoteWaitTimeoutTest.java @@ -17,9 +17,6 @@ package org.apache.solr.cloud; -import static org.apache.solr.common.cloud.ZkStateReader.HTTP; -import static org.apache.solr.common.cloud.ZkStateReader.URL_SCHEME; - import java.io.IOException; import java.lang.invoke.MethodHandles; import java.net.URI; @@ -39,7 +36,6 @@ import org.apache.solr.client.solrj.request.CollectionAdminRequest; import org.apache.solr.client.solrj.request.GenericSolrRequest; import org.apache.solr.common.SolrInputDocument; import org.apache.solr.common.cloud.Replica; -import org.apache.solr.common.cloud.ZkStateReader; import org.apache.solr.common.util.NamedList; import org.apache.solr.embedded.JettySolrRunner; import org.apache.solr.util.SocketProxy; @@ -79,10 +75,7 @@ public class LeaderVoteWaitTimeoutTest extends SolrCloudTestCase { @Before public void setupTest() throws Exception { - configureCluster(NODE_COUNT) - .withProperty(ZkStateReader.URL_SCHEME, System.getProperty(URL_SCHEME, HTTP)) - .addConfig("conf", configset("cloud-minimal")) - .configure(); + configureCluster(NODE_COUNT).addConfig("conf", configset("cloud-minimal")).configure(); // Add proxies proxies = new HashMap<>(cluster.getJettySolrRunners().size()); diff --git a/solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudClusterSSL.java b/solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudClusterSSL.java index 58b5a175ca8..85072d26d32 100644 --- a/solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudClusterSSL.java +++ b/solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudClusterSSL.java @@ -32,7 +32,6 @@ import org.apache.solr.client.solrj.impl.SolrHttpConstants; import org.apache.solr.client.solrj.jetty.HttpJettySolrClient; import org.apache.solr.client.solrj.request.CollectionAdminRequest; import org.apache.solr.client.solrj.request.CoreAdminRequest; -import org.apache.solr.common.cloud.ZkStateReader; import org.apache.solr.common.params.CoreAdminParams.CoreAdminAction; import org.apache.solr.embedded.JettyConfig; import org.apache.solr.embedded.JettySolrRunner; @@ -71,7 +70,7 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 { } private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - + private static final String SOLR_SSL_ENABLED = "solr.ssl.enabled"; public static final int NUM_SERVERS = 3; public static final String CONF_NAME = MethodHandles.lookup().lookupClass().getName(); @@ -86,14 +85,14 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 { "NOTE: This Test ignores the randomized SSL & clientAuth settings selected by base class"); HttpClientUtil.resetHttpClientBuilder(); // also resets SocketFactoryRegistryProvider HttpJettySolrClient.resetSslContextFactory(); - System.clearProperty(ZkStateReader.URL_SCHEME); + System.clearProperty(SOLR_SSL_ENABLED); } @After public void after() { HttpClientUtil.resetHttpClientBuilder(); // also resets SocketFactoryRegistryProvider HttpJettySolrClient.resetSslContextFactory(); - System.clearProperty(ZkStateReader.URL_SCHEME); + System.clearProperty(SOLR_SSL_ENABLED); SSLContext.setDefault(DEFAULT_SSL_CONTEXT); } @@ -102,7 +101,7 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 { HttpClientUtil.setSocketFactoryRegistryProvider( sslConfig.buildClientSocketFactoryRegistryProvider()); // must be reset HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig()); // must be reset - System.setProperty(ZkStateReader.URL_SCHEME, "http"); + System.setProperty(SOLR_SSL_ENABLED, "false"); checkClusterWithNodeReplacement(sslConfig); } @@ -114,7 +113,7 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 { HttpClientUtil.setSocketFactoryRegistryProvider( sslConfig.buildClientSocketFactoryRegistryProvider()); HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig()); - System.setProperty(ZkStateReader.URL_SCHEME, "http"); + System.setProperty(SOLR_SSL_ENABLED, "false"); checkClusterWithNodeReplacement(sslConfig); } @@ -123,7 +122,7 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 { HttpClientUtil.setSocketFactoryRegistryProvider( sslConfig.buildClientSocketFactoryRegistryProvider()); HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig()); - System.setProperty(ZkStateReader.URL_SCHEME, "https"); + System.setProperty(SOLR_SSL_ENABLED, "true"); checkClusterWithNodeReplacement(sslConfig); } @@ -135,7 +134,7 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 { HttpClientUtil.setSocketFactoryRegistryProvider( sslConfig.buildClientSocketFactoryRegistryProvider()); HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig()); - System.setProperty(ZkStateReader.URL_SCHEME, "https"); + System.setProperty(SOLR_SSL_ENABLED, "true"); checkClusterWithNodeReplacement(sslConfig); } @@ -144,7 +143,7 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 { HttpClientUtil.setSocketFactoryRegistryProvider( sslConfig.buildClientSocketFactoryRegistryProvider()); HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig()); - System.setProperty(ZkStateReader.URL_SCHEME, "https"); + System.setProperty(SOLR_SSL_ENABLED, "true"); checkClusterWithNodeReplacement(sslConfig); } @@ -193,7 +192,7 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 { HttpClientUtil.setSocketFactoryRegistryProvider( sslConfig.buildClientSocketFactoryRegistryProvider()); HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig()); - System.setProperty(ZkStateReader.URL_SCHEME, "https"); + System.setProperty(SOLR_SSL_ENABLED, "true"); final JettyConfig config = JettyConfig.builder().withSSLConfig(sslConfig.buildServerSSLConfig()).build(); final MiniSolrCloudCluster cluster = diff --git a/solr/core/src/test/org/apache/solr/cloud/overseer/ZkStateReaderTest.java b/solr/core/src/test/org/apache/solr/cloud/overseer/ZkStateReaderTest.java index eb3eadff0e6..df6aced524e 100644 --- a/solr/core/src/test/org/apache/solr/cloud/overseer/ZkStateReaderTest.java +++ b/solr/core/src/test/org/apache/solr/cloud/overseer/ZkStateReaderTest.java @@ -994,4 +994,14 @@ public class ZkStateReaderTest extends SolrTestCaseJ4 { var lowestVersion = reader.fetchLowestSolrVersion(); assertFalse("Expected no lowest version when no live nodes exist", lowestVersion.isPresent()); } + + public void testGetUrlScheme_validSystemProperty() { + String expectedUrlScheme = isSSLMode() ? "https" : "http"; + assertEquals(expectedUrlScheme, fixture.reader.getUrlScheme()); + } + + public void testGetUrlScheme_noClusterAndSystemProperty() { + assumeFalse("Skip the test when ssl is enabled", isSSLMode()); + assertEquals("http", fixture.reader.getUrlScheme()); + } } diff --git a/solr/modules/clustering/src/test-files/clustering/solr/solr.xml b/solr/modules/clustering/src/test-files/clustering/solr/solr.xml index 3596eebbdaf..7370666792b 100644 --- a/solr/modules/clustering/src/test-files/clustering/solr/solr.xml +++ b/solr/modules/clustering/src/test-files/clustering/solr/solr.xml @@ -25,8 +25,4 @@ <str name="coreRootDirectory">cores/</str> <str name="configSetBaseDir"></str> - <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory"> - <str name="urlScheme">${urlScheme:}</str> - </shardHandlerFactory> - </solr> diff --git a/solr/modules/cuvs/src/test-files/solr/solr.xml b/solr/modules/cuvs/src/test-files/solr/solr.xml index 26d92c24f4c..6a7a1ff36c2 100644 --- a/solr/modules/cuvs/src/test-files/solr/solr.xml +++ b/solr/modules/cuvs/src/test-files/solr/solr.xml @@ -23,7 +23,6 @@ <str name="coreRootDirectory">${coreRootDirectory:.}</str> <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory"> - <str name="urlScheme">${urlScheme:}</str> <int name="socketTimeout">${socketTimeout:90000}</int> <int name="connTimeout">${connTimeout:15000}</int> </shardHandlerFactory> diff --git a/solr/modules/language-models/src/test-files/solr/solr.xml b/solr/modules/language-models/src/test-files/solr/solr.xml index c201efd50d9..bea3624ec6f 100644 --- a/solr/modules/language-models/src/test-files/solr/solr.xml +++ b/solr/modules/language-models/src/test-files/solr/solr.xml @@ -23,7 +23,6 @@ <str name="coreRootDirectory">${coreRootDirectory:.}</str> <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory"> - <str name="urlScheme">${urlScheme:}</str> <int name="socketTimeout">${socketTimeout:90000}</int> <int name="connTimeout">${connTimeout:15000}</int> </shardHandlerFactory> diff --git a/solr/modules/ltr/src/test-files/solr/solr.xml b/solr/modules/ltr/src/test-files/solr/solr.xml index c201efd50d9..bea3624ec6f 100644 --- a/solr/modules/ltr/src/test-files/solr/solr.xml +++ b/solr/modules/ltr/src/test-files/solr/solr.xml @@ -23,7 +23,6 @@ <str name="coreRootDirectory">${coreRootDirectory:.}</str> <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory"> - <str name="urlScheme">${urlScheme:}</str> <int name="socketTimeout">${socketTimeout:90000}</int> <int name="connTimeout">${connTimeout:15000}</int> </shardHandlerFactory> diff --git a/solr/modules/opentelemetry/src/test-files/solr/solr.xml b/solr/modules/opentelemetry/src/test-files/solr/solr.xml index 1f519208496..42f330816fd 100644 --- a/solr/modules/opentelemetry/src/test-files/solr/solr.xml +++ b/solr/modules/opentelemetry/src/test-files/solr/solr.xml @@ -29,7 +29,6 @@ <str name="allowUrls">${solr.tests.security.allow.urls:}</str> <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory"> - <str name="urlScheme">${urlScheme:}</str> <int name="socketTimeout">${socketTimeout:90000}</int> <int name="connTimeout">${connTimeout:15000}</int> </shardHandlerFactory> diff --git a/solr/solr-ref-guide/modules/configuration-guide/pages/configuring-solr-xml.adoc b/solr/solr-ref-guide/modules/configuration-guide/pages/configuring-solr-xml.adoc index 2aed51b89e3..66e6d21dc7a 100644 --- a/solr/solr-ref-guide/modules/configuration-guide/pages/configuring-solr-xml.adoc +++ b/solr/solr-ref-guide/modules/configuration-guide/pages/configuring-solr-xml.adoc @@ -552,7 +552,8 @@ Defaults to the `distribUpdateConnTimeout` specified in the `<solrcloud>` sectio |Optional |Default: none |=== + -The URL scheme to be used in distributed search. +The URL scheme to be used in distributed search and other inter-node communication. +Note: this is obsoleted by the `solr.ssl.enabled` boolean system property. `maxConnectionsPerHost`:: + diff --git a/solr/solr-ref-guide/modules/deployment-guide/pages/enabling-ssl.adoc b/solr/solr-ref-guide/modules/deployment-guide/pages/enabling-ssl.adoc index 536038df68c..3a455450a48 100644 --- a/solr/solr-ref-guide/modules/deployment-guide/pages/enabling-ssl.adoc +++ b/solr/solr-ref-guide/modules/deployment-guide/pages/enabling-ssl.adoc @@ -62,10 +62,10 @@ If you want to use curl on OS X Yosemite (10.10), you'll need to create a certif $ openssl pkcs12 -nokeys -in solr-ssl.keystore.p12 -out solr-ssl.cacert.pem ---- -=== Set Common SSL-Related System Properties +=== Set Common SSL-Related Environment Variables -The Solr Control Script is already setup to pass SSL-related Java system properties to the JVM. -To activate the SSL settings, uncomment and update the set of properties beginning with `SOLR_SSL_*` in `bin/solr.in.sh` on *nix systems or `bin\solr.in.cmd` on Windows. +The Solr Control Script is already setup to pass SSL-related environment variables. +To activate the SSL settings, uncomment and update the set of variables beginning with `SOLR_SSL_*` in `bin/solr.in.sh` on *nix systems or `bin\solr.in.cmd` on Windows. [tabs#solr-in] ====== @@ -132,59 +132,6 @@ They are mutually exclusive and Jetty will select one of them which may not be w When you start Solr, the `bin/solr` script includes these settings and will pass them as system properties to the JVM. -If you are using SolrCloud, you need to <<Configure ZooKeeper>> before starting Solr. - -If you are running Solr in a user-managed cluster or standalone installation, you can skip to <<Start User-Managed Cluster or Standalone Solr>>. - -=== Configure ZooKeeper - -After creating the keystore described above and before you start any SolrCloud nodes, you must configure your Solr cluster properties in ZooKeeper so that Solr nodes know to communicate via SSL. - -This section assumes you have created and started an external ZooKeeper. -See xref:zookeeper-ensemble.adoc[] for more information. - -The `urlScheme` cluster-wide property needs to be set to `https` before any Solr node starts up. -The examples below use the `bin/solr` tool that comes with Solr to do this. - -[tabs#zkclusterprops] -====== -*nix:: -+ -==== -[source,terminal] ----- -$ bin/solr cluster --property urlScheme --value https --zk-host server1:2181,server2:2181,server3:2181 ----- -==== - -Windows:: -+ -==== -[source,powershell] ----- -C:\> bin/solr.cmd cluster --property urlScheme --value https --zk-host server1:2181,server2:2181,server3:2181 ----- -==== -====== - -Be sure to use the correct `--zk-host` value for your system. -If you have set up your ZooKeeper ensemble to use a xref:taking-solr-to-production.adoc#zookeeper-chroot[chroot for Solr], make sure to include it in the `zkHost` string, e.g., `--zk-host server1:2181,server2:2181,server3:2181/solr`. - -=== Update Cluster Properties for Existing Collections - -If you are using SolrCloud and have collections created before enabling SSL, you will need to update the cluster properties to use HTTPS. - -If you do not have existing collections or are not using SolrCloud, you can skip ahead and start Solr. - -Updating cluster properties can be done with the Collections API xref:cluster-node-management.adoc#clusterprop[CLUSTERPROP command], as in this example (update the hostname and port as appropriate for your system): - -[source,terminal] -$ http://localhost:8983/solr/admin/collections?action=CLUSTERPROP&name=urlScheme&val=https - -This command only needs to be run on one node of the cluster, the change will apply to all nodes. - -Once this and all other steps are complete, you can go ahead and start Solr. - == Starting Solr After Enabling SSL === Start SolrCloud diff --git a/solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-10.adoc b/solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-10.adoc index 442197960aa..375109ddbb7 100644 --- a/solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-10.adoc +++ b/solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-10.adoc @@ -36,6 +36,10 @@ Solr 10.0 requires at least Java 21, while SolrJ 10.0 requires at least Java 17. == Solr 10.1 +For SSL (https), it's no longer necessary to set the "urlScheme" cluster property since the `SOLR_SSL_ENABLED` env var (or `solr.ssl.enabled` sys-prop) suffices. +These are now honored by CloudSolrClient, as well as scheme detection from the connection string / hosts. +The "urlScheme" cluster property and httpShardHandlerFactory configuration is likely to be deprecated; feedback welcome. + === v2 API Starting in Solr 10.1 it is no longer possible for users to disable the v2 API by use of the `solr.api.v2.enabled` system property, and the Solr server and tooling (`bin/solr`, Admin UI, etc.) will start using these APIs internally. diff --git a/solr/solrj-streaming/src/test-files/solrj/solr/solr.xml b/solr/solrj-streaming/src/test-files/solrj/solr/solr.xml index 3e578e6cfdd..cd24ddbc200 100644 --- a/solr/solrj-streaming/src/test-files/solrj/solr/solr.xml +++ b/solr/solrj-streaming/src/test-files/solrj/solr/solr.xml @@ -28,7 +28,6 @@ <str name="allowUrls">${solr.tests.security.allow.urls:}</str> <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory"> - <str name="urlScheme">${urlScheme:}</str> <int name="socketTimeout">${socketTimeout:90000}</int> <int name="connTimeout">${connTimeout:15000}</int> </shardHandlerFactory> diff --git a/solr/solrj-zookeeper/src/java/org/apache/solr/common/cloud/ZkStateReader.java b/solr/solrj-zookeeper/src/java/org/apache/solr/common/cloud/ZkStateReader.java index 101d2ea983f..4f0c3bb3836 100644 --- a/solr/solrj-zookeeper/src/java/org/apache/solr/common/cloud/ZkStateReader.java +++ b/solr/solrj-zookeeper/src/java/org/apache/solr/common/cloud/ZkStateReader.java @@ -56,8 +56,10 @@ import org.apache.solr.common.SolrException.ErrorCode; import org.apache.solr.common.params.CollectionAdminParams; import org.apache.solr.common.params.CoreAdminParams; import org.apache.solr.common.util.CommonTestInjection; +import org.apache.solr.common.util.EnvUtils; import org.apache.solr.common.util.ExecutorUtil; import org.apache.solr.common.util.ObjectReleaseTracker; +import org.apache.solr.common.util.URLUtil; import org.apache.solr.common.util.Utils; import org.apache.zookeeper.KeeperException; import org.apache.zookeeper.KeeperException.NoNodeException; @@ -1228,8 +1230,7 @@ public class ZkStateReader implements SolrCloseable { * @return url that looks like {@code https://localhost:8983/solr} */ public String getBaseUrlForNodeName(final String nodeName) { - String urlScheme = getClusterProperty(URL_SCHEME, "http"); - return Utils.getBaseUrlForNodeName(nodeName, urlScheme, false); + return URLUtil.getBaseUrlForNodeName(nodeName, getUrlScheme(), false); } /** @@ -1240,8 +1241,20 @@ public class ZkStateReader implements SolrCloseable { * @return url that looks like {@code https://localhost:8983/api} */ public String getBaseUrlV2ForNodeName(final String nodeName) { - String urlScheme = getClusterProperty(URL_SCHEME, "http"); - return Utils.getBaseUrlForNodeName(nodeName, urlScheme, true); + return URLUtil.getBaseUrlForNodeName(nodeName, getUrlScheme(), true); + } + + /** + * Returns the URL scheme for hosts in the cluster. + * + * @return the URL scheme ("http" or "https") + */ + public String getUrlScheme() { + final Boolean isSolrSslEnabled = EnvUtils.getPropertyAsBool("solr.ssl.enabled"); + if (isSolrSslEnabled != null) { + return isSolrSslEnabled ? "https" : "http"; + } + return getClusterProperty(URL_SCHEME, "http"); } /** Watches a single collection's state.json. */ diff --git a/solr/solrj/src/resources/EnvToSyspropMappings.properties b/solr/solrj/src/resources/EnvToSyspropMappings.properties index 7571f2968d3..ed6e742cebc 100644 --- a/solr/solrj/src/resources/EnvToSyspropMappings.properties +++ b/solr/solrj/src/resources/EnvToSyspropMappings.properties @@ -71,7 +71,6 @@ SOLR_SSL_CLIENT_KEY_STORE_TYPE= SOLR_SSL_CLIENT_TRUST_STORE= SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD= SOLR_SSL_CLIENT_TRUST_STORE_TYPE= -SOLR_SSL_ENABLED= SOLR_SSL_KEY_STORE= SOLR_SSL_KEY_STORE_PASSWORD= SOLR_SSL_KEY_STORE_TYPE= diff --git a/solr/solrj/src/test-files/solrj/solr/shared/solr.xml b/solr/solrj/src/test-files/solrj/solr/shared/solr.xml index 7f48a511a6f..08d3596ec35 100644 --- a/solr/solrj/src/test-files/solrj/solr/shared/solr.xml +++ b/solr/solrj/src/test-files/solrj/solr/shared/solr.xml @@ -23,7 +23,6 @@ <str name="coreRootDirectory">${coreRootDirectory:.}</str> <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory"> - <str name="urlScheme">${urlScheme:}</str> <int name="socketTimeout">${socketTimeout:90000}</int> <int name="connTimeout">${connTimeout:15000}</int> </shardHandlerFactory> diff --git a/solr/solrj/src/test-files/solrj/solr/solr-metrics-enabled.xml b/solr/solrj/src/test-files/solrj/solr/solr-metrics-enabled.xml index a48c29f7e27..e2e4fc7c10d 100644 --- a/solr/solrj/src/test-files/solrj/solr/solr-metrics-enabled.xml +++ b/solr/solrj/src/test-files/solrj/solr/solr-metrics-enabled.xml @@ -30,7 +30,6 @@ <str name="allowUrls">${solr.tests.security.allow.urls:}</str> <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory"> - <str name="urlScheme">${urlScheme:}</str> <int name="socketTimeout">${socketTimeout:90000}</int> <int name="connTimeout">${connTimeout:15000}</int> </shardHandlerFactory> diff --git a/solr/solrj/src/test-files/solrj/solr/solr.xml b/solr/solrj/src/test-files/solrj/solr/solr.xml index 6957862f4d9..f9ec9e5ec96 100644 --- a/solr/solrj/src/test-files/solrj/solr/solr.xml +++ b/solr/solrj/src/test-files/solrj/solr/solr.xml @@ -28,7 +28,6 @@ <str name="allowUrls">${solr.tests.security.allow.urls:}</str> <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory"> - <str name="urlScheme">${urlScheme:}</str> <int name="socketTimeout">${socketTimeout:90000}</int> <int name="connTimeout">${connTimeout:15000}</int> </shardHandlerFactory> diff --git a/solr/solrj/src/test/org/apache/solr/client/solrj/impl/ClusterStateProviderTest.java b/solr/solrj/src/test/org/apache/solr/client/solrj/impl/ClusterStateProviderTest.java index 175264ede47..63f3ab56657 100644 --- a/solr/solrj/src/test/org/apache/solr/client/solrj/impl/ClusterStateProviderTest.java +++ b/solr/solrj/src/test/org/apache/solr/client/solrj/impl/ClusterStateProviderTest.java @@ -472,6 +472,7 @@ public class ClusterStateProviderTest extends SolrCloudTestCase { } private void testUrlSchemeDefault(SolrZkClient client) throws Exception { + assumeFalse("Skip the test when ssl is enabled", isSSLMode()); try (var zkStateReader = new ZkStateReader(client); var clusterStateProvider = new ZkClientClusterStateProvider(zkStateReader)) { assertEquals("http", clusterStateProvider.getUrlScheme()); @@ -479,16 +480,15 @@ public class ClusterStateProviderTest extends SolrCloudTestCase { } private void testUrlSchemeWithSystemProperties(SolrZkClient client) throws Exception { - System.setProperty(SOLR_SSL_ENABLED, "true"); try (var zkStateReader = new ZkStateReader(client); var clusterStateProvider = new ZkClientClusterStateProvider(zkStateReader)) { - assertEquals("https", clusterStateProvider.getUrlScheme()); - } finally { - System.clearProperty(SOLR_SSL_ENABLED); + String expectedUrlScheme = isSSLMode() ? "https" : "http"; + assertEquals(expectedUrlScheme, clusterStateProvider.getUrlScheme()); } } private void testUrlSchemeWithClusterProperties(SolrZkClient client) throws Exception { + assumeFalse("Skip the test when ssl is enabled", isSSLMode()); ClusterProperties cp = new ClusterProperties(client); cp.setClusterProperty("urlScheme", "ftp"); try (var zkStateReader = new ZkStateReader(client); diff --git a/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java b/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java index b450cff5bd7..26668690557 100644 --- a/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java +++ b/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java @@ -287,7 +287,7 @@ public abstract class SolrTestCaseJ4 extends SolrTestCase { HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig()); if (isSSLMode()) { // SolrCloud tests should usually clear this - System.setProperty("urlScheme", "https"); + System.setProperty("solr.ssl.enabled", "true"); } ExecutorUtil.resetThreadLocalProviders();
