RE: Enabling SSL in solr server. (Single mode or Cloud mode) Getting Errors & How to add parameters to service script.
Hi,
I still haven't figured it out how to enable the same.
-Original Message-
From: Behera, Pranaya P [mailto:pbeh...@jcp.com]
Sent: Monday, January 02, 2017 1:47 PM
To: solr-user@lucene.apache.org
Subject: Enabling SSL in solr server. (Single mode or Cloud mode) Getting
Errors & How to add parameters to service script.
Hi,
I have followed the documentation and executed in a fresh machine to
enable the ssl in the server. It is an ec2 instance of centos 7. I have
installed solr which is working fine. But as soon as I modify
/etc/default/solr.in.sh file to incorporate the ssl related variables, the
server never starts. Here is the command used to get it up and running but alas
no result till now.
[centos@ip-xx-xxx-xx-xxx ~]$ sudo bash ./install_solr_service.sh solr-6.2.1.tgz
Extracting solr-6.2.1.tgz to /opt
Installing symlink /opt/solr -> /opt/solr-6.2.1 ...
Installing /etc/init.d/solr script ...
Installing /etc/default/solr.in.sh ...
Waiting up to 30 seconds to see Solr running on port 8983 [/] Started Solr
server on port 8983 (pid=6683). Happy searching!
Found 1 Solr nodes:
Solr process 6683 running on port 8983
{
"solr_home":"/var/solr/data",
"version":"6.2.1 43ab70147eb494324a1410f7a9f16a896a59bc6f - shalin -
2016-09-15 05:20:53",
"startTime":"2017-01-02T07:56:25.414Z",
"uptime":"0 days, 0 hours, 0 minutes, 10 seconds",
"memory":"82.3 MB (%16.8) of 490.7 MB"}
Service solr installed.
[centos@ip-xx-xxx-xx-xxx ~]$ ps -ef | grep solr
solr 6683 1 15 01:56 ?00:00:02 java -server -Xms512m -Xmx512m
-XX:NewRatio=3 -XX:SurvivorRatio=4 -XX:TargetSurvivorRatio=90
-XX:MaxTenuringThreshold=8 -XX:+UseConcMarkSweepGC -XX:+UseParNewGC
-XX:ConcGCThreads=4 -XX:ParallelGCThreads=4 -XX:+CMSScavengeBeforeRemark
-XX:PretenureSizeThreshold=64m -XX:+UseCMSInitiatingOccupancyOnly
-XX:CMSInitiatingOccupancyFraction=50 -XX:CMSMaxAbortablePrecleanTime=6000
-XX:+CMSParallelRemarkEnabled -XX:+ParallelRefProcEnabled -verbose:gc
-XX:+PrintHeapAtGC -XX:+PrintGCDetails -XX:+PrintGCDateStamps
-XX:+PrintGCTimeStamps -XX:+PrintTenuringDistribution
-XX:+PrintGCApplicationStoppedTime -Xloggc:/var/solr/logs/solr_gc.log
-Djetty.port=8983 -DSTOP.PORT=7983 -DSTOP.KEY=solrrocks -Duser.timezone=UTC
-Djetty.home=/opt/solr/server -Dsolr.solr.home=/var/solr/data
-Dsolr.install.dir=/opt/solr
-Dlog4j.configuration=file:/var/solr/log4j.properties -Xss256k
-XX:OnOutOfMemoryError=/opt/solr/bin/oom_solr.sh 8983 /var/solr/logs -jar
start.jar --module=http
centos6856 1837 0 01:56 pts/000:00:00 grep --color=auto solr
[centos@ip-xx-xxx-xx-xxx ~]$ cd /opt/solr [centos@ip-xx-xxx-xx-xxx solr]$ cd
server/etc/ [centos@ip-xx-xxx-xx-xxx etc]$ ls jetty-https.xml jetty-http.xml
jetty-ssl.xml jetty.xml webdefault.xml [centos@ip-xx-xxx-xx-xxx etc]$ ls
jetty-https.xml jetty-http.xml jetty-ssl.xml jetty.xml webdefault.xml
[centos@ip-xx-xxx-xx-xxx etc]$ sudo keytool -genkeypair -alias solr-ssl -keyalg
RSA -keysize 2048 -keypass secret -storepass secret -validity -keystore
solr-ssl.keystore.jks -ext SAN=DNS:localhost,IP:xx.xxx.xxx.xxx,IP:127.0.0.1
-dname "CN=zksolr, OU=Search, O=OK, L=Newyork, ST=Newyork, C=USA"
[centos@ip-xx-xxx-xx-xxx etc]$ ls -al
total 60
drwxr-xr-x. 2 root docker 4096 Jan 2 02:02 .
drwxr-xr-x. 11 root docker 4096 Jan 2 01:56 ..
-rw-r--r--. 1 root docker 3055 Sep 13 20:26 jetty-https.xml -rw-r--r--. 1
root docker 2684 Sep 13 20:26 jetty-http.xml -rw-r--r--. 1 root docker 2449
Jul 14 12:13 jetty-ssl.xml -rw-r--r--. 1 root docker 9389 Sep 14 14:26
jetty.xml -rw---. 1 root docker 2258 Jan 2 02:02 solr-ssl.keystore.jks
-rw-r--r--. 1 root docker 24425 Jul 14 12:13 webdefault.xml
[centos@ip-xx-xxx-xx-xxx etc]$ sudo keytool -importkeystore -srckeystore
solr-ssl.keystore.jks -destkeystore solr-ssl.keystore.p12 -srcstoretype jks
-deststoretype pkcs12 Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
Entry for alias solr-ssl successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or
cancelled [centos@ip-xx-xxx-xx-xxx etc]$ sudo openssl pkcs12 -in
solr-ssl.keystore.p12 -out solr-ssl.pem Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
[centos@ip-xx-xxx-xx-xxx etc]$ ls -al
total 68
drwxr-xr-x. 2 root docker 4096 Jan 2 02:03 .
drwxr-xr-x. 11 root docker 4096 Jan 2 01:56 ..
-rw-r--r--. 1 root docker 3055 Sep 13 20:26 jetty-https.xml -rw-r--r--. 1
root docker 2684 Sep 13 20:26 jetty-http.xml -rw-r--r--. 1 root docker 2449
Jul 14 12:13 jetty-ssl.xml -rw-r--r--. 1 root docker 9389 Sep 14 14:26
jetty.xml -rw---. 1 root docker 2258 Jan 2 02:02 solr-ssl.keystore.jks
-rw---. 1 root docker 2608 Jan 2 02:02 solr-ssl.keystore.p12 -rw---.
1 root docker 1662 Jan 2 02:03 solr-ssl.pe
Enabling SSL in solr server. (Single mode or Cloud mode) Getting Errors & How to add parameters to service script.
Hi,
I have followed the documentation and executed in a fresh machine to
enable the ssl in the server. It is an ec2 instance of centos 7. I have
installed solr which is working fine. But as soon as I modify
/etc/default/solr.in.sh file to incorporate the ssl related variables, the
server never starts. Here is the command used to get it up and running but alas
no result till now.
[centos@ip-xx-xxx-xx-xxx ~]$ sudo bash ./install_solr_service.sh solr-6.2.1.tgz
Extracting solr-6.2.1.tgz to /opt
Installing symlink /opt/solr -> /opt/solr-6.2.1 ...
Installing /etc/init.d/solr script ...
Installing /etc/default/solr.in.sh ...
Waiting up to 30 seconds to see Solr running on port 8983 [/]
Started Solr server on port 8983 (pid=6683). Happy searching!
Found 1 Solr nodes:
Solr process 6683 running on port 8983
{
"solr_home":"/var/solr/data",
"version":"6.2.1 43ab70147eb494324a1410f7a9f16a896a59bc6f - shalin -
2016-09-15 05:20:53",
"startTime":"2017-01-02T07:56:25.414Z",
"uptime":"0 days, 0 hours, 0 minutes, 10 seconds",
"memory":"82.3 MB (%16.8) of 490.7 MB"}
Service solr installed.
[centos@ip-xx-xxx-xx-xxx ~]$ ps -ef | grep solr
solr 6683 1 15 01:56 ?00:00:02 java -server -Xms512m -Xmx512m
-XX:NewRatio=3 -XX:SurvivorRatio=4 -XX:TargetSurvivorRatio=90
-XX:MaxTenuringThreshold=8 -XX:+UseConcMarkSweepGC -XX:+UseParNewGC
-XX:ConcGCThreads=4 -XX:ParallelGCThreads=4 -XX:+CMSScavengeBeforeRemark
-XX:PretenureSizeThreshold=64m -XX:+UseCMSInitiatingOccupancyOnly
-XX:CMSInitiatingOccupancyFraction=50 -XX:CMSMaxAbortablePrecleanTime=6000
-XX:+CMSParallelRemarkEnabled -XX:+ParallelRefProcEnabled -verbose:gc
-XX:+PrintHeapAtGC -XX:+PrintGCDetails -XX:+PrintGCDateStamps
-XX:+PrintGCTimeStamps -XX:+PrintTenuringDistribution
-XX:+PrintGCApplicationStoppedTime -Xloggc:/var/solr/logs/solr_gc.log
-Djetty.port=8983 -DSTOP.PORT=7983 -DSTOP.KEY=solrrocks -Duser.timezone=UTC
-Djetty.home=/opt/solr/server -Dsolr.solr.home=/var/solr/data
-Dsolr.install.dir=/opt/solr
-Dlog4j.configuration=file:/var/solr/log4j.properties -Xss256k
-XX:OnOutOfMemoryError=/opt/solr/bin/oom_solr.sh 8983 /var/solr/logs -jar
start.jar --module=http
centos6856 1837 0 01:56 pts/000:00:00 grep --color=auto solr
[centos@ip-xx-xxx-xx-xxx ~]$ cd /opt/solr
[centos@ip-xx-xxx-xx-xxx solr]$ cd server/etc/
[centos@ip-xx-xxx-xx-xxx etc]$ ls
jetty-https.xml jetty-http.xml jetty-ssl.xml jetty.xml webdefault.xml
[centos@ip-xx-xxx-xx-xxx etc]$ ls
jetty-https.xml jetty-http.xml jetty-ssl.xml jetty.xml webdefault.xml
[centos@ip-xx-xxx-xx-xxx etc]$ sudo keytool -genkeypair -alias solr-ssl -keyalg
RSA -keysize 2048 -keypass secret -storepass secret -validity -keystore
solr-ssl.keystore.jks -ext SAN=DNS:localhost,IP:xx.xxx.xxx.xxx,IP:127.0.0.1
-dname "CN=zksolr, OU=Search, O=OK, L=Newyork, ST=Newyork, C=USA"
[centos@ip-xx-xxx-xx-xxx etc]$ ls -al
total 60
drwxr-xr-x. 2 root docker 4096 Jan 2 02:02 .
drwxr-xr-x. 11 root docker 4096 Jan 2 01:56 ..
-rw-r--r--. 1 root docker 3055 Sep 13 20:26 jetty-https.xml
-rw-r--r--. 1 root docker 2684 Sep 13 20:26 jetty-http.xml
-rw-r--r--. 1 root docker 2449 Jul 14 12:13 jetty-ssl.xml
-rw-r--r--. 1 root docker 9389 Sep 14 14:26 jetty.xml
-rw---. 1 root docker 2258 Jan 2 02:02 solr-ssl.keystore.jks
-rw-r--r--. 1 root docker 24425 Jul 14 12:13 webdefault.xml
[centos@ip-xx-xxx-xx-xxx etc]$ sudo keytool -importkeystore -srckeystore
solr-ssl.keystore.jks -destkeystore solr-ssl.keystore.p12 -srcstoretype jks
-deststoretype pkcs12
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
Entry for alias solr-ssl successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or
cancelled
[centos@ip-xx-xxx-xx-xxx etc]$ sudo openssl pkcs12 -in solr-ssl.keystore.p12
-out solr-ssl.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
[centos@ip-xx-xxx-xx-xxx etc]$ ls -al
total 68
drwxr-xr-x. 2 root docker 4096 Jan 2 02:03 .
drwxr-xr-x. 11 root docker 4096 Jan 2 01:56 ..
-rw-r--r--. 1 root docker 3055 Sep 13 20:26 jetty-https.xml
-rw-r--r--. 1 root docker 2684 Sep 13 20:26 jetty-http.xml
-rw-r--r--. 1 root docker 2449 Jul 14 12:13 jetty-ssl.xml
-rw-r--r--. 1 root docker 9389 Sep 14 14:26 jetty.xml
-rw---. 1 root docker 2258 Jan 2 02:02 solr-ssl.keystore.jks
-rw---. 1 root docker 2608 Jan 2 02:02 solr-ssl.keystore.p12
-rw---. 1 root docker 1662 Jan 2 02:03 solr-ssl.pem
-rw-r--r--. 1 root docker 24425 Jul 14 12:13 webdefault.xml
[centos@ip-xx-xxx-xx-xxx etc]$ vi /etc/default/solr.in.sh
[centos@ip-xx-xxx-xx-xxx etc]$ sudo vi /etc/default/solr.in.sh
[centos@ip-xx-xxx-xx-xxx etc]$ sudo service solr stop
Sending stop command to Solr running on port 8983 ... waiting 5 seconds to
allow Jetty process 6683 to stop gracefully.
[centos@ip-xx-xxx-xx-xxx etc]$ sudo service solr start
Waiting up to 30 seconds to see Solr running on port 8983 [-] Stil
