RE: Enabling SSL in solr server. (Single mode or Cloud mode) Getting Errors & How to add parameters to service script.
Hi, I still haven't figured it out how to enable the same. -Original Message- From: Behera, Pranaya P [mailto:pbeh...@jcp.com] Sent: Monday, January 02, 2017 1:47 PM To: solr-user@lucene.apache.org Subject: Enabling SSL in solr server. (Single mode or Cloud mode) Getting Errors & How to add parameters to service script. Hi, I have followed the documentation and executed in a fresh machine to enable the ssl in the server. It is an ec2 instance of centos 7. I have installed solr which is working fine. But as soon as I modify /etc/default/solr.in.sh file to incorporate the ssl related variables, the server never starts. Here is the command used to get it up and running but alas no result till now. [centos@ip-xx-xxx-xx-xxx ~]$ sudo bash ./install_solr_service.sh solr-6.2.1.tgz Extracting solr-6.2.1.tgz to /opt Installing symlink /opt/solr -> /opt/solr-6.2.1 ... Installing /etc/init.d/solr script ... Installing /etc/default/solr.in.sh ... Waiting up to 30 seconds to see Solr running on port 8983 [/] Started Solr server on port 8983 (pid=6683). Happy searching! Found 1 Solr nodes: Solr process 6683 running on port 8983 { "solr_home":"/var/solr/data", "version":"6.2.1 43ab70147eb494324a1410f7a9f16a896a59bc6f - shalin - 2016-09-15 05:20:53", "startTime":"2017-01-02T07:56:25.414Z", "uptime":"0 days, 0 hours, 0 minutes, 10 seconds", "memory":"82.3 MB (%16.8) of 490.7 MB"} Service solr installed. [centos@ip-xx-xxx-xx-xxx ~]$ ps -ef | grep solr solr 6683 1 15 01:56 ?00:00:02 java -server -Xms512m -Xmx512m -XX:NewRatio=3 -XX:SurvivorRatio=4 -XX:TargetSurvivorRatio=90 -XX:MaxTenuringThreshold=8 -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:ConcGCThreads=4 -XX:ParallelGCThreads=4 -XX:+CMSScavengeBeforeRemark -XX:PretenureSizeThreshold=64m -XX:+UseCMSInitiatingOccupancyOnly -XX:CMSInitiatingOccupancyFraction=50 -XX:CMSMaxAbortablePrecleanTime=6000 -XX:+CMSParallelRemarkEnabled -XX:+ParallelRefProcEnabled -verbose:gc -XX:+PrintHeapAtGC -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime -Xloggc:/var/solr/logs/solr_gc.log -Djetty.port=8983 -DSTOP.PORT=7983 -DSTOP.KEY=solrrocks -Duser.timezone=UTC -Djetty.home=/opt/solr/server -Dsolr.solr.home=/var/solr/data -Dsolr.install.dir=/opt/solr -Dlog4j.configuration=file:/var/solr/log4j.properties -Xss256k -XX:OnOutOfMemoryError=/opt/solr/bin/oom_solr.sh 8983 /var/solr/logs -jar start.jar --module=http centos6856 1837 0 01:56 pts/000:00:00 grep --color=auto solr [centos@ip-xx-xxx-xx-xxx ~]$ cd /opt/solr [centos@ip-xx-xxx-xx-xxx solr]$ cd server/etc/ [centos@ip-xx-xxx-xx-xxx etc]$ ls jetty-https.xml jetty-http.xml jetty-ssl.xml jetty.xml webdefault.xml [centos@ip-xx-xxx-xx-xxx etc]$ ls jetty-https.xml jetty-http.xml jetty-ssl.xml jetty.xml webdefault.xml [centos@ip-xx-xxx-xx-xxx etc]$ sudo keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass secret -storepass secret -validity -keystore solr-ssl.keystore.jks -ext SAN=DNS:localhost,IP:xx.xxx.xxx.xxx,IP:127.0.0.1 -dname "CN=zksolr, OU=Search, O=OK, L=Newyork, ST=Newyork, C=USA" [centos@ip-xx-xxx-xx-xxx etc]$ ls -al total 60 drwxr-xr-x. 2 root docker 4096 Jan 2 02:02 . drwxr-xr-x. 11 root docker 4096 Jan 2 01:56 .. -rw-r--r--. 1 root docker 3055 Sep 13 20:26 jetty-https.xml -rw-r--r--. 1 root docker 2684 Sep 13 20:26 jetty-http.xml -rw-r--r--. 1 root docker 2449 Jul 14 12:13 jetty-ssl.xml -rw-r--r--. 1 root docker 9389 Sep 14 14:26 jetty.xml -rw---. 1 root docker 2258 Jan 2 02:02 solr-ssl.keystore.jks -rw-r--r--. 1 root docker 24425 Jul 14 12:13 webdefault.xml [centos@ip-xx-xxx-xx-xxx etc]$ sudo keytool -importkeystore -srckeystore solr-ssl.keystore.jks -destkeystore solr-ssl.keystore.p12 -srcstoretype jks -deststoretype pkcs12 Enter destination keystore password: Re-enter new password: Enter source keystore password: Entry for alias solr-ssl successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled [centos@ip-xx-xxx-xx-xxx etc]$ sudo openssl pkcs12 -in solr-ssl.keystore.p12 -out solr-ssl.pem Enter Import Password: MAC verified OK Enter PEM pass phrase: [centos@ip-xx-xxx-xx-xxx etc]$ ls -al total 68 drwxr-xr-x. 2 root docker 4096 Jan 2 02:03 . drwxr-xr-x. 11 root docker 4096 Jan 2 01:56 .. -rw-r--r--. 1 root docker 3055 Sep 13 20:26 jetty-https.xml -rw-r--r--. 1 root docker 2684 Sep 13 20:26 jetty-http.xml -rw-r--r--. 1 root docker 2449 Jul 14 12:13 jetty-ssl.xml -rw-r--r--. 1 root docker 9389 Sep 14 14:26 jetty.xml -rw---. 1 root docker 2258 Jan 2 02:02 solr-ssl.keystore.jks -rw---. 1 root docker 2608 Jan 2 02:02 solr-ssl.keystore.p12 -rw---. 1 root docker 1662 Jan 2 02:03 solr-ssl.pe
Enabling SSL in solr server. (Single mode or Cloud mode) Getting Errors & How to add parameters to service script.
Hi, I have followed the documentation and executed in a fresh machine to enable the ssl in the server. It is an ec2 instance of centos 7. I have installed solr which is working fine. But as soon as I modify /etc/default/solr.in.sh file to incorporate the ssl related variables, the server never starts. Here is the command used to get it up and running but alas no result till now. [centos@ip-xx-xxx-xx-xxx ~]$ sudo bash ./install_solr_service.sh solr-6.2.1.tgz Extracting solr-6.2.1.tgz to /opt Installing symlink /opt/solr -> /opt/solr-6.2.1 ... Installing /etc/init.d/solr script ... Installing /etc/default/solr.in.sh ... Waiting up to 30 seconds to see Solr running on port 8983 [/] Started Solr server on port 8983 (pid=6683). Happy searching! Found 1 Solr nodes: Solr process 6683 running on port 8983 { "solr_home":"/var/solr/data", "version":"6.2.1 43ab70147eb494324a1410f7a9f16a896a59bc6f - shalin - 2016-09-15 05:20:53", "startTime":"2017-01-02T07:56:25.414Z", "uptime":"0 days, 0 hours, 0 minutes, 10 seconds", "memory":"82.3 MB (%16.8) of 490.7 MB"} Service solr installed. [centos@ip-xx-xxx-xx-xxx ~]$ ps -ef | grep solr solr 6683 1 15 01:56 ?00:00:02 java -server -Xms512m -Xmx512m -XX:NewRatio=3 -XX:SurvivorRatio=4 -XX:TargetSurvivorRatio=90 -XX:MaxTenuringThreshold=8 -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:ConcGCThreads=4 -XX:ParallelGCThreads=4 -XX:+CMSScavengeBeforeRemark -XX:PretenureSizeThreshold=64m -XX:+UseCMSInitiatingOccupancyOnly -XX:CMSInitiatingOccupancyFraction=50 -XX:CMSMaxAbortablePrecleanTime=6000 -XX:+CMSParallelRemarkEnabled -XX:+ParallelRefProcEnabled -verbose:gc -XX:+PrintHeapAtGC -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime -Xloggc:/var/solr/logs/solr_gc.log -Djetty.port=8983 -DSTOP.PORT=7983 -DSTOP.KEY=solrrocks -Duser.timezone=UTC -Djetty.home=/opt/solr/server -Dsolr.solr.home=/var/solr/data -Dsolr.install.dir=/opt/solr -Dlog4j.configuration=file:/var/solr/log4j.properties -Xss256k -XX:OnOutOfMemoryError=/opt/solr/bin/oom_solr.sh 8983 /var/solr/logs -jar start.jar --module=http centos6856 1837 0 01:56 pts/000:00:00 grep --color=auto solr [centos@ip-xx-xxx-xx-xxx ~]$ cd /opt/solr [centos@ip-xx-xxx-xx-xxx solr]$ cd server/etc/ [centos@ip-xx-xxx-xx-xxx etc]$ ls jetty-https.xml jetty-http.xml jetty-ssl.xml jetty.xml webdefault.xml [centos@ip-xx-xxx-xx-xxx etc]$ ls jetty-https.xml jetty-http.xml jetty-ssl.xml jetty.xml webdefault.xml [centos@ip-xx-xxx-xx-xxx etc]$ sudo keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass secret -storepass secret -validity -keystore solr-ssl.keystore.jks -ext SAN=DNS:localhost,IP:xx.xxx.xxx.xxx,IP:127.0.0.1 -dname "CN=zksolr, OU=Search, O=OK, L=Newyork, ST=Newyork, C=USA" [centos@ip-xx-xxx-xx-xxx etc]$ ls -al total 60 drwxr-xr-x. 2 root docker 4096 Jan 2 02:02 . drwxr-xr-x. 11 root docker 4096 Jan 2 01:56 .. -rw-r--r--. 1 root docker 3055 Sep 13 20:26 jetty-https.xml -rw-r--r--. 1 root docker 2684 Sep 13 20:26 jetty-http.xml -rw-r--r--. 1 root docker 2449 Jul 14 12:13 jetty-ssl.xml -rw-r--r--. 1 root docker 9389 Sep 14 14:26 jetty.xml -rw---. 1 root docker 2258 Jan 2 02:02 solr-ssl.keystore.jks -rw-r--r--. 1 root docker 24425 Jul 14 12:13 webdefault.xml [centos@ip-xx-xxx-xx-xxx etc]$ sudo keytool -importkeystore -srckeystore solr-ssl.keystore.jks -destkeystore solr-ssl.keystore.p12 -srcstoretype jks -deststoretype pkcs12 Enter destination keystore password: Re-enter new password: Enter source keystore password: Entry for alias solr-ssl successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled [centos@ip-xx-xxx-xx-xxx etc]$ sudo openssl pkcs12 -in solr-ssl.keystore.p12 -out solr-ssl.pem Enter Import Password: MAC verified OK Enter PEM pass phrase: [centos@ip-xx-xxx-xx-xxx etc]$ ls -al total 68 drwxr-xr-x. 2 root docker 4096 Jan 2 02:03 . drwxr-xr-x. 11 root docker 4096 Jan 2 01:56 .. -rw-r--r--. 1 root docker 3055 Sep 13 20:26 jetty-https.xml -rw-r--r--. 1 root docker 2684 Sep 13 20:26 jetty-http.xml -rw-r--r--. 1 root docker 2449 Jul 14 12:13 jetty-ssl.xml -rw-r--r--. 1 root docker 9389 Sep 14 14:26 jetty.xml -rw---. 1 root docker 2258 Jan 2 02:02 solr-ssl.keystore.jks -rw---. 1 root docker 2608 Jan 2 02:02 solr-ssl.keystore.p12 -rw---. 1 root docker 1662 Jan 2 02:03 solr-ssl.pem -rw-r--r--. 1 root docker 24425 Jul 14 12:13 webdefault.xml [centos@ip-xx-xxx-xx-xxx etc]$ vi /etc/default/solr.in.sh [centos@ip-xx-xxx-xx-xxx etc]$ sudo vi /etc/default/solr.in.sh [centos@ip-xx-xxx-xx-xxx etc]$ sudo service solr stop Sending stop command to Solr running on port 8983 ... waiting 5 seconds to allow Jetty process 6683 to stop gracefully. [centos@ip-xx-xxx-xx-xxx etc]$ sudo service solr start Waiting up to 30 seconds to see Solr running on port 8983 [-] Stil