Re: Issues with using ZooKeeper 3.5.5 together with Solr 8.2.0
Sure. I have another thread on this in the Solr mailing list.
Regards,
Edwin
On Wed, 31 Jul 2019 at 14:04, Jörn Franke wrote:
> Could be a Solr issue. Check the Solr mailing list - they can help you
> there better on Solr issues.
>
> > Am 31.07.2019 um 04:27 schrieb Zheng Lin Edwin Yeo >:
> >
> > Thanks everyone for your reply.
> >
> > I have tried to put the following in zoo.cfg under ZooKeeper:
> > 4lw.commands.whitelist=mntr,conf,ruok
> >
> > But it is still showing this error.
> > *"Errors: - membership: Check 4lq.commands.whitelist setting in zookeeper
> > configuration file."*
> >
> > As I am using SolrCloud, the collection config can still be loaded to
> > ZooKeeper as per normal. But if I tried to create a collection, I will
> get
> > the following error:
> >
> > {
> > "responseHeader":{
> >"status":400,
> >"QTime":686},
> > "failure":{
> >"192.168.1.2:8983
> _solr":"org.apache.solr.client.solrj.SolrServerException:IOException
> > occurred when talking to server at: http://192.168.1.2:8983/solr";,
> >"192.168.1.2:8984
> _solr":"org.apache.solr.client.solrj.SolrServerException:IOException
> > occurred when talking to server at: http://192.168.1.2:8984/solr"},
> > "Operation create caused
> >
> exception:":"org.apache.solr.common.SolrException:org.apache.solr.common.SolrException:
> > Underlying core creation failed while creating collection: collection1",
> > "exception":{f
> >"msg":"Underlying core creation failed while creating collection:
> > collection1",
> >"rspCode":400},
> > "error":{
> >"metadata":[
> > "error-class","org.apache.solr.common.SolrException",
> > "root-error-class","org.apache.solr.common.SolrException"],
> >"msg":"Underlying core creation failed while creating collection:
> > collection1",
> >"code":400}}
> >
> > Is there anything which I may have missed out?
> >
> > Regards,
> > Edwin
> >
> >> On Wed, 31 Jul 2019 at 00:12, Shawn Heisey wrote:
> >>
> >>> On 7/29/2019 11:45 PM, Enrico Olivelli wrote:
> >>> Due to potential security risks since ZK 3.5 you have to explicitly
> >>> whitelist some commands.
> >>
> >> The 3.5.5 documentation says that "*" can be used to whitelist all
> >> commands.
> >>
> >> But what you just said seems to contradict that. If your statement is
> >> more accurate, then the documentation should be updated to list the
> >> commands that are NOT enabled when using a wildcard.
> >>
> >> There is a SOLR issue to upgrade the client in Solr to 3.5.5:
> >>
> >> https://issues.apache.org/jira/browse/SOLR-8346
> >>
> >> A comment was made on this issue saying that the following config is
> >> needed when the server is running 3.5.x:
> >>
> >> 4lw.commands.whitelist=mntr,conf,ruok
> >>
> >> Thanks,
> >> Shawn
> >>
>
Re: Issues with using ZooKeeper 3.5.5 together with Solr 8.2.0
Could be a Solr issue. Check the Solr mailing list - they can help you there
better on Solr issues.
> Am 31.07.2019 um 04:27 schrieb Zheng Lin Edwin Yeo :
>
> Thanks everyone for your reply.
>
> I have tried to put the following in zoo.cfg under ZooKeeper:
> 4lw.commands.whitelist=mntr,conf,ruok
>
> But it is still showing this error.
> *"Errors: - membership: Check 4lq.commands.whitelist setting in zookeeper
> configuration file."*
>
> As I am using SolrCloud, the collection config can still be loaded to
> ZooKeeper as per normal. But if I tried to create a collection, I will get
> the following error:
>
> {
> "responseHeader":{
>"status":400,
>"QTime":686},
> "failure":{
>
> "192.168.1.2:8983_solr":"org.apache.solr.client.solrj.SolrServerException:IOException
> occurred when talking to server at: http://192.168.1.2:8983/solr";,
>
> "192.168.1.2:8984_solr":"org.apache.solr.client.solrj.SolrServerException:IOException
> occurred when talking to server at: http://192.168.1.2:8984/solr"},
> "Operation create caused
> exception:":"org.apache.solr.common.SolrException:org.apache.solr.common.SolrException:
> Underlying core creation failed while creating collection: collection1",
> "exception":{f
>"msg":"Underlying core creation failed while creating collection:
> collection1",
>"rspCode":400},
> "error":{
>"metadata":[
> "error-class","org.apache.solr.common.SolrException",
> "root-error-class","org.apache.solr.common.SolrException"],
>"msg":"Underlying core creation failed while creating collection:
> collection1",
>"code":400}}
>
> Is there anything which I may have missed out?
>
> Regards,
> Edwin
>
>> On Wed, 31 Jul 2019 at 00:12, Shawn Heisey wrote:
>>
>>> On 7/29/2019 11:45 PM, Enrico Olivelli wrote:
>>> Due to potential security risks since ZK 3.5 you have to explicitly
>>> whitelist some commands.
>>
>> The 3.5.5 documentation says that "*" can be used to whitelist all
>> commands.
>>
>> But what you just said seems to contradict that. If your statement is
>> more accurate, then the documentation should be updated to list the
>> commands that are NOT enabled when using a wildcard.
>>
>> There is a SOLR issue to upgrade the client in Solr to 3.5.5:
>>
>> https://issues.apache.org/jira/browse/SOLR-8346
>>
>> A comment was made on this issue saying that the following config is
>> needed when the server is running 3.5.x:
>>
>> 4lw.commands.whitelist=mntr,conf,ruok
>>
>> Thanks,
>> Shawn
>>
Re: Issues with using ZooKeeper 3.5.5 together with Solr 8.2.0
Thanks everyone for your reply.
I have tried to put the following in zoo.cfg under ZooKeeper:
4lw.commands.whitelist=mntr,conf,ruok
But it is still showing this error.
*"Errors: - membership: Check 4lq.commands.whitelist setting in zookeeper
configuration file."*
As I am using SolrCloud, the collection config can still be loaded to
ZooKeeper as per normal. But if I tried to create a collection, I will get
the following error:
{
"responseHeader":{
"status":400,
"QTime":686},
"failure":{
"192.168.1.2:8983_solr":"org.apache.solr.client.solrj.SolrServerException:IOException
occurred when talking to server at: http://192.168.1.2:8983/solr";,
"192.168.1.2:8984_solr":"org.apache.solr.client.solrj.SolrServerException:IOException
occurred when talking to server at: http://192.168.1.2:8984/solr"},
"Operation create caused
exception:":"org.apache.solr.common.SolrException:org.apache.solr.common.SolrException:
Underlying core creation failed while creating collection: collection1",
"exception":{f
"msg":"Underlying core creation failed while creating collection:
collection1",
"rspCode":400},
"error":{
"metadata":[
"error-class","org.apache.solr.common.SolrException",
"root-error-class","org.apache.solr.common.SolrException"],
"msg":"Underlying core creation failed while creating collection:
collection1",
"code":400}}
Is there anything which I may have missed out?
Regards,
Edwin
On Wed, 31 Jul 2019 at 00:12, Shawn Heisey wrote:
> On 7/29/2019 11:45 PM, Enrico Olivelli wrote:
> > Due to potential security risks since ZK 3.5 you have to explicitly
> > whitelist some commands.
>
> The 3.5.5 documentation says that "*" can be used to whitelist all
> commands.
>
> But what you just said seems to contradict that. If your statement is
> more accurate, then the documentation should be updated to list the
> commands that are NOT enabled when using a wildcard.
>
> There is a SOLR issue to upgrade the client in Solr to 3.5.5:
>
> https://issues.apache.org/jira/browse/SOLR-8346
>
> A comment was made on this issue saying that the following config is
> needed when the server is running 3.5.x:
>
> 4lw.commands.whitelist=mntr,conf,ruok
>
> Thanks,
> Shawn
>
Can SSL capability be satisfied by a smaller dependency than netty-all?
We neglected to notice that netty is a required dependency for ZK SSL when we upgraded to ZK 3.5.5 in Solr. We have an issue to track this: https://issues.apache.org/jira/browse/SOLR-13665 I was noticing that the netty-all jar included in ZK is nearly 4MB ... and we will have to include it twice in the Solr download because it is needed for the SolrJ client as well as the Solr server. The Solr download is already quite large ... increasing it by another 7MB is painful. I'm hoping that ZK's SSL capability can be satisfied by one of the smaller netty jars, rather than netty-all. Is that a question that can be answered here on the ZK list? The specific class that is mentioned by the error is included in netty-transport. Thanks, Shawn
Clarification: SSL Client: Need of keystore?
Hi, I have a kerberized Zookeeper cluster and would like to add SSL on the client side and to the quorum. So far the server configuration is clear. However, according to https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide I need to specify on the client side zookeeper.ssl.keyStore.location="/path/to/your/keystore" zookeeper.ssl.keyStore.password="keystore_password" zookeeper.ssl.trustStore.location="/path/to/your/truststore" zookeeper.ssl.trustStore.password="truststore_password" I do understand the need to provide a truststore, but why does the client need a keystore. As far as I understood the keystore is only needed for X509 authentication, but I use the Kerberos authentication. Does it mean the SSL client connection requires X509 authentication and Kerberos is not possible? Can you please clarify? thank you. best regards
Re: Issues with using ZooKeeper 3.5.5 together with Solr 8.2.0
On 7/29/2019 11:45 PM, Enrico Olivelli wrote: Due to potential security risks since ZK 3.5 you have to explicitly whitelist some commands. The 3.5.5 documentation says that "*" can be used to whitelist all commands. But what you just said seems to contradict that. If your statement is more accurate, then the documentation should be updated to list the commands that are NOT enabled when using a wildcard. There is a SOLR issue to upgrade the client in Solr to 3.5.5: https://issues.apache.org/jira/browse/SOLR-8346 A comment was made on this issue saying that the following config is needed when the server is running 3.5.x: 4lw.commands.whitelist=mntr,conf,ruok Thanks, Shawn
Re: Issues with using ZooKeeper 3.5.5 together with Solr 8.2.0
Due to potential security risks since ZK 3.5 you have to explicitly whitelist some commands. I think you should contact SolrCloud I hope that helps Enrico Il mar 30 lug 2019, 04:08 Zheng Lin Edwin Yeo ha scritto: > Hi, > > I am using the new Solr 8.2.0 with SolrCloud and external ZooKeeper 3.5.5. > > However, after adding in the line under zoo.cfg > *4lw.commands.whitelist=** > > I get the error under Cloud -> ZK Status in Solr > *"Errors: - membership: Check 4lq.commands.whitelist setting in zookeeper > configuration file."* > > I have noticed that the issue is cause by adding the "conf" in the > whitelist. But if I do not add the "conf" to the whitelist, I will get the > following error: > *"Errors: - conf is not executed because it is not in the whitelist. Check > 4lw.commands.whitelist setting in zookeeper configuration file."* > > What could be the issue that cause this error, and how can we resolve it? > > Thank you. > > Regards, > Edwin >
