RE: Enabling SSL in solr server. (Single mode or Cloud mode) Getting Errors & How to add parameters to service script.

Behera, Pranaya P Wed, 11 Jan 2017 20:17:16 -0800

Hi,
      I still haven't figured it out how to enable the same.

-----Original Message-----
From: Behera, Pranaya P [mailto:pbeh...@jcp.com]
Sent: Monday, January 02, 2017 1:47 PM
To: solr-user@lucene.apache.org
Subject: Enabling SSL in solr server. (Single mode or Cloud mode) Getting 
Errors & How to add parameters to service script.


Hi,
     I have followed the documentation and executed in a fresh machine to 
enable the ssl in the server. It is an ec2 instance of centos 7. I have 
installed solr which is working fine. But as soon as I modify 
/etc/default/solr.in.sh file to incorporate the ssl related variables, the 
server never starts. Here is the command used to get it up and running but alas 
no result till now.

[centos@ip-xx-xxx-xx-xxx ~]$ sudo bash ./install_solr_service.sh solr-6.2.1.tgz

Extracting solr-6.2.1.tgz to /opt


Installing symlink /opt/solr -> /opt/solr-6.2.1 ...


Installing /etc/init.d/solr script ...


Installing /etc/default/solr.in.sh ...

Waiting up to 30 seconds to see Solr running on port 8983 [/] Started Solr 
server on port 8983 (pid=6683). Happy searching!

Found 1 Solr nodes:

Solr process 6683 running on port 8983
{
  "solr_home":"/var/solr/data",
  "version":"6.2.1 43ab70147eb494324a1410f7a9f16a896a59bc6f - shalin - 
2016-09-15 05:20:53",
  "startTime":"2017-01-02T07:56:25.414Z",
  "uptime":"0 days, 0 hours, 0 minutes, 10 seconds",
  "memory":"82.3 MB (%16.8) of 490.7 MB"}

Service solr installed.
[centos@ip-xx-xxx-xx-xxx ~]$ ps -ef | grep solr
solr      6683     1 15 01:56 ?        00:00:02 java -server -Xms512m -Xmx512m 
-XX:NewRatio=3 -XX:SurvivorRatio=4 -XX:TargetSurvivorRatio=90 
-XX:MaxTenuringThreshold=8 -XX:+UseConcMarkSweepGC -XX:+UseParNewGC 
-XX:ConcGCThreads=4 -XX:ParallelGCThreads=4 -XX:+CMSScavengeBeforeRemark 
-XX:PretenureSizeThreshold=64m -XX:+UseCMSInitiatingOccupancyOnly 
-XX:CMSInitiatingOccupancyFraction=50 -XX:CMSMaxAbortablePrecleanTime=6000 
-XX:+CMSParallelRemarkEnabled -XX:+ParallelRefProcEnabled -verbose:gc 
-XX:+PrintHeapAtGC -XX:+PrintGCDetails -XX:+PrintGCDateStamps 
-XX:+PrintGCTimeStamps -XX:+PrintTenuringDistribution 
-XX:+PrintGCApplicationStoppedTime -Xloggc:/var/solr/logs/solr_gc.log 
-Djetty.port=8983 -DSTOP.PORT=7983 -DSTOP.KEY=solrrocks -Duser.timezone=UTC 
-Djetty.home=/opt/solr/server -Dsolr.solr.home=/var/solr/data 
-Dsolr.install.dir=/opt/solr 
-Dlog4j.configuration=file:/var/solr/log4j.properties -Xss256k 
-XX:OnOutOfMemoryError=/opt/solr/bin/oom_solr.sh 8983 /var/solr/logs -jar 
start.jar --module=http
centos    6856  1837  0 01:56 pts/0    00:00:00 grep --color=auto solr
[centos@ip-xx-xxx-xx-xxx ~]$ cd /opt/solr [centos@ip-xx-xxx-xx-xxx solr]$ cd 
server/etc/ [centos@ip-xx-xxx-xx-xxx etc]$ ls jetty-https.xml  jetty-http.xml  
jetty-ssl.xml  jetty.xml  webdefault.xml [centos@ip-xx-xxx-xx-xxx etc]$ ls 
jetty-https.xml  jetty-http.xml  jetty-ssl.xml  jetty.xml  webdefault.xml 
[centos@ip-xx-xxx-xx-xxx etc]$ sudo keytool -genkeypair -alias solr-ssl -keyalg 
RSA -keysize 2048 -keypass secret -storepass secret -validity 9999 -keystore 
solr-ssl.keystore.jks -ext SAN=DNS:localhost,IP:xx.xxx.xxx.xxx,IP:127.0.0.1 
-dname "CN=zksolr, OU=Search, O=OK, L=Newyork, ST=Newyork, C=USA"
[centos@ip-xx-xxx-xx-xxx etc]$ ls -al
total 60
drwxr-xr-x.  2 root docker  4096 Jan  2 02:02 .
drwxr-xr-x. 11 root docker  4096 Jan  2 01:56 ..
-rw-r--r--.  1 root docker  3055 Sep 13 20:26 jetty-https.xml -rw-r--r--.  1 
root docker  2684 Sep 13 20:26 jetty-http.xml -rw-r--r--.  1 root docker  2449 
Jul 14 12:13 jetty-ssl.xml -rw-r--r--.  1 root docker  9389 Sep 14 14:26 
jetty.xml -rw-------.  1 root docker  2258 Jan  2 02:02 solr-ssl.keystore.jks 
-rw-r--r--.  1 root docker 24425 Jul 14 12:13 webdefault.xml 
[centos@ip-xx-xxx-xx-xxx etc]$ sudo keytool -importkeystore -srckeystore 
solr-ssl.keystore.jks -destkeystore solr-ssl.keystore.p12 -srcstoretype jks 
-deststoretype pkcs12 Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
Entry for alias solr-ssl successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or 
cancelled [centos@ip-xx-xxx-xx-xxx etc]$ sudo openssl pkcs12 -in 
solr-ssl.keystore.p12 -out solr-ssl.pem Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
[centos@ip-xx-xxx-xx-xxx etc]$ ls -al
total 68
drwxr-xr-x.  2 root docker  4096 Jan  2 02:03 .
drwxr-xr-x. 11 root docker  4096 Jan  2 01:56 ..
-rw-r--r--.  1 root docker  3055 Sep 13 20:26 jetty-https.xml -rw-r--r--.  1 
root docker  2684 Sep 13 20:26 jetty-http.xml -rw-r--r--.  1 root docker  2449 
Jul 14 12:13 jetty-ssl.xml -rw-r--r--.  1 root docker  9389 Sep 14 14:26 
jetty.xml -rw-------.  1 root docker  2258 Jan  2 02:02 solr-ssl.keystore.jks 
-rw-------.  1 root docker  2608 Jan  2 02:02 solr-ssl.keystore.p12 -rw-------. 
 1 root docker  1662 Jan  2 02:03 solr-ssl.pem -rw-r--r--.  1 root docker 24425 
Jul 14 12:13 webdefault.xml [centos@ip-xx-xxx-xx-xxx etc]$ vi 
/etc/default/solr.in.sh [centos@ip-xx-xxx-xx-xxx etc]$ sudo vi 
/etc/default/solr.in.sh [centos@ip-xx-xxx-xx-xxx etc]$ sudo service solr stop 
Sending stop command to Solr running on port 8983 ... waiting 5 seconds to 
allow Jetty process 6683 to stop gracefully.
[centos@ip-xx-xxx-xx-xxx etc]$ sudo service solr start Waiting up to 30 seconds 
to see Solr running on port 8983 [-]  Still not seeing Solr listening on 8983 
after 30 seconds!
2017-01-02 08:06:02.702 INFO  (main) [   ] o.e.j.u.log Logging initialized 
@324ms
2017-01-02 08:06:02.913 INFO  (main) [   ] o.e.j.s.Server jetty-9.3.8.v20160314
2017-01-02 08:06:02.931 INFO  (main) [   ] o.e.j.d.p.ScanningAppProvider 
Deployment monitor [file:///opt/solr-6.2.1/server/contexts/] at interval 0
2017-01-02 08:06:03.214 INFO  (main) [   ] o.e.j.w.StandardDescriptorProcessor 
NO JSP Support for /solr, did not find org.apache.jasper.servlet.JspServlet
2017-01-02 08:06:03.226 WARN  (main) [   ] o.e.j.s.SecurityHandler 
ServletContext@o.e.j.w.WebAppContext@67784306{/solr,file:///opt/solr-6.2.1/server/solr-webapp/webapp/,STARTING}{/opt/solr-6.2.1/server/solr-webapp/webapp}
 has uncovered http methods for path: /
2017-01-02 08:06:03.237 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter 
SolrDispatchFilter.init(): WebAppClassLoader=1037324811@3dd4520b
2017-01-02 08:06:03.254 INFO  (main) [   ] o.a.s.c.SolrResourceLoader JNDI not 
configured for solr (NoInitialContextEx)
2017-01-02 08:06:03.254 INFO  (main) [   ] o.a.s.c.SolrResourceLoader using 
system property solr.solr.home: /var/solr/data
2017-01-02 08:06:03.255 INFO  (main) [   ] o.a.s.c.SolrResourceLoader new 
SolrResourceLoader for directory: '/var/solr/data'
2017-01-02 08:06:03.255 INFO  (main) [   ] o.a.s.c.SolrResourceLoader JNDI not 
configured for solr (NoInitialContextEx)
2017-01-02 08:06:03.255 INFO  (main) [   ] o.a.s.c.SolrResourceLoader using 
system property solr.solr.home: /var/solr/data
2017-01-02 08:06:03.260 INFO  (main) [   ] o.a.s.c.SolrXmlConfig Loading 
container configuration from /var/solr/data/solr.xml
2017-01-02 08:06:03.320 INFO  (main) [   ] o.a.s.c.CorePropertiesLocator 
Config-defined core root directory: /var/solr/data
2017-01-02 08:06:03.346 INFO  (main) [   ] o.a.s.c.CoreContainer New 
CoreContainer 1256440269
2017-01-02 08:06:03.346 INFO  (main) [   ] o.a.s.c.CoreContainer Loading cores 
into CoreContainer [instanceDir=/var/solr/data]
2017-01-02 08:06:03.346 WARN  (main) [   ] o.a.s.c.CoreContainer Couldn't add 
files from /var/solr/data/lib to classpath: /var/solr/data/lib
2017-01-02 08:06:03.359 INFO  (main) [   ] o.a.s.h.c.HttpShardHandlerFactory 
created with socketTimeout : 600000,connTimeout : 60000,maxConnectionsPerHost : 
20,maxConnections : 10000,corePoolSize : 0,maximumPoolSize : 
2147483647,maxThreadIdleTime : 5,sizeOfQueue : -1,fairnessPolicy : 
false,useRetries : false,connectionsEvictorSleepDelay : 
5000,maxConnectionIdleTime : 40000,
2017-01-02 08:06:03.548 INFO  (main) [   ] o.a.s.u.UpdateShardHandler Creating 
UpdateShardHandler HTTP client with params: 
socketTimeout=600000&connTimeout=60000&retry=true
2017-01-02 08:06:03.552 INFO  (main) [   ] o.a.s.l.LogWatcher SLF4J impl is 
org.slf4j.impl.Log4jLoggerFactory
2017-01-02 08:06:03.553 INFO  (main) [   ] o.a.s.l.LogWatcher Registering Log 
Listener [Log4j (org.slf4j.impl.Log4jLoggerFactory)]
2017-01-02 08:06:03.555 INFO  (main) [   ] o.a.s.c.CoreContainer Security conf 
doesn't exist. Skipping setup for authorization module.
2017-01-02 08:06:03.555 INFO  (main) [   ] o.a.s.c.CoreContainer No 
authentication plugin used.
2017-01-02 08:06:03.607 INFO  (main) [   ] o.a.s.c.CorePropertiesLocator 
Looking for core definitions underneath /var/solr/data
2017-01-02 08:06:03.607 INFO  (main) [   ] o.a.s.c.CorePropertiesLocator Found 
0 core definitions
2017-01-02 08:06:03.611 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter 
user.dir=/opt/solr-6.2.1/server
2017-01-02 08:06:03.611 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter 
SolrDispatchFilter.init() done
2017-01-02 08:06:03.625 INFO  (main) [   ] o.e.j.s.h.ContextHandler Started 
o.e.j.w.WebAppContext@67784306{/solr,file:///opt/solr-6.2.1/server/solr-webapp/webapp/,AVAILABLE}{/opt/solr-6.2.1/server/solr-webapp/webapp}<mailto:o.e.j.w.WebAppContext@67784306%7b/solr,file:///opt/solr-6.2.1/server/solr-webapp/webapp/,AVAILABLE%7d%7b/opt/solr-6.2.1/server/solr-webapp/webapp%7d>
[centos@ip-xx-xxx-xx-xxx etc]$


What would be the issue ? Please let me know how do I fix this ? Also I am 
running through service script not the bin/solr script.
How do I run the service script with additional parameters, such as adding this 
to the bin/solr script -Dsolr.ssl.checkPeerName=false, how would someone 
incorporate the same in the service script ?



Thanks & Regards
Pranaya Behera

The information transmitted is intended only for the person or entity to which 
it is addressed and may contain confidential and/or privileged material. If the 
reader of this message is not the intended recipient, you are hereby notified 
that your access is unauthorized, and any review, dissemination, distribution 
or copying of this message including any attachments is strictly prohibited. If 
you are not the intended recipient, please contact the sender and delete the 
material from any computer.
The information transmitted is intended only for the person or entity to which 
it is addressed and may contain confidential and/or privileged material. If the 
reader of this message is not the intended recipient, you are hereby notified 
that your access is unauthorized, and any review, dissemination, distribution 
or copying of this message including any attachments is strictly prohibited. If 
you are not the intended recipient, please contact the sender and delete the 
material from any computer.

RE: Enabling SSL in solr server. (Single mode or Cloud mode) Getting Errors & How to add parameters to service script.

Reply via email to