Hi, I still haven't figured it out how to enable the same. -----Original Message----- From: Behera, Pranaya P [mailto:pbeh...@jcp.com] Sent: Monday, January 02, 2017 1:47 PM To: solr-user@lucene.apache.org Subject: Enabling SSL in solr server. (Single mode or Cloud mode) Getting Errors & How to add parameters to service script.
Hi, I have followed the documentation and executed in a fresh machine to enable the ssl in the server. It is an ec2 instance of centos 7. I have installed solr which is working fine. But as soon as I modify /etc/default/solr.in.sh file to incorporate the ssl related variables, the server never starts. Here is the command used to get it up and running but alas no result till now. [centos@ip-xx-xxx-xx-xxx ~]$ sudo bash ./install_solr_service.sh solr-6.2.1.tgz Extracting solr-6.2.1.tgz to /opt Installing symlink /opt/solr -> /opt/solr-6.2.1 ... Installing /etc/init.d/solr script ... Installing /etc/default/solr.in.sh ... Waiting up to 30 seconds to see Solr running on port 8983 [/] Started Solr server on port 8983 (pid=6683). Happy searching! Found 1 Solr nodes: Solr process 6683 running on port 8983 { "solr_home":"/var/solr/data", "version":"6.2.1 43ab70147eb494324a1410f7a9f16a896a59bc6f - shalin - 2016-09-15 05:20:53", "startTime":"2017-01-02T07:56:25.414Z", "uptime":"0 days, 0 hours, 0 minutes, 10 seconds", "memory":"82.3 MB (%16.8) of 490.7 MB"} Service solr installed. [centos@ip-xx-xxx-xx-xxx ~]$ ps -ef | grep solr solr 6683 1 15 01:56 ? 00:00:02 java -server -Xms512m -Xmx512m -XX:NewRatio=3 -XX:SurvivorRatio=4 -XX:TargetSurvivorRatio=90 -XX:MaxTenuringThreshold=8 -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:ConcGCThreads=4 -XX:ParallelGCThreads=4 -XX:+CMSScavengeBeforeRemark -XX:PretenureSizeThreshold=64m -XX:+UseCMSInitiatingOccupancyOnly -XX:CMSInitiatingOccupancyFraction=50 -XX:CMSMaxAbortablePrecleanTime=6000 -XX:+CMSParallelRemarkEnabled -XX:+ParallelRefProcEnabled -verbose:gc -XX:+PrintHeapAtGC -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime -Xloggc:/var/solr/logs/solr_gc.log -Djetty.port=8983 -DSTOP.PORT=7983 -DSTOP.KEY=solrrocks -Duser.timezone=UTC -Djetty.home=/opt/solr/server -Dsolr.solr.home=/var/solr/data -Dsolr.install.dir=/opt/solr -Dlog4j.configuration=file:/var/solr/log4j.properties -Xss256k -XX:OnOutOfMemoryError=/opt/solr/bin/oom_solr.sh 8983 /var/solr/logs -jar start.jar --module=http centos 6856 1837 0 01:56 pts/0 00:00:00 grep --color=auto solr [centos@ip-xx-xxx-xx-xxx ~]$ cd /opt/solr [centos@ip-xx-xxx-xx-xxx solr]$ cd server/etc/ [centos@ip-xx-xxx-xx-xxx etc]$ ls jetty-https.xml jetty-http.xml jetty-ssl.xml jetty.xml webdefault.xml [centos@ip-xx-xxx-xx-xxx etc]$ ls jetty-https.xml jetty-http.xml jetty-ssl.xml jetty.xml webdefault.xml [centos@ip-xx-xxx-xx-xxx etc]$ sudo keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass secret -storepass secret -validity 9999 -keystore solr-ssl.keystore.jks -ext SAN=DNS:localhost,IP:xx.xxx.xxx.xxx,IP:127.0.0.1 -dname "CN=zksolr, OU=Search, O=OK, L=Newyork, ST=Newyork, C=USA" [centos@ip-xx-xxx-xx-xxx etc]$ ls -al total 60 drwxr-xr-x. 2 root docker 4096 Jan 2 02:02 . drwxr-xr-x. 11 root docker 4096 Jan 2 01:56 .. -rw-r--r--. 1 root docker 3055 Sep 13 20:26 jetty-https.xml -rw-r--r--. 1 root docker 2684 Sep 13 20:26 jetty-http.xml -rw-r--r--. 1 root docker 2449 Jul 14 12:13 jetty-ssl.xml -rw-r--r--. 1 root docker 9389 Sep 14 14:26 jetty.xml -rw-------. 1 root docker 2258 Jan 2 02:02 solr-ssl.keystore.jks -rw-r--r--. 1 root docker 24425 Jul 14 12:13 webdefault.xml [centos@ip-xx-xxx-xx-xxx etc]$ sudo keytool -importkeystore -srckeystore solr-ssl.keystore.jks -destkeystore solr-ssl.keystore.p12 -srcstoretype jks -deststoretype pkcs12 Enter destination keystore password: Re-enter new password: Enter source keystore password: Entry for alias solr-ssl successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled [centos@ip-xx-xxx-xx-xxx etc]$ sudo openssl pkcs12 -in solr-ssl.keystore.p12 -out solr-ssl.pem Enter Import Password: MAC verified OK Enter PEM pass phrase: [centos@ip-xx-xxx-xx-xxx etc]$ ls -al total 68 drwxr-xr-x. 2 root docker 4096 Jan 2 02:03 . drwxr-xr-x. 11 root docker 4096 Jan 2 01:56 .. -rw-r--r--. 1 root docker 3055 Sep 13 20:26 jetty-https.xml -rw-r--r--. 1 root docker 2684 Sep 13 20:26 jetty-http.xml -rw-r--r--. 1 root docker 2449 Jul 14 12:13 jetty-ssl.xml -rw-r--r--. 1 root docker 9389 Sep 14 14:26 jetty.xml -rw-------. 1 root docker 2258 Jan 2 02:02 solr-ssl.keystore.jks -rw-------. 1 root docker 2608 Jan 2 02:02 solr-ssl.keystore.p12 -rw-------. 1 root docker 1662 Jan 2 02:03 solr-ssl.pem -rw-r--r--. 1 root docker 24425 Jul 14 12:13 webdefault.xml [centos@ip-xx-xxx-xx-xxx etc]$ vi /etc/default/solr.in.sh [centos@ip-xx-xxx-xx-xxx etc]$ sudo vi /etc/default/solr.in.sh [centos@ip-xx-xxx-xx-xxx etc]$ sudo service solr stop Sending stop command to Solr running on port 8983 ... waiting 5 seconds to allow Jetty process 6683 to stop gracefully. [centos@ip-xx-xxx-xx-xxx etc]$ sudo service solr start Waiting up to 30 seconds to see Solr running on port 8983 [-] Still not seeing Solr listening on 8983 after 30 seconds! 2017-01-02 08:06:02.702 INFO (main) [ ] o.e.j.u.log Logging initialized @324ms 2017-01-02 08:06:02.913 INFO (main) [ ] o.e.j.s.Server jetty-9.3.8.v20160314 2017-01-02 08:06:02.931 INFO (main) [ ] o.e.j.d.p.ScanningAppProvider Deployment monitor [file:///opt/solr-6.2.1/server/contexts/] at interval 0 2017-01-02 08:06:03.214 INFO (main) [ ] o.e.j.w.StandardDescriptorProcessor NO JSP Support for /solr, did not find org.apache.jasper.servlet.JspServlet 2017-01-02 08:06:03.226 WARN (main) [ ] o.e.j.s.SecurityHandler ServletContext@o.e.j.w.WebAppContext@67784306{/solr,file:///opt/solr-6.2.1/server/solr-webapp/webapp/,STARTING}{/opt/solr-6.2.1/server/solr-webapp/webapp} has uncovered http methods for path: / 2017-01-02 08:06:03.237 INFO (main) [ ] o.a.s.s.SolrDispatchFilter SolrDispatchFilter.init(): WebAppClassLoader=1037324811@3dd4520b 2017-01-02 08:06:03.254 INFO (main) [ ] o.a.s.c.SolrResourceLoader JNDI not configured for solr (NoInitialContextEx) 2017-01-02 08:06:03.254 INFO (main) [ ] o.a.s.c.SolrResourceLoader using system property solr.solr.home: /var/solr/data 2017-01-02 08:06:03.255 INFO (main) [ ] o.a.s.c.SolrResourceLoader new SolrResourceLoader for directory: '/var/solr/data' 2017-01-02 08:06:03.255 INFO (main) [ ] o.a.s.c.SolrResourceLoader JNDI not configured for solr (NoInitialContextEx) 2017-01-02 08:06:03.255 INFO (main) [ ] o.a.s.c.SolrResourceLoader using system property solr.solr.home: /var/solr/data 2017-01-02 08:06:03.260 INFO (main) [ ] o.a.s.c.SolrXmlConfig Loading container configuration from /var/solr/data/solr.xml 2017-01-02 08:06:03.320 INFO (main) [ ] o.a.s.c.CorePropertiesLocator Config-defined core root directory: /var/solr/data 2017-01-02 08:06:03.346 INFO (main) [ ] o.a.s.c.CoreContainer New CoreContainer 1256440269 2017-01-02 08:06:03.346 INFO (main) [ ] o.a.s.c.CoreContainer Loading cores into CoreContainer [instanceDir=/var/solr/data] 2017-01-02 08:06:03.346 WARN (main) [ ] o.a.s.c.CoreContainer Couldn't add files from /var/solr/data/lib to classpath: /var/solr/data/lib 2017-01-02 08:06:03.359 INFO (main) [ ] o.a.s.h.c.HttpShardHandlerFactory created with socketTimeout : 600000,connTimeout : 60000,maxConnectionsPerHost : 20,maxConnections : 10000,corePoolSize : 0,maximumPoolSize : 2147483647,maxThreadIdleTime : 5,sizeOfQueue : -1,fairnessPolicy : false,useRetries : false,connectionsEvictorSleepDelay : 5000,maxConnectionIdleTime : 40000, 2017-01-02 08:06:03.548 INFO (main) [ ] o.a.s.u.UpdateShardHandler Creating UpdateShardHandler HTTP client with params: socketTimeout=600000&connTimeout=60000&retry=true 2017-01-02 08:06:03.552 INFO (main) [ ] o.a.s.l.LogWatcher SLF4J impl is org.slf4j.impl.Log4jLoggerFactory 2017-01-02 08:06:03.553 INFO (main) [ ] o.a.s.l.LogWatcher Registering Log Listener [Log4j (org.slf4j.impl.Log4jLoggerFactory)] 2017-01-02 08:06:03.555 INFO (main) [ ] o.a.s.c.CoreContainer Security conf doesn't exist. Skipping setup for authorization module. 2017-01-02 08:06:03.555 INFO (main) [ ] o.a.s.c.CoreContainer No authentication plugin used. 2017-01-02 08:06:03.607 INFO (main) [ ] o.a.s.c.CorePropertiesLocator Looking for core definitions underneath /var/solr/data 2017-01-02 08:06:03.607 INFO (main) [ ] o.a.s.c.CorePropertiesLocator Found 0 core definitions 2017-01-02 08:06:03.611 INFO (main) [ ] o.a.s.s.SolrDispatchFilter user.dir=/opt/solr-6.2.1/server 2017-01-02 08:06:03.611 INFO (main) [ ] o.a.s.s.SolrDispatchFilter SolrDispatchFilter.init() done 2017-01-02 08:06:03.625 INFO (main) [ ] o.e.j.s.h.ContextHandler Started o.e.j.w.WebAppContext@67784306{/solr,file:///opt/solr-6.2.1/server/solr-webapp/webapp/,AVAILABLE}{/opt/solr-6.2.1/server/solr-webapp/webapp}<mailto:o.e.j.w.WebAppContext@67784306%7b/solr,file:///opt/solr-6.2.1/server/solr-webapp/webapp/,AVAILABLE%7d%7b/opt/solr-6.2.1/server/solr-webapp/webapp%7d> [centos@ip-xx-xxx-xx-xxx etc]$ What would be the issue ? Please let me know how do I fix this ? Also I am running through service script not the bin/solr script. How do I run the service script with additional parameters, such as adding this to the bin/solr script -Dsolr.ssl.checkPeerName=false, how would someone incorporate the same in the service script ? Thanks & Regards Pranaya Behera The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer.