If the keystore and/or truststore is encrypted you need to provide the Passwort in solr.in.sh
> Am 04.06.2020 um 18:38 schrieb yaswanth kumar <yaswanth...@gmail.com>: > > I haven't done any changes on jetty xml , I am just using what it comes > with the solr package. just doing it in solr.in.sh but I am still seeing > the same issue. > > Thanks, > >> On Thu, Jun 4, 2020 at 12:23 PM Jörn Franke <jornfra...@gmail.com> wrote: >> >> I think you should not do it in the Jetty xml >> Follow the official reference guide. >> It should be in solr.in.sh >> >> https://lucene.apache.org/solr/guide/8_4/enabling-ssl.html >> >> >> >> >>>> Am 04.06.2020 um 06:48 schrieb yaswanth kumar <yaswanth...@gmail.com>: >>> >>> Hi Franke, >>> >>> I suspect its because of the certificate encryption ?? But will wait for >>> you to confirm the same. We are trying to generate a certs with RSA 2048 >>> and finally combining them to a single JKS and that's what we are >> referring >>> as a keystore and truststore, let me know if it doesn't work or if there >> is >>> a standard procedure to do this certs. >>> >>> Thanks, >>> >>>> On Wed, Jun 3, 2020 at 8:25 AM yaswanth kumar <yaswanth...@gmail.com> >> wrote: >>>> >>>> thanks Franke, >>>> >>>> I now made the use of the default jetty-ssl.xml that comes with the solr >>>> package, but the issue is still happening when I try to push data to a >>>> non-leader node. >>>> >>>> Do you still think if its something to do with the configurations ?? >>>> >>>> Thanks, >>>> >>>>> On Wed, Jun 3, 2020 at 12:29 AM Jörn Franke <jornfra...@gmail.com> >> wrote: >>>>> >>>>> Why in the jetty-ssl.xml? >>>>> >>>>> Should this not be configured in the solr.in.sh? >>>>> >>>>>> Am 03.06.2020 um 00:38 schrieb yaswanth kumar <yaswanth...@gmail.com >>> : >>>>>> >>>>>> Thanks Franke, but yes for all these questions I did configured it >>>>>> properly, I made sure to include >>>>>> >>>>>> <Set name="KeyStoreType"><Property name="solr.jetty.keystore.type" >>>>>> default="JKS"/></Set> >>>>>> <Set name="TrustStoreType"><Property name="solr.jetty.truststore.type" >>>>>> default="JKS"/></Set> >>>>>> in the jetty-ssl.xml along with the path keystore and truststore. >>>>>> >>>>>> Also I have made sure that trusstore exists on all nodes and also I am >>>>>> using the same file for both keystore and truststore as below >>>>>> <Set name="KeyStorePath"><Property name="solr.jetty.keystore" >>>>>> default="./etc/solr-keystore.jks"/></Set> >>>>>> <Set name="KeyStorePassword"><Property >>>>>> name="solr.jetty.keystore.password" default="xxxx"/></Set> >>>>>> <Set name="TrustStorePath"><Property name="solr.jetty.truststore" >>>>>> default="./etc/solr-keystore.jks"/></Set> >>>>>> <Set name="TrustStorePassword"><Property >>>>>> name="solr.jetty.truststore.password" default="xxxx"/></Set> >>>>>> >>>>>> also urlScheme for ZK is set to https >>>>>> >>>>>> >>>>>> Also the main error that I posted is the one that I am seeing as a >>>>> return >>>>>> response where as the below one is what I see from solr logs >>>>>> >>>>>> 2020-06-02 22:32:04.472 ERROR (qtp984876512-93) [c:default s:shard1 >>>>>> r:core_node3 x:default_shard1_replica_n1] o.a.s.s.HttpSolrCall >>>>>> null:org.apache.solr.update.processor.Distr$ >>>>>> at >>>>>> >>>>> >> org.apache.solr.update.processor.DistributedZkUpdateProcessor.doDistribFinish(DistributedZkUpdateProcessor.java:1189) >>>>>> at >>>>>> >>>>> >> org.apache.solr.update.processor.DistributedUpdateProcessor.finish(DistributedUpdateProcessor.java:1096) >>>>>> at >>>>>> >>>>> >> org.apache.solr.update.processor.LogUpdateProcessorFactory$LogUpdateProcessor.finish(LogUpdateProcessorFactory.java:182) >>>>>> at >>>>>> >>>>> >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80) >>>>>> at >>>>>> >>>>> >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80) >>>>>> at >>>>>> >>>>> >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80) >>>>>> at >>>>>> >>>>> >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80) >>>>>> at >>>>>> >>>>> >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80) >>>>>> at >>>>>> >>>>> >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80) >>>>>> at >>>>>> >>>>> >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80) >>>>>> at >>>>>> >>>>> >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80) >>>>>> at >>>>>> >>>>> >> org.apache.solr.handler.ContentStreamHandlerBase.handleRequestBody(ContentStreamHandlerBase.java:78) >>>>>> at >>>>>> >>>>> >> org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:211) >>>>>> at org.apache.solr.core.SolrCore.execute(SolrCore.java:2596) >>>>>> at >>>>>> org.apache.solr.servlet.HttpSolrCall.execute(HttpSolrCall.java:799) >>>>>> at >>>>> org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:578) >>>>>> at >>>>>> >>>>> >> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:419) >>>>>> at >>>>>> >>>>> >> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:351) >>>>>> at >>>>>> >>>>> >> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1602) >>>>>> at >>>>>> >>>>> >> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540) >>>>>> at >>>>>> >>>>> >> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) >>>>>> at >>>>>> >>>>> >> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) >>>>>> at >>>>>> >>>>> >> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) >>>>>> at >>>>>> >>>>> >> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) >>>>>> >>>>>> >>>>>> One strange observation is that when I hit update api on the leader >> node >>>>>> its working without any error, and now immediately if I hit non-leader >>>>> its >>>>>> working fine (only once or twice), but if I keep on trying to hit this >>>>> node >>>>>> again and again its then throwing the above error and once the error >>>>>> started happening , its consistent again. >>>>>> >>>>>> Please let me know if you need more information or if I am missing >>>>>> something else >>>>>> >>>>>> Thanks, >>>>>> >>>>>>> On Tue, Jun 2, 2020 at 4:59 PM Jörn Franke <jornfra...@gmail.com> >>>>> wrote: >>>>>>> >>>>>>> Have you looked in the logfiles? >>>>>>> >>>>>>> Keystore Type correctly defined on all nodes? >>>>>>> >>>>>>> Have you configured the truststore on all nodes correctly? >>>>>>> >>>>>>> Have you set clusterprop urlScheme to htttps in ZK? >>>>>>> >>>>>>> >>>>>>> >>>>> >> https://lucene.apache.org/solr/guide/7_5/enabling-ssl.html#configure-zookeeper >>>>>>> >>>>>>> >>>>>>> >>>>>>>>> Am 02.06.2020 um 18:57 schrieb yaswanth kumar < >> yaswanth...@gmail.com >>>>>> : >>>>>>>> >>>>>>>> team, can someone help me on the above topic? >>>>>>>> >>>>>>>>> On Mon, Jun 1, 2020 at 10:00 PM yaswanth kumar < >>>>> yaswanth...@gmail.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> Trying to setup solr 8.4.1 + open jdk 11 on centos , enabled the >> ssl >>>>>>>>> configurations with all the certs in place, but the issue what I am >>>>>>> seeing >>>>>>>>> is when trying to hit /update api on non-leader solr node , its >>>>>>> throwing an >>>>>>>>> error >>>>>>>>> >>>>>>>>> configured 2 solr nodes with 1 zookeeper. >>>>>>>>> >>>>>>>>> metadata":[ >>>>>>>>> >>>>>>>>> >>>>>>> >>>>> >> "error-class","org.apache.solr.update.processor.DistributedUpdateProcessor$DistributedUpdatesAsyncException", >>>>>>>>> >>>>>>>>> >>>>>>> >>>>> >> "root-error-class","org.apache.solr.update.processor.DistributedUpdateProcessor$DistributedUpdatesAsyncException"], >>>>>>>>> "msg":"Async exception during distributed update: >>>>>>>>> javax.crypto.BadPaddingException: RSA private key operation >> failed", >>>>>>>>> >>>>>>> >>>>> >> "trace":"org.apache.solr.update.processor.DistributedUpdateProcessor$DistributedUpdatesAsyncException: >>>>>>>>> Async exception during distributed update: >>>>>>>>> javax.crypto.BadPaddingException: RSA private key operation >>>>> failed\n\tat >>>>>>>>> >>>>>>> >>>>> >> org.apache.solr.update.processor.DistributedZkUpdateProcessor.doDistribFinish(DistributedZkUpdateProcessor.java:1189)\n\tat >>>>>>>>> >>>>>>> >>>>> >> org.apache.solr.update.processor.DistributedUpdateProcessor.finish(DistributedUpdateProcessor.java:1096)\n\tat >>>>>>>>> >>>>>>> >>>>> >> org.apache.solr.update.processor.LogUpdateProcessorFactory$LogUpdateProcessor.finish(LogUpdateProcessorFactory.java:182)\n\tat >>>>>>>>> >>>>>>> >>>>> >> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80)\n\tat >>>>>>>>> >>>>> org.apache.solr.update.processor.UpdateRequestProcessor.finish........ >>>>>>>>> >>>>>>>>> Strangely this is happening when we try to hit a non-leader node, >>>>>>> hitting >>>>>>>>> leader node its working fine without any issue and getting the data >>>>>>> indexed. >>>>>>>>> >>>>>>>>> Not able to track down where the exact issue is happening. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Thanks & Regards, >>>>>>>>> Yaswanth Kumar Konathala. >>>>>>>>> yaswanth...@gmail.com >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Thanks & Regards, >>>>>>>> Yaswanth Kumar Konathala. >>>>>>>> yaswanth...@gmail.com >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thanks & Regards, >>>>>> Yaswanth Kumar Konathala. >>>>>> yaswanth...@gmail.com >>>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Yaswanth Kumar Konathala. >>>> yaswanth...@gmail.com >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> Yaswanth Kumar Konathala. >>> yaswanth...@gmail.com >> > > > -- > Thanks & Regards, > Yaswanth Kumar Konathala. > yaswanth...@gmail.com
