Re: Problem creating a collection with auth enabled

Mon, 27 Mar 2023 11:11:31 -0700 

I think I recall that if you copy-paste security.json from admin, you should 
leave out the {"v":9} part when re-uploading it to zk, else it may be invalid.
Do you have a step-by-step guide with Docker to provoke the OKI issue on a 
single node, single shard 9.2.0? Including collection creation commands etc?

What exactly is broken with bin/solr auth in branch_9x? Is there a bug report 
for it?

Jan

> 27. mar. 2023 kl. 19:21 skrev Shawn Heisey <[email protected]>:
> 
> On 3/27/23 04:49, Jan Høydahl wrote:
>> Can you try to reproduce on a clean 9.2.0 download? Please record each step 
>> you perform so it is easy to follow.
>> The exceptions you face is PKI auth struggling between two nodes in your 
>> cluster, no idea why that is. Also try without forwardCredentials=true and 
>> see if any change.
> 
> I have one node, not two.  It's a single-node setup with the embedded ZK.  I 
> update that setup to the latest from branch_9x from time to time.
> 
> In 9.2, collection creation with auth enabled works.  I am having a problem 
> with collection creation in 9.1.1 in one environment, but traced that to them 
> having a newline at the beginning of solrconfig.xml, so I will be able to 
> create collections once I get that fixed.  Apparently xerces cannot deal with 
> ANYTHING at the beginning of the file other than <?xml ... which is annoying.
> 
> I checked 9.2 by starting a docker container with -DzkRun and running 
> bin/solr auth in the container, then modified security in the admin UI to 
> produce the security settings shown below.  The password for the solr user in 
> this security.json is solr.
> 
> In 9.3.0-SNAPSHOT, when auth is enabled, collection creation fails. This 
> security.json triggers the issue, giving that weird PKI error.
> 
> {
>  "authentication":{
>    "blockUnknown":true,
>    "class":"solr.BasicAuthPlugin",
>    "credentials":{"solr":"zDIhokl5uHoJRfYo0eWffIcWaZ8vGe0jBB/TwdHVIkE= 
> fvkz1xO7zng/IN6VpjDYbcfsnT4wbZfX91ZKO0Fqrlg="}},
>  "authorization":{
>    "class":"solr.RuleBasedAuthorizationPlugin",
>    "permissions":[{
>        "name":"all",
>        "role":"admin",
>        "index":1}],
>    "user-role":{"solr":"admin"},
>    "":{"v":9}}}
> 
> I would try with the security.json created by bin/solr auth, but bin/solr 
> auth does not work.
> 
> Thanks,
> Shawn

Reply via email to