Shawn, the PKI auth that requires these special properties during rolling upgrade has nothing with SSL cert auth.
It is needed for Solr’s internal traffic between nodes regardless of SSL. We call that PKI auth and it changed formats. So even with basic auth enabled in your cluster Solr may decide to use PKI for certain calls between nodes, and even search calls in case of a sharper collection. Please follow the upgrade guide in ref guide: https://solr.apache.org/guide/solr/latest/upgrade-notes/major-changes-in-solr-9.html#rolling-upgrades Jan Høydahl > 2. apr. 2023 kl. 22:53 skrev Shamik Bandopadhyay <[email protected]>: > > Hi Shawn, > > Thanks for your response. Presently, I'm not using certificate-based > authentication, it's a basic authentication using user/password. In that > case, I should skip *solr.pki.sendversion *and *solr.pki.acceptversions *part. > Do I still need to use the REPLACENODE API, or will the newly added Solr > nodes automatically be synced with the older version (8.11.1) after which > the 8.11.1 nodes can be stopped and removed? > > Regards, > Shamik > >> On Sun, Apr 2, 2023 at 1:43 PM Shawn Heisey <[email protected]> wrote: >> >>> On 3/30/23 13:45, Shamik Bandopadhyay wrote: >>> What I'm not clear about is >>> 1. Where do I add solr.pki.sendVersion=v1 and >> solr.pki.acceptVersions=v1,v2 >>> ? Do they have to be in *solr.in.sh <http://solr.in.sh> *for each node? >>> 2. When do I perform step 2 of restarting the new nodes with >>> solr.pki.sendVersion=v2 and solr.pki.acceptVersions=v1,v2 ? >> >> Are you using certificate-based authentication for accesses to Solr? If >> not, you don't need to worry about it at all. The vast majority of Solr >> installs do not do authentication in this way. >> >> Note that I am talking about clients authenticating themselves with >> certificates, not adding a certificate to Solr for https. >> >> If you ARE using PKI authentication, then follow Jan's notes. >> >> Thanks, >> Shawn >>
