Hi There I have been tasked with setting up Basic Authentication on our SolrCloud database running ZooKeeper 3.8 and Solr 9.1.1. I have got it working I think but there are a few things I would like to check.
I set up a security.json file and placed it in the server/solr folder in a single server solr system, restarted solr and used the Admin Tool to set up a new user (XXXXXX) and password and disabled the default solr user. The modifed security.json file I then copied in to the solrCloud server/solr folder. In the solrCloud solr.in.cmd file I set up these variables set SOLR_AUTH_TYPE=basic set SOLR_AUTHENTICATION_OPTS=-Dbasicauth=XXXXXX:yyyyyyyyyyy where XXXXXX is the username and yyyyyyyyyyy is the password. In the ZooKeeper zkServer.cmd I added an extra parameter call %JAVA% "-Dzookeeper.log.dir=%ZOO_LOG_DIR%" "-Dzookeeper.log.file=%ZOO_LOG_FILE%" "-Dzookeeper.DigestAuthenticationProvider.superDigest=XXXXXX:mAeU2NK3etoPziu6TdqmLmGjmSN56YUq5hAZhpsPk48= O7L5Ofmg8IaXaFbn237ENlKFcC9+NWgCcphYdVJu3es=" "-XX:+HeapDumpOnOutOfMemoryError" "-XX:OnOutOfMemoryError=cmd /c taskkill /pid %%%%p /t /f" -cp "%CLASSPATH%" %ZOOMAIN% "%ZOOCFG%" %* where XXXXXX is the username. I then deployed the security.json across the ZooKeepers using the command solr zk cp file:<Pathname>\security.json zk:/security.json -z localhost:<port id> I then stopped solrCloud processes and all the ZooKeepers and then restarted all the ZooKeepers and SolrCloud processes. The Admin Tool then needed the username and password to log on. I changed the wildfly standalone.conf.bat file of our application to have this additional java option REM set up Solr Basic Authentication set JAVA_OPTS=%JAVA_OPTS% -Dsolr.httpclient.builder.factory=org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory -Dbasicauth=XXXXXX: yyyyyyyyyyy and bounced wildfly. I then logged on to the application and could carry out solr searches ok and updates. So, all looks good. My concern is have I properly configured ZooKeeper for basic authentication. In the solr.in.cmd file there is this set up REM Settings for ZK ACL REM set SOLR_ZK_CREDS_AND_ACLS=-DzkACLProvider=org.apache.solr.common.cloud.DigestZkACLProvider ^ REM -DzkCredentialsProvider=org.apache.solr.common.cloud.DigestZkCredentialsProvider ^ REM -DzkCredentialsInjector=org.apache.solr.common.cloud.VMParamsZkCredentialsInjector ^ REM -DzkDigestUsername=admin-user -DzkDigestPassword=CHANGEME-ADMIN-PASSWORD ^ REM -DzkDigestReadonlyUsername=readonly-user -DzkDigestReadonlyPassword=CHANGEME-READONLY-PASSWORD REM set SOLR_OPTS=%SOLR_OPTS% %SOLR_ZK_CREDS_AND_ACLS% Which I have not altered. Should I have set up 'admin-user' and 'readonly-user ' and given a passwords for each to have properly configured ZooKeeper or is what I have done (which seems to work ok) fine and solr/ZooKeeper are using the solr user details I set up correctly. Many Thanks Matthew Matthew Flowerday | Consultant | IMS - Information Management System Unisys | matthew.flower...@unisys.com<mailto:matthew.flower...@unisys.com> ENIGMA, Wavendon Business Park, Milton Keynes, MK17 8LX [cid:image001.png@01DA506D.D4B63820]<http://www.unisys.com/> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all devices. [Grey_LI]<http://www.linkedin.com/company/unisys> [Grey_TW] <http://twitter.com/unisyscorp> [Grey_YT] <http://www.youtube.com/theunisyschannel> [Grey_FB] <http://www.facebook.com/unisyscorp> [Grey_Vimeo] <https://vimeo.com/unisys> [Grey_UB] <http://blogs.unisys.com/>
