Got it! There was a security.json file in solrhome. Even though that file exists in our 8.11 installation - that install never started up with security enabled.
Even though I could see the credentials in security.json - the password was a hash - and I had no way to know the actual password. Initially, I had re-named that file to SAVE.security.json - somehow solr was still starting with security enabled. I deleted that file and now there is no login prompt and I am back in business! Let's see whether all our custom plugins still function. So - two issues resolved here: 1. SOLR_JETTY_HOST="0.0.0.0" in solr.in.sh was required for access via the server name (instead of localhost), and 2. Removing security.json from the solrhome dir to disable security. Thanks, Jay -----Original Message----- From: Beale, Jim (US-KOP) <[email protected]> Sent: Friday, March 1, 2024 3:25 PM To: [email protected] Subject: RE: [External] RE: Solr 9 Hostname configuration issue Are you running Solr or Solrcloud? We are running Solrcloud and we go to http://samisolrcld.aws01.hibu.int:8983/solr/#/ and it returns the entire cluster for us to investigate. I am not sure what you are running, but here is my entire solr.in.sh. There are other options set but not sure if you have a single node deployment. SOLR_MODULES="extraction,ltr,scripting" SOLR_OPTS="$SOLR_OPTS -Dpkiauth.ttl=10000" SOLR_OPTS="$SOLR_OPTS -Dsolr.allowPaths=*" SOLR_ZK_CREDS_AND_ACLS="-DzkACLProvider=org.apache.solr.common.cloud.DigestZkACLProvider \ -DzkCredentialsProvider=org.apache.solr.common.cloud.DigestZkCredentialsProvider \ -DzkCredentialsInjector=org.apache.solr.common.cloud.VMParamsZkCredentialsInjector \ -DzkDigestUsername=admin-user -DzkDigestPassword=solr \ -DzkDigestReadonlyUsername=readonly-user -DzkDigestReadonlyPassword=solr" SOLR_OPTS="$SOLR_OPTS $SOLR_ZK_CREDS_AND_ACLS" SOLR_OPTS="$SOLR_OPTS -XX:+UseStringDeduplication" SOLR_JETTY_HOST="0.0.0.0" ZK_HOST="10.9.10.179:2181,10.9.10.178:2181,10.9.10.136:2181" SOLR_JAVA_MEM="-Xms24G -Xmx24G" SOLR_PID_DIR="/srv/apps_data/solr" SOLR_HOME="/srv/apps_data/solr/data" LOG4J_PROPS="/srv/apps_data/solr/log4j2.xml" SOLR_LOGS_DIR="/srv/apps_data/solr/logs" SOLR_PORT="8983" -----Original Message----- From: Silverman, Harry (Contractor) <[email protected]> Sent: Friday, March 1, 2024 3:00 PM To: [email protected] Subject: RE: [External] RE: Solr 9 Hostname configuration issue Caution! Attachments and links (urls) can contain deceptive and/or malicious content. Thanks. This generated a bunch of errors in the log - but solr still started. Unfortunately, admin UI still directs to a login page (after setting SOLR_JETTY_HOST="0.0.0.0"). I tried to disable authentication with " bin/solr auth disable -updateIncludeFileOnly false" and that returned " Error 401 require authentication " So I tried to get help - and it returned the exact same error: -bash-4.4$ bin/solr auth disable --help Exception in thread "main" org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException: Error from server at http://sandbox-search-index-004:8080/solr/admin/info/system?wt=javabin&version=2: Expected mime type in [application/octet-stream, application/vnd.apache.solr.javabin] but got text/html. <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> <title>Error 401 require authentication</title> </head> <body><h2>HTTP ERROR 401 require authentication</h2> <table> <tr><th>URI:</th><td>/solr/admin/info/system</td></tr> <tr><th>STATUS:</th><td>401</td></tr> <tr><th>MESSAGE:</th><td>require authentication</td></tr> <tr><th>SERVLET:</th><td>default</td></tr> </table> </body> </html> at org.apache.solr.client.solrj.impl.Http2SolrClient.checkContentType(Http2SolrClient.java:974) at org.apache.solr.client.solrj.impl.Http2SolrClient.processErrorsAndResponse(Http2SolrClient.java:863) at org.apache.solr.client.solrj.impl.Http2SolrClient.processErrorsAndResponse(Http2SolrClient.java:576) at org.apache.solr.client.solrj.impl.Http2SolrClient.request(Http2SolrClient.java:533) at org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1192) at org.apache.solr.cli.SolrCLI.getZkHost(SolrCLI.java:582) at org.apache.solr.cli.AuthTool.clearSecurityJson(AuthTool.java:481) at org.apache.solr.cli.AuthTool.handleBasicAuth(AuthTool.java:438) at org.apache.solr.cli.AuthTool.runTool(AuthTool.java:158) at org.apache.solr.cli.SolrCLI.main(SolrCLI.java:153) -----Original Message----- From: Beale, Jim (US-KOP) <[email protected]> Sent: Friday, March 1, 2024 2:44 PM To: [email protected] Subject: [External] RE: Solr 9 Hostname configuration issue CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. I needed SOLR_MODULES="extraction,ltr,scripting" In my solr.in.sh or else solr wouldn't do anything. I think that is new in 9.x Jim Beale Lead Software Engineer hibu.com 2201 Renaissance Boulevard, King of Prussia, PA, 19406 Office: 610-879-3864 Mobile: 610-220-3067 -----Original Message----- From: Silverman, Harry (Contractor) <[email protected]> Sent: Friday, March 1, 2024 1:39 PM To: [email protected] Subject: [EXTERNAL] Solr 9 Hostname configuration issue Caution! Attachments and links (urls) can contain deceptive and/or malicious content. Hello experts - I suspect that I have a configuration issue with respect to the hostname. I have ported our solr core from 8.11 to 9.4. Solr 9.4 appears to start normally (no errors in the logs). But when I point my browser to hostname:port - it gets no response. It seems to be listening on localhost, but not on the actual server name. The solr start command has this parameter: -Dhost=sandbox-search-index-004 (we are also running on port 8080) >From a bash shell on the remote linux server where solr is running, I tried >curl, I get "Failed to connect" and "Connection refused": -bash-4.4$ curl sandbox-search-index-004:8080/solr/ curl: (7) Failed to connect to sandbox-search-index-004 port 8080: Connection refused But I get a response if it use localhost instead: -bash-4.4$ curl localhost:8080/solr/ <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" http://www.w3.org/TR/html4/strict.dtd> <html ng-app="solrAdminApp" ng-csp> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. ... I have limited access on this server. The local IT guy provided this feedback: "The firewall has the port open". "It looks like it's misconfigured to listen locally and not on the hostname". He also showed a telnet connection working to localhost, but not to the hostname. $ telnet sandbox-search-index-004 8080 Trying 172.19.63.13... telnet: connect to address 172.19.63.13: Connection refused And netstat showing it is only listening on localhost: # netstat -nap |grep 8080 tcp6 0 0 127.0.0.1:8080 :::* LISTEN 1778220/java # Suggestions appreciated! Jay The information contained in this email message, including any attachments, is intended solely for use by the individual or entity named above and may be confidential. If the reader of this message is not the intended recipient, you are hereby notified that you must not read, use, disclose, distribute or copy any part of this communication. If you have received this communication in error, please immediately notify me by email and destroy the original message, including any attachments. Thank you. **Hibu IT Code:1414593000000**
