[
https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15092335#comment-15092335
]
Mike Drob commented on SOLR-8415:
---------------------------------
I do not expect it to be a popular use case, but I do expect it to be a
non-zero use case. I'm fine with getting a functional implementation for now,
though, and then refining it later. Here's new documentation that sidesteps the
issue:
{panel}
h3. Swapping ACL Schemes
Over the lifetime of operating your Solr cluster, you may decide to move from a
unsecured ZK to a secured instance. Changing the configured {{zkACLProvider}}
in {{solr.xml}} will ensure that newly created nodes are secure, but will not
protect the already existing data. To modify all existing ACLs, you can use
{{ZkCLI -cmd resetacl \[path]}}. If no path is specified, then the command will
operate on the whole tree.
To change the ACLs this way, use the following VM properties:
{{-DzkACLProvider=... -DzkCredentialsProvider=...}}.
* The Credential Provider must be one that has current admin privileges on the
nodes. When omitted, the process will use no credentials (suitable for an
unsecure configuration).
* The ACL Provider will be used to compute the new ACLs. When omitted, the
process will set all permissions to all users, removing any security present.
* You may use the {{VMParamsSingleSetCredentialsDigestZkCredentialsProvider}}
and {{VMParamsAllAndReadonlyDigestZkACLProvider}} as described earlier in the
page for these properties.
{panel}
I will upload a new patch shortly.
> Provide command to switch between non/secure mode in ZK
> -------------------------------------------------------
>
> Key: SOLR-8415
> URL: https://issues.apache.org/jira/browse/SOLR-8415
> Project: Solr
> Issue Type: Improvement
> Components: security, SolrCloud
> Reporter: Mike Drob
> Assignee: Gregory Chanan
> Fix For: Trunk
>
> Attachments: SOLR-8415.patch, SOLR-8415.patch
>
>
> We have the ability to run both with and without zk acls, but we don't have a
> great way to switch between the two modes. Most common use case, I imagine,
> would be upgrading from an old version that did not support this to a new
> version that does, and wanting to protect all of the existing content in ZK,
> but it is conceivable that a user might want to remove ACLs as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
