[
https://issues.apache.org/jira/browse/SOLR-15590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17451326#comment-17451326
]
Timothy Potter edited comment on SOLR-15590 at 11/30/21, 8:47 PM:
------------------------------------------------------------------
This breaks SSL b/c the keystore password isn't initialized before the
CoreContainer tries to initialize:
{code}
2021-11-30 20:19:11.636 ERROR (main) [] o.a.s.c.SolrCore null =>
org.apache.solr.common.SolrException: Error instantiating shardHandlerFactory
class [HttpShardHandlerFactory]: java.security.UnrecoverableKeyException: Get
Key failed: null
at
org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56)
org.apache.solr.common.SolrException: Error instantiating shardHandlerFactory
class [HttpShardHandlerFactory]: java.security.UnrecoverableKeyException: Get
Key failed: null
at
org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56)
~[solr-core-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
at org.apache.solr.core.CoreContainer.load(CoreContainer.java:712)
~[solr-core-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
at
org.apache.solr.servlet.CoreContainerProvider.createCoreContainer(CoreContainerProvider.java:353)
~[solr-core-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
at
org.apache.solr.servlet.CoreContainerProvider.init(CoreContainerProvider.java:214)
~[solr-core-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
at
org.apache.solr.servlet.CoreContainerProvider.contextInitialized(CoreContainerProvider.java:108)
~[solr-core-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
...
Caused by: java.lang.NullPointerException
at sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(Unknown Source)
~[?:?]
at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(Unknown Source)
~[?:?]
at sun.security.util.KeyStoreDelegator.engineGetKey(Unknown Source)
~[?:?]
at java.security.KeyStore.getKey(Unknown Source) ~[?:?]
at sun.security.ssl.SunX509KeyManagerImpl.<init>(Unknown Source) ~[?:?]
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(Unknown
Source) ~[?:?]
at javax.net.ssl.KeyManagerFactory.init(Unknown Source) ~[?:?]
at
org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1249)
~[jetty-util-9.4.44.v20210927.jar:9.4.44.v20210927]
at
org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:373)
~[jetty-util-9.4.44.v20210927.jar:9.4.44.v20210927]
at
org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244)
~[jetty-util-9.4.44.v20210927.jar:9.4.44.v20210927]
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
~[jetty-util-9.4.44.v20210927.jar:9.4.44.v20210927]
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
~[jetty-util-9.4.44.v20210927.jar:9.4.44.v20210927]
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
~[jetty-util-9.4.44.v20210927.jar:9.4.44.v20210927]
at org.eclipse.jetty.client.HttpClient.doStart(HttpClient.java:255)
~[jetty-client-9.4.44.v20210927.jar:9.4.44.v20210927]
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
~[jetty-util-9.4.44.v20210927.jar:9.4.44.v20210927]
at
org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:237)
~[solr-solrj-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
at
org.apache.solr.client.solrj.impl.Http2SolrClient.<init>(Http2SolrClient.java:158)
~[solr-solrj-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
at
org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:872)
~[solr-solrj-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
at
org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:263)
~[solr-core-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
at
org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51)
~[solr-core-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
... 52 more
2021-11-30 20:19:11.671 INFO (main) [] o.a.s.u.c.SSLConfigurations Setting
javax.net.ssl.keyStorePassword
2021-11-30 20:19:11.671 INFO (main) [] o.a.s.u.c.SSLConfigurations Setting
javax.net.ssl.trustStorePassword
{code}
Notice how the {{SSLConfigurations.init}} stuff happens after the CC tries to
initialize.
To reproduce, you need to configure SSL and start Solr via the {{bin/solr}}
script (I don't think a unit test will catch this type of breakage). The
{{bin/solr}} script exports the {{SOLR_SSL_KEY_STORE_PASSWORD}} and the
{{SSLConfigurations.init}} code will read the value from that env var (via
{{EnvSSLCredentialProvider}}) and then set the
{{javax.net.ssl.keyStorePassword}} system property used during Http2SolrClient
construction needed by the shard handler factory
was (Author: thelabdude):
This breaks SSL b/c the keystore password isn't initialized before the
CoreContainer tries to initialize:
{code}
2021-11-30 20:19:11.636 ERROR (main) [] o.a.s.c.SolrCore null =>
org.apache.solr.common.SolrException: Error instantiating shardHandlerFactory
class [HttpShardHandlerFactory]: java.security.UnrecoverableKeyException: Get
Key failed: null
at
org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56)
org.apache.solr.common.SolrException: Error instantiating shardHandlerFactory
class [HttpShardHandlerFactory]: java.security.UnrecoverableKeyException: Get
Key failed: null
at
org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56)
~[solr-core-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
at org.apache.solr.core.CoreContainer.load(CoreContainer.java:712)
~[solr-core-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
at
org.apache.solr.servlet.CoreContainerProvider.createCoreContainer(CoreContainerProvider.java:353)
~[solr-core-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
at
org.apache.solr.servlet.CoreContainerProvider.init(CoreContainerProvider.java:214)
~[solr-core-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
at
org.apache.solr.servlet.CoreContainerProvider.contextInitialized(CoreContainerProvider.java:108)
~[solr-core-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
...
Caused by: java.lang.NullPointerException
at sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(Unknown Source)
~[?:?]
at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(Unknown Source)
~[?:?]
at sun.security.util.KeyStoreDelegator.engineGetKey(Unknown Source)
~[?:?]
at java.security.KeyStore.getKey(Unknown Source) ~[?:?]
at sun.security.ssl.SunX509KeyManagerImpl.<init>(Unknown Source) ~[?:?]
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(Unknown
Source) ~[?:?]
at javax.net.ssl.KeyManagerFactory.init(Unknown Source) ~[?:?]
at
org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1249)
~[jetty-util-9.4.44.v20210927.jar:9.4.44.v20210927]
at
org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:373)
~[jetty-util-9.4.44.v20210927.jar:9.4.44.v20210927]
at
org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244)
~[jetty-util-9.4.44.v20210927.jar:9.4.44.v20210927]
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
~[jetty-util-9.4.44.v20210927.jar:9.4.44.v20210927]
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
~[jetty-util-9.4.44.v20210927.jar:9.4.44.v20210927]
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
~[jetty-util-9.4.44.v20210927.jar:9.4.44.v20210927]
at org.eclipse.jetty.client.HttpClient.doStart(HttpClient.java:255)
~[jetty-client-9.4.44.v20210927.jar:9.4.44.v20210927]
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
~[jetty-util-9.4.44.v20210927.jar:9.4.44.v20210927]
at
org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:237)
~[solr-solrj-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
at
org.apache.solr.client.solrj.impl.Http2SolrClient.<init>(Http2SolrClient.java:158)
~[solr-solrj-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
at
org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:872)
~[solr-solrj-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
at
org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:263)
~[solr-core-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
at
org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51)
~[solr-core-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT
470b7fbff96aec0bd1120634f3f8a8241484f6f7 [snapshot build, details omitted]]
... 52 more
2021-11-30 20:19:11.671 INFO (main) [] o.a.s.u.c.SSLConfigurations Setting
javax.net.ssl.keyStorePassword
2021-11-30 20:19:11.671 INFO (main) [] o.a.s.u.c.SSLConfigurations Setting
javax.net.ssl.trustStorePassword
{code}
Notice how the {{SSLConfigurations.init}} stuff happens after the CC tries to
initialize.
To reproduce, you need to configure SSL and start Solr via the bin/solr script
(I don't think a unit test will catch this type of breakage).
> Start up Core Container via ServletContextListener
> --------------------------------------------------
>
> Key: SOLR-15590
> URL: https://issues.apache.org/jira/browse/SOLR-15590
> Project: Solr
> Issue Type: Improvement
> Affects Versions: main (9.0)
> Reporter: Gus Heck
> Assignee: Gus Heck
> Priority: Major
> Time Spent: 8.5h
> Remaining Estimate: 0h
>
> Anyone who has had to work on HttpSolrCall, or SolrDispatchFilter will have
> noticed that we have a LOT going on and that it gets very convoluted. This is
> bad for maintenance, and probably also bad for performance. After reading
> for a while I suspect that the primary thing that has lead to this is that
> the only way to get a reference to CoreContainer is to be in or initialized
> in or invoked by the SolrDispatchFilter or HttpSolrCall classes.
> To isolate the startup code and not distract from the dispatch code and also
> to make it possible to later add features that don't live in
> SolrDispatchFilter and also possibly to split out some features from
> SolrDispatchFilter into servlets or separate filters, this ticket moves
> CoreContainer into a CoreService class that will provide CoreContainer and a
> few other objects like the httpclient to other components that need it.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
