epugh merged PR #2835:
URL: https://github.com/apache/solr/pull/2835
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
epugh commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2511772758
Okay, I've responded (I think!) to @risdenk comments.I think this is
ready for merging
--
This is an automated message from the Apache Git Service.
To respond to the message, ple
epugh commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2510134527
@risdenk I see in `solr.in.sh` the reference to
`-Dsolr.http.disableCookies=true` and that it highlights the use of it in
either hadoop auth or maybe in a load balancer. Do you think i shou
risdenk commented on code in PR #2835:
URL: https://github.com/apache/solr/pull/2835#discussion_r1864703595
##
solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java:
##
@@ -41,17 +40,11 @@ public void init(Map initInfo) {
String roleName = e.getKey
risdenk commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2509523158
Some added context about delegation tokens - these were a Hadoop construct
at one point and expanded elsewhere to avoid hitting the KDC (kerberos server)
too much so the delegation token was
risdenk commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2509521831
I think there might be a few more places to cleanup based on running the
following on your branch
```
git grep -nFi kerber | grep -Fv -e 'solr/modules/hdfs' -e
'solr-on-hdfs.adoc'
epugh commented on code in PR #2835:
URL: https://github.com/apache/solr/pull/2835#discussion_r1864224898
##
solr/modules/hdfs/src/java/org/apache/solr/hdfs/HdfsDirectoryFactory.java:
##
@@ -16,8 +16,6 @@
*/
package org.apache.solr.hdfs;
-import static
org.apache.hadoop.fs
risdenk commented on code in PR #2835:
URL: https://github.com/apache/solr/pull/2835#discussion_r1864048897
##
solr/modules/hdfs/src/java/org/apache/solr/hdfs/HdfsDirectoryFactory.java:
##
@@ -16,8 +16,6 @@
*/
package org.apache.solr.hdfs;
-import static
org.apache.hadoop.
risdenk commented on code in PR #2835:
URL: https://github.com/apache/solr/pull/2835#discussion_r1864048605
##
solr/modules/hdfs/src/java/org/apache/solr/hdfs/HdfsDirectoryFactory.java:
##
Review Comment:
the modules/hdfs should not be touched. that is totally separate.
epugh commented on code in PR #2835:
URL: https://github.com/apache/solr/pull/2835#discussion_r1855437250
##
solr/server/etc/security.policy:
##
@@ -131,16 +131,6 @@ grant {
permission javax.management.MBeanServerPermission "releaseMBeanServer";
permission javax.management
epugh commented on code in PR #2835:
URL: https://github.com/apache/solr/pull/2835#discussion_r1855430558
##
solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java:
##
@@ -41,17 +40,11 @@ public void init(Map initInfo) {
String roleName = e.getKey()
epugh commented on code in PR #2835:
URL: https://github.com/apache/solr/pull/2835#discussion_r1855430319
##
solr/solr-ref-guide/modules/deployment-guide/pages/solr-on-hdfs.adoc:
##
@@ -210,41 +210,6 @@ NRTCachingDirectory max cache size.
+
Pass the location of HDFS client con
epugh commented on code in PR #2835:
URL: https://github.com/apache/solr/pull/2835#discussion_r1855422054
##
solr/server/etc/security.policy:
##
@@ -131,16 +131,6 @@ grant {
permission javax.management.MBeanServerPermission "releaseMBeanServer";
permission javax.management
dsmiley commented on code in PR #2835:
URL: https://github.com/apache/solr/pull/2835#discussion_r1855235319
##
gradle/testing/randomization/policies/solr-tests.policy:
##
Review Comment:
solr-tests.policy and security.policy need to be kept in sync, mostly. It's
annoying.
dsmiley commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2495552427
Cause and effect is inverted. I suggest:
> Removed the Hadoop Auth module, and thus Kerberos authentication and other
exotic options.
--
This is an automated message from the Apach
epugh commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2495527115
I am going to not touch `SolrDispatchFilter` as I don't have a good game
plan to move forward with it! Everything else is green.
For CHANGES.txt"Remove Kerberos authentication supp
gus-asf commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2494228698
> Would someone be willing to look at what is going on in
SolrDispatchFilter? Around
>
>
https://github.com/apache/solr/blob/620175a5626e69823b5aec8e20734a6352195000/solr/core/src/jav
epugh commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2493669806
Would someone be willing to look at what is going on in SolrDispatchFilter?
Around
https://github.com/apache/solr/blob/620175a5626e69823b5aec8e20734a6352195000/solr/core/src/java/org/apache/
dsmiley commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2492129281
To answer some of these questions, it's helpful to do git-blame (I use my
IDE actually) sometimes with history for the selected code to find the
people/issues and then follow up with anyone.
dsmiley commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2492127222
I'm not surprised there's a blast radius that exceeds the module itself.
For everything outside the module, we'll need to review/edit with some care and
it'll be on a case-by-case basis.
epugh commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2490439421
I ran `find . -not -path '*/\.*' -type f -exec grep -l -i "kerberos" {} +`
and wow... There are a LOT more files...
I think what I am hearing is that just removing the module and the l
epugh commented on code in PR #2835:
URL: https://github.com/apache/solr/pull/2835#discussion_r1851620976
##
solr/modules/hadoop-auth/src/java/org/apache/solr/security/hadoop/KerberosPlugin.java:
##
Review Comment:
I started thinking that there were TWO things... Kerberos
dsmiley commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2490177006
Hadoop Auth and Kerberos aren't the same.
[Kerberos](https://en.wikipedia.org/wiki/Kerberos_(protocol)) is an
authentication protocol,
[Hadoop-Auth](https://hadoop.apache.org/docs/current/
dsmiley commented on code in PR #2835:
URL: https://github.com/apache/solr/pull/2835#discussion_r1851435460
##
solr/modules/hadoop-auth/src/java/org/apache/solr/security/hadoop/KerberosPlugin.java:
##
Review Comment:
Perhaps you deleted the whole module without examining it
dsmiley commented on code in PR #2835:
URL: https://github.com/apache/solr/pull/2835#discussion_r1851435460
##
solr/modules/hadoop-auth/src/java/org/apache/solr/security/hadoop/KerberosPlugin.java:
##
Review Comment:
I assumed you were aware of what you were removing, but m
epugh commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2488589191
> So Kerberos Auth is going away with this. Be sure to highlight this in
CHANGES.txt and in JIRA. To me, Hadoop-Auth is a forgettable implementation
detail (I didn't know _really_ know what th
malliaridis commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2480818067
With `hadoop-auth` gone, we have only one more blocker (s3) before migrating
to jetty12. :D
--
This is an automated message from the Apache Git Service.
To respond to the message, plea
epugh commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2480560616
@malliaridis any chance you could look at this with me? I believe the
`versions.lock` and `version.props` are actually the same because I copied from
`main` over into my branch the files.
dsmiley commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2466955710
So Kerberos Auth is going away with this. Be sure to highlight this in
CHANGES.txt and in JIRA. To me, Hadoop-Auth is a forgettable implementation
detail (I didn't know _really_ know what
dsmiley commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2466954428
Please do not merge this until after #2706 so we don't give Malliaridis a
tough time over there. That one should be merged soon.
--
This is an automated message from the Apache Git Servic
epugh commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2459640150
I have added https://issues.apache.org/jira/browse/SOLR-17546 to track the
blocker task, I don't know if I did the "label" right, there were a lot to
choose from!
--
This is an automated
janhoy commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2459554765
> @janhoy I tried running that script, but couldn't quite grok it. COuld you
give an example of what that scripts should be? And let's add an example to the
readme or the to script itself!
epugh commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2460047387
Got a little too frisky, broke something in the `hdfs` module:
```
2> 4749 ERROR (SUITE-HdfsCollectionsApiTest-seed#[54C70D1C3623A1D7]-worker)
[n: c: s: r: x: t:] o.a.h.h.s.n.FSNamesy
janhoy commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2459891566
I added Priority=Blocker and FixVersion=10.0 to the JIRA to make it a valid
10.0 blocker.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log
epugh commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2459526827
@janhoy I tried running that script, but couldn't quite grok it. COuld you
give an example of what that scripts should be? And let's add an example to
the readme or the to script itself!
epugh commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2459645491
Okay, I think I'm looking for an LGTM...I've also emailed the dev list
with the PR.. No one has said "don't remove it" Is that enought to
click merge when I get an LGTM?
--
This
epugh commented on code in PR #2835:
URL: https://github.com/apache/solr/pull/2835#discussion_r1830090073
##
dev-tools/scripts/refguide/htaccess.txt:
##
@@ -1,6 +1,6 @@
# Existing pages moved to sub path in the 9.0 guide
RedirectMatch 301
^/guide/(about-this-guide|relevance|s
epugh commented on code in PR #2835:
URL: https://github.com/apache/solr/pull/2835#discussion_r1830076740
##
solr/webapp/web/partials/login.html:
##
@@ -60,23 +60,6 @@ Basic Authentication
-
-Kerberos Authentication
-Your browser did not provide the required in
epugh commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2458257873
> There are some more hadoop auth cleanup in the security.policy
>
> *
https://github.com/apache/solr/blob/main/solr/server/etc/security.policy#L134
>
> *
https://github.
risdenk commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2457312337
There are some more hadoop auth cleanup in the security.policy
*
https://github.com/apache/solr/blob/main/solr/server/etc/security.policy#L134
*
https://github.com/apache/solr/blob
janhoy commented on code in PR #2835:
URL: https://github.com/apache/solr/pull/2835#discussion_r1829415643
##
solr/webapp/web/partials/login.html:
##
@@ -60,23 +60,6 @@ Basic Authentication
-
-Kerberos Authentication
-Your browser did not provide the required i
epugh commented on PR #2835:
URL: https://github.com/apache/solr/pull/2835#issuecomment-2453055267
Kerb stuff appears to still work! All tests ran.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go t
epugh opened a new pull request, #2835:
URL: https://github.com/apache/solr/pull/2835
https://issues.apache.org/jira/browse/SOLR-17540
# Description
Remove Hadoop Auth
# Solution
no more Hadoop Auth
# Tests
Just removing things
# Tasks
-
43 matches
Mail list logo
