On 3/27/23 04:49, Jan Høydahl wrote:
Can you try to reproduce on a clean 9.2.0 download? Please record each step you
perform so it is easy to follow.
The exceptions you face is PKI auth struggling between two nodes in your
cluster, no idea why that is. Also try without forwardCredentials=true and see
if any change.
I have one node, not two. It's a single-node setup with the embedded
ZK. I update that setup to the latest from branch_9x from time to time.
In 9.2, collection creation with auth enabled works. I am having a
problem with collection creation in 9.1.1 in one environment, but traced
that to them having a newline at the beginning of solrconfig.xml, so I
will be able to create collections once I get that fixed. Apparently
xerces cannot deal with ANYTHING at the beginning of the file other than
<?xml ... which is annoying.
I checked 9.2 by starting a docker container with -DzkRun and running
bin/solr auth in the container, then modified security in the admin UI
to produce the security settings shown below. The password for the solr
user in this security.json is solr.
In 9.3.0-SNAPSHOT, when auth is enabled, collection creation fails.
This security.json triggers the issue, giving that weird PKI error.
{
"authentication":{
"blockUnknown":true,
"class":"solr.BasicAuthPlugin",
"credentials":{"solr":"zDIhokl5uHoJRfYo0eWffIcWaZ8vGe0jBB/TwdHVIkE=
fvkz1xO7zng/IN6VpjDYbcfsnT4wbZfX91ZKO0Fqrlg="}},
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"permissions":[{
"name":"all",
"role":"admin",
"index":1}],
"user-role":{"solr":"admin"},
"":{"v":9}}}
I would try with the security.json created by bin/solr auth, but
bin/solr auth does not work.
Thanks,
Shawn
