I have still not received any suggestions or clarifications, so I am resending this with a different subject.
I found that if I completely eliminate security.json, Leader/Follower replication succeeds; but for obvious reasons, we do want security.json to be there. Setting -Dsolr.pki.sendVersion=v1 -Dsolr.pki.acceptVersions=v1,v2 does not help; nor does it work to set up security.json to allow replication without a password and to remove httpBasicAuthUser and httpBasicAuthPassword from solrconfig.xml on the Follower side Does anybody have any suggestions? -----Original Message----- From: Oakley, Craig (NIH/NLM/NCBI) [C] <craig.oak...@nih.gov.INVALID> Sent: Tuesday, July 18, 2023 3:12 PM To: users@solr.apache.org Subject: RE: authentication for Leader/Follower replication I am wondering whether anyone yet has any suggestions how to proceed -----Original Message----- From: Oakley, Craig (NIH/NLM/NCBI) [C] <craig.oak...@nih.gov.INVALID> Sent: Thursday, July 6, 2023 4:00 PM To: users@solr.apache.org Subject: authentication for Leader/Follower replication We are having problems transitioning Leader/Follower replication to Solr9.2.1 In Solr8.5 and below, what was then called Master/Slave replication had the annoying problem that, even though we specified httpBasicAuthUser and httpBasicAuthPassword, it would always attempt to connect first without a password before retrying with a password. This made solr.log noisy with lots of unnecessary login failures: but at least it worked. When we transitioned to Solr8.11 (with the nomenclature changed to be less oppressive) we found that this version of Leader/Follower replication refused to retry (and refused to do anything with the values specified httpBasicAuthUser and httpBasicAuthPassword). We needed to open up replication in security.json to be available without password. Now when we are preparing to upgrade to Solr9.2.1, we are having issues with the following: 2023-07-06 15:46:53.315 INFO (indexFetcher-39-thread-1) [ ] o.a.s.h.IndexFetcher Last replication failed, so I'll force replication 2023-07-06 15:46:53.320 WARN (indexFetcher-39-thread-1) [ ] o.a.s.h.IndexFetcher Leader at: http://[REDACTED]/solr/sequence2_shard1_replica_n1 is not available. Index fetch failed by exception: org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException: Error from server at http://[REDACTED]/solr/sequence2_shard1_replica_n1: Expected mime type in [application/octet-stream, application/vnd.apache.solr.javabin] but got text/html. <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> <title>Error 401 Could not load principal from SolrAuthV2 header.</title> </head> <body><h2>HTTP ERROR 401 Could not load principal from SolrAuthV2 header.</h2> <table> <tr><th>URI:</th><td>/solr/sequence2_shard1_replica_n1/replication</td></tr> <tr><th>STATUS:</th><td>401</td></tr> <tr><th>MESSAGE:</th><td>Could not load principal from SolrAuthV2 header.</td></tr> <tr><th>SERVLET:</th><td>default</td></tr> </table> </body> </html> I have added "blockUnknown":false to security.json and have confirmed that the replication?command=indexversion command can be run without a password, and that it can be run with the login and password specified in httpBasicAuthUser and httpBasicAuthPassword I have tried tweaking security.json with forwardCredentials values, but that has not helped Any suggestions?
