Yes, and indeed http://[REDACTED]/solr/sequence2_shard1_replica_n1/replication 
works without password. I have also tried 
http://[REDACTED]/solr/sequence2/replication which I remember working when I 
tried it in Solr8 but which does not work in Solr9.2

Have you any other recommendations?

-----Original Message-----
From: Jan Høydahl <jan....@cominvent.com> 
Sent: Saturday, August 5, 2023 11:03 AM
To: users@solr.apache.org
Subject: [EXTERNAL] Re: what is SolrAuthV2 and why does it break replication

> nor does it work to set up security.json to allow replication without a 
> password

Exactly how did you configure security.json for this? It could be that you 
succeeded disabling security for the collection but not for the core URL?

Have you tried to hit 
http://[REDACTED]/solr/sequence2_shard1_replica_n1/replication URL directly 
using cURL without basicAuth?

Jan

> 27. jul. 2023 kl. 18:17 skrev Oakley, Craig (NIH/NLM/NCBI) [C] 
> <craig.oak...@nih.gov.INVALID>:
>
> I have still not received any suggestions or clarifications, so I am 
> resending this with a different subject.
>
> I found that if I completely eliminate security.json, Leader/Follower 
> replication succeeds; but for obvious reasons, we do want security.json to be 
> there.
>
> Setting -Dsolr.pki.sendVersion=v1 -Dsolr.pki.acceptVersions=v1,v2 does not 
> help; nor does it work to set up security.json to allow replication without a 
> password and to remove httpBasicAuthUser and httpBasicAuthPassword from 
> solrconfig.xml on the Follower side
>
> Does anybody have any suggestions?
>
> -----Original Message-----
> From: Oakley, Craig (NIH/NLM/NCBI) [C] <craig.oak...@nih.gov.INVALID>
> Sent: Tuesday, July 18, 2023 3:12 PM
> To: users@solr.apache.org
> Subject: RE: authentication for Leader/Follower replication
>
> I am wondering whether anyone yet has any suggestions how to proceed
>
> -----Original Message-----
> From: Oakley, Craig (NIH/NLM/NCBI) [C] <craig.oak...@nih.gov.INVALID>
> Sent: Thursday, July 6, 2023 4:00 PM
> To: users@solr.apache.org
> Subject: authentication for Leader/Follower replication
>
> We are having problems transitioning Leader/Follower replication to Solr9.2.1
>
> In Solr8.5 and below, what was then called Master/Slave replication had the 
> annoying problem that, even though we specified httpBasicAuthUser and 
> httpBasicAuthPassword, it would always attempt to connect first without a 
> password before retrying with a password. This made solr.log noisy with lots 
> of unnecessary login failures: but at least it worked.
>
> When we transitioned to Solr8.11 (with the nomenclature changed to be less 
> oppressive) we found that this version of Leader/Follower replication refused 
> to retry (and refused to do anything with the values specified 
> httpBasicAuthUser and httpBasicAuthPassword). We needed to open up 
> replication in security.json to be available without password.
>
> Now when we are preparing to upgrade to Solr9.2.1, we are having issues with 
> the following:
> 2023-07-06 15:46:53.315 INFO  (indexFetcher-39-thread-1) [   ] 
> o.a.s.h.IndexFetcher Last replication failed, so I'll force replication
> 2023-07-06 15:46:53.320 WARN  (indexFetcher-39-thread-1) [   ] 
> o.a.s.h.IndexFetcher Leader at: 
> http://[REDACTED]/solr/sequence2_shard1_replica_n1 is not available. Index 
> fetch failed by exception: 
> org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException: 
> Error from server at http://[REDACTED]/solr/sequence2_shard1_replica_n1: 
> Expected mime type in [application/octet-stream, 
> application/vnd.apache.solr.javabin] but got text/html. <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
> <title>Error 401 Could not load principal from SolrAuthV2 header.</title>
> </head>
> <body><h2>HTTP ERROR 401 Could not load principal from SolrAuthV2 header.</h2>
> <table>
> <tr><th>URI:</th><td>/solr/sequence2_shard1_replica_n1/replication</td></tr>
> <tr><th>STATUS:</th><td>401</td></tr>
> <tr><th>MESSAGE:</th><td>Could not load principal from SolrAuthV2 
> header.</td></tr>
> <tr><th>SERVLET:</th><td>default</td></tr>
> </table>
>
> </body>
> </html>
>
> I have added "blockUnknown":false to security.json and have confirmed that 
> the replication?command=indexversion command can be run without a password, 
> and that it can be run with the login and password specified in 
> httpBasicAuthUser and httpBasicAuthPassword
>
> I have tried tweaking security.json with forwardCredentials values, but that 
> has not helped
>
> Any suggestions?
>
>
>

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and are confident the 
content is safe.

Reply via email to