Thank you! Bummed that this isn't working but very relieved that I can stop trying to fix it.
Thanks, --Jamie On 10/19/23, 4:46 PM, "Jan Høydahl" <jan....@cominvent.com <mailto:jan....@cominvent.com>> wrote: CAUTION: This email originated from outside of biospatial. Do not click links or open attachments unless you recognize the sender and know the content is safe. The Admin UI ZK screen is not intended for the SSL connection to ZK, since status is not supported on that protocol. Instead we need to add support for the ZK AdminServer to get the same. Contributions are welcome. Jan > 19. okt. 2023 kl. 22:29 skrev Jamie Gruener <jamie.grue...@biospatial.io > <mailto:jamie.grue...@biospatial.io>>: > > We’re working on standing up a new Solr 9.4.0 cluster with ZooKeeper 3.8.3 > ensemble. We’ve configured mTLS for authentication, authorization, and comms > for client <-> solr; TLS for solr <-> solr intra-cluster comms, and TLS for > zk <-> zk intra-ensemble comms. > > Where we are stuck is at the TLS configuration for solr<->zk comms. At least > some parts are working since we can configure the url scheme and the > security.json file, but when we try to browse the Solr UI to get ZK Status it > doesn’t populate with any data. On the ZooKeeper side, we see these errors: > > 2023-10-19 16:08:06,403 [myid:] - ERROR > [nioEventLoopGroup-7-1:o.a.z.s.NettyServerCnxnFactory$CertificateVerifier@468] > - Unsuccessful handshake with session 0x0 > > From our testing with running `solr zk cp` command (used to upload the > security.json file), we’re pretty sure that the problem is that solr isn’t > trying to establish a TLS connection to satisfy the ZK Status request. > > This ticket states that the TLS configuration works for at least one person, > https://issues.apache.org/jira/browse/SOLR-16115 > <https://issues.apache.org/jira/browse/SOLR-16115>, but I can’t find any more > documentation about configuring this. > > Any hints? Anyone get this working? > > Thanks, > > --Jamie
