I imagine if you could afford to shut down all the running Solr instances for a small amount of time, you could shut them all down, make the auth changes, and start them all at the same time
--ufuk yilmaz ________________________________ From: Jan Høydahl <jan....@cominvent.com> Sent: Thursday, December 28, 2023 3:20 AM To: users@solr.apache.org <users@solr.apache.org> Subject: Re: Correct Procedure for making Basic Authentication Changes LIVE across Multiple Nodes in Solr Cloud 8.10 Sorry no Experience with Kerberos. Jan Høydahl > 27. des. 2023 kl. 01:13 skrev Uday Kumar <uday.p...@indiamart.com.invalid>: > > Hi Jan, > Need One small confirmation, out of curiosity! > > Document2 reference does not apply to you as it is Kerberos plugin. > Let's assume if we try to go with Kerberos plugin, how can we effectively > restart each node when we are using cluster of n nodes? > > Because if we restart single node, Kerberos plugin will be enabled to only > single node, but not at other nodes. > > Thanks and regards, > Uday Kumar > >> On Wed, Dec 27, 2023, 05:29 Uday Kumar <uday.p...@indiamart.com> wrote: >> >> Thanks for confirmation Jan! >> >>> On Wed, Dec 27, 2023, 05:04 Jan Høydahl <jan....@cominvent.com> wrote: >>> >>> Document2 reference does not apply to you as it is Kerberos plugin. >>> >>> You only need to upload the correct security.json so zookeeper, and your >>> entire cluster is immediately secured. As you have already validated on >>> your test node. >>> >>> Jan >>> >>>> 26. des. 2023 kl. 18:27 skrev Uday Kumar <uday.p...@indiamart.com >>> .INVALID>: >>>> >>>> Hi Jan, >>>> >>>> It is correct that Auth changes take effect across all nodes. So that >>> would >>>> be your procedure, done. >>>> So, you meant to say, authentication changes will be reflected to all >>> nodes >>>> without node restart?? >>>> >>>> >>>> May you have looked at docs for self-managed Solr with no zookeeper? In >>>> that case you must touch each node at a time. >>>> I don't think I have checked docs for self-managed solr with no >>> zookeeper, >>>> kindly check below referred sections and let me know if I am missing >>>> anything. >>>> >>>> *Document-1*: >>>> >>> https://solr.apache.org/guide/8_10/authentication-and-authorization-plugins.html#enable-plugins-with-security-json >>>> >>>> Section referred: Enable Plugins with security.json >>>> >>>> *Document-2*: >>>> >>> https://solr.apache.org/guide/8_10/kerberos-authentication-plugin.html#security-json >>>> >>>> Section referred: security.json >>>> >>>> Thanks and regards, >>>> Uday Kumar >>>> >>>> >>>> >>>> >>>> On Tue, Dec 26, 2023, 16:04 Jan Høydahl <jan....@cominvent.com> wrote: >>>> >>>>> It is correct that Auth changes take effect across all nodes. So that >>>>> would be your procedure, done. >>>>> >>>>> May you have looked at docs for self-managed Solr with no zookeeper? In >>>>> that case you must touch each node at a time. >>>>> >>>>> Jan Høydahl >>>>> >>>>>> 26. des. 2023 kl. 08:20 skrev Uday Kumar <uday.p...@indiamart.com >>>>> .invalid>: >>>>>> >>>>>> Hello all, >>>>>> >>>>>> In our production environment, we currently utilize Solr Cloud 8.10 >>> with >>>>> 8 >>>>>> nodes/shards (i.e., 8 different servers), without any authentication >>>>> plugin. >>>>>> >>>>>> *Our New Requirement:* >>>>>> To implement Basic Authentication on Solr Cloud to prevent >>> unauthorized >>>>>> access. >>>>>> >>>>>> Here are the steps we have undertaken in our development environment:* >>>>> [we >>>>>> used Single Server, but nodes/shards with 8 different ports]* >>>>>> 1. Created the security.json file. >>>>>> 2. Configured and created different users as required. >>>>>> 3. Uploaded the security.json file to Zookeeper. >>>>>> >>>>>> Surprisingly, *authentication is enabled on all nodes/shards* >>> immediately >>>>>> after pushing the security.json file to Zookeeper. >>>>>> >>>>>> However, according to the Solr Documentation, a restart of each node >>> is >>>>>> required for authentication changes to take effect across all >>>>> nodes/shards. >>>>>> >>>>>> Our main query is, what is the correct approach for making >>> authentication >>>>>> changes live on all Nodes/Shards? >>>>>> >>>>>> *Thanks & Regards,* >>>>>> *Uday Kumar* >>>>> >>> >>>
