Ok, I know that this is commonly asked, but I can't help thinking that
the answer isn't simply to create a symlink from the old solrhome to the
new solrhome.
I have a working Alfresco setup (Ubuntu 22.04, Community Edition 7.4,
with Solr on the same server, both installed from 'source' (ie. no
Docker/etc)). This uses Solr 6.6.5. The default location of solrhome is
/opt/alfresco-search-services/solrhome. I'd like to move this to a
separate (encrypted) partition.
To do this, I've set solr.in.sh as follows:
SOLR_HOME=/data/var/alfresco/solrhome
SOLR_SSL_KEY_STORE=/data/var/alfresco/solrhome/keystore/ssl-repo-client.keystore
SOLR_SSL_TRUST_STORE=/data/var/alfresco/solrhome/keystore/ssl-repo-client.truststore
With no other changes. I've also moved the existing solrhome directory
to the new location. Should this work?
I've run solr/bin/solr with verbose output, and it shows:
SOLR_SERVER_DIR = /opt/alfresco-search-services/solr/server
SOLR_HOME = /data/var/alfresco/solrhome
SOLR_OPTS =
-Dsolr.jetty.keystore=/data/var/alfresco/solrhome/keystore/ssl-repo-client.keystore
\
-Dsolr.jetty.keystore.password=my-password \
-Dsolr.jetty.keystore.type=JCEKS \
-Dsolr.jetty.truststore=/data/var/alfresco/solrhome/keystore/ssl-repo-client.truststore
\
-Dsolr.jetty.truststore.password=my-password \
-Dsolr.jetty.truststore.type=JCEKS \
-Dsolr.jetty.ssl.needClientAuth=true \
-Dsolr.jetty.ssl.wantClientAuth=false \
-Djavax.net.ssl.keyStore=/data/var/alfresco/solrhome/keystore/ssl-repo-client.keystore
\
-Djavax.net.ssl.keyStorePassword=my-password \
-Djavax.net.ssl.keyStoreType= \
-Djavax.net.ssl.trustStore=/data/var/alfresco/solrhome/keystore/ssl-repo-client.truststore
\
-Djavax.net.ssl.trustStorePassword=my-password \
-Djavax.net.ssl.trustStoreType=JCEKS \
...
SOLR_ADDL_ARGS =
-Dssl-keystore.password=my-password \
-Dssl-keystore.aliases=ssl-alfresco-ca,ssl-repo-client \
-Dssl-keystore.ssl-alfresco-ca.password=my-password \
-Dssl-keystore.ssl-repo-client.password=my-password \
-Dssl-truststore.password=my-password \
-Dssl-truststore.aliases=ssl-alfresco-ca,ssl-repo,ssl-repo-client \
-Dssl-truststore.ssl-alfresco-ca.password=my-password \
-Dssl-truststore.ssl-repo.password=my-password \
-Dssl-truststore.ssl-repo-client.password=my-password \
...
So it appears that the JVM is running with the correct options. However,
Solr fails to start, and the Solr log output shows:
2024-05-10 10:10:38.567 ERROR
(searcherExecutor-8-thread-1-processing-x:alfresco) [ a x:alfresco]
o.a.s.c.SolrCore null:org.alfresco.error.AlfrescoRuntimeException: 04100001
Failed to initialize keystore:
Location:
/opt/alfresco-search-services/solrhome/keystore/ssl-repo-client.keystore
Provider:
Type: JCEKS
at ...
Caused by: org.alfresco.error.AlfrescoRuntimeException: 04100000 Unable
to load key store:
/opt/alfresco-search-services/solrhome/keystore/ssl-repo-client.keystore
at ...
Caused by: java.io.FileNotFoundException: Caused by Can't find resource
'/opt/alfresco-search-services/solrhome/keystore/ssl-repo-client.keystore'
in classpath or '/data/var/alfresco/solrhome/alfresco'
at ...
The initial 'Location' is the /old/ pre-move keystore location, and
there's nothing there now. In the last 'Caused by' the new location is
almost correct ('/data/var/alfresco/solrhome/alfresco', instead of
'/data/var/alfresco/solrhome/alfresco'). Solr does create a new solrhome
in the default location.
There seems to be something in Solr which is forcing a search for a
default keystore without using SOLR_SSL_KEY_STORE and
SOLR_SSL_TRUST_STORE. any ideas on how I can fix this? Thanks.
