Hi Luke, Thanks for bringing this up. I assume you're running Solr 9x or have upgraded your ZK to the latest version so that it supports TLS via the Java client.
Here's a link that should help you configure your Solr instances to run with a TLS enabled Solr cluster: https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide To summarize, you need to provide the following: -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location= -Dzookeeper.ssl.trustStore.password= -Dzookeeper.ssl.hostnameVerification= I'll also add this to the ref guide. On Thu, Aug 29, 2024 at 10:30 AM Luke Kot-Zaniewski (BLOOMBERG/ 919 3RD A) < lkotzanie...@bloomberg.net> wrote: > Hi All, > > We are trying to see if it is possible to secure the connection between > solr and zookeeper using TLS. > > Any "securing zookeeper"-type documentation (below) I could find focuses > on ACLs with no mention of TLS. > > https://solr.apache.org/guide/solr/latest/deployment-guide/securing-solr.html#securing-zookeeper-traffic > > Interestingly the "zookeeper does not support TLS" banner was recently > removed from solr docs https://github.com/apache/solr/pull/2385 > but I couldn't find any follow-up work to integrate it. > > Does anyone here know if connecting to zk via tls connection is something > that solr currently supports? > If not, I'd appreciate anyone's input if it is planned to ever be > supported and/or what needs to change to make that happen. > > Thanks, > Luke -- Anshum Gupta
