Matt/Anshum Thanks for the quick replies! I will play around with these settings.
I assume that under the hood curator reads these properties and things "just work". It would explain why there is no mention of them in solr project since solr doesn't need to do anything with them. Thanks, Luke From: users@solr.apache.org At: 08/29/24 14:10:40 UTC-4:00To: users@solr.apache.org Subject: Re: Connect to Zookeeper with TLS Hi Luke, Thanks for bringing this up. I assume you're running Solr 9x or have upgraded your ZK to the latest version so that it supports TLS via the Java client. Here's a link that should help you configure your Solr instances to run with a TLS enabled Solr cluster: https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide To summarize, you need to provide the following: -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location= -Dzookeeper.ssl.trustStore.password= -Dzookeeper.ssl.hostnameVerification= I'll also add this to the ref guide. On Thu, Aug 29, 2024 at 10:30 AM Luke Kot-Zaniewski (BLOOMBERG/ 919 3RD A) < lkotzanie...@bloomberg.net> wrote: > Hi All, > > We are trying to see if it is possible to secure the connection between > solr and zookeeper using TLS. > > Any "securing zookeeper"-type documentation (below) I could find focuses > on ACLs with no mention of TLS. > > https://solr.apache.org/guide/solr/latest/deployment-guide/securing-solr.html#se curing-zookeeper-traffic > > Interestingly the "zookeeper does not support TLS" banner was recently > removed from solr docs https://github.com/apache/solr/pull/2385 > but I couldn't find any follow-up work to integrate it. > > Does anyone here know if connecting to zk via tls connection is something > that solr currently supports? > If not, I'd appreciate anyone's input if it is planned to ever be > supported and/or what needs to change to make that happen. > > Thanks, > Luke -- Anshum Gupta
