Yes, the client just uses those properties so nothing needs to be set by Solr explicitly. Let us know how it works out with curator.
On Thu, Aug 29, 2024 at 11:19 AM Luke Kot-Zaniewski (BLOOMBERG/ 919 3RD A) < lkotzanie...@bloomberg.net> wrote: > Matt/Anshum > > Thanks for the quick replies! I will play around with these settings. > > I assume that under the hood curator reads these properties and things > "just work". > > It would explain why there is no mention of them in solr project since > solr doesn't need to do anything with them. > > Thanks, > Luke > > From: users@solr.apache.org At: 08/29/24 14:10:40 UTC-4:00To: > users@solr.apache.org > Subject: Re: Connect to Zookeeper with TLS > > Hi Luke, > > Thanks for bringing this up. I assume you're running Solr 9x or have > upgraded your ZK to the latest version so that it supports TLS via the Java > client. > > Here's a link that should help you configure your Solr instances to run > with a TLS enabled Solr cluster: > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide > > To summarize, you need to provide the following: > -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty > -Dzookeeper.client.secure=true > -Dzookeeper.ssl.keyStore.location= > -Dzookeeper.ssl.trustStore.password= > -Dzookeeper.ssl.hostnameVerification= > > I'll also add this to the ref guide. > > > On Thu, Aug 29, 2024 at 10:30 AM Luke Kot-Zaniewski (BLOOMBERG/ 919 3RD A) > < > lkotzanie...@bloomberg.net> wrote: > > > Hi All, > > > > We are trying to see if it is possible to secure the connection between > > solr and zookeeper using TLS. > > > > Any "securing zookeeper"-type documentation (below) I could find focuses > > on ACLs with no mention of TLS. > > > > > > https://solr.apache.org/guide/solr/latest/deployment-guide/securing-solr.html#se > curing-zookeeper-traffic > <https://solr.apache.org/guide/solr/latest/deployment-guide/securing-solr.html#securing-zookeeper-traffic> > > > > Interestingly the "zookeeper does not support TLS" banner was recently > > removed from solr docs https://github.com/apache/solr/pull/2385 > > but I couldn't find any follow-up work to integrate it. > > > > Does anyone here know if connecting to zk via tls connection is something > > that solr currently supports? > > If not, I'd appreciate anyone's input if it is planned to ever be > > supported and/or what needs to change to make that happen. > > > > Thanks, > > Luke > > > -- > Anshum Gupta > > > -- Anshum Gupta
