Hi,

It is not a requirement to implement ACL or TLS with zookeeper. But it will 
make your install more secure. The warning is to inform you about the risks.
If you have a dedicated Zookeeper for Solr, you can achieve similar protection 
by locking down Zookeeper with firewalls that only allow the Solr nodes to 
access it.

Jan

> 20. nov. 2024 kl. 15:18 skrev Schmidt, Mihael <mschm...@bauformat.de>:
> 
> Hi all,
>  
> I want to secure my Solr cluster and added security.json to the Zookeeper 
> cluster in the chroot. But I always get the following log entries:
> 
> 2024-11-20 07:09:14.036 INFO  (main) [c: s: r: x: t:] 
> o.a.s.c.c.ConnectionManager Client is connected to ZooKeeper
> 2024-11-20 07:09:15.081 WARN  (main) [c: s: r: x: t:] o.a.s.c.ZkController 
> Contents of zookeeper /security.json are world-readable; consider setting up 
> ACLs as described 
> inhttps://solr.apache.org/guide/solr/latest/deployment-guide/zookeeper-access-control.html
> 2024-11-20 07:09:15.435 INFO  (main) [c: s: r: x: t:] o.a.s.c.c.ZkStateReader 
> Updated live nodes from ZooKeeper... (0) -> (2)
> 2024-11-20 07:09:16.082 INFO  (main) [c: s: r: x: t:] 
> o.a.s.c.DistributedClusterStateUpdater Creating 
> DistributedClusterStateUpdater with useDistributedStateUpdate=false. Solr 
> will be using Overseer based cluster state updates.
> 2024-11-20 07:09:16.354 INFO  (main) [c: s: r: x: t:] o.a.s.c.ZkController 
> Publish node=localhost:8984_solr as DOWN
> 2024-11-20 07:09:17.411 INFO  (main) [c: s: r: x: t:] o.a.s.c.ZkController 
> Register node as live in ZooKeeper:/live_nodes/localhost:8984_solr
> 2024-11-20 07:09:17.693 INFO  (zkCallback-15-thread-1) [c: s: r: x: t:] 
> o.a.s.c.c.ZkStateReader Updated live nodes from ZooKeeper... (2) -> (3)
> 2024-11-20 07:09:18.017 WARN  (main) [c: s: r: x: t:] o.a.s.c.CoreContainer 
> Not all security plugins configured!  authentication=disabled 
> authorization=disabled.  Solr is only as secure as you make it. Consider 
> configuring authentication/authorization before exposing Solr to users 
> internal or external.  Seehttps://s.apache.org/solrsecurity for more info
> 
> Is securing access control to Zookeeper a requirement to enable Solr security 
> when using Solr with Zookeeper?
>  
> Thanks in advance.
>  
> Mihael
> 
> Mihael Schmidt
> Software Engineering
>  
> Bauformat Küchen GmbH & Co. KG
> Kattwinkel 1 | 32584 Löhne | Deutschland
>  
> Fon: +495732 102-379
> Fax: +495732 102-300
> Mail: mschm...@bauformat.de <mailto:mschm...@bauformat.de>
> Internet: www.bauformat.de <http://www.bauformat.de/>
>  
> <E-postvedlegg.png> 
>  
> Umsatzsteuer-Identifikationsnummer: DE 124323068 - Steuer-Nr.: 310/5705/0461 
> / Finanzamt Bünde - Handelsregister Bad Oeynhausen HRA 1801
> Komplementärin: Bauformat Küchen Verwaltungs GmbH - Handelsregister Bad 
> Oeynhausen HRB 1465
> Geschäftsführer: Michael Assner, Matthias Berens, Sabine Brockschnieder
>  
> <E-postvedlegg.jpeg> <https://www.baumannacademy.com/anmelden>
>  
> Wir erfüllen unsere Informationspflichten zum Datenschutz gem. Artt. 13-14 
> DS-GVO durch Veröffentlichung auf unserer Internetseite unter:
> www.bauformat.de/datenschutz <http://www.bauformat.de/datenschutz> oder durch 
> Zusendung auf Ihre formlose Anfrage.

Reply via email to