Hi, It is not a requirement to implement ACL or TLS with zookeeper. But it will make your install more secure. The warning is to inform you about the risks. If you have a dedicated Zookeeper for Solr, you can achieve similar protection by locking down Zookeeper with firewalls that only allow the Solr nodes to access it.
Jan > 20. nov. 2024 kl. 15:18 skrev Schmidt, Mihael <mschm...@bauformat.de>: > > Hi all, > > I want to secure my Solr cluster and added security.json to the Zookeeper > cluster in the chroot. But I always get the following log entries: > > 2024-11-20 07:09:14.036 INFO (main) [c: s: r: x: t:] > o.a.s.c.c.ConnectionManager Client is connected to ZooKeeper > 2024-11-20 07:09:15.081 WARN (main) [c: s: r: x: t:] o.a.s.c.ZkController > Contents of zookeeper /security.json are world-readable; consider setting up > ACLs as described > inhttps://solr.apache.org/guide/solr/latest/deployment-guide/zookeeper-access-control.html > 2024-11-20 07:09:15.435 INFO (main) [c: s: r: x: t:] o.a.s.c.c.ZkStateReader > Updated live nodes from ZooKeeper... (0) -> (2) > 2024-11-20 07:09:16.082 INFO (main) [c: s: r: x: t:] > o.a.s.c.DistributedClusterStateUpdater Creating > DistributedClusterStateUpdater with useDistributedStateUpdate=false. Solr > will be using Overseer based cluster state updates. > 2024-11-20 07:09:16.354 INFO (main) [c: s: r: x: t:] o.a.s.c.ZkController > Publish node=localhost:8984_solr as DOWN > 2024-11-20 07:09:17.411 INFO (main) [c: s: r: x: t:] o.a.s.c.ZkController > Register node as live in ZooKeeper:/live_nodes/localhost:8984_solr > 2024-11-20 07:09:17.693 INFO (zkCallback-15-thread-1) [c: s: r: x: t:] > o.a.s.c.c.ZkStateReader Updated live nodes from ZooKeeper... (2) -> (3) > 2024-11-20 07:09:18.017 WARN (main) [c: s: r: x: t:] o.a.s.c.CoreContainer > Not all security plugins configured! authentication=disabled > authorization=disabled. Solr is only as secure as you make it. Consider > configuring authentication/authorization before exposing Solr to users > internal or external. Seehttps://s.apache.org/solrsecurity for more info > > Is securing access control to Zookeeper a requirement to enable Solr security > when using Solr with Zookeeper? > > Thanks in advance. > > Mihael > > Mihael Schmidt > Software Engineering > > Bauformat Küchen GmbH & Co. KG > Kattwinkel 1 | 32584 Löhne | Deutschland > > Fon: +495732 102-379 > Fax: +495732 102-300 > Mail: mschm...@bauformat.de <mailto:mschm...@bauformat.de> > Internet: www.bauformat.de <http://www.bauformat.de/> > > <E-postvedlegg.png> > > Umsatzsteuer-Identifikationsnummer: DE 124323068 - Steuer-Nr.: 310/5705/0461 > / Finanzamt Bünde - Handelsregister Bad Oeynhausen HRA 1801 > Komplementärin: Bauformat Küchen Verwaltungs GmbH - Handelsregister Bad > Oeynhausen HRB 1465 > Geschäftsführer: Michael Assner, Matthias Berens, Sabine Brockschnieder > > <E-postvedlegg.jpeg> <https://www.baumannacademy.com/anmelden> > > Wir erfüllen unsere Informationspflichten zum Datenschutz gem. Artt. 13-14 > DS-GVO durch Veröffentlichung auf unserer Internetseite unter: > www.bauformat.de/datenschutz <http://www.bauformat.de/datenschutz> oder durch > Zusendung auf Ihre formlose Anfrage.
