Solr does install a keystore scanner although it can't read from the parent directory (but it can read the keystore)

Tue, 21 Apr 2026 08:08:34 -0700 

Hi,

using solr 9.10.x it does install a keystore scanner by default.

However, the keystore is in a directory (on purpose by IT) with mode:

drwx--x---

The keystore itself is accessible by the solr process and the user
(under which the solr process is running) can access and read it (the
file) and TLS is working, however I get a warning from the file scanner
every 30 seconds:

2026-04-21 13:44:50.068 WARN  (main) [c: s: r: x: t:] o.e.j.u.Scanner FileVisit 
failed: /etc/ssl/pki/private => java.nio.file.AccessDeniedException: 
/etc/ssl/pki/private
        at 
java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
java.nio.file.AccessDeniedException: /etc/ssl/pki/private
        at 
java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
 ~[?:?]
        at 
java.base/sun.nio.fs.UnixException.asIOException(UnixException.java:115) ~[?:?]
        at 
java.base/sun.nio.fs.UnixFileSystemProvider.newDirectoryStream(UnixFileSystemProvider.java:456)
 ~[?:?]
        at java.base/java.nio.file.Files.newDirectoryStream(Files.java:445) 
~[?:?]
        at 
java.base/java.nio.file.FileTreeWalker.visit(FileTreeWalker.java:288) ~[?:?]
        at java.base/java.nio.file.FileTreeWalker.walk(FileTreeWalker.java:306) 
~[?:?]
        at java.base/java.nio.file.Files.walkFileTree(Files.java:2536) ~[?:?]
        at org.eclipse.jetty.util.Scanner.scanFiles(Scanner.java:784) 
~[jetty-util-10.0.26.jar:10.0.26]
        at org.eclipse.jetty.util.Scanner.startScanning(Scanner.java:663) 
~[jetty-util-10.0.26.jar:10.0.26]
        at org.eclipse.jetty.util.Scanner.doStart(Scanner.java:630) 
~[jetty-util-10.0.26.jar:10.0.26]
        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:93)
 ~[jetty-util-10.0.26.jar:10.0.26]
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:171)
 ~[jetty-util-10.0.26.jar:10.0.26]
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:121)
 ~[jetty-util-10.0.26.jar:10.0.26]
        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:93)
 ~[jetty-util-10.0.26.jar:10.0.26]
        at 
org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:258)
 ~[solr-solrj-9.10.0.jar:9.10.0 6fe796b4300e3fceffd8a2e450c4a3ba0fe85f81 - 
janhoy - 2025-11-02 17:26:05]


Can the code be changed, so that it just logs a info / warning at start
time, that scanning is not possible (because no read access on the
directory) and the scanner won't be created / installed / started at
all, if

Files.isReadable(parentFile)

returns false here?

I know I could set:

SOLR_SSL_RELOAD_ENABLED=false

to disable the scanning too (which I did as a workaround), but imho the
default configuration could detect that and just skip installing a
scanner which is not usable at all, opinions?

kind regards

Torsten

Reply via email to