如果启用了身份验证,则Solr CDCR不起作用

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了如果启用了身份验证,则Solr CDCR不起作用相关的知识,希望对你有一定的参考价值。

我在我的测试环境中设置了CDCR,它完美地运行,直到我将security.json文件上传到Target的Sourcekeeper集群和Source SolrClouds。 security.json文件对于Clouds和集合名称都是相同的。 Source有下一个错误:

Request to collection col01 failed due to (401) 

org.apache.solr.client.solrj.impl.CloudSolrClient$RouteException: Error from server at http://targethost:port/solr/col01_shard1_replica1: Expected mime type application/octet-stream but got text/html. <html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 401 Unauthorized request, Response code: 401</title>
</head>
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /solr/col01_shard1_replica1/update. Reason:
<pre>    Unauthorized request, Response code: 401</pre></p>
</body>
</html>

    at org.apache.solr.client.solrj.impl.CloudSolrClient.directUpdate(CloudSolrClient.java:819)
    at org.apache.solr.client.solrj.impl.CloudSolrClient.sendRequest(CloudSolrClient.java:1263)
    at org.apache.solr.client.solrj.impl.CloudSolrClient.requestWithRetryOnStaleState(CloudSolrClient.java:1134)
    at org.apache.solr.client.solrj.impl.CloudSolrClient.request(CloudSolrClient.java:1073)
    at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:160)
    at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:177)
    at org.apache.solr.handler.CdcrReplicator.sendRequest(CdcrReplicator.java:136)
    at org.apache.solr.handler.CdcrReplicator.run(CdcrReplicator.java:116)
    at org.apache.solr.handler.CdcrReplicatorScheduler.lambda$null$0(CdcrReplicatorScheduler.java:81)
    at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:229)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://targethost:port/solr/col01_shard1_replica1: Expected mime type application/octet-stream but got text/html. <html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 401 Unauthorized request, Response code: 401</title>
</head>
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /solr/col01_shard1_replica1/update. Reason:
<pre>    Unauthorized request, Response code: 401</pre></p>
</body>
</html>

    at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:578)
    at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:279)
    at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:268)
    at org.apache.solr.client.solrj.impl.LBHttpSolrClient.doRequest(LBHttpSolrClient.java:447)
    at org.apache.solr.client.solrj.impl.LBHttpSolrClient.request(LBHttpSolrClient.java:388)
    at org.apache.solr.client.solrj.impl.CloudSolrClient.lambda$directUpdate$0(CloudSolrClient.java:796)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    ... 4 more

知道我应该怎么解决它?谢谢!

答案

我有同样的问题,似乎目标SolrCloud正在尝试使用PKIAuthenticationPlugin验证来自源的传入请求,但由于默认情况下两个源节点都没有在目标上注册,后者会出现以下错误:

错误(qtp1265210847-32)[] o.a.s.s.PKIAuthenticationPlugin解密失败,关键一定是错误的

在对PKIAuthenticationPlugin.java进行一些调查之后,我发现以下代码将拒绝身份验证请求:

Public Key getRemotePublicKey(String nodename) {
  if(!cores.getZkController().getZkStateReader().getClusterState(). getLiveNodes().contains(nodename)) 
return null;
}

因此,为了克服这一点,我只是将源的节点名称(位于/live_nodes部分)添加到目标Zookeeper,并且复制开始使用security.json双方强制执行。

以上是关于如果启用了身份验证,则Solr CDCR不起作用的主要内容,如果未能解决你的问题,请参考以下文章

具有基本身份验证的 Jersey cors 不起作用

漏洞通报|Apache Solr上传功能漏洞CVE-2020-13957

如果用户输入了空格或换行符,则 JQuery 验证不起作用

如果ssl打开,Apache mod auth_ldap将不起作用

如何通过反向代理启用 Windows 身份验证?

如果选择框选项更改,则 JQuery 验证不起作用