tboeghk/README.md

## README.md

      
    Raw
  

              README.md
            
          
    💡 SOLR-11904 demonstration

I set up this small Gist to help demonstrate an edge case when running Solr as a TLOG/PULL replica
ensemble with authentication enabled and authorization being rather strict.

Issue in Solr issue tracker
Pull Request

The problem is that in said environment, the PULL replica cannot check the TLOG leader
replicas for updates. It get's rejected with a 401 HTTP error code.
Reproducing the error

1. Launch a small Solr ensemble

This will launch a Zookeeper node and two Solr nodes
$ docker-compose up -d

2. Enable security

This will add a user solr with password solr in a admin role. It will furthermore secure
every endpoint to be accessible only by the admin role.
$ docker exec -it solr_1 solr zk cp file:/opt/solr/server/solr/security.json zk:/security.json -z zookeeper:2181

3. Create collection

This will create a collection having one TLOG replica leader and a PULL replica follower.
$ curl --user solr:solr \
    "http://localhost:8983/solr/admin/collections?action=CREATE&name=techproducts&numShards=1&tlogReplicas=1&pullReplicas=1&wt=xml&collection.configName=_default"

🔥 Observe error

Immediately upon collection creation, the PULL replica polls the TLOG replica for updates and will be rejected.
solr_1       | 2021-04-29 18:55:10.933 INFO  (indexFetcher-28-thread-1) [   ] o.a.s.h.IndexFetcher Last replication failed, so I'll force replication
solr_1       | 2021-04-29 18:55:10.940 WARN  (indexFetcher-28-thread-1) [   ] o.a.s.h.IndexFetcher Leader at: http://172.23.0.3:8984/solr/techproducts_shard1_replica_t1/ is not available. Index fetch failed by exception: org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://172.23.0.3:8984/solr/techproducts_shard1_replica_t1: Expected mime type application/octet-stream but got text/html. <html>
solr_1       | <head>
solr_1       | <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
solr_1       | <title>Error 401 Authentication failed, Response code: 401</title>
solr_1       | </head>
solr_1       | <body><h2>HTTP ERROR 401 Authentication failed, Response code: 401</h2>
solr_1       | <table>
solr_1       | <tr><th>URI:</th><td>/solr/techproducts_shard1_replica_t1/replication</td></tr>
solr_1       | <tr><th>STATUS:</th><td>401</td></tr>
solr_1       | <tr><th>MESSAGE:</th><td>Authentication failed, Response code: 401</td></tr>
solr_1       | <tr><th>SERVLET:</th><td>default</td></tr>
solr_1       | </table>


## docker-compose.yaml
version:  "2.4"

services:
 zookeeper:
  image: zookeeper:3.6
  container_name: zookeeper
  ports:
   - "2181:2181"

 solr_1:
  image: solr:8.8.2-slim
  container_name: solr_1
  depends_on:
   - zookeeper
  ports:
   - 8983:8983
  environment:
   - ZK_HOST=zookeeper:2181
   - SOLR_HEAP=1g
  volumes:
    - ./security.json:/opt/solr/server/solr/security.json

 solr_2:
  image: solr:8.8.2-slim
  container_name: solr_2
  depends_on:
   - zookeeper
  ports:
   - 8984:8984
  environment:
   - ZK_HOST=zookeeper:2181
   - SOLR_HEAP=1g
   - SOLR_PORT=8984
  volumes:
    - ./security.json:/opt/solr/server/solr/security.json

## security.json
{
    "authentication": {
        "blockUnknown": false,
        "class": "solr.BasicAuthPlugin",
        "realm": "SOLR-11904 PULL/TLOG replica demonstrator",
        "forwardCredentials": true,
        "credentials": {
            "solr": "T7YxTaZndrKFua6qUAvGEbx6M/8ZuuUuNk5xY1ZQ2x4= eoFl2Dt+lknA9A5yYe/ngCRp70OuDAXcZ65hIka22Gs="
        }
    },
    "authorization": {
        "class": "solr.RuleBasedAuthorizationPlugin",
        "permissions": [
            {
                "collection": "*",
                "name": "base_url",
                "path": "/",
                "role": null
            },
            {
                "collection": "*",
                "name": "login",
                "path": "/login",
                "role": null
            },
            {
                "name": "all",
                "role": [
                    "admin"
                ]
            }
        ],
        "user-role": {
            "solr": [
                "admin"
            ]
        }
    }
}
	version: "2.4"

	services:
	zookeeper:
	image: zookeeper:3.6
	container_name: zookeeper
	ports:
	- "2181:2181"

	solr_1:
	image: solr:8.8.2-slim
	container_name: solr_1
	depends_on:
	- zookeeper
	ports:
	- 8983:8983
	environment:
	- ZK_HOST=zookeeper:2181
	- SOLR_HEAP=1g
	volumes:
	- ./security.json:/opt/solr/server/solr/security.json

	solr_2:
	image: solr:8.8.2-slim
	container_name: solr_2
	depends_on:
	- zookeeper
	ports:
	- 8984:8984
	environment:
	- ZK_HOST=zookeeper:2181
	- SOLR_HEAP=1g
	- SOLR_PORT=8984
	volumes:
	- ./security.json:/opt/solr/server/solr/security.json
	{
	"authentication": {
	"blockUnknown": false,
	"class": "solr.BasicAuthPlugin",
	"realm": "SOLR-11904 PULL/TLOG replica demonstrator",
	"forwardCredentials": true,
	"credentials": {
	"solr": "T7YxTaZndrKFua6qUAvGEbx6M/8ZuuUuNk5xY1ZQ2x4= eoFl2Dt+lknA9A5yYe/ngCRp70OuDAXcZ65hIka22Gs="
	}
	},
	"authorization": {
	"class": "solr.RuleBasedAuthorizationPlugin",
	"permissions": [
	{
	"collection": "*",
	"name": "base_url",
	"path": "/",
	"role": null
	},
	{
	"collection": "*",
	"name": "login",
	"path": "/login",
	"role": null
	},
	{
	"name": "all",
	"role": [
	"admin"
	]
	}
	],
	"user-role": {
	"solr": [
	"admin"
	]
	}
	}
	}