如果启用了身份验证,则Solr CDCR不起作用

时间:2018-02-14 15:23:09

标签: authentication solr solrcloud

我在我的测试环境中设置了CDCR,它完美运行直到我上传 security.json文件到目标和源的Zookeeper集群 SolrClouds。 security.json文件对于云以及云都是相同的 集合名称。 Source有下一个错误:

Request to collection col01 failed due to (401) 

org.apache.solr.client.solrj.impl.CloudSolrClient$RouteException: Error from server at http://targethost:port/solr/col01_shard1_replica1: Expected mime type application/octet-stream but got text/html. <html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 401 Unauthorized request, Response code: 401</title>
</head>
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /solr/col01_shard1_replica1/update. Reason:
<pre>    Unauthorized request, Response code: 401</pre></p>
</body>
</html>

    at org.apache.solr.client.solrj.impl.CloudSolrClient.directUpdate(CloudSolrClient.java:819)
    at org.apache.solr.client.solrj.impl.CloudSolrClient.sendRequest(CloudSolrClient.java:1263)
    at org.apache.solr.client.solrj.impl.CloudSolrClient.requestWithRetryOnStaleState(CloudSolrClient.java:1134)
    at org.apache.solr.client.solrj.impl.CloudSolrClient.request(CloudSolrClient.java:1073)
    at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:160)
    at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:177)
    at org.apache.solr.handler.CdcrReplicator.sendRequest(CdcrReplicator.java:136)
    at org.apache.solr.handler.CdcrReplicator.run(CdcrReplicator.java:116)
    at org.apache.solr.handler.CdcrReplicatorScheduler.lambda$null$0(CdcrReplicatorScheduler.java:81)
    at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:229)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://targethost:port/solr/col01_shard1_replica1: Expected mime type application/octet-stream but got text/html. <html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 401 Unauthorized request, Response code: 401</title>
</head>
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /solr/col01_shard1_replica1/update. Reason:
<pre>    Unauthorized request, Response code: 401</pre></p>
</body>
</html>

    at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:578)
    at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:279)
    at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:268)
    at org.apache.solr.client.solrj.impl.LBHttpSolrClient.doRequest(LBHttpSolrClient.java:447)
    at org.apache.solr.client.solrj.impl.LBHttpSolrClient.request(LBHttpSolrClient.java:388)
    at org.apache.solr.client.solrj.impl.CloudSolrClient.lambda$directUpdate$0(CloudSolrClient.java:796)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    ... 4 more

知道我应该怎么解决它? 谢谢!

1 个答案:

答案 0 :(得分:1)

我遇到了同样的问题,似乎目标SolrCloud正在尝试使用PKIAuthenticationPlugin验证来自源的传入请求,但由于默认情况下两个源节点都没有在目标上注册,后者给出了以下错误:

  

错误(qtp1265210847-32)[] o.a.s.s.PKIAuthenticationPlugin解密失败,密钥必须错误

在对PKIAuthenticationPlugin.java进行一些调查后,我发现以下一段代码会拒绝身份验证请求:

Public Key getRemotePublicKey(String nodename) {
  if(!cores.getZkController().getZkStateReader().getClusterState(). getLiveNodes().contains(nodename)) 
return null;
}

因此,为了解决这个问题,我只是将源的节点名称(位于/live_nodes部分)添加到目标Zookeeper中,并且复制开始使用security.json双方强制执行。< / p>