[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK

Thu, 17 Dec 2015 08:20:13 -0800 

    [ 
https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15062257#comment-15062257
 ] 

Mike Drob commented on SOLR-8415:
---------------------------------

Thanks Mark! That page looks reasonable.

Proposed text, to go after "Example Usages":
{panel}
h3. Swapping ACL Schemes
Over the lifetime of operating your Solr cluster, you may decide to move from a 
unsecured ZK to a secured instance. Changing the configured {{zkACLProvider}} 
in {{solr.xml}} will ensure that newly created nodes are secure, but will not 
protect the already existing data. To modify all existing ACLs, you can use 
{{ZkCLI -cmd resetacl}}.

To change the ACLs this way, you must specify the following VM properties: 
{{-DzkACLProvider=... -DzkCredentialsProvider=...}}.
* The Credential Provider must be one that has admin privileges on the nodes. 
If starting with an unsecure configuration, this may be omitted.
* The ACL Provider will be used to compute the new ACLs. When creating an 
unsecure configuration, this may be omitted.
* To swap from one secure setup to a new secure setup, such as when changing 
the password, it ma be necessary to use an unsecure intermediate step.
{panel}

> Provide command to switch between non/secure mode in ZK
> -------------------------------------------------------
>
>                 Key: SOLR-8415
>                 URL: https://issues.apache.org/jira/browse/SOLR-8415
>             Project: Solr
>          Issue Type: Improvement
>          Components: security, SolrCloud
>            Reporter: Mike Drob
>             Fix For: Trunk
>
>         Attachments: SOLR-8415.patch, SOLR-8415.patch
>
>
> We have the ability to run both with and without zk acls, but we don't have a 
> great way to switch between the two modes. Most common use case, I imagine, 
> would be upgrading from an old version that did not support this to a new 
> version that does, and wanting to protect all of the existing content in ZK, 
> but it is conceivable that a user might want to remove ACLs as well.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to