[
https://issues.apache.org/jira/browse/SOLR-16207?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiaotian Qin updated SOLR-16207:
--------------------------------
Description:
We encounter exception in container for solr version 9. We used self-signed
certs to enable SSL following:
s3.console.aws.amazon.com/s3/object/wish-relevance-us-west-2?region=us-west-2&prefix=tahoe_output%2Fsearch_index_tahoe%2Ftahoe_search_intermediate_index_20211209%2Fbatch_id%3D0%2F000017_0&tab=permissions
Looks like the java validator is trying to validate the certs and complain the
unknown source? How can we fix this?
Env we specified in container as environment. We verified that the file path
contains our p12 certs file.
{\{{}}
{{ "name": "SOLR_SSL_ENABLED",}}
{{ "value": "true"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_KEY_STORE",}}
{{ "value": "/ssl/solr-ssl.keystore.p12"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_KEY_STORE_PASSWORD",}}
{{ "value": "secret"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_KEY_STORE_TYPE",}}
{{ "value": "pkcs12"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_CLIENT_KEY_STORE",}}
{{ "value": "/ssl/solr-ssl.keystore.p12"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_CLIENT_KEY_STORE_PASSWORD",}}
{{ "value": "secret"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_CLIENT_KEY_STORE_TYPE",}}
{{ "value": "pkcs12"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_TRUST_STORE",}}
{{ "value": "/ssl/solr-ssl.keystore.p12"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_TRUST_STORE_PASSWORD",}}
{{ "value": "secret"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_TRUST_STORE_TYPE",}}
{{ "value": "pkcs12"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_CLIENT_TRUST_STORE",}}
{{ "value": "/ssl/solr-ssl.keystore.p12"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD",}}
{{ "value": "secret"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_CLIENT_TRUST_STORE_TYPE",}}
{{ "value": "pkcs12"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_NEED_CLIENT_AUTH",}}
{{ "value": "false"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_WANT_CLIENT_AUTH",}}
{{ "value": "true"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_CHECK_PEER_NAME",}}
{{ "value": "true"}}
{{ }}}
Stack trace in solr container
{quote}Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
~[?:?]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source) ~[?:?]
at java.security.cert.CertPathBuilder.build(Unknown Source) ~[?:?]
at sun.security.validator.PKIXValidator.doBuild(Unknown Source) ~[?:?]
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
~[?:?]
at sun.security.validator.Validator.validate(Unknown Source) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
~[?:?]
at
sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown
Source) ~[?:?]
at
sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown
Source) ~[?:?]
at
sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown
Source) ~[?:?]
at sun.security.ssl.SSLHandshake.consume(Unknown Source) ~[?:?]
at sun.security.ssl.HandshakeContext.dispatch(Unknown Source) ~[?:?]
at sun.security.ssl.HandshakeContext.dispatch(Unknown Source) ~[?:?]
at sun.security.ssl.TransportContext.dispatch(Unknown Source) ~[?:?]
at sun.security.ssl.SSLTransport.decode(Unknown Source) ~[?:?]
at sun.security.ssl.SSLSocketImpl.decode(Unknown Source) ~[?:?]
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source) ~[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:?]
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
~[httpclient-4.5.13.jar:4.5.13]
{quote}
Solr process in container, looks like above environments being passed as
JAVA_OPTS
{quote}solr 9 8.3 61.3 51036372 44091148 ? Sl 22:40 0:58
/opt/java/openjdk/bin/java -server -Xms41308M -Xmx41308M -XX:+UseG1GC
-XX:+PerfDisableSharedMem -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=250
-XX:+UseLargePages -XX:+AlwaysPreTouch -XX:+ExplicitGCInvokesConcurrent
-Xlog:gc*:file=/data-podcast-solr-cloud-store/logs/solr_gc.log:time,uptime:filecount=9,filesize=20M
-Dsolr.jetty.inetaccess.includes= -Dsolr.jetty.inetaccess.excludes=
-DzkClientTimeout=30000
-DzkHost=podcast-zk-ensemble-0.zk-service.data-podcast-zookeeper.svc.cluster.local:2181,podcast-zk-ensemble-1.zk-service.data-podcast-zookeeper.svc.cluster.local:2181,podcast-zk-ensemble-2.zk-service.data-podcast-zookeeper.svc.cluster.local:2181/data-podcast-solr-cloud-data-podcast
-Dsolr.log.dir=/data-podcast-solr-cloud-store/logs -Djetty.port=8983
-DSTOP.PORT=7983 -DSTOP.KEY=solrrocks
-Dhost=data-podcast-0.data-podcast-solr-cloud.data-podcast-solr-cloud-dev.query.us-west-1a.consul
-Duser.timezone=UTC -XX:-OmitStackTraceInFastThrow
-XX:OnOutOfMemoryError=/opt/solr/bin/oom_solr.sh 8983
/data-podcast-solr-cloud-store/logs -Djetty.home=/opt/solr/server
-Dsolr.solr.home=/data-podcast-solr-cloud-store/data -Dsolr.data.home=
-Dsolr.install.dir=/opt/solr
-Dsolr.default.confdir=/opt/solr/server/solr/configsets/_default/conf
-Dlog4j.configurationFile=/var/solr/log4j2.xml
-Dsolr.sharedLib=/data-podcast-solr-cloud-store/data/lib
-Dsolr.environment=dev,label=Dev+PlayAround,color=green
-DzkACLProvider=org.apache.solr.common.cloud.VMParamsAllAndReadonlyDigestZkACLProvider
-DzkCredentialsProvider=org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider
-DzkDigestUsername=username -DzkDigestPassword=123 -Dsolr.jetty.host=0.0.0.0
-Xss256k *-Dsolr.jetty.keystore=/ssl/solr-ssl.keystore.p12
-Dsolr.jetty.keystore.type=pkcs12
-Dsolr.jetty.truststore=/ssl/solr-ssl.keystore.p12
-Dsolr.jetty.truststore.type=pkcs12 -Dsolr.jetty.ssl.verifyClientHostName=HTTPS
-Dsolr.jetty.ssl.needClientAuth=false -Dsolr.jetty.ssl.wantClientAuth=true
-Djavax.net.ssl.keyStore=/ssl/solr-ssl.keystore.p12
-Djavax.net.ssl.keyStoreType=pkcs12 -Dsolr.ssl.checkPeerName=true
-Djavax.net.ssl.trustStore=/ssl/solr-ssl.keystore.p12
-Djavax.net.ssl.trustStoreType=pkcs12* -Dsolr.jetty.https.port=8983
-Djava.security.manager
-Djava.security.policy=/opt/solr/server/etc/security.policy
-Djava.security.properties=/opt/solr/server/etc/security.properties
-Dsolr.internal.network.permission=* -DdisableAdminUI=false -jar start.jar
--module=https --lib=/opt/solr/server/solr-webapp/webapp/WEB-INF/lib/*
--module=requestlog --module=gzip
{quote}
Java version in container:
$ java --version
openjdk 17.0.3 2022-04-19
OpenJDK Runtime Environment Temurin-17.0.3+7 (build 17.0.3+7)
OpenJDK 64-Bit Server VM Temurin-17.0.3+7 (build 17.0.3+7, mixed mode, sharing)
was:
We encounter exception in container for solr version 9. We used self-signed
certs to enable SSL following:
[s3.console.aws.amazon.com/s3/object/wish-relevance-us-west-2?region=us-west-2&prefix=tahoe_output%2Fsearch_index_tahoe%2Ftahoe_search_intermediate_index_20211209%2Fbatch_id%3D0%2F000017_0&tab=permissions|http://example.com/]
Looks like the java validator is trying to validate the certs and complain the
unknown source? How can we fix this?
Env we specified in container as environment. We verified that the file path
contains our p12 certs file.
{\{{}}
{{ "name": "SOLR_SSL_ENABLED",}}
{{ "value": "true"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_KEY_STORE",}}
{{ "value": "/ssl/solr-ssl.keystore.p12"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_KEY_STORE_PASSWORD",}}
{{ "value": "secret"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_KEY_STORE_TYPE",}}
{{ "value": "pkcs12"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_CLIENT_KEY_STORE",}}
{{ "value": "/ssl/solr-ssl.keystore.p12"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_CLIENT_KEY_STORE_PASSWORD",}}
{{ "value": "secret"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_CLIENT_KEY_STORE_TYPE",}}
{{ "value": "pkcs12"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_TRUST_STORE",}}
{{ "value": "/ssl/solr-ssl.keystore.p12"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_TRUST_STORE_PASSWORD",}}
{{ "value": "secret"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_TRUST_STORE_TYPE",}}
{{ "value": "pkcs12"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_CLIENT_TRUST_STORE",}}
{{ "value": "/ssl/solr-ssl.keystore.p12"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD",}}
{{ "value": "secret"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_CLIENT_TRUST_STORE_TYPE",}}
{{ "value": "pkcs12"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_NEED_CLIENT_AUTH",}}
{{ "value": "false"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_WANT_CLIENT_AUTH",}}
{{ "value": "true"}}
{{ },}}
{{ {}}
{{ "name": "SOLR_SSL_CHECK_PEER_NAME",}}
{{ "value": "true"}}
{{ }}}
Stack trace in solr container
{quote}Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
~[?:?]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source) ~[?:?]
at java.security.cert.CertPathBuilder.build(Unknown Source) ~[?:?]
at sun.security.validator.PKIXValidator.doBuild(Unknown Source) ~[?:?]
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
~[?:?]
at sun.security.validator.Validator.validate(Unknown Source) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
~[?:?]
at
sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown
Source) ~[?:?]
at
sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown
Source) ~[?:?]
at
sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown
Source) ~[?:?]
at sun.security.ssl.SSLHandshake.consume(Unknown Source) ~[?:?]
at sun.security.ssl.HandshakeContext.dispatch(Unknown Source) ~[?:?]
at sun.security.ssl.HandshakeContext.dispatch(Unknown Source) ~[?:?]
at sun.security.ssl.TransportContext.dispatch(Unknown Source) ~[?:?]
at sun.security.ssl.SSLTransport.decode(Unknown Source) ~[?:?]
at sun.security.ssl.SSLSocketImpl.decode(Unknown Source) ~[?:?]
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source) ~[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:?]
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
~[httpclient-4.5.13.jar:4.5.13]
{quote}
Solr process in container, looks like above environments being passed as
JAVA_OPTS
{quote}solr 9 8.3 61.3 51036372 44091148 ? Sl 22:40 0:58
/opt/java/openjdk/bin/java -server -Xms41308M -Xmx41308M -XX:+UseG1GC
-XX:+PerfDisableSharedMem -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=250
-XX:+UseLargePages -XX:+AlwaysPreTouch -XX:+ExplicitGCInvokesConcurrent
-Xlog:gc*:file=/data-podcast-solr-cloud-store/logs/solr_gc.log:time,uptime:filecount=9,filesize=20M
-Dsolr.jetty.inetaccess.includes= -Dsolr.jetty.inetaccess.excludes=
-DzkClientTimeout=30000
-DzkHost=podcast-zk-ensemble-0.zk-service.data-podcast-zookeeper.svc.cluster.local:2181,podcast-zk-ensemble-1.zk-service.data-podcast-zookeeper.svc.cluster.local:2181,podcast-zk-ensemble-2.zk-service.data-podcast-zookeeper.svc.cluster.local:2181/data-podcast-solr-cloud-data-podcast
-Dsolr.log.dir=/data-podcast-solr-cloud-store/logs -Djetty.port=8983
-DSTOP.PORT=7983 -DSTOP.KEY=solrrocks
-Dhost=data-podcast-0.data-podcast-solr-cloud.data-podcast-solr-cloud-dev.query.us-west-1a.consul
-Duser.timezone=UTC -XX:-OmitStackTraceInFastThrow
-XX:OnOutOfMemoryError=/opt/solr/bin/oom_solr.sh 8983
/data-podcast-solr-cloud-store/logs -Djetty.home=/opt/solr/server
-Dsolr.solr.home=/data-podcast-solr-cloud-store/data -Dsolr.data.home=
-Dsolr.install.dir=/opt/solr
-Dsolr.default.confdir=/opt/solr/server/solr/configsets/_default/conf
-Dlog4j.configurationFile=/var/solr/log4j2.xml
-Dsolr.sharedLib=/data-podcast-solr-cloud-store/data/lib
-Dsolr.environment=dev,label=Dev+PlayAround,color=green
-DzkACLProvider=org.apache.solr.common.cloud.VMParamsAllAndReadonlyDigestZkACLProvider
-DzkCredentialsProvider=org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider
-DzkDigestUsername=username -DzkDigestPassword=123 -Dsolr.jetty.host=0.0.0.0
-Xss256k *-Dsolr.jetty.keystore=/ssl/solr-ssl.keystore.p12
-Dsolr.jetty.keystore.type=pkcs12
-Dsolr.jetty.truststore=/ssl/solr-ssl.keystore.p12
-Dsolr.jetty.truststore.type=pkcs12 -Dsolr.jetty.ssl.verifyClientHostName=HTTPS
-Dsolr.jetty.ssl.needClientAuth=false -Dsolr.jetty.ssl.wantClientAuth=true
-Djavax.net.ssl.keyStore=/ssl/solr-ssl.keystore.p12
-Djavax.net.ssl.keyStoreType=pkcs12 -Dsolr.ssl.checkPeerName=true
-Djavax.net.ssl.trustStore=/ssl/solr-ssl.keystore.p12
-Djavax.net.ssl.trustStoreType=pkcs12* -Dsolr.jetty.https.port=8983
-Djava.security.manager
-Djava.security.policy=/opt/solr/server/etc/security.policy
-Djava.security.properties=/opt/solr/server/etc/security.properties
-Dsolr.internal.network.permission=* -DdisableAdminUI=false -jar start.jar
--module=https --lib=/opt/solr/server/solr-webapp/webapp/WEB-INF/lib/*
--module=requestlog --module=gzip
{quote}
Java version in container:
$ java --version
openjdk 17.0.3 2022-04-19
OpenJDK Runtime Environment Temurin-17.0.3+7 (build 17.0.3+7)
OpenJDK 64-Bit Server VM Temurin-17.0.3+7 (build 17.0.3+7, mixed mode, sharing)
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> -----------------------------------------------------------------------------------------------------------------------
>
> Key: SOLR-16207
> URL: https://issues.apache.org/jira/browse/SOLR-16207
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Xiaotian Qin
> Priority: Major
>
> We encounter exception in container for solr version 9. We used self-signed
> certs to enable SSL following:
> s3.console.aws.amazon.com/s3/object/wish-relevance-us-west-2?region=us-west-2&prefix=tahoe_output%2Fsearch_index_tahoe%2Ftahoe_search_intermediate_index_20211209%2Fbatch_id%3D0%2F000017_0&tab=permissions
> Looks like the java validator is trying to validate the certs and complain
> the unknown source? How can we fix this?
>
> Env we specified in container as environment. We verified that the file path
> contains our p12 certs file.
>
> {\{{}}
> {{ "name": "SOLR_SSL_ENABLED",}}
> {{ "value": "true"}}
> {{ },}}
> {{ {}}
> {{ "name": "SOLR_SSL_KEY_STORE",}}
> {{ "value": "/ssl/solr-ssl.keystore.p12"}}
> {{ },}}
> {{ {}}
> {{ "name": "SOLR_SSL_KEY_STORE_PASSWORD",}}
> {{ "value": "secret"}}
> {{ },}}
> {{ {}}
> {{ "name": "SOLR_SSL_KEY_STORE_TYPE",}}
> {{ "value": "pkcs12"}}
> {{ },}}
> {{ {}}
> {{ "name": "SOLR_SSL_CLIENT_KEY_STORE",}}
> {{ "value": "/ssl/solr-ssl.keystore.p12"}}
> {{ },}}
> {{ {}}
> {{ "name": "SOLR_SSL_CLIENT_KEY_STORE_PASSWORD",}}
> {{ "value": "secret"}}
> {{ },}}
> {{ {}}
> {{ "name": "SOLR_SSL_CLIENT_KEY_STORE_TYPE",}}
> {{ "value": "pkcs12"}}
> {{ },}}
> {{ {}}
> {{ "name": "SOLR_SSL_TRUST_STORE",}}
> {{ "value": "/ssl/solr-ssl.keystore.p12"}}
> {{ },}}
> {{ {}}
> {{ "name": "SOLR_SSL_TRUST_STORE_PASSWORD",}}
> {{ "value": "secret"}}
> {{ },}}
> {{ {}}
> {{ "name": "SOLR_SSL_TRUST_STORE_TYPE",}}
> {{ "value": "pkcs12"}}
> {{ },}}
> {{ {}}
> {{ "name": "SOLR_SSL_CLIENT_TRUST_STORE",}}
> {{ "value": "/ssl/solr-ssl.keystore.p12"}}
> {{ },}}
> {{ {}}
> {{ "name": "SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD",}}
> {{ "value": "secret"}}
> {{ },}}
> {{ {}}
> {{ "name": "SOLR_SSL_CLIENT_TRUST_STORE_TYPE",}}
> {{ "value": "pkcs12"}}
> {{ },}}
> {{ {}}
> {{ "name": "SOLR_SSL_NEED_CLIENT_AUTH",}}
> {{ "value": "false"}}
> {{ },}}
> {{ {}}
> {{ "name": "SOLR_SSL_WANT_CLIENT_AUTH",}}
> {{ "value": "true"}}
> {{ },}}
> {{ {}}
> {{ "name": "SOLR_SSL_CHECK_PEER_NAME",}}
> {{ "value": "true"}}
> {{ }}}
>
> Stack trace in solr container
> {quote}Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown
> Source) ~[?:?]
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> Source) ~[?:?]
> at java.security.cert.CertPathBuilder.build(Unknown Source) ~[?:?]
> at sun.security.validator.PKIXValidator.doBuild(Unknown Source) ~[?:?]
> at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> ~[?:?]
> at sun.security.validator.Validator.validate(Unknown Source) ~[?:?]
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
> ~[?:?]
> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source) ~[?:?]
> at
> sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown
> Source) ~[?:?]
> at
> sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown
> Source) ~[?:?]
> at
> sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown
> Source) ~[?:?]
> at sun.security.ssl.SSLHandshake.consume(Unknown Source) ~[?:?]
> at sun.security.ssl.HandshakeContext.dispatch(Unknown Source) ~[?:?]
> at sun.security.ssl.HandshakeContext.dispatch(Unknown Source) ~[?:?]
> at sun.security.ssl.TransportContext.dispatch(Unknown Source) ~[?:?]
> at sun.security.ssl.SSLTransport.decode(Unknown Source) ~[?:?]
> at sun.security.ssl.SSLSocketImpl.decode(Unknown Source) ~[?:?]
> at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
> ~[?:?]
> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:?]
> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:?]
> at
> org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
> ~[httpclient-4.5.13.jar:4.5.13]
> {quote}
> Solr process in container, looks like above environments being passed as
> JAVA_OPTS
> {quote}solr 9 8.3 61.3 51036372 44091148 ? Sl 22:40 0:58
> /opt/java/openjdk/bin/java -server -Xms41308M -Xmx41308M -XX:+UseG1GC
> -XX:+PerfDisableSharedMem -XX:+ParallelRefProcEnabled
> -XX:MaxGCPauseMillis=250 -XX:+UseLargePages -XX:+AlwaysPreTouch
> -XX:+ExplicitGCInvokesConcurrent
> -Xlog:gc*:file=/data-podcast-solr-cloud-store/logs/solr_gc.log:time,uptime:filecount=9,filesize=20M
> -Dsolr.jetty.inetaccess.includes= -Dsolr.jetty.inetaccess.excludes=
> -DzkClientTimeout=30000
> -DzkHost=podcast-zk-ensemble-0.zk-service.data-podcast-zookeeper.svc.cluster.local:2181,podcast-zk-ensemble-1.zk-service.data-podcast-zookeeper.svc.cluster.local:2181,podcast-zk-ensemble-2.zk-service.data-podcast-zookeeper.svc.cluster.local:2181/data-podcast-solr-cloud-data-podcast
> -Dsolr.log.dir=/data-podcast-solr-cloud-store/logs -Djetty.port=8983
> -DSTOP.PORT=7983 -DSTOP.KEY=solrrocks
> -Dhost=data-podcast-0.data-podcast-solr-cloud.data-podcast-solr-cloud-dev.query.us-west-1a.consul
> -Duser.timezone=UTC -XX:-OmitStackTraceInFastThrow
> -XX:OnOutOfMemoryError=/opt/solr/bin/oom_solr.sh 8983
> /data-podcast-solr-cloud-store/logs -Djetty.home=/opt/solr/server
> -Dsolr.solr.home=/data-podcast-solr-cloud-store/data -Dsolr.data.home=
> -Dsolr.install.dir=/opt/solr
> -Dsolr.default.confdir=/opt/solr/server/solr/configsets/_default/conf
> -Dlog4j.configurationFile=/var/solr/log4j2.xml
> -Dsolr.sharedLib=/data-podcast-solr-cloud-store/data/lib
> -Dsolr.environment=dev,label=Dev+PlayAround,color=green
> -DzkACLProvider=org.apache.solr.common.cloud.VMParamsAllAndReadonlyDigestZkACLProvider
>
> -DzkCredentialsProvider=org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider
> -DzkDigestUsername=username -DzkDigestPassword=123 -Dsolr.jetty.host=0.0.0.0
> -Xss256k *-Dsolr.jetty.keystore=/ssl/solr-ssl.keystore.p12
> -Dsolr.jetty.keystore.type=pkcs12
> -Dsolr.jetty.truststore=/ssl/solr-ssl.keystore.p12
> -Dsolr.jetty.truststore.type=pkcs12
> -Dsolr.jetty.ssl.verifyClientHostName=HTTPS
> -Dsolr.jetty.ssl.needClientAuth=false -Dsolr.jetty.ssl.wantClientAuth=true
> -Djavax.net.ssl.keyStore=/ssl/solr-ssl.keystore.p12
> -Djavax.net.ssl.keyStoreType=pkcs12 -Dsolr.ssl.checkPeerName=true
> -Djavax.net.ssl.trustStore=/ssl/solr-ssl.keystore.p12
> -Djavax.net.ssl.trustStoreType=pkcs12* -Dsolr.jetty.https.port=8983
> -Djava.security.manager
> -Djava.security.policy=/opt/solr/server/etc/security.policy
> -Djava.security.properties=/opt/solr/server/etc/security.properties
> -Dsolr.internal.network.permission=* -DdisableAdminUI=false -jar start.jar
> --module=https --lib=/opt/solr/server/solr-webapp/webapp/WEB-INF/lib/*
> --module=requestlog --module=gzip
> {quote}
>
>
> Java version in container:
> $ java --version
> openjdk 17.0.3 2022-04-19
> OpenJDK Runtime Environment Temurin-17.0.3+7 (build 17.0.3+7)
> OpenJDK 64-Bit Server VM Temurin-17.0.3+7 (build 17.0.3+7, mixed mode,
> sharing)
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
