[jira] [Commented] (SOLR-12584) Add basic auth credentials configuration to the Solr exporter for Prometheus/Grafana
[
https://issues.apache.org/jira/browse/SOLR-12584?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16826544#comment-16826544
]
Dwane Hall commented on SOLR-12584:
---
Nice work [~sbillet]!
I can confirm this as working in Solr Cloud 7.6 as well. Nice pickup this has
made cluster monitoring somewhat challenging for us so this is a very welcome
discovery!
There looks to be some slight config changes required to the
solr-exporter-config.xml from the defaults but authentication is definitely
working :)
ERROR - 2019-04-26 09:48:23.921;
org.apache.solr.prometheus.scraper.SolrScraper;
net.thisptr.jackson.jq.exception.JsonQueryException: null cannot be parsed as a
number (.cluster.collections | to_entries | .[] | . as $object | $object.key as
$collection | $object.value.pullReplicas | tonumber as $value | \{("name"):
"solr_collections_pull_replicas",("type"): "GAUGE",("help"): "See following
URL:
https://lucene.apache.org/solr/guide/collections-api.html#clusterstatus";,("label_names"):
["collection"],("label_values"): [$collection],("value"): $value})
> Add basic auth credentials configuration to the Solr exporter for
> Prometheus/Grafana
> --
>
> Key: SOLR-12584
> URL: https://issues.apache.org/jira/browse/SOLR-12584
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Authentication, metrics, security
>Affects Versions: 7.3, 7.4
>Reporter: Dwane Hall
>Priority: Minor
> Labels: authentication, metrics, security
> Attachments: lucene-solr.patch
>
>
> The Solr exporter for Prometheus/Grafana provides a useful visual layer over
> the solr metrics api for monitoring the state of a Solr cluster. Currently
> this can not be configured and used on a secure Solr cluster with the Basic
> Authentication plugin enabled. The exporter does not provide a mechanism to
> configure/pass through basic auth credentials when SolrJ requests information
> from the metrics api endpoints and would be a useful addition for Solr users
> running a secure Solr instance.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-12860) MetricsHistoryHandler does not work with BasicAuth
[
https://issues.apache.org/jira/browse/SOLR-12860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16769758#comment-16769758
]
Dwane Hall commented on SOLR-12860:
---
There's possibly some crossover with
https://issues.apache.org/jira/browse/SOLR-12584 which has a similar problem
when using the BasicAuthPlugin.
> MetricsHistoryHandler does not work with BasicAuth
> --
>
> Key: SOLR-12860
> URL: https://issues.apache.org/jira/browse/SOLR-12860
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
>Reporter: Varun Thacker
>Priority: Major
>
> I setup a 2 node cluster ( bin/solr start -e cloud -noprompt ) and then
> uploaded the default security.json from
> [http://lucene.apache.org/solr/guide/7_5/basic-authentication-plugin.html] .
>
> I'm seeing errors like these in the logs which would indicate that the
> metrics history handler would not work with basic auth enabled?
> {code:java}
> 2018-10-12 22:06:43.496 WARN (MetricsHistoryHandler-12-thread-1) [ ]
> o.a.s.c.s.i.SolrClientNodeStateProvider could not get tags from node
> 192.168.0.8:7574_solr
> org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error
> from server at http://192.168.0.8:7574/solr: Expected mime type
> application/octet-stream but got text/html.
>
>
> Error 401 require authentication
>
> HTTP ERROR 401
> Problem accessing /solr/admin/metrics. Reason:
> require authentication
>
>
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:607)
> ~[solr-solrj-7.5.0.jar:7.5.0 b5bf70b7e32d7ddd9742cc821d471c5fabd4e3df -
> jimczi - 2018-09-18 13:07:58]
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:255)
> ~[solr-solrj-7.5.0.jar:7.5.0 b5bf70b7e32d7ddd9742cc821d471c5fabd4e3df -
> jimczi - 2018-09-18 13:07:58]
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:244)
> ~[solr-solrj-7.5.0.jar:7.5.0 b5bf70b7e32d7ddd9742cc821d471c5fabd4e3df -
> jimczi - 2018-09-18 13:07:58]
> at org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1219)
> ~[solr-solrj-7.5.0.jar:7.5.0 b5bf70b7e32d7ddd9742cc821d471c5fabd4e3df -
> jimczi - 2018-09-18 13:07:58]
> at
> org.apache.solr.client.solrj.impl.SolrClientNodeStateProvider$ClientSnitchCtx.invoke(SolrClientNodeStateProvider.java:342)
> ~[solr-solrj-7.5.0.jar:7.5.0 b5bf70b7e32d7ddd9742cc821d471c5fabd4e3df -
> jimczi - 2018-09-18 13:07:58]
> at
> org.apache.solr.client.solrj.impl.SolrClientNodeStateProvider.fetchReplicaMetrics(SolrClientNodeStateProvider.java:195)
> ~[solr-solrj-7.5.0.jar:7.5.0 b5bf70b7e32d7ddd9742cc821d471c5fabd4e3df -
> jimczi - 2018-09-18 13:07:58]
> at
> org.apache.solr.client.solrj.impl.SolrClientNodeStateProvider$AutoScalingSnitch.getRemoteInfo(SolrClientNodeStateProvider.java:241)
> ~[solr-solrj-7.5.0.jar:7.5.0 b5bf70b7e32d7ddd9742cc821d471c5fabd4e3df -
> jimczi - 2018-09-18 13:07:58]
> at
> org.apache.solr.common.cloud.rule.ImplicitSnitch.getTags(ImplicitSnitch.java:76)
> ~[solr-solrj-7.5.0.jar:7.5.0 b5bf70b7e32d7ddd9742cc821d471c5fabd4e3df -
> jimczi - 2018-09-18 13:07:58]
> at
> org.apache.solr.client.solrj.impl.SolrClientNodeStateProvider.fetchTagValues(SolrClientNodeStateProvider.java:139)
> ~[solr-solrj-7.5.0.jar:7.5.0 b5bf70b7e32d7ddd9742cc821d471c5fabd4e3df -
> jimczi - 2018-09-18 13:07:58]
> at
> org.apache.solr.client.solrj.impl.SolrClientNodeStateProvider.getNodeValues(SolrClientNodeStateProvider.java:128)
> ~[solr-solrj-7.5.0.jar:7.5.0 b5bf70b7e32d7ddd9742cc821d471c5fabd4e3df -
> jimczi - 2018-09-18 13:07:58]
> at
> org.apache.solr.handler.admin.MetricsHistoryHandler.collectGlobalMetrics(MetricsHistoryHandler.java:498)
> ~[solr-core-7.5.0.jar:7.5.0 b5bf70b7e32d7ddd9742cc821d471c5fabd4e3df -
> jimczi - 2018-09-18 13:07:55]
> at
> org.apache.solr.handler.admin.MetricsHistoryHandler.collectMetrics(MetricsHistoryHandler.java:371)
> ~[solr-core-7.5.0.jar:7.5.0 b5bf70b7e32d7ddd9742cc821d471c5fabd4e3df -
> jimczi - 2018-09-18 13:07:55]
> at
> org.apache.solr.handler.admin.MetricsHistoryHandler.lambda$new$0(MetricsHistoryHandler.java:231)
> ~[solr-core-7.5.0.jar:7.5.0 b5bf70b7e32d7ddd9742cc821d471c5fabd4e3df -
> jimczi - 2018-09-18 13:07:55]
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> [?:1.8.0_112]
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
> [?:1.8.0_112]
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
> [?:1.8.0_112]
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
>
[jira] [Commented] (SOLR-12583) Add basic authentication option for [subquery] document transformer
[ https://issues.apache.org/jira/browse/SOLR-12583?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16562466#comment-16562466 ] Dwane Hall commented on SOLR-12583: --- Thanks Jan a generic approach to passing the original security configuration details to the [subquery] request would definitely be the ideal outcome. > Add basic authentication option for [subquery] document transformer > --- > > Key: SOLR-12583 > URL: https://issues.apache.org/jira/browse/SOLR-12583 > Project: Solr > Issue Type: New Feature > Security Level: Public(Default Security Level. Issues are Public) > Components: Authentication, security >Affects Versions: 7.4 >Reporter: Dwane Hall >Priority: Minor > Labels: authentication, security > Attachments: jira_subquery_email.txt > > > Add the ability to use a document transformer [subquery] on a multi-node > SolrCloud cluster with the basic authentication plugin enabled > ([https://lucene.apache.org/solr/guide/7_4/transforming-result-documents.html]). > Currently the subquery request will return an > org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException Error > 401 require authentication as the [subquery] request is not made using the > logged in users basic authentication credentials. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-12583) Add basic authentication option for [subquery] document transformer
[ https://issues.apache.org/jira/browse/SOLR-12583?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dwane Hall updated SOLR-12583: -- Description: Add the ability to use a document transformer [subquery] on a multi-node SolrCloud cluster with the basic authentication plugin enabled ([https://lucene.apache.org/solr/guide/7_4/transforming-result-documents.html]). Currently the subquery request will return an org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException Error 401 require authentication as the [subquery] request is not made using the logged in users basic authentication credentials. (was: Add add the ability to use a document transformer [subquery] on a multi-node SolrCloud cluster with the basic authentication plugin enabled (https://lucene.apache.org/solr/guide/7_4/transforming-result-documents.html). Currently the subquery request will return an org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException Error 401 require authentication as the [subquery] request is not made using the logged in users basic authentication credentials.) > Add basic authentication option for [subquery] document transformer > --- > > Key: SOLR-12583 > URL: https://issues.apache.org/jira/browse/SOLR-12583 > Project: Solr > Issue Type: New Feature > Security Level: Public(Default Security Level. Issues are Public) > Components: Authentication, security >Affects Versions: 7.4 >Reporter: Dwane Hall >Priority: Minor > Labels: authentication, security > Attachments: jira_subquery_email.txt > > > Add the ability to use a document transformer [subquery] on a multi-node > SolrCloud cluster with the basic authentication plugin enabled > ([https://lucene.apache.org/solr/guide/7_4/transforming-result-documents.html]). > Currently the subquery request will return an > org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException Error > 401 require authentication as the [subquery] request is not made using the > logged in users basic authentication credentials. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-12584) Add basic auth credentials configuration to the Solr exporter for Prometheus/Grafana
[ https://issues.apache.org/jira/browse/SOLR-12584?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dwane Hall updated SOLR-12584: -- Description: The Solr exporter for Prometheus/Grafana provides a useful visual layer over the solr metrics api for monitoring the state of a Solr cluster. Currently this can not be configured and used on a secure Solr cluster with the Basic Authentication plugin enabled. The exporter does not provide a mechanism to configure/pass through basic auth credentials when SolrJ requests information from the metrics api endpoints and would be a useful addition for Solr users running a secure Solr instance. (was: The Solr exporter for Prometheus/Grafana provides a useful visual layer over the solr metrics api for monitoring the state of a Solr cluster. Currently this can not be configured and used on a secure Solr cluster with the Basic Authentication plugin enabled. The exporter does not provide a mechanism to configure/pass through basic auth credentials when SolrJ requests information from the metrics api endpoints. ) > Add basic auth credentials configuration to the Solr exporter for > Prometheus/Grafana > -- > > Key: SOLR-12584 > URL: https://issues.apache.org/jira/browse/SOLR-12584 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Components: Authentication, metrics, security >Affects Versions: 7.3, 7.4 >Reporter: Dwane Hall >Priority: Minor > Labels: authentication, metrics, security > > The Solr exporter for Prometheus/Grafana provides a useful visual layer over > the solr metrics api for monitoring the state of a Solr cluster. Currently > this can not be configured and used on a secure Solr cluster with the Basic > Authentication plugin enabled. The exporter does not provide a mechanism to > configure/pass through basic auth credentials when SolrJ requests information > from the metrics api endpoints and would be a useful addition for Solr users > running a secure Solr instance. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Created] (SOLR-12584) Add basic auth credentials configuration to the Solr exporter for Prometheus/Grafana
Dwane Hall created SOLR-12584: - Summary: Add basic auth credentials configuration to the Solr exporter for Prometheus/Grafana Key: SOLR-12584 URL: https://issues.apache.org/jira/browse/SOLR-12584 Project: Solr Issue Type: Improvement Security Level: Public (Default Security Level. Issues are Public) Components: Authentication, metrics, security Affects Versions: 7.4, 7.3 Reporter: Dwane Hall The Solr exporter for Prometheus/Grafana provides a useful visual layer over the solr metrics api for monitoring the state of a Solr cluster. Currently this can not be configured and used on a secure Solr cluster with the Basic Authentication plugin enabled. The exporter does not provide a mechanism to configure/pass through basic auth credentials when SolrJ requests information from the metrics api endpoints. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Created] (SOLR-12583) Add basic authentication option for [subquery] document transformer
Dwane Hall created SOLR-12583: - Summary: Add basic authentication option for [subquery] document transformer Key: SOLR-12583 URL: https://issues.apache.org/jira/browse/SOLR-12583 Project: Solr Issue Type: New Feature Security Level: Public (Default Security Level. Issues are Public) Components: Authentication, security Affects Versions: 7.4 Reporter: Dwane Hall Attachments: jira_subquery_email.txt Add add the ability to use a document transformer [subquery] on a multi-node SolrCloud cluster with the basic authentication plugin enabled (https://lucene.apache.org/solr/guide/7_4/transforming-result-documents.html). Currently the subquery request will return an org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException Error 401 require authentication as the [subquery] request is not made using the logged in users basic authentication credentials. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
