[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[ https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15134393#comment-15134393 ] Mike Drob commented on SOLR-8415: - +1 > Provide command to switch between non/secure mode in ZK > --- > > Key: SOLR-8415 > URL: https://issues.apache.org/jira/browse/SOLR-8415 > Project: Solr > Issue Type: Improvement > Components: security, SolrCloud >Reporter: Mike Drob >Assignee: Gregory Chanan > Fix For: 5.5, Trunk > > Attachments: SOLR-8415.branch_5x.patch, SOLR-8415.branch_5x.patch, > SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, > SOLR-8415.patch, SOLR-8415.patch > > > We have the ability to run both with and without zk acls, but we don't have a > great way to switch between the two modes. Most common use case, I imagine, > would be upgrading from an old version that did not support this to a new > version that does, and wanting to protect all of the existing content in ZK, > but it is conceivable that a user might want to remove ACLs as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[ https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15121696#comment-15121696 ] Mike Drob commented on SOLR-8415: - What's the process for updating the Ref Guide? Should I open a new JIRA for that so my comments don't get lost? > Provide command to switch between non/secure mode in ZK > --- > > Key: SOLR-8415 > URL: https://issues.apache.org/jira/browse/SOLR-8415 > Project: Solr > Issue Type: Improvement > Components: security, SolrCloud >Reporter: Mike Drob >Assignee: Gregory Chanan > Fix For: 5.5, Trunk > > Attachments: SOLR-8415.branch_5x.patch, SOLR-8415.branch_5x.patch, > SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, > SOLR-8415.patch, SOLR-8415.patch > > > We have the ability to run both with and without zk acls, but we don't have a > great way to switch between the two modes. Most common use case, I imagine, > would be upgrading from an old version that did not support this to a new > version that does, and wanting to protect all of the existing content in ZK, > but it is conceivable that a user might want to remove ACLs as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[ https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15122397#comment-15122397 ] Cassandra Targett commented on SOLR-8415: - Please take a look at https://cwiki.apache.org/confluence/display/solr/ZooKeeper+Access+Control. I decided to make it a level-2 heading and put it in the section with the other config options, since I thought it would be easier to find there. > Provide command to switch between non/secure mode in ZK > --- > > Key: SOLR-8415 > URL: https://issues.apache.org/jira/browse/SOLR-8415 > Project: Solr > Issue Type: Improvement > Components: security, SolrCloud >Reporter: Mike Drob >Assignee: Gregory Chanan > Fix For: 5.5, Trunk > > Attachments: SOLR-8415.branch_5x.patch, SOLR-8415.branch_5x.patch, > SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, > SOLR-8415.patch, SOLR-8415.patch > > > We have the ability to run both with and without zk acls, but we don't have a > great way to switch between the two modes. Most common use case, I imagine, > would be upgrading from an old version that did not support this to a new > version that does, and wanting to protect all of the existing content in ZK, > but it is conceivable that a user might want to remove ACLs as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[
https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1514#comment-1514
]
Cassandra Targett commented on SOLR-8415:
-
Is the most recent snippet up-to-date? I haven't read the entire issue, but it
looks like the most recent snippet refers to {{resetacl}}, but then that was
changed?
If it's ready to go, I'll put it in the Ref Guide now to not forget. The other
approach would be to add the text as a comment to the page you want to add it
to and someone will pick those up (eventually, before 5.5 comes out).
> Provide command to switch between non/secure mode in ZK
> ---
>
> Key: SOLR-8415
> URL: https://issues.apache.org/jira/browse/SOLR-8415
> Project: Solr
> Issue Type: Improvement
> Components: security, SolrCloud
>Reporter: Mike Drob
>Assignee: Gregory Chanan
> Fix For: 5.5, Trunk
>
> Attachments: SOLR-8415.branch_5x.patch, SOLR-8415.branch_5x.patch,
> SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch,
> SOLR-8415.patch, SOLR-8415.patch
>
>
> We have the ability to run both with and without zk acls, but we don't have a
> great way to switch between the two modes. Most common use case, I imagine,
> would be upgrading from an old version that did not support this to a new
> version that does, and wanting to protect all of the existing content in ZK,
> but it is conceivable that a user might want to remove ACLs as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[
https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15122280#comment-15122280
]
Mike Drob commented on SOLR-8415:
-
Yes, that needs to be changed. Here's a fully updated section.
{panel}
h3. Changing ACL Schemes
Over the lifetime of operating your Solr cluster, you may decide to move from a
unsecured ZK to a secured instance. Changing the configured {{zkACLProvider}}
in {{solr.xml}} will ensure that newly created nodes are secure, but will not
protect the already existing data. To modify all existing ACLs, you can use
{{ZkCLI -cmd updateAcls /zk-path}}.
Changing ACLs in ZK should only be done while your SolrCloud cluster is
stopped. Attempting to do so while Solr is running may result in inconsistent
state and some nodes becoming inaccessible. To configure the new ACLs, run
ZkCli with the following VM properties: {{-DzkACLProvider=...
-DzkCredentialsProvider=...}}.
* The Credential Provider must be one that has current admin privileges on the
nodes. When omitted, the process will use no credentials (suitable for an
unsecure configuration).
* The ACL Provider will be used to compute the new ACLs. When omitted, the
process will set all permissions to all users, removing any security present.
You may use the {{VMParamsSingleSetCredentialsDigestZkCredentialsProvider}} and
{{VMParamsAllAndReadonlyDigestZkACLProvider}} implementations as described
earlier in the page for these properties.
After changing the ZK ACLs, make sure that the contents of your {{solr.xml}}
match, as described for initial set up.
{panel}
> Provide command to switch between non/secure mode in ZK
> ---
>
> Key: SOLR-8415
> URL: https://issues.apache.org/jira/browse/SOLR-8415
> Project: Solr
> Issue Type: Improvement
> Components: security, SolrCloud
>Reporter: Mike Drob
>Assignee: Gregory Chanan
> Fix For: 5.5, Trunk
>
> Attachments: SOLR-8415.branch_5x.patch, SOLR-8415.branch_5x.patch,
> SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch,
> SOLR-8415.patch, SOLR-8415.patch
>
>
> We have the ability to run both with and without zk acls, but we don't have a
> great way to switch between the two modes. Most common use case, I imagine,
> would be upgrading from an old version that did not support this to a new
> version that does, and wanting to protect all of the existing content in ZK,
> but it is conceivable that a user might want to remove ACLs as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[ https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15122349#comment-15122349 ] Cassandra Targett commented on SOLR-8415: - No problem, I'll fix it when I put it in the Ref Guide. > Provide command to switch between non/secure mode in ZK > --- > > Key: SOLR-8415 > URL: https://issues.apache.org/jira/browse/SOLR-8415 > Project: Solr > Issue Type: Improvement > Components: security, SolrCloud >Reporter: Mike Drob >Assignee: Gregory Chanan > Fix For: 5.5, Trunk > > Attachments: SOLR-8415.branch_5x.patch, SOLR-8415.branch_5x.patch, > SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, > SOLR-8415.patch, SOLR-8415.patch > > > We have the ability to run both with and without zk acls, but we don't have a > great way to switch between the two modes. Most common use case, I imagine, > would be upgrading from an old version that did not support this to a new > version that does, and wanting to protect all of the existing content in ZK, > but it is conceivable that a user might want to remove ACLs as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[ https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15122318#comment-15122318 ] Gregory Chanan commented on SOLR-8415: -- the command is updateacls, not updateAcls. > Provide command to switch between non/secure mode in ZK > --- > > Key: SOLR-8415 > URL: https://issues.apache.org/jira/browse/SOLR-8415 > Project: Solr > Issue Type: Improvement > Components: security, SolrCloud >Reporter: Mike Drob >Assignee: Gregory Chanan > Fix For: 5.5, Trunk > > Attachments: SOLR-8415.branch_5x.patch, SOLR-8415.branch_5x.patch, > SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, > SOLR-8415.patch, SOLR-8415.patch > > > We have the ability to run both with and without zk acls, but we don't have a > great way to switch between the two modes. Most common use case, I imagine, > would be upgrading from an old version that did not support this to a new > version that does, and wanting to protect all of the existing content in ZK, > but it is conceivable that a user might want to remove ACLs as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[ https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15122344#comment-15122344 ] Mike Drob commented on SOLR-8415: - So it is. > Provide command to switch between non/secure mode in ZK > --- > > Key: SOLR-8415 > URL: https://issues.apache.org/jira/browse/SOLR-8415 > Project: Solr > Issue Type: Improvement > Components: security, SolrCloud >Reporter: Mike Drob >Assignee: Gregory Chanan > Fix For: 5.5, Trunk > > Attachments: SOLR-8415.branch_5x.patch, SOLR-8415.branch_5x.patch, > SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, > SOLR-8415.patch, SOLR-8415.patch > > > We have the ability to run both with and without zk acls, but we don't have a > great way to switch between the two modes. Most common use case, I imagine, > would be upgrading from an old version that did not support this to a new > version that does, and wanting to protect all of the existing content in ZK, > but it is conceivable that a user might want to remove ACLs as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[ https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15120941#comment-15120941 ] ASF subversion and git services commented on SOLR-8415: --- Commit bc1cbb4812fe76f100788795189d1f2d9833aed1 in lucene-solr's branch refs/heads/branch_5x from [~gchanan] [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=bc1cbb4 ] SOLR-8415: Provide command to switch between non/secure mode in ZK > Provide command to switch between non/secure mode in ZK > --- > > Key: SOLR-8415 > URL: https://issues.apache.org/jira/browse/SOLR-8415 > Project: Solr > Issue Type: Improvement > Components: security, SolrCloud >Reporter: Mike Drob >Assignee: Gregory Chanan > Fix For: Trunk > > Attachments: SOLR-8415.branch_5x.patch, SOLR-8415.branch_5x.patch, > SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, > SOLR-8415.patch, SOLR-8415.patch > > > We have the ability to run both with and without zk acls, but we don't have a > great way to switch between the two modes. Most common use case, I imagine, > would be upgrading from an old version that did not support this to a new > version that does, and wanting to protect all of the existing content in ZK, > but it is conceivable that a user might want to remove ACLs as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[ https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15097363#comment-15097363 ] ASF subversion and git services commented on SOLR-8415: --- Commit 1724532 from gcha...@apache.org in branch 'dev/trunk' [ https://svn.apache.org/r1724532 ] SOLR-8415: Provide command to switch between non/secure mode in ZK > Provide command to switch between non/secure mode in ZK > --- > > Key: SOLR-8415 > URL: https://issues.apache.org/jira/browse/SOLR-8415 > Project: Solr > Issue Type: Improvement > Components: security, SolrCloud >Reporter: Mike Drob >Assignee: Gregory Chanan > Fix For: Trunk > > Attachments: SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, > SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch > > > We have the ability to run both with and without zk acls, but we don't have a > great way to switch between the two modes. Most common use case, I imagine, > would be upgrading from an old version that did not support this to a new > version that does, and wanting to protect all of the existing content in ZK, > but it is conceivable that a user might want to remove ACLs as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[ https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15097367#comment-15097367 ] Gregory Chanan commented on SOLR-8415: -- committed to trunk. [~mdrob] if you post a 5x patch, I'll commit. > Provide command to switch between non/secure mode in ZK > --- > > Key: SOLR-8415 > URL: https://issues.apache.org/jira/browse/SOLR-8415 > Project: Solr > Issue Type: Improvement > Components: security, SolrCloud >Reporter: Mike Drob >Assignee: Gregory Chanan > Fix For: Trunk > > Attachments: SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, > SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch > > > We have the ability to run both with and without zk acls, but we don't have a > great way to switch between the two modes. Most common use case, I imagine, > would be upgrading from an old version that did not support this to a new > version that does, and wanting to protect all of the existing content in ZK, > but it is conceivable that a user might want to remove ACLs as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[
https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15094505#comment-15094505
]
Gregory Chanan commented on SOLR-8415:
--
{quote}Going secure -> insecure, probably can do against a running
cluster.{quote}
Why probably? Don't you need to update solr.xml?
{quote}Going to a different secure configuration, yea, would need to update
solr.xml. I think that's sufficiently covered in the other sections of the
page, though.{quote}
Which page are you referring to?
https://cwiki.apache.org/confluence/display/solr/ZooKeeper+Access+Control?
Maybe I'm missing something, but that all seems to be about initial setup.
> Provide command to switch between non/secure mode in ZK
> ---
>
> Key: SOLR-8415
> URL: https://issues.apache.org/jira/browse/SOLR-8415
> Project: Solr
> Issue Type: Improvement
> Components: security, SolrCloud
>Reporter: Mike Drob
>Assignee: Gregory Chanan
> Fix For: Trunk
>
> Attachments: SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch
>
>
> We have the ability to run both with and without zk acls, but we don't have a
> great way to switch between the two modes. Most common use case, I imagine,
> would be upgrading from an old version that did not support this to a new
> version that does, and wanting to protect all of the existing content in ZK,
> but it is conceivable that a user might want to remove ACLs as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[
https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15094953#comment-15094953
]
Gregory Chanan commented on SOLR-8415:
--
bq. 2) The FunctionalInterface is the right way to do this, but it would be
nice to have in 5.x as well. I'm willing to create a separate patch that drops
it specifically for 5.x
Sure, let's do a separate patch if that's what you prefer.
{quote}3) Naming things is hard, I hadn't considered the possible confusion
there but now that you point it out I can't unsee it. Maybe setAcl and
updateAcls? updateAllAcl? Is it fine to still call the ZkCli command resetacl?
Maybe reinitacl? Original intent was to convey something with gravitas.{quote}
I think setAcl and updateAcls is good. I get the gravitas point, but anything
with "re" I think is going to cause more confusion because it implies some
initial state that may or may not be true. I'd just match the ZkCli command
name to the SolrZkClient function name, so in this case updateAcls. But if you
feel really strongly for something else, let's do that.
> Provide command to switch between non/secure mode in ZK
> ---
>
> Key: SOLR-8415
> URL: https://issues.apache.org/jira/browse/SOLR-8415
> Project: Solr
> Issue Type: Improvement
> Components: security, SolrCloud
>Reporter: Mike Drob
>Assignee: Gregory Chanan
> Fix For: Trunk
>
> Attachments: SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch,
> SOLR-8415.patch
>
>
> We have the ability to run both with and without zk acls, but we don't have a
> great way to switch between the two modes. Most common use case, I imagine,
> would be upgrading from an old version that did not support this to a new
> version that does, and wanting to protect all of the existing content in ZK,
> but it is conceivable that a user might want to remove ACLs as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[ https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15094892#comment-15094892 ] Mike Drob commented on SOLR-8415: - 1) Done. 2) The FunctionalInterface is the _right_ way to do this, but it would be nice to have in 5.x as well. I'm willing to create a separate patch that drops it specifically for 5.x 3) Naming things is hard, I hadn't considered the possible confusion there but now that you point it out I can't unsee it. Maybe setAcl and updateAcls? updateAllAcl? Is it fine to still call the ZkCli command resetacl? Maybe reinitacl? Original intent was to convey something with gravitas. > Provide command to switch between non/secure mode in ZK > --- > > Key: SOLR-8415 > URL: https://issues.apache.org/jira/browse/SOLR-8415 > Project: Solr > Issue Type: Improvement > Components: security, SolrCloud >Reporter: Mike Drob >Assignee: Gregory Chanan > Fix For: Trunk > > Attachments: SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, > SOLR-8415.patch > > > We have the ability to run both with and without zk acls, but we don't have a > great way to switch between the two modes. Most common use case, I imagine, > would be upgrading from an old version that did not support this to a new > version that does, and wanting to protect all of the existing content in ZK, > but it is conceivable that a user might want to remove ACLs as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[
https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15094863#comment-15094863
]
Gregory Chanan commented on SOLR-8415:
--
bq. Aside: There has to be a better way to share this than just pasting my
proposed changes in a comment each time.
Hmm, you could just go ahead and change the wiki I guess? Don't know of a
better way.
Patch looks good. Some comments:
1) Provide javadoc for {code}+ public Stat setACL(String path, List acls,
boolean retryOnConnLoss) throws InterruptedException, KeeperException {
{code}
2) Using the @FunctionalInterface stuff means I can't commit this to 5.x, are
you okay with that?
3) The set vs reset in SolrZkClient is kind of confusing. As it stands, set
means a single node, reset means recursive. That's not the common usage of the
words, e.g. we don't have clean vs reclean to mean a single node vs recursively
(there it's delete vs clean). I don't know which terminology to use; reset
seems to imply changing from ACLs that existed (either from secure-> other
secure or secure->unsecure), while set seems to imply changing from unsecure to
secure. This is really a problem with ZooKeeper lacking declarative APIs (what
you actually want is an API that says "after this runs, the ACLs are this" --
you don't really care how it actually happens). Given that, what makes the
most sense to me is to just call everything "set", since this matches the ZK
API that you are calling. Maybe instead of setAcl vs resetACLs you should have
setAcl vs setAcls or setAcl vs setAclsRecursively. Thoughts?
> Provide command to switch between non/secure mode in ZK
> ---
>
> Key: SOLR-8415
> URL: https://issues.apache.org/jira/browse/SOLR-8415
> Project: Solr
> Issue Type: Improvement
> Components: security, SolrCloud
>Reporter: Mike Drob
>Assignee: Gregory Chanan
> Fix For: Trunk
>
> Attachments: SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch,
> SOLR-8415.patch
>
>
> We have the ability to run both with and without zk acls, but we don't have a
> great way to switch between the two modes. Most common use case, I imagine,
> would be upgrading from an old version that did not support this to a new
> version that does, and wanting to protect all of the existing content in ZK,
> but it is conceivable that a user might want to remove ACLs as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[ https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15093095#comment-15093095 ] Gregory Chanan commented on SOLR-8415: -- One thing I'm a bit unclear on from the docs: what is the recommended strategy for changing the permissions? Stop the servers, change the solr.xml, run the ZkCLI command, start the servers? Would be good to specify that. What is the current plan with the patch? Do you think it's ready to go or are you still working on more testing? > Provide command to switch between non/secure mode in ZK > --- > > Key: SOLR-8415 > URL: https://issues.apache.org/jira/browse/SOLR-8415 > Project: Solr > Issue Type: Improvement > Components: security, SolrCloud >Reporter: Mike Drob >Assignee: Gregory Chanan > Fix For: Trunk > > Attachments: SOLR-8415.patch, SOLR-8415.patch > > > We have the ability to run both with and without zk acls, but we don't have a > great way to switch between the two modes. Most common use case, I imagine, > would be upgrading from an old version that did not support this to a new > version that does, and wanting to protect all of the existing content in ZK, > but it is conceivable that a user might want to remove ACLs as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[
https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15092335#comment-15092335
]
Mike Drob commented on SOLR-8415:
-
I do not expect it to be a popular use case, but I do expect it to be a
non-zero use case. I'm fine with getting a functional implementation for now,
though, and then refining it later. Here's new documentation that sidesteps the
issue:
{panel}
h3. Swapping ACL Schemes
Over the lifetime of operating your Solr cluster, you may decide to move from a
unsecured ZK to a secured instance. Changing the configured {{zkACLProvider}}
in {{solr.xml}} will ensure that newly created nodes are secure, but will not
protect the already existing data. To modify all existing ACLs, you can use
{{ZkCLI -cmd resetacl \[path]}}. If no path is specified, then the command will
operate on the whole tree.
To change the ACLs this way, use the following VM properties:
{{-DzkACLProvider=... -DzkCredentialsProvider=...}}.
* The Credential Provider must be one that has current admin privileges on the
nodes. When omitted, the process will use no credentials (suitable for an
unsecure configuration).
* The ACL Provider will be used to compute the new ACLs. When omitted, the
process will set all permissions to all users, removing any security present.
* You may use the {{VMParamsSingleSetCredentialsDigestZkCredentialsProvider}}
and {{VMParamsAllAndReadonlyDigestZkACLProvider}} as described earlier in the
page for these properties.
{panel}
I will upload a new patch shortly.
> Provide command to switch between non/secure mode in ZK
> ---
>
> Key: SOLR-8415
> URL: https://issues.apache.org/jira/browse/SOLR-8415
> Project: Solr
> Issue Type: Improvement
> Components: security, SolrCloud
>Reporter: Mike Drob
>Assignee: Gregory Chanan
> Fix For: Trunk
>
> Attachments: SOLR-8415.patch, SOLR-8415.patch
>
>
> We have the ability to run both with and without zk acls, but we don't have a
> great way to switch between the two modes. Most common use case, I imagine,
> would be upgrading from an old version that did not support this to a new
> version that does, and wanting to protect all of the existing content in ZK,
> but it is conceivable that a user might want to remove ACLs as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[
https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15069982#comment-15069982
]
Gregory Chanan commented on SOLR-8415:
--
{quote}It's pretty straightforward to do this with access to writing some java
classes, but at that point I'm not sure who our audience is.{quote}
The point was the proposed documentation was incorrect. Our audience is
someone who wants to switch from one secure acl regime to another. If you
don't think that's a popular enough use case to warrant documentation then I'd
suggest getting rid of that part including the incorrect information.
> Provide command to switch between non/secure mode in ZK
> ---
>
> Key: SOLR-8415
> URL: https://issues.apache.org/jira/browse/SOLR-8415
> Project: Solr
> Issue Type: Improvement
> Components: security, SolrCloud
>Reporter: Mike Drob
>Assignee: Gregory Chanan
> Fix For: Trunk
>
> Attachments: SOLR-8415.patch, SOLR-8415.patch
>
>
> We have the ability to run both with and without zk acls, but we don't have a
> great way to switch between the two modes. Most common use case, I imagine,
> would be upgrading from an old version that did not support this to a new
> version that does, and wanting to protect all of the existing content in ZK,
> but it is conceivable that a user might want to remove ACLs as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[
https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15069844#comment-15069844
]
Mike Drob commented on SOLR-8415:
-
bq. Let's say you wanted to switch from secure setup old: (old acls, old
credentials) to secure setup new (new acls, new credentials). You can call
resetacls with (old acls + new acls, old credentials). Then call reset acls
with (new acls, new credentials). That requires an intermediate step, but it
isn't unsecure
I continued working on this and the main "problem" is that
{{VMParamsAllAndReadonlyDigestZkACLProvider}} and
{{VMParamsSingleSetCredentialsDigestZkCredentialsProvider}} use the same VM
properties for the ACLs and Credentials. Normally, this is nice and makes
things simpler, but when migrating and you want them to be different then that
doesn't help us much. Since those are the only two out of the box Providers,
the unsecure route is the only option when using the command line only.
It's pretty straightforward to do this with access to writing some java
classes, but at that point I'm not sure who our audience is.
> Provide command to switch between non/secure mode in ZK
> ---
>
> Key: SOLR-8415
> URL: https://issues.apache.org/jira/browse/SOLR-8415
> Project: Solr
> Issue Type: Improvement
> Components: security, SolrCloud
>Reporter: Mike Drob
>Assignee: Gregory Chanan
> Fix For: Trunk
>
> Attachments: SOLR-8415.patch, SOLR-8415.patch
>
>
> We have the ability to run both with and without zk acls, but we don't have a
> great way to switch between the two modes. Most common use case, I imagine,
> would be upgrading from an old version that did not support this to a new
> version that does, and wanting to protect all of the existing content in ZK,
> but it is conceivable that a user might want to remove ACLs as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[ https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15068742#comment-15068742 ] Mike Drob commented on SOLR-8415: - bq. should take a path, like CLEAN Optional path or required path? Could still default to / if no path given, or could make the path required for consistency. Or could accept multiple paths. I think operating on / will be the most common use case, so it would make sense to default to it, but I'll defer to you on this. bq. catch NoNodeException, like CLEAN Good catch. bq. Will this work if the version of the znode is set? Yea, the -1 means don't care about the version. bq. Why don't you support retryOnConnLoss? Not sure what this means. bq. Would be good to test that the acls get applied recursively The existing test does this. Set acls on /, test on /collections/collection1 bq. maybe change your test to do this (or do both this and the secure/non-secure version, should be simple to do both probably). I've been tinkering with a test for this, I'm having some trouble getting the providers and credentials lines up in a way that tests something meaningful. I think I can get it though. > Provide command to switch between non/secure mode in ZK > --- > > Key: SOLR-8415 > URL: https://issues.apache.org/jira/browse/SOLR-8415 > Project: Solr > Issue Type: Improvement > Components: security, SolrCloud >Reporter: Mike Drob >Assignee: Gregory Chanan > Fix For: Trunk > > Attachments: SOLR-8415.patch, SOLR-8415.patch > > > We have the ability to run both with and without zk acls, but we don't have a > great way to switch between the two modes. Most common use case, I imagine, > would be upgrading from an old version that did not support this to a new > version that does, and wanting to protect all of the existing content in ZK, > but it is conceivable that a user might want to remove ACLs as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[ https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15068609#comment-15068609 ] Gregory Chanan commented on SOLR-8415: -- bq. Is this true? Let's say you wanted to switch from secure setup old: (old acls, old credentials) to secure setup new (new acls, new credentials). You can call resetacls with (old acls + new acls, old credentials). Then call reset acls with (new acls, new credentials). That requires an intermediate step, but it isn't unsecure. maybe change your test to do this (or do both this and the secure/non-secure version, should be simple to do both probably). > Provide command to switch between non/secure mode in ZK > --- > > Key: SOLR-8415 > URL: https://issues.apache.org/jira/browse/SOLR-8415 > Project: Solr > Issue Type: Improvement > Components: security, SolrCloud >Reporter: Mike Drob >Assignee: Gregory Chanan > Fix For: Trunk > > Attachments: SOLR-8415.patch, SOLR-8415.patch > > > We have the ability to run both with and without zk acls, but we don't have a > great way to switch between the two modes. Most common use case, I imagine, > would be upgrading from an old version that did not support this to a new > version that does, and wanting to protect all of the existing content in ZK, > but it is conceivable that a user might want to remove ACLs as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[
https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15068778#comment-15068778
]
Gregory Chanan commented on SOLR-8415:
--
{quote}Optional path or required path? Could still default to / if no path
given, or could make the path required for consistency. Or could accept
multiple paths.
I think operating on / will be the most common use case, so it would make sense
to default to it, but I'll defer to you on this.{quote}
Whatever you think is best.
{quote}Why don't you support retryOnConnLoss?
Not sure what this means.{quote}
See a bunch of the other commands in SolrZkClient, like makePath. They support
a retryOnConnLoss parameter, which would be useful here.
{quote}The existing test does this. Set acls on /, test on
/collections/collection1{quote}
My mistake. I'd check "/" as well, that sort of thing is easy to screw up.
> Provide command to switch between non/secure mode in ZK
> ---
>
> Key: SOLR-8415
> URL: https://issues.apache.org/jira/browse/SOLR-8415
> Project: Solr
> Issue Type: Improvement
> Components: security, SolrCloud
>Reporter: Mike Drob
>Assignee: Gregory Chanan
> Fix For: Trunk
>
> Attachments: SOLR-8415.patch, SOLR-8415.patch
>
>
> We have the ability to run both with and without zk acls, but we don't have a
> great way to switch between the two modes. Most common use case, I imagine,
> would be upgrading from an old version that did not support this to a new
> version that does, and wanting to protect all of the existing content in ZK,
> but it is conceivable that a user might want to remove ACLs as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[
https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15067043#comment-15067043
]
Gregory Chanan commented on SOLR-8415:
--
Some comments on the proposed documentation:
{code}but will not protect the already existing data{code}
"data" is ambiguous. ZooKeeper metadata? ZNodes?
{code}it ma be necessary{code}
may be necessary
{code}use an unsecure intermediate step.{code}
Is this true? Let's say you wanted to switch from secure setup old: (old acls,
old credentials) to secure setup new (new acls, new credentials). You can
call resetacls with (old acls + new acls, old credentials). Then call reset
acls with (new acls, new credentials). That requires an intermediate step, but
it isn't unsecure.
> Provide command to switch between non/secure mode in ZK
> ---
>
> Key: SOLR-8415
> URL: https://issues.apache.org/jira/browse/SOLR-8415
> Project: Solr
> Issue Type: Improvement
> Components: security, SolrCloud
>Reporter: Mike Drob
> Fix For: Trunk
>
> Attachments: SOLR-8415.patch, SOLR-8415.patch
>
>
> We have the ability to run both with and without zk acls, but we don't have a
> great way to switch between the two modes. Most common use case, I imagine,
> would be upgrading from an old version that did not support this to a new
> version that does, and wanting to protect all of the existing content in ZK,
> but it is conceivable that a user might want to remove ACLs as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[
https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15067054#comment-15067054
]
Gregory Chanan commented on SOLR-8415:
--
{code}+} else if (line.getOptionValue(CMD).equals(RESETACL)) {
+ zkClient.resetACLs("/");
{code}
should take a path, like CLEAN
{code}
+List children = getChildren(znode, null, true);
{code}
catch NoNodeException, like CLEAN
{code}
+ getSolrZooKeeper().setACL(znode, getZkACLProvider().getACLsToAdd(znode),
-1);
{code}
Will this work if the version of the znode is set?
Why don't you support retryOnConnLoss?
Would be good to test that the acls get applied recursively
> Provide command to switch between non/secure mode in ZK
> ---
>
> Key: SOLR-8415
> URL: https://issues.apache.org/jira/browse/SOLR-8415
> Project: Solr
> Issue Type: Improvement
> Components: security, SolrCloud
>Reporter: Mike Drob
>Assignee: Gregory Chanan
> Fix For: Trunk
>
> Attachments: SOLR-8415.patch, SOLR-8415.patch
>
>
> We have the ability to run both with and without zk acls, but we don't have a
> great way to switch between the two modes. Most common use case, I imagine,
> would be upgrading from an old version that did not support this to a new
> version that does, and wanting to protect all of the existing content in ZK,
> but it is conceivable that a user might want to remove ACLs as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[
https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15062257#comment-15062257
]
Mike Drob commented on SOLR-8415:
-
Thanks Mark! That page looks reasonable.
Proposed text, to go after "Example Usages":
{panel}
h3. Swapping ACL Schemes
Over the lifetime of operating your Solr cluster, you may decide to move from a
unsecured ZK to a secured instance. Changing the configured {{zkACLProvider}}
in {{solr.xml}} will ensure that newly created nodes are secure, but will not
protect the already existing data. To modify all existing ACLs, you can use
{{ZkCLI -cmd resetacl}}.
To change the ACLs this way, you must specify the following VM properties:
{{-DzkACLProvider=... -DzkCredentialsProvider=...}}.
* The Credential Provider must be one that has admin privileges on the nodes.
If starting with an unsecure configuration, this may be omitted.
* The ACL Provider will be used to compute the new ACLs. When creating an
unsecure configuration, this may be omitted.
* To swap from one secure setup to a new secure setup, such as when changing
the password, it ma be necessary to use an unsecure intermediate step.
{panel}
> Provide command to switch between non/secure mode in ZK
> ---
>
> Key: SOLR-8415
> URL: https://issues.apache.org/jira/browse/SOLR-8415
> Project: Solr
> Issue Type: Improvement
> Components: security, SolrCloud
>Reporter: Mike Drob
> Fix For: Trunk
>
> Attachments: SOLR-8415.patch, SOLR-8415.patch
>
>
> We have the ability to run both with and without zk acls, but we don't have a
> great way to switch between the two modes. Most common use case, I imagine,
> would be upgrading from an old version that did not support this to a new
> version that does, and wanting to protect all of the existing content in ZK,
> but it is conceivable that a user might want to remove ACLs as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[ https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15062382#comment-15062382 ] Mike Drob commented on SOLR-8415: - Also, we would add resetacl to https://cwiki.apache.org/confluence/display/solr/Command+Line+Utilities > Provide command to switch between non/secure mode in ZK > --- > > Key: SOLR-8415 > URL: https://issues.apache.org/jira/browse/SOLR-8415 > Project: Solr > Issue Type: Improvement > Components: security, SolrCloud >Reporter: Mike Drob > Fix For: Trunk > > Attachments: SOLR-8415.patch, SOLR-8415.patch > > > We have the ability to run both with and without zk acls, but we don't have a > great way to switch between the two modes. Most common use case, I imagine, > would be upgrading from an old version that did not support this to a new > version that does, and wanting to protect all of the existing content in ZK, > but it is conceivable that a user might want to remove ACLs as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
[ https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15058733#comment-15058733 ] Mark Miller commented on SOLR-8415: --- bq. Docs should go on the wiki somewhere. I'd start looking around https://cwiki.apache.org/confluence/display/solr/ZooKeeper+Access+Control > Provide command to switch between non/secure mode in ZK > --- > > Key: SOLR-8415 > URL: https://issues.apache.org/jira/browse/SOLR-8415 > Project: Solr > Issue Type: Improvement > Components: security, SolrCloud >Reporter: Mike Drob > Fix For: Trunk > > Attachments: SOLR-8415.patch, SOLR-8415.patch > > > We have the ability to run both with and without zk acls, but we don't have a > great way to switch between the two modes. Most common use case, I imagine, > would be upgrading from an old version that did not support this to a new > version that does, and wanting to protect all of the existing content in ZK, > but it is conceivable that a user might want to remove ACLs as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
