I've raised SOLR-13566 On Thu, 20 Jun 2019 at 09:14, Jan Høydahl <jan....@cominvent.com> wrote:
> I think this may be a case where the (background) job should use PKI auth. > Can you file a JIRA issue? > > -- > Jan Høydahl, search solution architect > Cominvent AS - www.cominvent.com > > > 19. jun. 2019 kl. 20:50 skrev Colvin Cowie <colvin.cowie....@gmail.com>: > > > > Hello > > > > I'm on the Solr 8.1 branch off commit > > f26388d034fe5eadca7416aa63b509b8db2c7688 so I have the authentication > fixes > > from SOLR-13510 (intermittent 401s for internode requests) > > > > When trying to use the new REINDEXCOLLECTION command with basic auth > > enabled, the daemon stream fails with repeated 401s when trying to access > > the target collection. > > > > This might be the same problem as SOLR-13472, except it applies even > with a > > single node, and this doesn't require role based configuration. > > > > Repro: I added a reindex request in BasicAuthIntegrationTest and it is > > reproducible in there... I don't know what effect it should have on the > > auth metrics, if it were working correctly, so I don't know how to update > > the test properly. But you can add the request towards the end of > > org.apache.solr.security.BasicAuthIntegrationTest.testBasicAuth() > > > > > > > > * CollectionAdminRequest.ReindexCollection reindexReq = > > CollectionAdminRequest.reindexCollection(COLLECTION); > > reindexReq.setBasicAuthCredentials("harry", "HarryIsUberCool"); > > cluster.getSolrClient().request(reindexReq, COLLECTION);* > > > > Manual Repro: > > run bin/solr -e cloud > > Choose 1 node / 1 shard / 1 replica > > In browser GET > > > http://localhost:8983/solr/admin/collections?action=REINDEXCOLLECTION&name=gettingstarted > > will succeed > > Enable security: server\scripts\cloud-scripts\zkcli -zkhost > localhost:9983 > > -cmd putfile /security.json <path to file with this> > > > > { > > "authentication": { > > "blockUnknown": true, > > "class": "solr.BasicAuthPlugin", > > "credentials": { > > "solradmin": "fskh17INKrOTSRCJ8HkamA0L6Uiq1dSMgn4OVy8htME= > > /Q4VgOkwVlP6AMVY+ML+IuodbfV81WEfZ3lFb390bws=" > > } > > } > > } > > > > In browser authenticate (as solradmin : solradmin) and GET > > > http://localhost:8983/solr/admin/collections?action=REINDEXCOLLECTION&name=gettingstarted > > will time out after 180 seconds > > > > The solr log will show repeated 401s > > > > Setting "forwardCredentials" : true in the security.json does not appear > to > > change the outcome. > > > > > > responses.txt > > < > https://drive.google.com/file/d/1h_vQCrf5KyZAK6TIG6fPzMNxBL1Rx1bT/view?usp=drive_web > > > > > > solr.log > > < > https://drive.google.com/file/d/10oYL3AtECxmei7cVOKAM5JPKEt8lFh67/view?usp=drive_web > > > > > > security.json > > < > https://drive.google.com/file/d/1xVbXcDEq2btbTycBdXLe3Evz5zIYxm9o/view?usp=drive_web > > > >