I've raised SOLR-13566
On Thu, 20 Jun 2019 at 09:14, Jan Høydahl <jan....@cominvent.com> wrote:
> I think this may be a case where the (background) job should use PKI auth.
> Can you file a JIRA issue?
>
> --
> Jan Høydahl, search solution architect
> Cominvent AS - www.cominvent.com
>
> > 19. jun. 2019 kl. 20:50 skrev Colvin Cowie <colvin.cowie....@gmail.com>:
> >
> > Hello
> >
> > I'm on the Solr 8.1 branch off commit
> > f26388d034fe5eadca7416aa63b509b8db2c7688 so I have the authentication
> fixes
> > from SOLR-13510 (intermittent 401s for internode requests)
> >
> > When trying to use the new REINDEXCOLLECTION command with basic auth
> > enabled, the daemon stream fails with repeated 401s when trying to access
> > the target collection.
> >
> > This might be the same problem as SOLR-13472, except it applies even
> with a
> > single node, and this doesn't require role based configuration.
> >
> > Repro: I added a reindex request in BasicAuthIntegrationTest and it is
> > reproducible in there... I don't know what effect it should have on the
> > auth metrics, if it were working correctly, so I don't know how to update
> > the test properly. But you can add the request towards the end of
> > org.apache.solr.security.BasicAuthIntegrationTest.testBasicAuth()
> >
> >
> >
> > * CollectionAdminRequest.ReindexCollection reindexReq =
> > CollectionAdminRequest.reindexCollection(COLLECTION);
> > reindexReq.setBasicAuthCredentials("harry", "HarryIsUberCool");
> > cluster.getSolrClient().request(reindexReq, COLLECTION);*
> >
> > Manual Repro:
> > run bin/solr -e cloud
> > Choose 1 node / 1 shard / 1 replica
> > In browser GET
> >
> http://localhost:8983/solr/admin/collections?action=REINDEXCOLLECTION&name=gettingstarted
> > will succeed
> > Enable security: server\scripts\cloud-scripts\zkcli -zkhost
> localhost:9983
> > -cmd putfile /security.json <path to file with this>
> >
> > {
> > "authentication": {
> > "blockUnknown": true,
> > "class": "solr.BasicAuthPlugin",
> > "credentials": {
> > "solradmin": "fskh17INKrOTSRCJ8HkamA0L6Uiq1dSMgn4OVy8htME=
> > /Q4VgOkwVlP6AMVY+ML+IuodbfV81WEfZ3lFb390bws="
> > }
> > }
> > }
> >
> > In browser authenticate (as solradmin : solradmin) and GET
> >
> http://localhost:8983/solr/admin/collections?action=REINDEXCOLLECTION&name=gettingstarted
> > will time out after 180 seconds
> >
> > The solr log will show repeated 401s
> >
> > Setting "forwardCredentials" : true in the security.json does not appear
> to
> > change the outcome.
> >
> >
> > responses.txt
> > <
> https://drive.google.com/file/d/1h_vQCrf5KyZAK6TIG6fPzMNxBL1Rx1bT/view?usp=drive_web
> >
> >
> > solr.log
> > <
> https://drive.google.com/file/d/10oYL3AtECxmei7cVOKAM5JPKEt8lFh67/view?usp=drive_web
> >
> >
> > security.json
> > <
> https://drive.google.com/file/d/1xVbXcDEq2btbTycBdXLe3Evz5zIYxm9o/view?usp=drive_web
> >
>
>
