Re: solr 8.4.1 with ssl tls1.2 creating an issue with non-leader node

yaswanth kumar Tue, 02 Jun 2020 15:38:46 -0700

Thanks Franke, but yes for all these questions I did configured it
properly, I made sure to include


<Set name="KeyStoreType"><Property name="solr.jetty.keystore.type"
default="JKS"/></Set>
  <Set name="TrustStoreType"><Property name="solr.jetty.truststore.type"
default="JKS"/></Set>
in the jetty-ssl.xml along with the path keystore and truststore.

Also I have made sure that trusstore exists on all nodes and also I am
using the same file for both keystore and truststore as below
 <Set name="KeyStorePath"><Property name="solr.jetty.keystore"
default="./etc/solr-keystore.jks"/></Set>
  <Set name="KeyStorePassword"><Property
name="solr.jetty.keystore.password" default="xxxx"/></Set>
  <Set name="TrustStorePath"><Property name="solr.jetty.truststore"
default="./etc/solr-keystore.jks"/></Set>
  <Set name="TrustStorePassword"><Property
name="solr.jetty.truststore.password" default="xxxx"/></Set>

also urlScheme for ZK is set to https


Also the main error that I posted is the one that I am seeing as a return
response where as the below one is what I see from solr logs

2020-06-02 22:32:04.472 ERROR (qtp984876512-93) [c:default s:shard1
r:core_node3 x:default_shard1_replica_n1] o.a.s.s.HttpSolrCall
null:org.apache.solr.update.processor.Distr$
        at
org.apache.solr.update.processor.DistributedZkUpdateProcessor.doDistribFinish(DistributedZkUpdateProcessor.java:1189)
        at
org.apache.solr.update.processor.DistributedUpdateProcessor.finish(DistributedUpdateProcessor.java:1096)
        at
org.apache.solr.update.processor.LogUpdateProcessorFactory$LogUpdateProcessor.finish(LogUpdateProcessorFactory.java:182)
        at
org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80)
        at
org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80)
        at
org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80)
        at
org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80)
        at
org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80)
        at
org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80)
        at
org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80)
        at
org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80)
        at
org.apache.solr.handler.ContentStreamHandlerBase.handleRequestBody(ContentStreamHandlerBase.java:78)
        at
org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:211)
        at org.apache.solr.core.SolrCore.execute(SolrCore.java:2596)
        at
org.apache.solr.servlet.HttpSolrCall.execute(HttpSolrCall.java:799)
        at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:578)
        at
org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:419)
        at
org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:351)
        at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1602)
        at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540)
        at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
        at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
        at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
        at
org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)


One strange observation is that when I hit update api on the leader node
its working without any error, and now immediately if I hit non-leader its
working fine (only once or twice), but if I keep on trying to hit this node
again and again its then throwing the above error and once the error
started happening , its consistent again.

Please let me know if you need more information or if I am missing
something else

Thanks,

On Tue, Jun 2, 2020 at 4:59 PM Jörn Franke <jornfra...@gmail.com> wrote:

> Have you looked in the logfiles?
>
> Keystore Type correctly defined  on all nodes?
>
> Have you configured the truststore on all nodes correctly?
>
> Have you set clusterprop urlScheme to htttps in ZK?
>
>
> https://lucene.apache.org/solr/guide/7_5/enabling-ssl.html#configure-zookeeper
>
>
>
> > Am 02.06.2020 um 18:57 schrieb yaswanth kumar <yaswanth...@gmail.com>:
> >
> > team, can someone help me on the above topic?
> >
> >> On Mon, Jun 1, 2020 at 10:00 PM yaswanth kumar <yaswanth...@gmail.com>
> >> wrote:
> >>
> >> Trying to setup solr 8.4.1 + open jdk 11 on centos , enabled the ssl
> >> configurations with all the certs in place, but the issue what I am
> seeing
> >> is when trying to hit /update api on non-leader solr node , its
> throwing an
> >> error
> >>
> >> configured 2 solr nodes with 1 zookeeper.
> >>
> >> metadata":[
> >>
> >>
> "error-class","org.apache.solr.update.processor.DistributedUpdateProcessor$DistributedUpdatesAsyncException",
> >>
> >>
> "root-error-class","org.apache.solr.update.processor.DistributedUpdateProcessor$DistributedUpdatesAsyncException"],
> >> "msg":"Async exception during distributed update:
> >> javax.crypto.BadPaddingException: RSA private key operation failed",
> >>
> "trace":"org.apache.solr.update.processor.DistributedUpdateProcessor$DistributedUpdatesAsyncException:
> >> Async exception during distributed update:
> >> javax.crypto.BadPaddingException: RSA private key operation failed\n\tat
> >>
> org.apache.solr.update.processor.DistributedZkUpdateProcessor.doDistribFinish(DistributedZkUpdateProcessor.java:1189)\n\tat
> >>
> org.apache.solr.update.processor.DistributedUpdateProcessor.finish(DistributedUpdateProcessor.java:1096)\n\tat
> >>
> org.apache.solr.update.processor.LogUpdateProcessorFactory$LogUpdateProcessor.finish(LogUpdateProcessorFactory.java:182)\n\tat
> >>
> org.apache.solr.update.processor.UpdateRequestProcessor.finish(UpdateRequestProcessor.java:80)\n\tat
> >> org.apache.solr.update.processor.UpdateRequestProcessor.finish........
> >>
> >> Strangely this is happening when we try to hit a non-leader node,
> hitting
> >> leader node its working fine without any issue and getting the data
> indexed.
> >>
> >> Not able to track down where the exact issue is happening.
> >>
> >> Thanks,
> >>
> >> --
> >> Thanks & Regards,
> >> Yaswanth Kumar Konathala.
> >> yaswanth...@gmail.com
> >>
> >
> >
> > --
> > Thanks & Regards,
> > Yaswanth Kumar Konathala.
> > yaswanth...@gmail.com
>


-- 
Thanks & Regards,
Yaswanth Kumar Konathala.
yaswanth...@gmail.com

Re: solr 8.4.1 with ssl tls1.2 creating an issue with non-leader node

Reply via email to