I'm running Oracle JDK 1.8.0_162 and NiFi should be using SolrJ 6.2.0 [1]. Not sure if it is worth trying to upgrade, but the 1.7.0 release re-factored how the kerberos auth is handled for the Solr processors so that it no longer relies on the JAAS configuration [2]. It's possible that could resolve your issue, but hard to say.
[1] https://github.com/apache/nifi/blob/rel/nifi-1.6.0/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/pom.xml#L26 [2] https://issues.apache.org/jira/browse/NIFI-5148 On Mon, Oct 15, 2018 at 1:00 PM Dan Caulfield <dan.caulfi...@gm.com> wrote: > > Yes, curl works fine. Just out of curiosity, what version of java are you > running? Does anyone know which version of SolrJ is using the the 1.6 > putsolrcontentstream? > > -----Original Message----- > From: Bryan Bende [mailto:bbe...@gmail.com] > Sent: Friday, October 12, 2018 2:08 PM > To: users@nifi.apache.org > Subject: [EXTERNAL] Re: putsolrcontentstream and kerberos > > I've only done it against Solr cloud, but I don't know a reason why it > wouldn't work against standalone Solr. > > Nothing is jumping out at me as being wrong with your config. My JAAS config > was the following: > > SolrJClient { > com.sun.security.auth.module.Krb5LoginModule required > useKeyTab=true > keyTab="/Users/bbende/Projects/docker-kdc/krb5.keytab" > storeKey=true > useTicketCache=false > debug=true > principal="n...@solr.org"; > }; > > Can you successfully access Solr from a curl command? > > curl --negotiate -u : > "http://vmsol001.epg.nam.gm.com:8983/solr/collection1/select"; > > Assuming you did a kinit first. > > On Fri, Oct 12, 2018 at 2:48 PM Dan Caulfield <dan.caulfi...@gm.com> wrote: > > > > When attempting to use the putsolrcontentstream (Version 1.6.0) to load > > json file into a Solr 6.3 cluster that requires Kerberos authentication. > > > > > > > > I have set the -D > > java.security.auth.login.config=/disk-1/nifi/jaas/jaas.conf > > > > > > > > And the jass file looks like this - > > > > MicroServicesSolrClient { > > > > com.sun.security.auth.module.Krb5LoginModule required > > > > useKeyTab=true > > > > storeKey=true > > > > keyTab="/disk-1/nifi/keytabs/MSSolrClient" > > > > serviceName="solr" > > > > principal="mssolru...@xxxxx.gm.com"; > > > > }; > > > > GMASTSolrClient { > > > > com.sun.security.auth.module.Krb5LoginModule required > > > > useKeyTab=true > > > > storeKey=true > > > > useTicketCache=true > > > > debug=true > > > > keyTab="/disk-1/nifi/keytabs/GMSolrClient" > > > > serviceName="solr" > > > > principal="gmsolru...@xxxxx.gm.com"; > > > > }; > > > > > > > > The Processor is set to – > > > > Solr Type – Standard > > > > Solr Location - http://vmsol001.epg.nam.gm.com:8983/solr/collection1/ > > > > Content Stream Path - /update/json/docs > > > > Content-Type – application/json > > > > JAAS Client App Name – GMASTSolrClient > > > > > > > > Does the 1.6 version of the PutSolrContentStream support Kerberos? We > > are getting the 401 authentication error - > > > > > > > > > > > > 198730787914459,size=119100] to Solr due to > > org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: > > Error from server at http://vmsol001.epg.nam.gm.com:8983/solr: > > Expected mime type application/octet-stream but got text/html. <html> > > > > <head> > > > > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> > > > > <title>Error 401 Authentication required</title> > > > > </head> > > > > <body><h2>HTTP ERROR 401</h2> > > > > <p>Problem accessing /solr/select. Reason: > > > > <pre> Authentication required</pre></p> > > > > </body> > > > > </html> > > > > ; routing to failure: > > org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: > > Error from server at http://vmsol001.epg.nam.gm.com:8983/solr: > > Expected mime type application/octet-stream but got text/html. <html> > > > > <head> > > > > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> > > > > <title>Error 401 Authentication required</title> > > > > </head> > > > > <body><h2>HTTP ERROR 401</h2> > > > > <p>Problem accessing /solr/select. Reason: > > > > <pre> Authentication required</pre></p> > > > > </body> > > > > </html> > > > > > > > > org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: > > Error from server at http://vmsol001.epg.nam.gm.com:8983/solr: > > Expected mime type application/octet-stream but got text/html. <html> > > > > <head> > > > > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> > > > > <title>Error 401 Authentication required</title> > > > > </head> > > > > <body><h2>HTTP ERROR 401</h2> > > > > org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: > > Error from server at http://vmsol001.epg.nam.gm.com:8983/solr: > > Expected mime type application/octet-stream but got text/html. <html> > > > > <head> > > > > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> > > > > <title>Error 401 Authentication required</title> > > > > </head> > > > > <body><h2>HTTP ERROR 401</h2> > > > > <p>Problem accessing /solr/select. Reason: > > > > <pre> Authentication required</pre></p> > > > > </body> > > > > </html> > > > > > > > > at > > org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSol > > rClient.java:560) > > > > at > > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClien > > t.java:261) > > > > at > > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClien > > t.java:250) > > > > at > > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:149) > > > > at > > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:166) > > > > at > > org.apache.nifi.processors.solr.PutSolrContentStream$1.process(PutSolr > > ContentStream.java:242) > > > > at > > org.apache.nifi.controller.repository.StandardProcessSession.read(Stan > > dardProcessSession.java:2207) > > > > at > > org.apache.nifi.controller.repository.StandardProcessSession.read(Stan > > dardProcessSession.java:2175) > > > > at > > org.apache.nifi.processors.solr.PutSolrContentStream.onTrigger(PutSolr > > ContentStream.java:199) > > > > at > > org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcesso > > r.java:27) > > > > at > > org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardPro > > cessorNode.java:1147) > > > > at > > org.apache.nifi.controller.tasks.ConnectableTask.invoke(ConnectableTas > > k.java:175) > > > > at > > org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run > > (TimerDrivenSchedulingAgent.java:117) > > > > at > > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511 > > ) > > > > at > > java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) > > > > at > > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.a > > ccess$301(ScheduledThreadPoolExecutor.java:180) > > > > at > > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.r > > un(ScheduledThreadPoolExecutor.java:294) > > > > at > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j > > ava:1149) > > > > at > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor. > > java:624) > > > > at java.lang.Thread.run(Thread.java:748) > > > > > > Dan Caulfield > > Hyper Scale Engineer > > > > GM – NA Information Technology – Hyper Scale Data Solutions > > > > dan.caulfi...@gm.com > > > > > > > > > > > > Nothing in this message is intended to constitute an electronic signature > > unless a specific statement to the contrary is included in this message. > > > > Confidentiality Note: This message is intended only for the person or > > entity to which it is addressed. It may contain confidential and/or > > privileged material. Any review, transmission, dissemination or other use, > > or taking of any action in reliance upon this message by persons or > > entities other than the intended recipient is prohibited and may be > > unlawful. If you received this message in error, please contact the sender > > and delete it from your computer. > > > Nothing in this message is intended to constitute an electronic signature > unless a specific statement to the contrary is included in this message. > > Confidentiality Note: This message is intended only for the person or entity > to which it is addressed. It may contain confidential and/or privileged > material. Any review, transmission, dissemination or other use, or taking of > any action in reliance upon this message by persons or entities other than > the intended recipient is prohibited and may be unlawful. If you received > this message in error, please contact the sender and delete it from your > computer.
