Thanks for sharing that info, glad to hear it is working with NiFi 1.7.
On Mon, Oct 15, 2018 at 1:31 PM Dan Caulfield <dan.caulfi...@gm.com> wrote:
>
> In our environment we have had issues with Kerberos authentication failing
> with SolrJ 6.3 and Java 1.8. The only solution was to back Java down to 1.7
> or upgrade SolrJ to 6.6.
>
> I just tried the flow on the Lab systems running Nifi 1.7 and Kerberos
> authentication worked. Looks like we are going to be doing an upgrade.
>
>
> -----Original Message-----
> From: Bryan Bende [mailto:bbe...@gmail.com]
> Sent: Monday, October 15, 2018 12:21 PM
> To: users@nifi.apache.org
> Subject: [EXTERNAL] Re: Re: putsolrcontentstream and kerberos
>
> I'm running Oracle JDK 1.8.0_162 and NiFi should be using SolrJ 6.2.0 [1].
>
> Not sure if it is worth trying to upgrade, but the 1.7.0 release re-factored
> how the kerberos auth is handled for the Solr processors so that it no longer
> relies on the JAAS configuration [2]. It's possible that could resolve your
> issue, but hard to say.
>
> [1]
> https://github.com/apache/nifi/blob/rel/nifi-1.6.0/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/pom.xml#L26
> [2] https://issues.apache.org/jira/browse/NIFI-5148
>
> On Mon, Oct 15, 2018 at 1:00 PM Dan Caulfield <dan.caulfi...@gm.com> wrote:
> >
> > Yes, curl works fine. Just out of curiosity, what version of java are you
> > running? Does anyone know which version of SolrJ is using the the 1.6
> > putsolrcontentstream?
> >
> > -----Original Message-----
> > From: Bryan Bende [mailto:bbe...@gmail.com]
> > Sent: Friday, October 12, 2018 2:08 PM
> > To: users@nifi.apache.org
> > Subject: [EXTERNAL] Re: putsolrcontentstream and kerberos
> >
> > I've only done it against Solr cloud, but I don't know a reason why it
> > wouldn't work against standalone Solr.
> >
> > Nothing is jumping out at me as being wrong with your config. My JAAS
> > config was the following:
> >
> > SolrJClient {
> > com.sun.security.auth.module.Krb5LoginModule required
> > useKeyTab=true
> > keyTab="/Users/bbende/Projects/docker-kdc/krb5.keytab"
> > storeKey=true
> > useTicketCache=false
> > debug=true
> > principal="n...@solr.org";
> > };
> >
> > Can you successfully access Solr from a curl command?
> >
> > curl --negotiate -u :
> > "http://vmsol001.epg.nam.gm.com:8983/solr/collection1/select";
> >
> > Assuming you did a kinit first.
> >
> > On Fri, Oct 12, 2018 at 2:48 PM Dan Caulfield <dan.caulfi...@gm.com> wrote:
> > >
> > > When attempting to use the putsolrcontentstream (Version 1.6.0) to load
> > > json file into a Solr 6.3 cluster that requires Kerberos authentication.
> > >
> > >
> > >
> > > I have set the -D
> > > java.security.auth.login.config=/disk-1/nifi/jaas/jaas.conf
> > >
> > >
> > >
> > > And the jass file looks like this -
> > >
> > > MicroServicesSolrClient {
> > >
> > > com.sun.security.auth.module.Krb5LoginModule required
> > >
> > > useKeyTab=true
> > >
> > > storeKey=true
> > >
> > > keyTab="/disk-1/nifi/keytabs/MSSolrClient"
> > >
> > > serviceName="solr"
> > >
> > > principal="mssolru...@xxxxx.gm.com";
> > >
> > > };
> > >
> > > GMASTSolrClient {
> > >
> > > com.sun.security.auth.module.Krb5LoginModule required
> > >
> > > useKeyTab=true
> > >
> > > storeKey=true
> > >
> > > useTicketCache=true
> > >
> > > debug=true
> > >
> > > keyTab="/disk-1/nifi/keytabs/GMSolrClient"
> > >
> > > serviceName="solr"
> > >
> > > principal="gmsolru...@xxxxx.gm.com";
> > >
> > > };
> > >
> > >
> > >
> > > The Processor is set to –
> > >
> > > Solr Type – Standard
> > >
> > > Solr Location -
> > > http://vmsol001.epg.nam.gm.com:8983/solr/collection1/
> > >
> > > Content Stream Path - /update/json/docs
> > >
> > > Content-Type – application/json
> > >
> > > JAAS Client App Name – GMASTSolrClient
> > >
> > >
> > >
> > > Does the 1.6 version of the PutSolrContentStream support Kerberos?
> > > We are getting the 401 authentication error -
> > >
> > >
> > >
> > >
> > >
> > > 198730787914459,size=119100] to Solr due to
> > > org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
> > > Error from server at http://vmsol001.epg.nam.gm.com:8983/solr:
> > > Expected mime type application/octet-stream but got text/html.
> > > <html>
> > >
> > > <head>
> > >
> > > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> > >
> > > <title>Error 401 Authentication required</title>
> > >
> > > </head>
> > >
> > > <body><h2>HTTP ERROR 401</h2>
> > >
> > > <p>Problem accessing /solr/select. Reason:
> > >
> > > <pre> Authentication required</pre></p>
> > >
> > > </body>
> > >
> > > </html>
> > >
> > > ; routing to failure:
> > > org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
> > > Error from server at http://vmsol001.epg.nam.gm.com:8983/solr:
> > > Expected mime type application/octet-stream but got text/html.
> > > <html>
> > >
> > > <head>
> > >
> > > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> > >
> > > <title>Error 401 Authentication required</title>
> > >
> > > </head>
> > >
> > > <body><h2>HTTP ERROR 401</h2>
> > >
> > > <p>Problem accessing /solr/select. Reason:
> > >
> > > <pre> Authentication required</pre></p>
> > >
> > > </body>
> > >
> > > </html>
> > >
> > >
> > >
> > > org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
> > > Error from server at http://vmsol001.epg.nam.gm.com:8983/solr:
> > > Expected mime type application/octet-stream but got text/html.
> > > <html>
> > >
> > > <head>
> > >
> > > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> > >
> > > <title>Error 401 Authentication required</title>
> > >
> > > </head>
> > >
> > > <body><h2>HTTP ERROR 401</h2>
> > >
> > > org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
> > > Error from server at http://vmsol001.epg.nam.gm.com:8983/solr:
> > > Expected mime type application/octet-stream but got text/html.
> > > <html>
> > >
> > > <head>
> > >
> > > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> > >
> > > <title>Error 401 Authentication required</title>
> > >
> > > </head>
> > >
> > > <body><h2>HTTP ERROR 401</h2>
> > >
> > > <p>Problem accessing /solr/select. Reason:
> > >
> > > <pre> Authentication required</pre></p>
> > >
> > > </body>
> > >
> > > </html>
> > >
> > >
> > >
> > > at
> > > org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpS
> > > ol
> > > rClient.java:560)
> > >
> > > at
> > > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrCli
> > > en
> > > t.java:261)
> > >
> > > at
> > > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrCli
> > > en
> > > t.java:250)
> > >
> > > at
> > > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:14
> > > 9)
> > >
> > > at
> > > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:16
> > > 6)
> > >
> > > at
> > > org.apache.nifi.processors.solr.PutSolrContentStream$1.process(PutSo
> > > lr
> > > ContentStream.java:242)
> > >
> > > at
> > > org.apache.nifi.controller.repository.StandardProcessSession.read(St
> > > an
> > > dardProcessSession.java:2207)
> > >
> > > at
> > > org.apache.nifi.controller.repository.StandardProcessSession.read(St
> > > an
> > > dardProcessSession.java:2175)
> > >
> > > at
> > > org.apache.nifi.processors.solr.PutSolrContentStream.onTrigger(PutSo
> > > lr
> > > ContentStream.java:199)
> > >
> > > at
> > > org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProces
> > > so
> > > r.java:27)
> > >
> > > at
> > > org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardP
> > > ro
> > > cessorNode.java:1147)
> > >
> > > at
> > > org.apache.nifi.controller.tasks.ConnectableTask.invoke(ConnectableT
> > > as
> > > k.java:175)
> > >
> > > at
> > > org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.r
> > > un
> > > (TimerDrivenSchedulingAgent.java:117)
> > >
> > > at
> > > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:5
> > > 11
> > > )
> > >
> > > at
> > > java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
> > >
> > > at
> > > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask
> > > .a
> > > ccess$301(ScheduledThreadPoolExecutor.java:180)
> > >
> > > at
> > > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask
> > > .r
> > > un(ScheduledThreadPoolExecutor.java:294)
> > >
> > > at
> > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor
> > > .j
> > > ava:1149)
> > >
> > > at
> > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.
> > > java:624)
> > >
> > > at java.lang.Thread.run(Thread.java:748)
> > >
> > >
> > > Dan Caulfield
> > > Hyper Scale Engineer
> > >
> > > GM – NA Information Technology – Hyper Scale Data Solutions
> > >
> > > dan.caulfi...@gm.com
> > >
> > >
> > >
> > >
> > >
> > > Nothing in this message is intended to constitute an electronic signature
> > > unless a specific statement to the contrary is included in this message.
> > >
> > > Confidentiality Note: This message is intended only for the person or
> > > entity to which it is addressed. It may contain confidential and/or
> > > privileged material. Any review, transmission, dissemination or other
> > > use, or taking of any action in reliance upon this message by persons or
> > > entities other than the intended recipient is prohibited and may be
> > > unlawful. If you received this message in error, please contact the
> > > sender and delete it from your computer.
> >
> >
> > Nothing in this message is intended to constitute an electronic signature
> > unless a specific statement to the contrary is included in this message.
> >
> > Confidentiality Note: This message is intended only for the person or
> > entity to which it is addressed. It may contain confidential and/or
> > privileged material. Any review, transmission, dissemination or other use,
> > or taking of any action in reliance upon this message by persons or
> > entities other than the intended recipient is prohibited and may be
> > unlawful. If you received this message in error, please contact the sender
> > and delete it from your computer.
>
>
> Nothing in this message is intended to constitute an electronic signature
> unless a specific statement to the contrary is included in this message.
>
> Confidentiality Note: This message is intended only for the person or entity
> to which it is addressed. It may contain confidential and/or privileged
> material. Any review, transmission, dissemination or other use, or taking of
> any action in reliance upon this message by persons or entities other than
> the intended recipient is prohibited and may be unlawful. If you received
> this message in error, please contact the sender and delete it from your
> computer.
