Hello yilmaz, But we cannot afford to shutdown all our servers for some time.
On Thu, Dec 28, 2023, 17:56 uyil...@vivaldi.net.INVALID <uyil...@vivaldi.net.invalid> wrote: > I imagine if you could afford to shut down all the running Solr instances > for a small amount of time, you could shut them all down, make the auth > changes, and start them all at the same time > > --ufuk yilmaz > ________________________________ > From: Jan Høydahl <jan....@cominvent.com> > Sent: Thursday, December 28, 2023 3:20 AM > To: users@solr.apache.org <users@solr.apache.org> > Subject: Re: Correct Procedure for making Basic Authentication Changes > LIVE across Multiple Nodes in Solr Cloud 8.10 > > Sorry no Experience with Kerberos. > > Jan Høydahl > > > 27. des. 2023 kl. 01:13 skrev Uday Kumar <uday.p...@indiamart.com > .invalid>: > > > > Hi Jan, > > Need One small confirmation, out of curiosity! > > > > Document2 reference does not apply to you as it is Kerberos plugin. > > Let's assume if we try to go with Kerberos plugin, how can we effectively > > restart each node when we are using cluster of n nodes? > > > > Because if we restart single node, Kerberos plugin will be enabled to > only > > single node, but not at other nodes. > > > > Thanks and regards, > > Uday Kumar > > > >> On Wed, Dec 27, 2023, 05:29 Uday Kumar <uday.p...@indiamart.com> wrote: > >> > >> Thanks for confirmation Jan! > >> > >>> On Wed, Dec 27, 2023, 05:04 Jan Høydahl <jan....@cominvent.com> wrote: > >>> > >>> Document2 reference does not apply to you as it is Kerberos plugin. > >>> > >>> You only need to upload the correct security.json so zookeeper, and > your > >>> entire cluster is immediately secured. As you have already validated on > >>> your test node. > >>> > >>> Jan > >>> > >>>> 26. des. 2023 kl. 18:27 skrev Uday Kumar <uday.p...@indiamart.com > >>> .INVALID>: > >>>> > >>>> Hi Jan, > >>>> > >>>> It is correct that Auth changes take effect across all nodes. So that > >>> would > >>>> be your procedure, done. > >>>> So, you meant to say, authentication changes will be reflected to all > >>> nodes > >>>> without node restart?? > >>>> > >>>> > >>>> May you have looked at docs for self-managed Solr with no zookeeper? > In > >>>> that case you must touch each node at a time. > >>>> I don't think I have checked docs for self-managed solr with no > >>> zookeeper, > >>>> kindly check below referred sections and let me know if I am missing > >>>> anything. > >>>> > >>>> *Document-1*: > >>>> > >>> > https://solr.apache.org/guide/8_10/authentication-and-authorization-plugins.html#enable-plugins-with-security-json > >>>> > >>>> Section referred: Enable Plugins with security.json > >>>> > >>>> *Document-2*: > >>>> > >>> > https://solr.apache.org/guide/8_10/kerberos-authentication-plugin.html#security-json > >>>> > >>>> Section referred: security.json > >>>> > >>>> Thanks and regards, > >>>> Uday Kumar > >>>> > >>>> > >>>> > >>>> > >>>> On Tue, Dec 26, 2023, 16:04 Jan Høydahl <jan....@cominvent.com> > wrote: > >>>> > >>>>> It is correct that Auth changes take effect across all nodes. So that > >>>>> would be your procedure, done. > >>>>> > >>>>> May you have looked at docs for self-managed Solr with no zookeeper? > In > >>>>> that case you must touch each node at a time. > >>>>> > >>>>> Jan Høydahl > >>>>> > >>>>>> 26. des. 2023 kl. 08:20 skrev Uday Kumar <uday.p...@indiamart.com > >>>>> .invalid>: > >>>>>> > >>>>>> Hello all, > >>>>>> > >>>>>> In our production environment, we currently utilize Solr Cloud 8.10 > >>> with > >>>>> 8 > >>>>>> nodes/shards (i.e., 8 different servers), without any authentication > >>>>> plugin. > >>>>>> > >>>>>> *Our New Requirement:* > >>>>>> To implement Basic Authentication on Solr Cloud to prevent > >>> unauthorized > >>>>>> access. > >>>>>> > >>>>>> Here are the steps we have undertaken in our development > environment:* > >>>>> [we > >>>>>> used Single Server, but nodes/shards with 8 different ports]* > >>>>>> 1. Created the security.json file. > >>>>>> 2. Configured and created different users as required. > >>>>>> 3. Uploaded the security.json file to Zookeeper. > >>>>>> > >>>>>> Surprisingly, *authentication is enabled on all nodes/shards* > >>> immediately > >>>>>> after pushing the security.json file to Zookeeper. > >>>>>> > >>>>>> However, according to the Solr Documentation, a restart of each node > >>> is > >>>>>> required for authentication changes to take effect across all > >>>>> nodes/shards. > >>>>>> > >>>>>> Our main query is, what is the correct approach for making > >>> authentication > >>>>>> changes live on all Nodes/Shards? > >>>>>> > >>>>>> *Thanks & Regards,* > >>>>>> *Uday Kumar* > >>>>> > >>> > >>> >
