Skip to main content
Top
Review meshIQ Products (G2.com)

Enabling Authentication in Solr (if applicable)

Pre-Requisites

Solr authentication is configured through the security.json file. This file must be placed in the $SOLR_HOME directory, which may be located at:

  • /opt/nastel/solr/current

  • /opt/meshiq/track/solr/current

A sample security.json file is provided below. For a detailed explanation of each field, refer to the Solr basic authentication article

This example sets up:

  • A user named solr

  • A role named administrator with all permissions

  • The solr user assigned to the administrator role

{
"authentication":{
"blockUnknown": true,
"class":"solr.BasicAuthPlugin",
"credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="},
"realm":"Lab Solr users",
"forwardCredentials": false
},
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"permissions":[
{"name":"all","role":"administrator"}
],
"user-role":{"solr":"administrator"}
}
}

Enabling Solr Authentication

XRay 1.3 and 1.4 require that all Solr clusters user the same user and password. In XRay 1.5, the clusters are able to use different credentials.

Follow these steps to enable Solr authentication with the default credentials.

  1. Leave Zookeeper running.
  2. Stop all Solr nodes (if multi-node cluster) and all other Track services, including:
    (Web, CEP, Domain, ActiveMQ, Kafka).
  3. Verify that your DBAPI version is at least jkool-dbapi-solr-1.3.30 or higher and confirm zkchroot is configured properly (e.g., ZOKEEPERHOST:PORT/CHROOT or 172.16.31.54:2181/xraysolr).
  4. Upload the security.jsonfile to the Zookeeper chroot path using the following command:
$SOLR_HOME/bin/solr zk cp file:$SOLR_HOME/security.json zk:/security.json -z <zookeeper-ip>:<zookeeper port>/<chroot>

  1. Open the $SOLR_HOME/bin/solr.in.sh file. Uncomment the following lines:

SOLR_AUTH_TYPE="basic"
SOLR_AUTHENTICATION_OPTS="-Dbasicauth=solr:SolrRocks"
  1. Restart Solr nodes.

After completing these steps, Solr will require authentication for all connections, using the default user:

  • Username: solr

  • Password: SolrRocks

Changing the Default Password

To change the default password (SolrRocks) to a new one, run the following curl command:

curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H 'Content-type:application/json' -d '{"set-user": {"solr" : "the-new-password"}}'

For more commands, refer to the Add a User or Edit a Password section in the Solr basic authentication article.

After Changing the Password

If you update the password, you must repeat the configuration steps listed in the Enabling authentication in Solr section section, replacing all instances of SolrRocks with your new password. The password specified in solr.in.sh is stored in plain text.

Changes Required in Track Configuration

To securely store the Solr password for Track (CEP) integration, you must encrypt the password using the apnet encrypt utility and update the global.properties file.

Run the following command to generate an encrypted token for the password:

cd $AUTOPILOT_HOME/bin ./apnet encrypt 'SolrRocks'
Sample Output:
Loading properties from file="/opt/meshiq/platform/global.properties", filter=*
Loading properties from file="../wgs11.properties", filter=*
Loaded properties from file="../wgs11.properties", filter=*, elapsed.ms=21
Loaded properties from file="/opt/meshiq/platform/global.properties", filter=*, elapsed.ms=6561
Encrypted token="+DSP8b8Q6TafTstcll+IVw=="
Target="SolrRocks", action=encrypt, response=null

Before starting XRay/Track (CEP), add the following lines to your global.properties file:

property jkool.db.server.user=solr
property_encrypted jkool.db.server.pwd=[encrypted new password]

Effects of Reloading security.json

If you reload the security.json file in Solr, the password will reset to the default (SolrRocks).
Follow the steps below to address this change.

Before starting XRay/Track (CEP), add the following to global.properties (to add the SolrRocks password value in encrypted form from apnet):

property jkool.db.server.user=solr
property_encrypted jkool.db.server.pwd=+DSP8b8Q6TafTstcll+IVw==

Command-Line Utilities Require Credentials for Solr Connection

The following command-line utilities require Solr connection information:

  • create-cores.sh
  • delete-cores.sh
  • jkool-cmd.sh
  • jkool-db-maint.sh
  • jkool-db-upgrade.sh
  • jkool-load-ext-data-src.sh
  • reload-cores.sh

When running the command line script provided with XRay/Track, you must include the Solr credentials on the command line as arguments. Run the command with "-help" to get the syntax for specifying credentials. For example:

-UD:<solr_user> -PD:<solr_pwd>