Before enabling authentication in Solr, make sure you have upgraded from XRay 1.2 to XRay 1.3. Refer to the XRay Upgrade Guide v1.2 to v1.3 in the XRay Documentation Library.
XRay 1.3 and 1.4 require that all Solr clusters user the same user and password. In XRay 1.5, the clusters are able to use different credentials.
Follow these steps to enable Solr authentication with the default user name and password.
- Leave Zookeeper running.
- Stop all Solr nodes.
- Verify that your current directory is jkool-dbapi-solr-1.3.30 and zkchroot of "/".
- To enable authentication and define the default user "solr" with password "SolrRocks", upload the security.json file into the appropriate zkchroot within Zookeeper, using the following:
<solr-home>/bin/solr zk cp file:config/security.json zk:/security.json -z <zookeeper-ip>:<zookeeper port>
- Uncomment the following lines in <solr-home>/bin/solr.in.sh:
SOLR_AUTH_TYPE="basic"
SOLR_AUTHENTICATION_OPTS="-Dbasicauth=solr:SolrRocks"
- Restart Solr nodes.
Solr should now be running with authentication required, with user "solr" and password "SolrRocks". ALL connections to Solr will now require that credentials be specified.
Password Changes
Changing the default password
To change the default password, you can use the following command.
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H 'Content-type:application/json' -d '{"set-user": {"solr" : "the-new-password"}}'
See the "Securing Solr" section of the Solr Reference Guide (https://solr.apache.org/guide/) for addition commands and info.
After changing the password
If you have changed the password, then you must follow the steps in the “Enabling authentication in Solr” section above again, changing the references from "SolrRocks" to the new password. (In the Solr files, this is plain text.)
You must also run apnet encrypt to get the encrypted value for the new password to use in global.properties.
Before starting Xray (CEP), add the following to global.properties (to add the encrypted form of the new password value from apnet):
property jkool.db.server.user=solr
property_encrypted jkool.db.server.pwd=[encrypted new password]
Effects of reloading security.json
If you reload security.json, the password will be reset back to the default of "SolrRocks". Follow the steps below to address this change.
Before starting Xray (CEP), add the following to global.properties (to add the "SolrRocks" password value in encrypted form from apnet):
property jkool.db.server.user=solr
property_encrypted jkool.db.server.pwd=+DSP8b8Q6TafTstcll+IVw==
Command-Line Utilities Require Credentials for Solr Connection
The following command-line utilities require Solr connection information:
· create-cores.sh · delete-cores.sh · jkool-cmd.sh · jkool-db-maint.sh · jkool-db-upgrade.sh · jkool-load-ext-data-src.sh · reload-cores.sh |
When running the command line script provided with Xray, you must include the Solr credentials on the command line as arguments. Run the command with "-help" to get the syntax for specifying credentials.
For example:
-UD:<solr_user> -PD:<solr_pwd>