SOLR-11690: put command examples in [source] blocks; make NOTE a CAUTION and move up to associated command

This commit is contained in:
Cassandra Targett 2018-09-04 20:58:04 -05:00
parent a3aa014d1a
commit 2565010261
1 changed files with 15 additions and 10 deletions

View File

@ -144,16 +144,21 @@ http://localhost:8983/solr/dih/dataimport?command=full-import&jdbcurl=jdbc:hsqld
The database password can be encrypted if necessary to avoid plaintext passwords being exposed in unsecured files. To do this, we will replace the password in `data-config.xml` with an encrypted password. We will use the `openssl` tool for the encryption, and the encryption key will be stored in a file which is only readable to the `solr` process. Please follow these steps: The database password can be encrypted if necessary to avoid plaintext passwords being exposed in unsecured files. To do this, we will replace the password in `data-config.xml` with an encrypted password. We will use the `openssl` tool for the encryption, and the encryption key will be stored in a file which is only readable to the `solr` process. Please follow these steps:
. Create a strong encryption password and store it in a file. Then make sure it is readable only for the `solr` user. Example commands: . Create a strong encryption password and store it in a file. Then make sure it is readable only for the `solr` user. Example commands:
+
echo -n "a-secret" > /var/solr/data/dih-encryptionkey [source,text]
chown solr:solr /var/solr/data/dih-encryptionkey echo -n "a-secret" > /var/solr/data/dih-encryptionkey
chmod 600 /var/solr/data/dih-encryptionkey chown solr:solr /var/solr/data/dih-encryptionkey
chmod 600 /var/solr/data/dih-encryptionkey
+
CAUTION: Note that we use the `-n` argument to `echo` to avoid including a newline character at the end of the password. If you use another method to generate the encrypted password, make sure to avoid newlines as well.
. Encrypt the JDBC database password using `openssl` as follows: . Encrypt the JDBC database password using `openssl` as follows:
+
[source,text]
echo -n "my-jdbc-password" | openssl enc -aes-128-cbc -a -salt -md md5 -pass file:/var/solr/data/dih-encryptionkey
+
The output of the command will be a long string such as `U2FsdGVkX18QMjY0yfCqlfBMvAB4d3XkwY96L7gfO2o=`. You will use this as `password` in your `data-config.xml` file.
echo -n "my-jdbc-password" | openssl enc -aes-128-cbc -a -salt -md md5 -pass file:/var/solr/data/dih-encryptionkey
.. The output of the command will be a long string such as `U2FsdGVkX18QMjY0yfCqlfBMvAB4d3XkwY96L7gfO2o=`. You will use this as `password` in your `data-config.xml` file.
. In your `data-config.xml`, you'll add the `password` and `encryptKeyFile` parameters to the `<datasource>` configuration, as in this example: . In your `data-config.xml`, you'll add the `password` and `encryptKeyFile` parameters to the `<datasource>` configuration, as in this example:
+ +
[source,xml] [source,xml]
@ -163,7 +168,7 @@ The database password can be encrypted if necessary to avoid plaintext passwords
password="U2FsdGVkX18QMjY0yfCqlfBMvAB4d3XkwY96L7gfO2o=" password="U2FsdGVkX18QMjY0yfCqlfBMvAB4d3XkwY96L7gfO2o="
encryptKeyFile="/var/solr/data/dih-encryptionkey" /> encryptKeyFile="/var/solr/data/dih-encryptionkey" />
NOTE: Note that we use the `-n` argument to `echo` to avoid including a newline character at the end of the password. If you use another method to generate the encrypted password, make sure to avoid newlines as well.
== DataImportHandler Commands == DataImportHandler Commands