Commit Graph

217 Commits

Author SHA1 Message Date
Robert Muir 1cb6e35058 SOLR-14141: eliminate JKS keystore from solr ssl docs.
Currently the documentation pretends to create a JKS keystore. It is
only actually a JKS keystore on java 8: on java9+ it is a PKCS12
keystore with a .jks extension (because PKCS12 is the new java default).
It works even though solr explicitly tells the JDK
(SOLR_SSL_KEY_STORE_TYPE=JKS) that its JKS when it is in fact not, due
to how keystore backwards compatibility was implemented.

Fix docs to explicitly create a PKCS12 keystore with .p12 extension and
so on instead of a PKCS12 keystore masquerading as a JKS one. This
simplifies the SSL steps since the "conversion" step (which was doing
nothing) from .JKS -> .P12 can be removed.
2019-12-29 09:34:00 -05:00
Robert Muir 126d6b7767
SOLR-13984: add (experimental, disabled by default) security manager support (#1082)
* SOLR-13984: add (experimental, disabled by default) security manager support.

User can set SOLR_SECURITY_MANAGER_ENABLED=true to enable security manager at runtime.

The current policy file used by tests is moved to solr/server
Additional permissions are granted for the filesystem locations set by bin/solr, and networking everywhere is enabled.

This takes advantage of the fact that permission entries are ignored if properties are not defined:
https://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html#PropertyExp
2019-12-24 06:30:31 -08:00
Robert Muir 72c99e921c
SOLR-14136: ip whitelist/blacklist via env vars (#1111)
SOLR-14136: ip whitelist/blacklist via env vars

This makes it easy to restrict access to Solr by IP. For example SOLR_IP_WHITELIST="127.0.0.1, 192.168.0.0/24, [::1], [2000:123:4:5::]/64" would restrict access to v4/v6 localhost, the 192.168.0 ipv4 network, and 2000:123:4:5 ipv6 network. Any other IP will receive a 403 response.

Blacklisting functionality can deny access to problematic addresses or networks that would otherwise be allowed. For example SOLR_IP_BLACKLIST="192.168.0.3, 192.168.0.4" would explicitly prevent those two specific addresses from accessing solr.
2019-12-23 19:26:11 -05:00
Robert Muir 1425d6cbf8
SOLR-14138: enable request log via environ var, remove deprecated jetty class usage, respect SOLR_LOGS_DIR (#1110)
User can now set SOLR_REQUESTLOG_ENABLED=true to enable the jetty request log, instead of editing XML. The location of the request logs will respect SOLR_LOGS_DIR if that is set. The deprecated NCSARequestLog is no longer used, instead it uses CustomRequestLog with NCSA_FORMAT.
2019-12-23 10:37:31 -05:00
Andy Vuong e428628054 SOLR-14107: Ensure bin/solr -q/-v args work with -e/example (#1093)
Co-authored-by: Andy Vuong <andyvvv.101@gmail.com>
2019-12-20 11:31:16 -05:00
Jason Gerlowski 62e0222aef SOLR-13087: Remove 'whoami' usage in bin/solr
whoami displays a warning if the effective-uid is not in /etc/password.
This can happen in certain situations when running in a docker
container.  This replaces the 'whoami' usage with a safer check.
2019-12-06 15:31:37 -05:00
Jan Høydahl 936f4b6ee9 SOLR-13977: solr create -c not working under Windows 10 2019-11-29 01:22:06 +01:00
Ishan Chattopadhyaya d9f41f8a5a SOLR-13662: Package manager (CLI) 2019-11-14 18:21:35 +05:30
Erick Erickson a1f3d2c29a SOLR-13771: Add -v and -m to ulimit section of reference guide and bin/solr checks 2019-09-30 17:58:35 -04:00
Cao Manh Dat 7350c50316 SOLR-13798: SSL: Adding Enabling/Disabling client's hostname verification config 2019-09-30 16:29:43 +01:00
Jan Høydahl d468d71c03 SOLR-13647: Default solr.in.sh contains incorrect default value 2019-08-12 13:56:35 +02:00
Noble Paul e45e8127d5
SOLR-13682: command line option to export documents to a file
* SOLR-13682: command line option to export documents to a file
2019-08-10 16:34:23 +10:00
Jan Høydahl b54126169b SOLR-13569: AdminUI visual indication of prod/test/dev environment 2019-06-26 12:09:02 +02:00
Ishan Chattopadhyaya 91969f40fe SOLR-13394: Tweaking G1 parameters and adding ref guide documentation 2019-05-03 00:36:32 +05:30
Andrzej Bialecki 6eccf2bf53 SOLR-13427: Support simulating the execution of autoscaling suggestions. 2019-04-29 23:14:38 +02:00
Ishan Chattopadhyaya 9c77889217 SOLR-13394: Switch default GC from CMS to G1 2019-04-25 13:58:43 +05:30
Andrzej Bialecki bd8905150d SOLR-12461: Upgrade Dropwizard Metrics to 4.0.5 release. 2019-04-18 19:08:20 +02:00
Uwe Schindler db5f1af59b Fix Windows startup script to disable HTTP/2 if TLS is enabled on Java 8. 2019-03-07 14:16:36 +01:00
Jason Gerlowski a084cc1e33 SOLR-13241: Add 'autoscaling' tool to solr.cmd
Prior to this commit, SOLR-13155 added support for an 'autoscaling' tool
to bin/solr, but not to the Windows equivalent bin/solr.cmd.  This
commit adds the necessary plumbing to the Windows version of this
script.  It also removes some dead help-text from the bin/solr script.
2019-02-13 10:48:31 -05:00
Andrzej Bialecki 242ff88e02 SOLR-13155: Add command-line option for testing autoscaling configurations. 2019-02-12 11:53:15 +01:00
Tomas Fernandez Lobbe 8b54b20fc4 SOLR-12770: Make it possible to configure a host whitelist for distributed search 2019-01-15 11:44:57 -08:00
Jan Høydahl 9488c8f688 SOLR-12237: Fix incorrect SOLR_SSL_KEYSTORE_TYPE variable in solr start script 2019-01-03 19:40:47 +01:00
Jan Høydahl a1c6e642aa SOLR-11853: Solr installer fails on SuSE linux 2019-01-02 17:24:22 +01:00
Cao Manh Dat f80e8e1167 Merge jira/http2 branch to master 2018-12-16 16:58:20 +00:00
Cassandra Targett df5540acc9 SOLR-12497: Add documentation for Hadoop credential provider-based keystore/truststore 2018-11-15 00:35:25 -06:00
Tim Underwood 5202a713ba Java 9+ GC Logging filesize parameter should be 20M instead of 20000
JEP 158 (https://openjdk.java.net/jeps/158) says the filesize parameter is the “file size in kb” however that appears to not be the case since when it is set to a value of 20000 you end up with GC logs that are only 20000 bytes in length.  Setting the value to 20M produces the desired result of GC log files that are 20MB in size.
2018-10-15 12:52:40 -07:00
Erick Erickson 95cc6f4f76 SOLR-12776: Setting of TMP in solr.cmd causes invisibility of Solr to JDK tools 2018-09-23 16:03:30 -07:00
Erick Erickson 93ae3669b5 SOLR-12008: Settle a location for the log4j2.xml file 2018-07-11 20:57:38 -07:00
Steve Rowe fba42bbac6 SOLR-12435: Fix bin/solr help and ref guide text to describe ZK_HOST in solr.in.sh/solr.in.cmd as an alternative to -z cmdline param 2018-06-14 21:06:09 -04:00
Steve Rowe 6f9f4f70f2 SOLR-12434: Fix standalone mode 'bin/solr config' to not pass in empty -z ZK_HOST param; revert accidental ZK_HOST definition in solr.in.cmd 2018-06-13 09:35:18 -04:00
Steve Rowe ca35c40f1b SOLR-12481: update.autoCreateFields must be set via Config API command 'set-user-property', but 'bin/solr create' tells users to use the default action 'set-property', which fails because the property is not editable 2018-06-12 21:50:25 -04:00
Steve Rowe 3d8b219273 SOLR-12434: remove debug printing from bin/solr 2018-06-12 21:10:19 -04:00
Steve Rowe 00be7bc2d6 SOLR-12434: remove debug printing from bin/solr 2018-06-12 21:00:39 -04:00
Steve Rowe ade22a1ef9 SOLR-12434: Fix 'bin/solr config' endless loop parsing cmdline args 2018-06-12 20:56:57 -04:00
Steve Rowe ba62472bd3 SOLR-12434: bin/solr {config,healthcheck} ignore ZK_HOST in solr.in.{sh,cmd} 2018-06-12 20:01:20 -04:00
Erick Erickson abb57c5c81 SOLR-12192: Error when ulimit is unlimited 2018-05-08 09:54:40 -07:00
Chris Hostetter 4e0e8e979b SOLR-9304: Fix Solr's HTTP handling to respect '-Dsolr.ssl.checkPeerName=false' aka SOLR_SSL_CHECK_PEER_NAME 2018-04-22 13:38:37 -07:00
Jason Gerlowski 7edfd9c410 SOLR-11840: Fix bin/solr help-text inconsistencies 2018-04-16 22:21:27 -04:00
Mark Miller 5e2a5a5b8c SOLR-10783: Add support for Hadoop Credential Provider as SSL/TLS store password source. 2018-04-09 21:57:56 -05:00
Jan Høydahl 0989e5874a SOLR-12144: SOLR_LOG_PRESTART_ROTATION now defaults to false, we leverage log4j2 for log rotation on startup 2018-04-03 13:10:20 +02:00
Uwe Schindler ade2cf2e74 SOLR-12141: Fix "bin/solr" shell scripts (Windows/Linux/Mac) to correctly detect major Java version and use numerical version comparison to enforce minimum requirements. Also remove obsolete "UseParNewGC" option. This allows to start Solr with Java 10 or later. 2018-03-27 22:49:23 +02:00
Varun Thacker bea6e2307b SOLR-7887: Log4J2 upgrade fixes 2018-03-26 11:32:03 -07:00
Erick Erickson 624d128b5e SOLR-7887: Upgrade Solr to use log4j2 -- log4j 1 now officially end of life 2018-03-25 19:16:09 -07:00
Shalin Shekhar Mangar 2620d36bbd SOLR-11957: Update ref guide and bin/solr script with the new values 2018-03-05 15:53:45 +05:30
Jason Gerlowski b4f8cd7ea6 SOLR-11108: Shorten/improve _default-configset msg
The bin/solr scripts print a warning message when a user creates a
collection that makes use of the default config (which has settings
not recommended for production).

While helpful, this warning was a little too noisy.  It also suggested
users resolve the issue with a provided curl command, but bin/solr is
also capable of performing the same action.

This commit cleans up the error message a bit.
2018-02-17 19:08:26 -05:00
Jason Gerlowski 11a23a9029 SOLR-11902: Clarify bin/solr -h text to describe which commands can be run remotely
The bin/solr scripts contain a number of independent tools.  Many of
these can be run anywhere and just pointed at the correct Solr or ZK
host.  Some must run on the machine hosting Solr itself.

This commit clarifies help text for each bin/solr command, indicating
whether it can be run remotely, or must be run locally.
2018-02-09 18:05:45 -05:00
Cassandra Targett 4dac5aad1a SOLR-11703: typo in bin/solr "impariment"; change to "disruption" 2018-01-11 08:40:26 -06:00
Erick Erickson e82e029406 SOLR-11703: Solr Should Send Log Notifications if Ulimits are too low 2017-12-25 13:22:19 -08:00
Christine Poerschke 7974aa033c SOLR-11740: fix stop port variable scope issue in stop_solr function (SOLR-9137 follow-on) 2017-12-13 11:05:49 +00:00
Christine Poerschke 9268b2b30f SOLR-9137: bin/solr script ignored custom STOP_PORT on shutdown.
(Joachim Kohlhammer, Steve Rowe, Christine Poerschke)
2017-12-05 12:19:14 +00:00