This also fixes a bug where an inability to assign a node based on existing autoscaling policy resulted in a server error instead of a bad request.
This closes#1152.
(cherry picked from commit 84270dc6cf)
* DocValuesFieldExistsQuery and NormsFieldExistsQuery are used for existence queries when possible.
* Added documentation on the difference between field:* and field:[* TO *]
* Use Caffeine impl and weak values (to the schema). Previously the cache never evicted!
* now populating the configSet name from ZK into CloudDescriptor when CloudDescriptor is loaded
* actual schema name needs to be deterministic now; fallback from non-existent managed-schema to schema.xml will thwart this cache
* a test conf/core.properties wasn't actually used and became a problem in it's weird location after I refactored some logic
Closes#1166
(cherry picked from commit ab924fd4ea)
{!terms} queries have a docValues-based implementation that uses per-segment DV structures. This does well with a small to moderate (a few hundred) number of query terms, but doesn't well scale beyond that due to repetitive seeks done on each segment.
This commit introduces an implementation that uses a "top-level" docValues structure, which scales much better to very large {!terms} queries (many hundreds, thousands of terms).
* force a hard commit of all docs in TestCloudConsistency to work around bug in that test
* add new AwaitsFix'ed TestTlogReplayVsRecovery that more explicitly demonstrates the bug via TestInjection.updateLogReplayRandomPause
(cherry picked from commit 0fac7c1a26)
Currently the documentation pretends to create a JKS keystore. It is
only actually a JKS keystore on java 8: on java9+ it is a PKCS12
keystore with a .jks extension (because PKCS12 is the new java default).
It works even though solr explicitly tells the JDK
(SOLR_SSL_KEY_STORE_TYPE=JKS) that its JKS when it is in fact not, due
to how keystore backwards compatibility was implemented.
Fix docs to explicitly create a PKCS12 keystore with .p12 extension and
so on instead of a PKCS12 keystore masquerading as a JKS one. This
simplifies the SSL steps since the "conversion" step (which was doing
nothing) from .JKS -> .P12 can be removed.
* SOLR-13984: add (experimental, disabled by default) security manager support.
User can set SOLR_SECURITY_MANAGER_ENABLED=true to enable security manager at runtime.
The current policy file used by tests is moved to solr/server
Additional permissions are granted for the filesystem locations set by bin/solr, and networking everywhere is enabled.
This takes advantage of the fact that permission entries are ignored if properties are not defined:
https://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html#PropertyExp
SOLR-14136: ip whitelist/blacklist via env vars
This makes it easy to restrict access to Solr by IP. For example SOLR_IP_WHITELIST="127.0.0.1, 192.168.0.0/24, [::1], [2000:123:4:5::]/64" would restrict access to v4/v6 localhost, the 192.168.0 ipv4 network, and 2000:123:4:5 ipv6 network. Any other IP will receive a 403 response.
Blacklisting functionality can deny access to problematic addresses or networks that would otherwise be allowed. For example SOLR_IP_BLACKLIST="192.168.0.3, 192.168.0.4" would explicitly prevent those two specific addresses from accessing solr.
The Overseer used java serialization to store command responses in ZooKeeper. This commit changes the code to use Javabin instead, while allowing Java serialization with a System property in case it's needed for compatibility
User can now set SOLR_REQUESTLOG_ENABLED=true to enable the jetty request log, instead of editing XML. The location of the request logs will respect SOLR_LOGS_DIR if that is set. The deprecated NCSARequestLog is no longer used, instead it uses CustomRequestLog with NCSA_FORMAT.
Jetty 9.4.16.v20190411 and up introduced separate
client and server SslContextFactory implementations.
This split requires the proper use of of
SslContextFactory in clients and server configs.
This fixes the following
* SSL with SOLR_SSL_NEED_CLIENT_AUTH not working since v8.2.0
* Http2SolrClient SSL not working in branch_8x
Signed-off-by: Kevin Risden <krisden@apache.org>
Thread.sleep() is "subject to the precision and accuracy of system timers and schedulers."
But tests using DelayingSearchComponent need to ensure that it sleeps *at least* as long as they request, in order to trigger the timeAllowed constraint
(cherry picked from commit 8493cf18cb)
The helper method RoutedAliasUpdateProcessorTest.addDocsAndCommit doesn't garuntee docs have been committed when it returns, causing threading/timing bugs in tests that use it as a gate for making subsequent assertions -- causing a steady stream of jenkins test failures
(cherry picked from commit 33e44b2fd6)
Kevin Risden
Nick Vercammen
Jan Høydahl
Shalin Shekhar Mangar
Houston Putman
Chris Hostetter
Jan Høydahl
David Smiley
Joel Bernstein
Ishan Chattopadhyaya
Christine Poerschke
Andrzej Bialecki
Cassandra Targett
Jason Gerlowski
Alan Woodward
Mikhail Khludnev
Jason Gerlowski
RompotiMiranda
Bruno Roustant
Eric Pugh
noble
Tomas Fernandez Lobbe
Houston Putman
Martijn Koster
Nick Vercammen
Dawid Weiss
Nándor Mátravölgyi
Robert Muir
Andy Vuong
Adrien Grand
Matthias Krueger
tallison