Solrcloud pods not starting with custom security.json

[rekhasinghcali]

Hello Team,

My solrcloud pods not starting if i defined my user secret (with basic auth credentials) and security.json supplied as secret

provided them as below in values.yaml.

if i don't provide the bootstarpSecurity options, then solr cloud pods starting.

please help me on this issue

Note: i have created usersecret and securityjson secret prior to help installation

order of installation:

solr-operator
create secrets
solr-cloud

[HoustonPutman]

Are your pods starting and failing the liveness/readiness checks, or are they not being created?

If its the former, then the issue is likely your probesRequireAuth: false option. Have you setup your security.json so that it actually does not require the liveness and readiness endpoint admin/info/system to have auth? If there's an error there, the probes will fail.

If its the latter, then it's an issue with your secret. (I think this is the case). You are using the same secret (securityjson) for both your bootstrapSecurityJson secret and your basicAuthSecret secret. This is an issue, because the basicAuthSecret needs to be a Basic Authentication Secret which only accepts a username and password. The bootstrapSecurityJson secret is supposed to have the security.json field, which requires it to be a Generic Secret. In short, these need to be two separate secrets.

You can find more information in the documentation: https://apache.github.io/solr-operator/docs/solr-cloud/solr-cloud-crd.html#custom-securityjson-secret

[mlanner]

Hi @rekhasinghcali and @HoustonPutman,

I've got a similar issue and I've tried a variety of things to make it work. I started out with just a plain Basic Auth implementation, like:

solrOptions:
  security:
    authenticationType: Basic
    basicAuthSecret: solr-basic-auth

And that worked ... for a bit. Then suddenly it broke. I don't know what I did right, wrong or changed to make it break. In any case, I've been trying to use/understand the bootstrapSecurityJson method, as in some ways I think it would be a better path for me. However, I don't fully understand how it's supposed to work. I assume the name could be the same as above, i.e. solr-basic-auth? Then, what about the key? Is it always supposed to say security.json? And if so, what does it reference? A file that gets generated in the ZK cluster? How does it work?

I've tried to understand the documentation (on page linked above), but I'm lost ... as you can probably tell. Perhaps after I understand this better I can try to contribute with some docs that makes it easier to understand.

Thanks in advance.

[liseli]

Hi team,

I've set up Solr authentication defining my security.json. I have created two secrets (fulltext-solrcloud-basic-auth => type kubernetes.io/basic-auth and solr-security-json => Opaque.Both secrets exist in the same YAML file, but in Kubernetes, two separate secrets are created. The cluster starts without issue, however, the Solr Admin UI has the Warning: Security is not enabled for this server!

This is how the authentication looks in the solr_specs.

solrSecurity:
    authenticationType: Basic
    basicAuthSecret: fulltext-solrcloud-basic-auth
    bootstrapSecurityJson:
      name: solr-security-json
      key: security.json

If I only do authenticationType: Basic, everything works fine, then I guess there is something wrong with my files. I am trying to create my security.json file because I want to create additional users in my Solr clusters.

Thanks in advance!