I set up this small Gist to help demonstrate an edge case when running Solr as a TLOG/PULL replica ensemble with authentication enabled and authorization being rather strict.
The problem is that in said environment, the PULL replica cannot check the TLOG leader
replicas for updates. It get's rejected with a 401
HTTP error code.
This will launch a Zookeeper node and two Solr nodes
$ docker-compose up -d
This will add a user solr
with password solr
in a admin
role. It will furthermore secure
every endpoint to be accessible only by the admin
role.
$ docker exec -it solr_1 solr zk cp file:/opt/solr/server/solr/security.json zk:/security.json -z zookeeper:2181
This will create a collection having one TLOG replica leader and a PULL replica follower.
$ curl --user solr:solr \
"http://localhost:8983/solr/admin/collections?action=CREATE&name=techproducts&numShards=1&tlogReplicas=1&pullReplicas=1&wt=xml&collection.configName=_default"
Immediately upon collection creation, the PULL replica polls the TLOG replica for updates and will be rejected.
solr_1 | 2021-04-29 18:55:10.933 INFO (indexFetcher-28-thread-1) [ ] o.a.s.h.IndexFetcher Last replication failed, so I'll force replication
solr_1 | 2021-04-29 18:55:10.940 WARN (indexFetcher-28-thread-1) [ ] o.a.s.h.IndexFetcher Leader at: http://172.23.0.3:8984/solr/techproducts_shard1_replica_t1/ is not available. Index fetch failed by exception: org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://172.23.0.3:8984/solr/techproducts_shard1_replica_t1: Expected mime type application/octet-stream but got text/html. <html>
solr_1 | <head>
solr_1 | <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
solr_1 | <title>Error 401 Authentication failed, Response code: 401</title>
solr_1 | </head>
solr_1 | <body><h2>HTTP ERROR 401 Authentication failed, Response code: 401</h2>
solr_1 | <table>
solr_1 | <tr><th>URI:</th><td>/solr/techproducts_shard1_replica_t1/replication</td></tr>
solr_1 | <tr><th>STATUS:</th><td>401</td></tr>
solr_1 | <tr><th>MESSAGE:</th><td>Authentication failed, Response code: 401</td></tr>
solr_1 | <tr><th>SERVLET:</th><td>default</td></tr>
solr_1 | </table>