7 | | abernathy.mayfirst.org is a dedicated Apache Solr Server that is available for use by any May First/People Link member. Feel free to contact the publicly archived [https://lists.mayfirst.org/mailman/listinfo/solr support list], open a [/newticket ticket] or contact the [wiki:chat support team] if you want to use Apache Solr on your website. |
8 | | |
9 | | == Security == |
10 | | |
11 | | Solr does not come with a generic authentification mechanism. The Solr installation on abernathy uses a two-level security system. The connection between the Drupal web server (denoted by $SERVERNAME) and the Solr server is secured by ssh against attacks from the web. The instances (denoted by $CORENAME) on the Solr server are protected by random admin paths (denoted by $COREPATH) from one another. The random admin paths are generated by ''core_'' followed by {{{pwgen -1 --secure 30}}} |
12 | | |
13 | | == Reliability == |
14 | | |
15 | | The ssh connections between the web server and the Solr server is supervised by [http://smarden.org/runit/ runit]. If there is a problem ssh will end the connection and runit will restart ssh. Sometimes Solr crashes Tomcat if there are too many requests at once. So we use [http://mmonit.com/monit/ monit] to monitor Solr and restart Tomcat automatically if it crashed. |
16 | | |
17 | | == Website Administrators == |
18 | | |
19 | | If you run a Drupal website, you can use Solr. The first step is to determine whether your primary host $SERVERHOST is connected to our Solr server. The following hosts are currently connected: |
20 | | |
21 | | * at.indymedia.org |
22 | | * bethemedia.org.uk |
23 | | * lumumba.mayfirst.org |
24 | | * sojourner.mayfirst.org |
25 | | * yser.mayfirst.org |
26 | | |
27 | | If your primary server is not listed, please open a [/newticket ticket] or contact the [wiki:chat support team] to request having your primary host added. |
| 7 | abernathy.mayfirst.org is a dedicated Apache Solr Server that is available for use by any May First/People Link member. Open a [/newticket ticket] or contact the [wiki:chat support team] if you want to use Apache Solr on your website. |
67 | | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK9Rnog/DuOeFN0gusPadGHtAFs/vrfuNyxsNpakycA/+hkKbgEid/xR4Tbbs25ak03bBJePdCf/PpORcB2rgiFwte4fOAfoXX/VHBnqZLFizhZKPCtG0gstQXTwdvOkx+8p5yPODVQvkqeOJCxF7EAI5B9VgcoJWdh2tQX+e07v/DgRtTs+01re0ZmVxmpGpgRWICdaPms9Hh/DwJT7gs19TpPv1qBgzDTN/z12b/6BRsShk/eEGVwslGF3meFA5+saWPmCSJKKK3Pg0btp3LxLkZfWUtdnVr7ASeJlevnthOPlSMp0ITs6oznhQEjycWK+nBYNUrK+cguiMepe/t solr-ssh@abernathy |
| 47 | # To add users with cores. |
| 48 | # |
| 49 | # 1. Add server to the firewall rules if it's not already there. |
| 50 | # 2. Add core name to solr_cores: with obscured name. |
| 51 | # Advice is one core per index. For a lot of uses multiple indexes can |
| 52 | # go on the same core, but it could cause issues depending on requirements. |
| 53 | # 3. Add a username:pass to solr_auth_users: with password. |
| 54 | # 4. Add username: "users" role in solr_auth_users_roles. |
| 55 | # |
| 56 | # 5. On the server a core will have been created with the 'example' config. |
| 57 | # /var/solr/data/core_name/conf |
| 58 | # Replace this with the configuration required: |
| 59 | # - for Drupal 7 search_api_solr there is a copy of the config in /root |
| 60 | # - for Drupal 8 search_api_solr it require the site admin to export the configuration from their site administration interface; this can change if the schema or languages change. After configuring the core there is a tab to download it. |
| 61 | # https://git.drupalcode.org/project/search_api_solr/blob/8.x-3.x/INSTALL.md |
| 62 | # - for WP? |
| 63 | # When a configuration has been replaced reload the core, can be done from admin ui. |
70 | | to the new user's ''~/.ssh/authorized_keys'' file. abernathy will connect to $SERVERHOST with these credentials and provide an ssh tunnel to the Apache Solr server. |
71 | | |
72 | | === On Abernathy === |
73 | | |
74 | | There are two things to do on abernathy.mayfirst.org: add a ssh tunnel from abernathy to the web server and create a new Apache Solr instance in Apache Tomcat. |
75 | | |
76 | | ==== Create SSH tunnel ==== |
77 | | |
78 | | Log as solr-ssh into $SERVERHOST from solr-ssh on abernathy.mayfirst.org |
79 | | {{{ |
80 | | sudo -u solr-ssh ssh solr-ssh@$SERVERHOST |
81 | | }}} |
82 | | End the connection with {{{exit}}} |
83 | | |
84 | | On abernathy, add a SSH tunnel by using {{{solr_addssh}}} (see {{{solr_addssh --man}}} for help and more options) |
85 | | {{{ |
86 | | solr_addssh $SERVERNAME $SERVERHOST |
87 | | }}} |
88 | | |
89 | | You can list port forwardings with {{{solr_listssh}}} and delete (stop/disable/remove) port forwarding with {{{solr_delssh $SERVERNAME}}} (add {{{--man}}} for help and more options). |
90 | | |
91 | | ==== Test SSH tunnel ==== |
92 | | |
93 | | Log as solr-ssh into $SERVERHOST and try |
94 | | {{{ |
95 | | curl http://localhost:9080 |
96 | | }}} |
97 | | to see the Apache Tomcat welcome page from abernathy.mayfirst.org. |
98 | | |
99 | | ==== Create new Solr configuration ==== |
100 | | |
101 | | Use {{{solr_addcore}}} to create a new Solr instance |
102 | | |
103 | | {{{solr_addcore $CORENAME}}} |
104 | | |
105 | | The script will output the Solr admin path ($COREPATH) for the new Solr instance. |
106 | | |
107 | | You can list instances with {{{solr_listcore}}} and delete an instance with {{{solr_delcore $CORENAME}}} (add {{{--man}}} for help and more options). |
108 | | |
109 | | ==== Restart Apache Tomcat ==== |
110 | | |
111 | | Restart Apache Tomcat with |
112 | | {{{ |
113 | | service tomcat6 restart |
114 | | }}} |
115 | | |
116 | | ==== Test new Solr core ==== |
117 | | |
118 | | Check that the new core is accessible with: |
119 | | {{{ |
120 | | curl http://localhost:8080/solr/$COREPATH/admin/. |
121 | | }}} |
122 | | |
123 | | === Troubleshooting === |
124 | | |
125 | | Make sure that the ssh tunnel is ''up'' |
126 | | {{{ |
127 | | sv status solr-ssh-$SERVERNAME |
128 | | }}} |
129 | | |
130 | | If the tunnel is ''down'' you should have a look at the logs: |
131 | | {{{tail -f /var/log/supervise/solr-ssh-$SERVERNAME/current}}} |
132 | | |
133 | | For more information add ''-v'' to the ssh command in {{{/etc/sv/solr-ssh-$SERVERNAME/run}}} and check the logs again. |
134 | | |
135 | | Check the Solr cores with |
136 | | {{{ |
137 | | solr_checkcore |
138 | | }}} |
139 | | (add {{{--man}}} for help and more options) |