search

bitnami / vms

Bitnami VMs
https://bitnami.com
Other
206 stars 44 forks source link

[Alfresco] Solr requests failed with 403 #1054

Open nubarron81 opened 1 year ago

nubarron81 commented 1 year ago

Platform

Virtual Machine

bndiagnostic ID know more about bndiagnostic ID

11c1a430-62bc-e35c-b7f3-c9016c581aed

bndiagnostic output

✓ Mariadb: No issues found
✓ Resources: No issues found
? Connectivity: Found possible issues
✓ Processes: No issues found
? Apache: Found possible issues

[Connectivity]

Server ports 22, 80 and/or 443 are not publicly accessible. Please check the following guide to open server ports for remote access:

https://docs.bitnami.com/general/faq/administration/use-firewall/

[Apache]

Found recent error or warning messages in the Apache error log.

Press [Enter] to continue:
[Mon Jul 24 07:23:42.694331 2023] [proxy_ajp:error] [pid 535:tid 
140564079048448] (70007)The timeout specified has expired: AH01030: 
ajp_ilink_receive() can't receive header

[Mon Jul 24 07:23:42.694428 2023] [proxy_ajp:error] [pid 535:tid 
140564079048448] [client **ip_address**:50338] AH00992: ajp_read_header: 
ajp_ilink_receive failed

[Mon Jul 24 07:23:42.694442 2023] [proxy_ajp:error] [pid 535:tid 
140564079048448] (70007)The timeout specified has expired: [client 
**ip_address**:50338] AH00878: read response failed from [::1]:8009 
(localhost:8009)

bndiagnostic was not useful. Could you please tell us why?

The suggested guides are not related with my issue

Describe your issue as much as you can

Category manager error:

JavaException: org.alfresco.repo.search.QueryParserException: 06240041 Solr request failed with 403 /solr/alfresco/alfresco?wt=json&fl=DBID%2Cscore&rows=1000&df=TEXT&start=0&locale=es_ES&alternativeDic=DEFAULT_DICTIONARY&fq=%7B%21afts%7DAUTHORITY_FILTER_FROM_JSON&fq=%7B%21afts%7DTENANT_FILTER_FROM_JSON

Tag manager error:

06240002 Wrapped Exception (with status template): 06240051 Failed to execute script 'classpath*:alfresco/templates/webscripts/org/alfresco/repository/tagging/tags.get.js': 06240050 Solr request failed with 403 /solr/alfresco/alfresco?wt=json&fl=DBID%2Cscore&rows=1000&df=TEXT&start=0&locale=es_ES&alternativeDic=DEFAULT_DICTIONARY&fq=%7B%21afts%7DAUTHORITY_FILTER_FROM_JSON&fq=%7B%21afts%7DTENANT_FILTER_FROM_JSON

Tried to apply the solution of https://github.com/bitnami/vms/issues/877

jotamartos commented 1 year ago

Hi,

That seems to be a specific error of the application when accessing Solr. We suggest you contact the Alfresco's support team to know more about the issue and how to debug it. We will keep this ticket open to allow other Bitnami users post the solution to this issue in case they also ran into it.

Thanks

github-actions[bot] commented 1 year ago

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

github-actions[bot] commented 1 year ago

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

nubarron81 commented 1 year ago

Upgraded to the last Bitnami release. Founded that the secret in /etc/systemd/system/bitnami.alfresco-search-services.service "ExecStart=/opt/bitnami/alfresco-search-services/solr/bin/solr start -a -Dalfresco.secureComms=secret -Dalfresco.secureComms.secret=bitnami" is not the same than the configured in /opt/bitnami/tomcat/shared/classes/alfresco-global.properties Once changed, not get 403 error, now 404.

jotamartos commented 1 year ago

Hi @nubarron81,

I just checked that the secret's configuration is wrong as you mentioned. I'm going to investigate this and will update this ticket when having more information.

jotamartos commented 1 year ago

Hi @nubarron81,

Apart from confirming the issues configuring the secret in the service and the conf file, we also reproduced the issue when accessing the category manager under admin tools. I created a task for the team to review it and release a new version of the solution with the fix. I can't provide you with an ETA but will update this ticket once we have more information.

david-windsock commented 1 year ago

We experienced the same problem, but after got it working for hours. The 403 error comes after a VM reboot. The only change to the VM was the password for Alfresco admin and bitnami user. Maybe this is related? We tried 7.2 and 7.4 versions.

Anyway, the #868 issue seems to be the same...

AsierraDEV commented 8 months ago

Came across alfresco's documentation https://docs.alfresco.com/insight-engine/latest/install/options/

where it warns about:

"From version 2.0, you cannot install Search and Insight Engine without mutual TLS (plain HTTP) because it is no longer supported"

So solution must come about configuring the appliance so alfresco and solr use TLS.

I think this is why, after using secret, we get a 404 instead of a 403

Upgraded to the last Bitnami release. Founded that the secret in /etc/systemd/system/bitnami.alfresco-search-services.service "ExecStart=/opt/bitnami/alfresco-search-services/solr/bin/solr start -a -Dalfresco.secureComms=secret -Dalfresco.secureComms.secret=bitnami" is not the same than the configured in /opt/bitnami/tomcat/shared/classes/alfresco-global.properties Once changed, not get 403 error, now 404.

jotamartos commented 7 months ago

Hi @AsierraDEV,

Thanks for the information. We recently released Alfresco 23.x. Could you please check if the problem persists in that version?

david-windsock commented 7 months ago

Hi @jotamartos

We tried again but the problem persists:

02260002 Wrapped Exception (with status template): 02260037 Failed to execute script 'classpath*:alfresco/templates/webscripts/org/alfresco/repository/tagging/tags.get.js': 02260036 Solr request failed with 403 /solr/alfresco/alfresco?wt=json&fl=DBID%2Cscore&rows=1000&df=TEXT&start=0&locale=es_ES&alternativeDic=DEFAULT_DICTIONARY&fq=%7B%21afts%7DAUTHORITY_FILTER_FROM_JSON&fq=%7B%21afts%7DTENANT_FILTER_FROM_JSON

This message appears on the tag manager page...

AsierraDEV commented 6 months ago

Hi @AsierraDEV,

Thanks for the information. We recently released Alfresco 23.x. Could you please check if the problem persists in that version?

Hi, I've tested version 23-23.2.1-r95 debian and problem persist.

Alfresco properties still tries to use shared secret. There is no valid keystore generated

AsierraDEV commented 6 months ago

Upgraded to the last Bitnami release. Founded that the secret in /etc/systemd/system/bitnami.alfresco-search-services.service "ExecStart=/opt/bitnami/alfresco-search-services/solr/bin/solr start -a -Dalfresco.secureComms=secret -Dalfresco.secureComms.secret=bitnami" is not the same than the configured in /opt/bitnami/tomcat/shared/classes/alfresco-global.properties Once changed, not get 403 error, now 404.

Hi again. Got solr working finally. The problem is that I've done so many things that I'm not sure what got it working finally.

I had to create the alfresco solr cores:

After that, searchin in alfresco is working, even solr status still gives error 403.

Now I have to work on changing the secret by editing service file, alfresco-global-properties and solr.properties.

Hope this helps.

I have a instalation on my dev machine, on a virtualbox virtual machine. May be first boot on the machine didn't create the solr cores.

Maybe the problem fix is just stop solr, execute point 7 of https://docs.alfresco.com/insight-engine/latest/install/options/ , when using option Install without mutual TLS - HTTP with secret word (zip)., and then start solr

jotamartos commented 6 months ago

I'll add that information to the task I created and will increase the priority for the team to check it.