DSpace 7.1 installation - What 'solr' group/user? Where?

[Chris Clawson]

I have Solr 8.11.1 extracted to /opt/solr-8.11.1 . The command line example (provided in the Apache Foundation quick start instructions),  ./bin/solr start -e cloud , produces a 'welcome' message.
Step #13 of the DSpace 7.x installation page instructs me to copy dspace configsets to the installed Solr directory. (Fine.)
The second part of step #13 is telling me to change the group/owner of these configsets to 'solr':
chown -R solr:solr /opt/solr-8.11.1/server/solr/configsets
What group/user solr is this? It is not defined anywhere that I can find, and the Apache Foundation doesn't mention it anywhere I can see or understand.
Right now, the entire Solr directory is group and user owned by root:root. My DSpace operating system user will be 'tomcat'.

Please explain how and why I should use this 'solr' user and group. Thanks

[DSpace Technical Support]

Hi Chris,

The 'solr' user should be created by default when installing Apache Solr.  In any case, Apache Solr recommends *not* running Solr as root.  Instead, they recommend creating a "solr" user (it could be named something else if you want) to install Solr under.  

See this Apache guide for taking Solr to production for more information: https://solr.apache.org/guide/8_1/taking-solr-to-production.html#create-the-solr-user   That guide is also linked to from the main "Installing Solr" instructions in the "Preparing for Installation" section: https://solr.apache.org/guide/8_1/installing-solr.html#preparing-for-installation

Hopefully that helps explain things better!

Tim

[Chris Clawson]

Gentlemen, Thank you.

I am sorry about not including my system conditions (I normally do include them). I am not an I.T. professional and cannot follow directions by nature. I am running a KVM container with Ubuntu 18.?, LAMP and Tomcat 9. I don't remember how I installed the packages, but although I could manually start them,  I couldn't get them to to load/run at boot time. It took a day or more for me to discover there was a difference between systemd and init.d. (An important one.) I now have both Tomcat and Solr running as systemd services and I have created a user/group 'solr' without any password assigned to the Solr user. PLEASE let me know if there is something to fix at this point. The DSpace seems to start fine at boot time, now. I also have just finished installing SSL for both Apache and Tomcat. My back-end Hal browser pages happily displays now when accessing https://meloware.com:8443/#/api . I will copy and save the valuable information you have took the time to mention here and save it for future reference. This site is practice before attempting to upgrade my production server (with DSpace 6.3) at https://montaguearchive.org:8443/ .

Chris

On Monday, December 20, 2021 at 12:56:31 PM UTC-5 Mohammad S. AlMutairi wrote:

Hello Chris,

You dropped a vital piece of information about the Linux flavor you are using so I'm assuming a Debian derivative. It's better to start a fresh Solr installation by removing the old Solr installation and following the steps you see below.

a) mkdir /build

b) cd /build

c) wget https://downloads.apache.org/lucene/solr/8.11.1/solr-8.11.1.tgz

d) tar xzf solr-8.11.1.tgz solr-8.11.1/bin/install_solr_service.sh --strip-components=2

e) vi ./install_solr_service.sh # You need to change SOLR_USER=solr to SOLR_USER=tomcat in /etc/default/install_solr_service.sh file. tomcat is the user which has write permission over dspace folder if not replace tomcat with the user you picked for dspace.

f) bash ./install_solr_service.sh solr-8.11.1.tgz

g) vi /etc/default/solr.in.sh # You need to add dspace folders in Solr allowed paths.

SOLR_OPTS="$SOLR_OPTS -Dsolr.allowPaths=/opt/dspace/solr/statistics,/opt/dspace/temp/solr-data"

h) cp -r /opt/dspace/solr/* /var/solr/data/ # Do this step after installing dspace. You need to change /opt/dspace to the folder you installed dspace into.

i) chown -R tomcat:tomcat /var/solr/data/ # You need to change the user and the group if it differs from the user and group you chose for dspace.

j) systemctl enable solr

k) systemctl restart solr

*** You might fall into this issue at a later stage. Running /opt/dspace/bin/dspace solr-reindex-statistics for the first time will complain with the error message you see below but running it again will complete successfully ( I think the error shows up because of the existence of /opt/dspace/solr/statistics/core.properties file which gets deleted at the first run) .  Maybe Tim can shed some light on this.

### error message ### Could not create a new core in /opt/dspace/solr/statistics as another core is already defined there ### end of error message ###

######## Steps to uninstall Solr on Ubuntu manually ##########

systemctl stop solr

rm -r /var/solr
rm -r /opt/solr-8.x.x
rm -r /opt/solr
rm /etc/init.d/solr
deluser --remove-home solr
deluser --group solr
update-rc.d -f solr remove
rm -rf /etc/default/solr.in.sh

#################################################

Mohammed

[Chris Clawson]

I just took a better look at Mohammad's excellent, detailed instructions. Rather than proceeding with the front-end installation, I think I will make a re-install of Solr 8.11.1 as per his instructions. Thanks for the great detail!

[Chris Clawson]

Mohammad -

I am attempting a fresh Solr install as per you detailed instructions. The first attempt now has a functional solr, but won't start as a service at run time. I can force start solr as user 'tomcat' by the command 'sudo -u tomcat ./solr start' from the  /opt/solr-8.11.1/bin directory. I was then able to connect to Solr at http://meloware.com:8983/solr/#/ , but I get an error "Error code: SSL_ERROR_RX_RECORD_TOO_LONG" when I attempt to connect to https://meloware.com:8983/solr/#/  . Maybe I am not supposed to do that, even on good days.

Without more help, I will probably try and clean/re-install solr-8.1.11 again, but I should get some clarification about the instructions posted earlier in this thread.

Item (e) says to:

 vi ./install_solr_service.sh # You need to change SOLR_USER=solr to SOLR_USER=tomcat in /etc/default/install_solr_service.sh file. tomcat is the user which has write permission over dspace folder if not replace tomcat with the user you picked for dspace.

I understand 'install_solr_service.sh' needs to have the username changed from 'solr' to my actual DSpace user 'tomcat', but you are saying this script appears in '/etc/default/install_solr_service.sh' . Before installation, the only place it appears is in /build . This was where I edited 'install_solr_service.sh'. Once this script is run, my installation directory is '/opt/solr-8.11.1' and the script (original and unedited from the tar archive) is written to '/opt/solr-8.11.1/bin' . Of course, the default 'SOLR_USER=solr' rather than 'tomcat' is there. Is this script in it's new location important to edit 'SOLR_USER=' to 'tomcat as well? What about this path to ' /etc/default/install_solr_service.sh'? The only thing (solr) at '/etc/default/' is 'solr.in.sh', which doesn't seem to be involved with defining users.

***

I may have goofed somewhere and will try a clean re-install again. I still would appreciate the answers to three questions:

1) Is the https error ' SSL_ERROR_RX_RECORD_TOO_LONG' something to worry about now or later?

2) Should I presume the correct location to edit the 'install_solr_service.sh' script (for changing the SOLR_USER to 'tomcat')  is the one in '/build' , and not in ' /etc/default/' ?

3) Once installed, should I also edit  SOLR_USER  in  '/opt/solr-8.11.1/bin/install_solr_service.sh' and also change that variable to 'tomcat', as I first did with the script in /build?

Thanks - I'll 'get it' eventually

On Monday, December 20, 2021 at 9:17:06 PM UTC-5 Mohammad S. AlMutairi wrote:

You most welcome. Let us here in group how it goes or if you need help with what's left to get it up and running. Good luck.

[Chris Clawson]

OOPS - forgot!

I remember now that the installation script failed with:

Service solr installed.
Customize Solr startup configuration in /etc/default/solr.in.sh
Job for solr.service failed because the control process exited with error code.
See "systemctl status solr.service" and "journalctl -xe" for details.
● solr.service - LSB: Controls Apache Solr as a Service
   Loaded: loaded (/etc/init.d/solr; generated)
   Active: failed (Result: exit-code) since Tue 2021-12-21 12:39:44 CST; 5s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 3772 ExecStart=/etc/init.d/solr start (code=exited, status=1/FAILURE)
 Main PID: 1738 (code=exited, status=0/SUCCESS)

Dec 21 12:39:44 media systemd[1]: Starting LSB: Controls Apache Solr as a Service...
Dec 21 12:39:44 media su[3774]: Successful su for tomcat by root
Dec 21 12:39:44 media su[3774]: + ??? root:tomcat
Dec 21 12:39:44 media su[3774]: pam_unix(su:session): session opened for user tomcat by (uid=0)
Dec 21 12:39:44 media su[3774]: pam_unix(su:session): session closed for user tomcat
Dec 21 12:39:44 media systemd[1]: solr.service: Control process exited, code=exited status=1
Dec 21 12:39:44 media systemd[1]: solr.service: Failed with result 'exit-code'.
Dec 21 12:39:44 media systemd[1]: Failed to start LSB: Controls Apache Solr as a Service.

I (sort of) see where to look to investigate this.  I am guessing I need to read up on 'LSB'. Might this problem be permission related?

[Chris Clawson]

The install_solr_service.sh script in /build fails when I have the user set to 'tomcat'. The service installs correctly is I leave the SOLR_USER as 'solr'. My tomcat seems correctly installed and does load with system startup.

Might you clarify why I cannot install using this script, after I change the user to 'tomcat'?

On Tuesday, December 21, 2021 at 5:03:48 PM UTC-5 Mohammad S. AlMutairi wrote:

Hello Chris,

Enabling services so it will be started at boot time is straight forward. To enable tomcat9 ( sudo systemctl enable tomcat9 ) to start it use ( sudo systemctl start tomcat9 ) to check it's status use ( sudo systemctl status tomcat9 ) to stop it use ( sudo systemctl stop tomcat9 ). replace tomcat9 with solr for the solr service and apache2 for the apache webserver.

Here is the answer to your questions and please pardon me because I'm struggling with my english.

1) You shouldn't worry about the SSL certificate error because Solr admin should not be publicly accessible unless it's protected besides dspace doesn't work if solr is password protected so to satisfy both requirements Solr should be restricted to run on the loopback adapter (localhost) and that's where dspace be default expect solr to be ( solr.server = http://localhost:8983/solr ). You can test locally using wget or curl ( curl http://localhost:8983/solr/ ) or you can setup a reverse proxy to reach it and then you can use the browser for testing purposes but you have to disable it afterwards. 

2) Sorry about that. It was a typo. I posted yesterday while in a hurry so please ignore it. The solr installation script you should edit and changed is what we extracted from the gzipped tar file in step (d) in the build directory. You can skip step (e) and use the below perl command to change the file without having to manuallt edit it.

     * perl -i -pe 's/SOLR_USER=solr/SOLR_USER=tomcat/;' /build/install_solr_service.sh

3) You don't need to unless you loose the changed installation script from the build directory and you need to reinstall solr again.

Mohammed

[Chris Clawson]

Thanks for the help! I already understand that the system startup script is in /etc/init.d . The problem now seems to be that the full service of Solr (extracted in /build) contains the tar (package file) and the install_solr_service.sh script, which you have said to modify for user 'tomcat' (instead of 'solr'). Changing this username causes the installation to fail as a service, although you can start solr manually out of the /opt/solr/bin directory (which I understand you should not do.

I need to explore why the installation script works with user 'solr', and then fails if I try a clean install as 'tomcat'. Maybe I can play with group permissions and use the 'solr' user, while permitting the 'tomcat' user to have access permissions to the solr group (as well as my DSpace directory). Unless anyone replies more here, I will end this thread and start a new one later. I might start the conversation fresh with a new summary and the benefit of what I have learned. You have help much in learning where to look. Thanks!

On Tuesday, December 21, 2021 at 5:43:15 PM UTC-5 Mohammad S. AlMutairi wrote:

Chris,

Re-reading your message made me understand the confusion you have. Please don't start solr from /opt/solr-8.11.1/bin ... The solr startup script in ubuntu is located here /etc/init.d/solr ... If you edit this file you will see in line 56 solr will be run as tomcat and more thing please use systemctl start solr to run it or systemctl enable solr to enable it at boot time and so on...

(( I understand 'install_solr_service.sh' needs to have the username changed from 'solr' to my actual DSpace user 'tomcat', but you are saying this script appears in '/etc/default/install_solr_service.sh' . Before installation, the only place it appears is in /build . This was where I edited 'install_solr_service.sh'. Once this script is run, my installation directory is '/opt/solr-8.11.1' and the script (original and unedited from the tar archive) is written to '/opt/solr-8.11.1/bin' . Of course, the default 'SOLR_USER=solr' rather than 'tomcat' is there. Is this script in it's new location important to edit 'SOLR_USER=' to 'tomcat as well? What about this path to ' /etc/default/install_solr_service.sh'? The only thing (solr) at '/etc/default/' is 'solr.in.sh', which doesn't seem to be involved with defining users.))

Mohammed

On Tuesday, December 21, 2021 at 9:03:00 PM UTC+3 Chris Clawson wrote: