Configure the Index Search Server in Cloud Mode
If you have installed the index search server in cloud mode, complete the following steps.
|
Ensure that you are using Java 8 or higher. If not, set the SOLR_JAVA_HOME environment variable before executing the following commands:
• Windows: SET SOLR_JAVA_HOME=<PATH_TO_JAVA_8>
• Unix: export SOLR_JAVA_HOME=<PATH_TO_JAVA_8>
|
Setup and Start Zookeeper Nodes
1. Create a data directory for each Zookeeper node. For example:
◦ Windows:
D:\ptc\commondata\zkdata\node1
D:\ptc\commondata\zkdata\node2
D:\ptc\commondata\zkdata\node3
◦ Unix:
/opt/ptc/commondata/zkdata/node1
/opt/ptc/commondata/zkdata/node2
/opt/ptc/commondata/zkdata/node3
2. Create a file named “myid” to identify the Zookeeper node. The content of the file should identify the node.
For example, the content of the following myid file is simply the number 1:
◦ Windows:
D:\ptc\commondata\zkdata\node1\myid
◦ Unix:
/opt/ptc/commondata/zkdata/node1/myid
Similarly, enter 2 into node2/myid, and 3 into node3/myid.
|
These are the IDs assigned to Zookeeper, and are used in zoo.cfg in the next step.
|
3. Create the Zookeeper configuration file:
<INDEX_SEARCH_HOME>\zookeeper\conf\zoo.cfg
where <INDEX_SEARCH_HOME> is the installation directory in which the index search server is installed.
Add the following content for node1:
# The number of milliseconds of each tick
tickTime=2000
# The number of ticks that the initial
# synchronization phase can take
initLimit=10
# The number of ticks that can pass between
# sending a request and getting an acknowledgement
syncLimit=5
# the directory where the snapshot is stored.
# do not use /tmp for storage, /tmp here is just
# example sakes.
dataDir=D:\\ptc\\commondata\\zkdata\\node1 OR /opt/ptc/commondata/zkdata/node1
# the port at which the clients will connect
clientPort=<port#>
server.1=<host1>.ptcnet.ptc.com:2888:3888
server.2=<host2>.ptcnet.ptc.com:2889:3889
server.3=<host3>.ptcnet.ptc.com:2890:3890
# the maximum number of client connections.
# increase this if you need to handle more clients
#maxClientCnxns=60
#
# Be sure to read the maintenance section of the
# administrator guide before turning on autopurge.
#
# http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_maintenance
#
# The number of snapshots to retain in dataDir
#autopurge.snapRetainCount=3
# Purge task interval in hours
# Set to "0" to disable auto purge feature
#autopurge.purgeInterval=1
The following properties should be unique and specified for each Zookeeper node:
dataDir
|
Data directory for the Zookeeper node.
|
clientPort
|
Port on which Zookeeper listens to requests.
|
4. Start all Zookeeper nodes by executing the following command:
◦ Windows:
<INDEX_SEARCH_HOME>\zookeeper\bin\zkServer.cmd
◦ Unix:
sh <INDEX_SEARCH_HOME>\zookeeper\bin\zkServer.sh start
|
When a Zookeeper node is started, it will begin communicating with other Zookeeper nodes specified in the ensemble configuration (zoo.cfg).
During the start-up, you might see errors in the console or logs reporting that the node is unable to connect to other Zookeeper nodes. This is because those nodes have not been started. These errors can be ignored.
|
Create the Solr Cores (Cloud)
|
Ensure that you are using Java 8 or higher. If not, set the SOLR_JAVA_HOME environment variable before executing the following commands:
• Windows: SET SOLR_JAVA_HOME=<PATH_TO_JAVA_8>
• Unix: export SOLR_JAVA_HOME=<PATH_TO_JAVA_8>
|
1. Open a command prompt and start Solr using the following commands:
◦ Start Solr (Windows):
<INDEX_SEARCH_HOME>/bin/Index_Search_Server.bat start
◦ Stop Solr (Windows):
<INDEX_SEARCH_HOME>/bin/Index_Search_Server.bat stop
◦ Start Solr (Unix):
sh <INDEX_SEARCH_HOME>/bin/Index_Search_Server.sh start
◦ Stop Solr (Unix):
sh <INDEX_SEARCH_HOME>/bin/Index_Search_Server.sh stop
where <INDEX_SEARCH_HOME> is the installation directory in which the index search server is installed.
2. From the command prompt, navigate to <INDEX_SEARCH_HOME>/solr/bin and execute the following command to create the core for the required module:
◦ Windows:
solr.cmd create -c <Collection Name> -n <ConfigSet Name> -d <ConfigSet Path> -shards <Number of shards> -replicationFactor <Number of replicas (Solr nodes)>
◦ Unix:
solr create -c <Collection Name> -n <ConfigSet Name> -d <ConfigSet Path> -shards <Number of shards> -replicationFactor <Number of replicas (Solr nodes)>
|
Execute the command only once from any installation. Zookeeper will make the core available to the entire Solr cloud.
|
Windchill Index Search
▪ Windows:
solr.cmd create -c wblib -n wblib -d D:\ptc\IndexSearchServer_Solr1\solr_schemas\wblib -shards 1 -replicationFactor 2
▪ Unix:
solr create -c wblib -n wblib -d /opt/ptc/IndexSearchServer_Solr1/solr_schemas/wblib -shards 1 -replicationFactor 2
Windchill PartsLink
▪ Windows:
solr.cmd create -c clfstructurelib -n clfstructurelib -d D:\ptc\IndexSearchServer_Solr1\solr_schemas\clfstructurelib -shards 1 -replicationFactor 2
▪ Unix:
solr create -c clfstructurelib -n clfstructurelib -d /opt/ptc/IndexSearchServer_Solr1/solr_schemas/clfstructurelib -shards 1 -replicationFactor 2
S1000D
▪ Windows:
solr.cmd create -c sisaadlib -n sisaadlib -d D:\ptc\IndexSearchServer_Solr1\solr_schemas\sisaadlib -shards 1 -replicationFactor 2
▪ Unix:
solr create -c sisaadlib -n sisaadlib -d /opt/ptc/IndexSearchServer_Solr1/solr_schemas/sisaadlib -shards 1 -replicationFactor 2
|
PTC recommends that you create cores for Windchill Index Search, Windchill PartsLink, and S1000D, even if the optional modules are not installed. Therefore, if you later decide to install these modules, you will not need to create the respective cores.
|
3. Open the Solr administrator interface and verify that Solr is running and the cores are available:
http://<SOLR_HOSTNAME>:<SOLR_PORT>/solr
Update the Solr Schema for Cloud Mode (Optional)
To update the Solr schema, complete the following steps:
1. Navigate to <INDEX_SEARCH_HOME>/solr_schemas and make the required updates.
2. Navigate to <INDEX_SEARCH_HOME>/solr/server/scripts/cloud-scripts and execute the following command to upload the updated schema to Zookeeper:
◦ Windows:
zkcli.bat -cmd upconfig -confname <configset name> -z <comma-separated list of Zookeeper hostname:port entries> -confdir <path to schema_config>
◦ Unix:
zkcli.sh -cmd upconfig -confname <configset name> -z <comma-separated list of Zookeeper hostname:port entries> -confdir <path to schema_config>
For example:
◦ Windows:
zkcli.bat -cmd upconfig -confname wblib -z host1.ptcnet.ptc.com:2181,host2.ptcnet.ptc.com:2182,host3.ptcnet.ptc.com:2183 -confdir <INDEX_SEARCH_HOME>\solr_schemas\wblib\conf
◦ Unix:
sh zkcli.sh -cmd upconfig -confname wblib -z host1.ptcnet.ptc.com:2181,host2.ptcnet.ptc.com:2182,host3.ptcnet.ptc.com:2183 -confdir <INDEX_SEARCH_HOME>\solr_schemas\wblib\conf
Add or Remove a Solr Node in an Existing Solr Cloud
Add a Solr Node
2. Start the Solr node.
3. Invoke the following API using the Solr URL to create a replica on this new node and add it to the Solr cloud:
<SOLR_URL>/solr/admin/collections?action=ADDREPLICA&collection=<Collection_name>&shard=<shard_name>
For example:
◦ Windchill Index Search:
http://host1.ptcnet.ptc.com:9501/solr/admin/collections?action=ADDREPLICA&collection=wblib&shard=shard1
◦ Windchill PartsLink:
http://host1.ptcnet.ptc.com:9501/solr/admin/collections?action=ADDREPLICA&collection=clfstructurelib&shard=shard1
◦ S1000D:
http://host1.ptcnet.ptc.com:9501/solr/admin/collections?action=ADDREPLICA&collection=sisaadlib&shard=shard1
|
You can also include additional parameters to specify the node on which replica should be created. For example:
http://host1.ptcnet.ptc.com:9501/solr/admin/collections?action=ADDREPLICA&collection=wblib&shard=shard1&node=127.0.0.1:9501_solr
|
Remove a Solr Node
1. Invoke the following API using the Solr URL to delete a replica from the Solr cloud:
<SOLR_URL>/solr/admin/collections?action=DELETEREPLICA&collection=<Collection_name>&shard=<shard_name>&replica=<replica_node_naeme>
|
The shard name (shard) and replica node name (coreNodeName) values can be found in the core.properties file located under <INDEX_SEARCH_HOME>/solr/server/solr/<collection_core_name>.
|
For example:
◦ Windchill Index Search:
http://host1.ptcnet.ptc.com:9501/solr/admin/collections?action=DELETEREPLICA&collection=wblib&shard=shard1&replica=core_node1
◦ Windchill PartsLink:
http://host1.ptcnet.ptc.com:9501/solr/admin/collections?action=DELETEREPLICA&collection=clfstructurelib&shard=shard1&replica=core_node1
◦ S1000D:
http://host1.ptcnet.ptc.com:9501/solr/admin/collections?action=DELETEREPLICA&collection=sisaadlib&shard=shard1&replica=core_node1
2. You can delete the installation files for the removed Solr node.
Add or Remove a Zookeeper Node in an Existing Solr Cloud
Add a Zookeeper Node
2. Configure the Zookeeper node by adding the zoo.cfg as described under the section Setup and Start Zookeeper Nodes.
3. Update the zoo.cfg for all existing Zookeeper nodes to add the entry for the new node.
4. Restart all Zookeeper nodes.
5. Update solrserver.properties of all the Solr nodes to add the new Zookeeper node:
xconfmanager -s wt.index.zookeeperHosts=<comma separated list of Zookeeper hostname:port entries> -t config/solrserver.properties -p
6. Restart all Solr nodes.
7. Update wt.properties to add the new Zookeeper node:
xconfmanager -s wt.index.zookeeperHosts=<comma separated list of Zookeeper hostname:port entries> -t codebase/wt.properties -p
8. Restart Windchill.
Remove a Zookeeper Node
1. Update zoo.cfg for all existing Zookeeper nodes to remove the entry for the node.
2. Restart all Zookeeper nodes.
3. Update solrserver.properties of all the Solr nodes to remove the Zookeeper node:
xconfmanager -s wt.index.zookeeperHosts=<comma separated list of Zookeeper hostname:port entries> -t config/solrserver.properties -p
4. Restart all Solr nodes.
5. Update wt.properties to remove the Zookeeper node:
xconfmanager -s wt.index.zookeeperHosts=<comma separated list of Zookeeper hostname:port entries> -t codebase/wt.properties -p
6. Restart Windchill.
Configure Basic Authentication for Solr (Cloud Mode)
1. Open a command prompt and navigate to <INDEX_SEARCH_HOME>/solr/server/scripts/cloud-scripts.
2. Execute the following command to load security.json to the Zookeeper node ensemble:
◦ Windows:
zkcli.bat -cmd putfile /security.json <INDEX_SEARCH_HOME>/config/solr/security.json -z <comma-separated list of Zookeeper hostname:port entries>
◦ Unix:
sh zkcli.sh -cmd putfile /security.json <INDEX_SEARCH_HOME>/config/solr/security.json -z <comma-separated list of Zookeeper hostname:port entries>
|
Whenever xconfmanger is executed to set the properties for the index search server, it generates <INDEX_SEARCH_HOME>/config/solr/security.json with the given username and password. This file can be loaded into the Zookeeper node ensemble to set or change the authentication information for Solr cloud.
|
3. Open the Solr administrator interface and verify that you are prompted for a username and password:
http://<SOLR_HOSTNAME>:<SOLR_PORT>/solr
Changing the Solr User or Password
When you change the Solr user or password, you must update both the Windchill Index Search client and server.
1. Open a Windchill shell and execute following commands to change the password or user for the Windchill Index Search client:
xconfmanager -s wt.index.solrAdminUser=<New_User> -t codebase/WEB-INF/conf/index.solrAuth.properties -p
xconfmanager -s wt.index.solrAdminPassword=<New_Password> -t codebase/WEB-INF/conf/index.solrAuth.properties -p
2. Restart Windchill.
3. From a command prompt, navigate to <INDEX_SEARCH_HOME>/bin and execute the following commands to change the password or user for the Windchill Index Search server:
◦ Windows:
xconfmanager -s wt.index.server.solrAdminUser=<New_User> -t config/solrserver.properties -p
xconfmanager -s wt.index.server.solrAdminPassword=<New_Password> -t config/solrserver.properties -p
◦ Unix:
sh xconfmanager -s wt.index.server.solrAdminUser=<New_User> -t config/solrserver.properties -p
sh xconfmanager -s wt.index.server.solrAdminPassword=<New_Password> -t config/solrserver.properties -p
4. Follow the steps outlined above to load <INDEX_SEARCH_HOME>/config/solr/security.json to the Zookeeper node ensemble.
5. Restart Solr and the Zookeeper nodes.
Configure SSL for Cloud Index Search Server (Solr)
Before you can begin, you must have a certificate and key converted into PEM format as a single file.
|
If a certificate-only file is not available, you can optionally generate one from the certificate and key file:
1. Convert the JKS keystore into PKCS12 format using the keytool utility:
keytool -importkeystore -srckeystore solr-ssl.keystore.jks -destkeystore solr-ssl.keystore.p12 -srcstoretype jks -deststoretype pkcs12
2. Convert the PKCS12-formatted keystore, including only the certificate and not the key, into PEM format using the openssl command:
openssl pkcs12 -nokeys -in solr-ssl.keystore.p12 -out solr-ssl.cacert.pem
|
Configure SSL for Solr
Configure the Windchill Index Search server for all nodes running Solr. Use the same certificate and key file for all nodes.
1. Copy the certificate (JKS) file to <Index_Search_Home>/solr/server/etc.
2. Set common SSL-related system properties.
To activate the SSL settings, uncomment and update the set of properties beginning with SOLR_SSL_* in the following file:
◦ Windows: bin\solr.in.cmd
For example:
set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks
set SOLR_SSL_KEY_STORE_PASSWORD=secret)
set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks
set SOLR_SSL_TRUST_STORE_PASSWORD=secret
REM Require clients to authenticate
set SOLR_SSL_NEED_CLIENT_AUTH=false
REM Enable clients to authenticate (but not require)
set SOLR_SSL_WANT_CLIENT_AUTH=false
◦ Unix: bin/solr.in.sh
For example:
bin/solr.in.sh example SOLR_SSL_* configuration
SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks
SOLR_SSL_KEY_STORE_PASSWORD=secret
SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks
SOLR_SSL_TRUST_STORE_PASSWORD=secret
# Require clients to authenticate
SOLR_SSL_NEED_CLIENT_AUTH=false
# Enable clients to authenticate (but not require)
SOLR_SSL_WANT_CLIENT_AUTH=false
Where “secret” is the password given when creating the certificate.
3. Open a Windchill shell and execute the following command to set the protocol as HTTPS to be used by the index search client when it connects to the index search server:
xconfmanager -s wt.index.solrProtocol=https -t codebase/wt.properties -p
4. When Windchill is configured to use SSL, any Java client that is being used outside Windchill needs a certificate to connect.
As a result, you must import the certificate to the JVM that is being used by the Solr nodes in the Solr cloud. This allows the Solr nodes to connect to Windchill and download documents for indexing.
Add the certificate file to the JVM trust store (JDK/JVM of the Solr nodes).
a. Navigate to the Java location that is used by the Solr nodes to verify the path of the cacerts file under <JAVA>/jre/lib/security.
b. Navigate to <JAVA>/jre/bin to import the new certificate. Run the keytool utility as a user who has permission to write to cacerts:
keytool -import -file <certificate file> -alias <unique name> -keystore <path to cacerts file>
For example:
keytool -import -file D:\SolrWithSSL\solr-5.4.1\server\etc\solr-ssl.cacert.pem -alias Key_Alias -keystore ../lib/security/cacerts
|
The default password for the JVM keystore is “changeit.”
|
5. Restart Windchill.
Configure SSL for Zookeeper
1. The urlScheme cluster-wide property needs to be set to https before any Solr node starts.
Open a command prompt and navigate to <INDEX_SEARCH_HOME>/solr/server/scripts/cloud-scripts, and then execute the following command:
◦ Windows:
zkcli.bat -zkhost <comma-separated list of Zookeeper hostname:port entries> -cmd clusterprop -name urlScheme -val https
For example:
zkcli.bat -zkhost host1.ptcnet.ptc.com:2181,host2.ptcnet.ptc.com:2182,host3.ptcnet.ptc.com:2183 -cmd clusterprop -name urlScheme -val https
◦ Unix:
sh zkcli.sh -zkhost <comma-separated list of Zookeeper hostname:port entries> -cmd clusterprop -name urlScheme -val https
For example:
sh zkcli.sh -zkhost host1.ptcnet.ptc.com:2181,host2.ptcnet.ptc.com:2182,host3.ptcnet.ptc.com:2183 -cmd clusterprop -name urlScheme -val https
|
The urlScheme command should be executed whenever the Zookeeper nodes are restarted.
|
2. Restart the Solr cloud (the Zookeeper nodes and Solr nodes) and then navigate to the Solr administrative interface to verify that Solr is running with SSL.
|
For known issues with SSL, see the following site:
|