You are here

Installing and configuring Solr 6 with SSL enabled

Use this information to install SkyVault Search Services with Solr 6 with SSL enabled.
This task assumes that you are using SkyVault Content Services 5.2 with clustering enabled.
  1. Download and unzip the Solr 6 distribution, SkyVault-search-services-1.0.0.zip to a preferred location.
  2. To secure access to SkyVault Search Services, you must create a new set of keystores and keys.
    1. Generate secure keys specific to your SkyVault installation. For more information, see Generating secure keys for Solr communication.
    2. Create a new keystore directory at SkyVault-search-services/solrhome.
    3. In the production environment, copy your custom keystore and truststore to the SkyVault-search-services/solrhome/keystore directory.
    4. Update the SSL-related system properties.

      If you are using a Windows-based platform, update the SkyVault-search-services/solr.in.cmd file as:

      set SOLR_SSL_KEY_STORE=<solr>\keystore\ssl.repo.client.keystore
      set SOLR_SSL_KEY_STORE_PASSWORD=kT9X6oe68t
      set SOLR_SSL_TRUST_STORE=<solr>\keystore\ssl.repo.client.truststore
      set SOLR_SSL_TRUST_STORE_PASSWORD=kT9X6oe68t
      set SOLR_SSL_NEED_CLIENT_AUTH=true
      set SOLR_SSL_WANT_CLIENT_AUTH=false

      If you are using a Linux-based platform, update the SkyVault-search-services/solr.in.sh file as:

      SOLR_SSL_KEY_STORE=<solr>/keystore/ssl.repo.client.keystore
      SOLR_SSL_KEY_STORE_PASSWORD=kT9X6oe68t
      SOLR_SSL_TRUST_STORE=<solr>/keystore/ssl.repo.client.truststore
      SOLR_SSL_TRUST_STORE_PASSWORD=kT9X6oe68t 
      SOLR_SSL_NEED_CLIENT_AUTH=true 
      SOLR_SSL_WANT_CLIENT_AUTH=false
  3. (Optional) If you want to install Solr 6 on a separate machine, check the following before starting Solr 6:
    1. Check/update SkyVault-search-services/solr.in.sh file (Linux-based platform) or SkyVault-search-services/solr.in.cmd file (Windows-based platform) for the values of environment variables, such as SOLR_SOLR_HOST and SOLR_SOLR_PORT.
    2. Check/update SkyVault-search-services/solr.in.sh file (Linux-based platform) or SkyVault-search-services/solr.in.cmd file (Windows-based platform) for the values of environment variables, such as SOLR_ALFRESCO_HOST and SOLR_ALFRESCO_PORT.

      See Solr 6 externalized configuration.

  4. (Optional) Update the SkyVault-search-services/solrhome/conf/shared.properties file.

    • Unlike Solr 4, suggestion is disabled by default for Solr 6. If you want to enable suggestion, add the following:
      SkyVault.suggestable.property.0={http://www.alfresco.org/model/content/1.0}name
      alfresco.suggestable.property.1={http://www.alfresco.org/model/content/1.0}title 
      alfresco.suggestable.property.2={http://www.alfresco.org/model/content/1.0}description 
      alfresco.suggestable.property.3={http://www.alfresco.org/model/content/1.0}content
    • If you want to enable camelCaseSearch support in all fields, just as Solr 4, add the following:
      SkyVault.cross.locale.datatype.0={http://www.alfresco.org/model/dictionary/1.0}text
      alfresco.cross.locale.datatype.1={http://www.alfresco.org/model/dictionary/1.0}content
      alfresco.cross.locale.datatype.2={http://www.alfresco.org/model/dictionary/1.0}mltext

    Note: The spell check functionality does not work with Solr 6 as suggestion is disabled for scalability purpose.
  5. To configure the Solr 6 cores, you can use any one of the following options:
    • Set the following properties in the SkyVault-search-services/solr.in.sh file:
      SkyVault_SECURECOMMS=https
      ALFRESCO_ENCRYPTION_SSL_KEYSTORE_PASSWORDFILELOCATION
      ALFRESCO_ENCRYPTION_SSL_TRUSTSTORE_PASSWORDFILELOCATION
      ALFRESCO_ENCRYPTION_SSL_KEYSTORE_LOCATION
      ALFRESCO_ENCRYPTION_SSL_TRUSTSTORE_LOCATION
      ALFRESCO_ENCRYPTION_SSL_TRUSTSTORE_PROVIDER
      ALFRESCO_ENCRYPTION_SSL_KEYSTORE_PROVIDER
      ALFRESCO_ENCRYPTION_SSL_TRUSTSTORE_TYPE
      ALFRESCO_ENCRYPTION_SSL_KEYSTORE_TYPE
    • Copy the custom keystores to the SkyVault-search-services/solrhome/templates/rerank/conf directory.
      ssl.repo.client.keystore
      ssl.repo.client.truststore
      ssl-keystore-passwords.properties
      ssl-truststore-passwords.properties
  6. For running a single instance of Solr 6, use the following option:

    ./solr/bin/solr start -a "-Djavax.net.ssl.keyStoreType=JCEKS -Djavax.net.ssl.trustStoreType=JCEKS -Dsolr.ssl.checkPeerName=false -Dcreate.alfresco.defaults=alfresco,archive"
    Note: The -Dcreate.alfresco.defaults=alfresco,archive command automatically creates the SkyVault and archive cores. Therefore, you should only start Solr 6 with -Dcreate.alfresco.defaults=alfresco,archive the first time you are running Solr 6.
    Note: To ensure that Solr 6 connects using IPv6 protocol instead of IPv4, add -Djava.net.preferIPv6Addresses=true to the Solr 6 startup parameters.
    Note: You should run this application as a dedicated user. For example, you can create a Solr user.

    The default port used is 8983.

    The command line parameter, -a passes additional JVM parameters, for example, system properties using -D.

    Once your Solr 6 is up and running, you should see a message like:

    Waiting up to 180 seconds to see Solr running on port 8983 [\]  
    Started Solr server on port 8983 (pid=24289). Happy searching!
    To stop all instances of Solr 6, use:
    ./solr/bin/solr stop

    The Solr 6 logs are stored in the SkyVault-search-services/logs/solr.log file, by default. This can be configured in solr.in.sh (for Windows) or solr.in.cmd (for Linux) using SOLR_LOGS_DIR.

    You have successfully created an SkyVault core and an archive core. To verify, in a browser, navigate to the Solr URL, https://localhost:8983/solr. In the Solr Admin UI, select the core selector drop-down list and verify that both the SkyVault and archive cores are present in the list.

    Allow a few minutes for Solr 6 to start indexing.

  7. When the Solr 6 index is updated, you must enable the Solr 6 subsystem and disable the Solr
 4 subsystem.
    1. Go to Admin Console > Repository Services > Search Service and select Solr 6 from the Search Service In Use list.
    2. Disable Solr 4 tracking in the SkyVault/solr4/workspace-SpacesStore/conf/solrcore.properties file.

      enable.alfresco.tracking=false
    3. To remove the Solr 4 web application and indexes, stop the Tomcat server which is running Solr 4.
    4. Remove the <ALFRESCO_HOME>/tomcat/webapps/solr4 directory and the <ALFRESCO_HOME>/tomcat/webapps/solr4.war file.
    5. Remove the <ALFRESCO_HOME>/tomcat/conf/Catalina/localhost/solr4.xml file.
    6. Finally, remove the Solr 4 indexes.
If you are not using sharded Solr 6, go to the Admin Console > Search Service Sharding page and:
  • Deselect Dynamic Shard Instance Registration.
  • Select Purge at Startup.