Permission Denied error when trying to connect to Solr running on a different server

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Permission Denied error when trying to connect to Solr running on a different server

Cynde Rogers
I have an SSL enabled ruby on rails application that used solr and the sunspot rails gem for search. For development I just run solr locally and that works as expected. But I'm trying to set up a stand-alone solr server for production. So I installed it on its own server and created the core for my site. I also copied over the sunspot schema.xml and solrconfig.xml files from my project to the data/conf directory on the solr server.

I updated my application config file to point to the solr server and was able to populate the index for my site from the command line using rails sunspot:solr:reindex (so the application server can communicate with the solr server). I was able to verify this by accessing the Solr Dashboard web page for the solr server; I can see that my data is there (the numDocs matches with what I'd expect).  I was also able to run search from my rails console

But when I try to access search through my web application I'm getting Errno::EACCES in SearchController#index Permission denied - connect(2) for "10.76.42.43" port 8983. (10.76.42.43 is the IP address of my solr server).

Normally this is some sort of file permission issue but I'm not really what file(s) could be causing the problem. I can't find anything written in the solr logs on the solr server.

I'm using the default setup for solr using java 1.8 and solr 5.4.1; jetty is the service (java -server owned by solr). The install directory is /opt/solr (owned by root) and the data directory is in /var/solr (owned by solr). I tried changing the owner for /opt/solr but get the same results.

Anybody face the same issue and if so what did you do to fix it? I really would appreciate any help I could get.


--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/8cb743eb-7b73-4e52-a800-6a02facbbab6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Permission Denied error when trying to connect to Solr running on a different server

Hassan Schroeder-2
On Fri, Aug 24, 2018 at 5:44 AM, Cynde Rogers <[hidden email]> wrote:

> I updated my application config file to point to the solr server and was
> able to populate the index for my site from the command line using rails
> sunspot:solr:reindex (so the application server can communicate with the
> solr server). I was able to verify this by accessing the Solr Dashboard web
> page for the solr server; I can see that my data is there (the numDocs
> matches with what I'd expect).  I was also able to run search from my rails
> console
>
> But when I try to access search through my web application I'm getting
> Errno::EACCES in SearchController#index Permission denied - connect(2) for
> "10.76.42.43" port 8983. (10.76.42.43 is the IP address of my solr server).

So, just to clarify:

From the *app server* command line, you can successfully run a
rake task on the *solr server* - true/false?

From the *app server* rails console, you can access the solr server
manually - true/false?

Is the rails app running as the same *nix user that initiated the rails
sunspot:* cmd?

--
Hassan Schroeder ------------------------ [hidden email]
twitter: @hassan
Consulting Availability : Silicon Valley or remote

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CACmC4yA3mmqQ-ubVa85OBmPDSUTBjr%2BMmUYpoQ%2BaupaT_sXC1Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Permission Denied error when trying to connect to Solr running on a different server

Cynde Rogers
In reply to this post by Cynde Rogers
true -  I can manually reindex from the command line on my application server and the index is updated on the solr server
true - I can search from the rails console on my application server and data is returned from the solr server

I'm not sure about the last one; when I use ps -ef all of the processes (http, rails console, sunspot:solr:reindex) are all started by me (except for the root http process which gets started by root).

FYI: We didn't add any users to solr, its the default setup; also the web application uses SSL.


On Friday, August 24, 2018 at 9:18:53 AM UTC-4, Cynde Rogers wrote:
I have an SSL enabled ruby on rails application that used solr and the sunspot rails gem for search. For development I just run solr locally and that works as expected. But I'm trying to set up a stand-alone solr server for production. So I installed it on its own server and created the core for my site. I also copied over the sunspot schema.xml and solrconfig.xml files from my project to the data/conf directory on the solr server.

I updated my application config file to point to the solr server and was able to populate the index for my site from the command line using rails sunspot:solr:reindex (so the application server can communicate with the solr server). I was able to verify this by accessing the Solr Dashboard web page for the solr server; I can see that my data is there (the numDocs matches with what I'd expect).  I was also able to run search from my rails console

But when I try to access search through my web application I'm getting Errno::EACCES in SearchController#index Permission denied - connect(2) for "10.76.42.43" port 8983. (10.76.42.43 is the IP address of my solr server).

Normally this is some sort of file permission issue but I'm not really what file(s) could be causing the problem. I can't find anything written in the solr logs on the solr server.

I'm using the default setup for solr using java 1.8 and solr 5.4.1; jetty is the service (java -server owned by solr). The install directory is /opt/solr (owned by root) and the data directory is in /var/solr (owned by solr). I tried changing the owner for /opt/solr but get the same results.

Anybody face the same issue and if so what did you do to fix it? I really would appreciate any help I could get.


--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/109ad4b4-08ed-452d-9fe1-c93026e64fb9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Permission Denied error when trying to connect to Solr running on a different server

Cynde Rogers
In reply to this post by Hassan Schroeder-2


On Friday, August 24, 2018 at 11:23:46 AM UTC-4, Hassan Schroeder wrote:
On Fri, Aug 24, 2018 at 5:44 AM, Cynde Rogers <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="7_s_7au3AgAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">cynde...@...> wrote:

> I updated my application config file to point to the solr server and was
> able to populate the index for my site from the command line using rails
> sunspot:solr:reindex (so the application server can communicate with the
> solr server). I was able to verify this by accessing the Solr Dashboard web
> page for the solr server; I can see that my data is there (the numDocs
> matches with what I'd expect).  I was also able to run search from my rails
> console
>
> But when I try to access search through my web application I'm getting
> Errno::EACCES in SearchController#index Permission denied - connect(2) for
> "10.76.42.43" port 8983. (10.76.42.43 is the IP address of my solr server).

So, just to clarify:

From the *app server* command line, you can successfully run a
rake task on the *solr server* - true/false?

From the *app server* rails console, you can access the solr server
manually - true/false?

Is the rails app running as the same *nix user that initiated the rails
sunspot:* cmd?

--
Hassan Schroeder ------------------------ <a href="javascript:" target="_blank" gdf-obfuscated-mailto="7_s_7au3AgAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">hassan.s...@...
twitter: @hassan
Consulting Availability : Silicon Valley or remote

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/d8ea50f1-4e6a-4327-8225-dbb0d7c165ee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Permission Denied error when trying to connect to Solr running on a different server

Cynde Rogers
In reply to this post by Cynde Rogers
true -  I can manually reindex from the command line on my application server and the index is updated on the solr server
true - I can search from the rails console on my application server and data is returned from the solr server

I'm not sure about the last one; when I use ps -ef all of the processes (http, rails console, sunspot:solr:reindex) are all started by me (except for the root http process which gets started by root).

FYI: We didn't add any users to solr; its the default setup; also the web application uses SSL.


On Friday, August 24, 2018 at 9:18:53 AM UTC-4, Cynde Rogers wrote:
I have an SSL enabled ruby on rails application that used solr and the sunspot rails gem for search. For development I just run solr locally and that works as expected. But I'm trying to set up a stand-alone solr server for production. So I installed it on its own server and created the core for my site. I also copied over the sunspot schema.xml and solrconfig.xml files from my project to the data/conf directory on the solr server.

I updated my application config file to point to the solr server and was able to populate the index for my site from the command line using rails sunspot:solr:reindex (so the application server can communicate with the solr server). I was able to verify this by accessing the Solr Dashboard web page for the solr server; I can see that my data is there (the numDocs matches with what I'd expect).  I was also able to run search from my rails console

But when I try to access search through my web application I'm getting Errno::EACCES in SearchController#index Permission denied - connect(2) for "10.76.42.43" port 8983. (10.76.42.43 is the IP address of my solr server).

Normally this is some sort of file permission issue but I'm not really what file(s) could be causing the problem. I can't find anything written in the solr logs on the solr server.

I'm using the default setup for solr using java 1.8 and solr 5.4.1; jetty is the service (java -server owned by solr). The install directory is /opt/solr (owned by root) and the data directory is in /var/solr (owned by solr). I tried changing the owner for /opt/solr but get the same results.

Anybody face the same issue and if so what did you do to fix it? I really would appreciate any help I could get.


--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/fe0777fc-e629-4bde-bde8-fdd037973fb8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Permission Denied error when trying to connect to Solr running on a different server

Cynde Rogers
It was an apache config issue. The SELinux on the machine was not allowing apache to talk to port 8983. I verified this by temporarily turning off the enforcement (setenforce 0). Once I did this I was able to run search as expected. I then turned the enforcement back on (setenforce 1) and added a rule for port 8983:

semanage port -a -t http_port_t -p tcp 8983


On Friday, August 24, 2018 at 11:57:14 AM UTC-4, Cynde Rogers wrote:
true -  I can manually reindex from the command line on my application server and the index is updated on the solr server
true - I can search from the rails console on my application server and data is returned from the solr server

I'm not sure about the last one; when I use ps -ef all of the processes (http, rails console, sunspot:solr:reindex) are all started by me (except for the root http process which gets started by root).

FYI: We didn't add any users to solr; its the default setup; also the web application uses SSL.


On Friday, August 24, 2018 at 9:18:53 AM UTC-4, Cynde Rogers wrote:
I have an SSL enabled ruby on rails application that used solr and the sunspot rails gem for search. For development I just run solr locally and that works as expected. But I'm trying to set up a stand-alone solr server for production. So I installed it on its own server and created the core for my site. I also copied over the sunspot schema.xml and solrconfig.xml files from my project to the data/conf directory on the solr server.

I updated my application config file to point to the solr server and was able to populate the index for my site from the command line using rails sunspot:solr:reindex (so the application server can communicate with the solr server). I was able to verify this by accessing the Solr Dashboard web page for the solr server; I can see that my data is there (the numDocs matches with what I'd expect).  I was also able to run search from my rails console

But when I try to access search through my web application I'm getting Errno::EACCES in SearchController#index Permission denied - connect(2) for "10.76.42.43" port 8983. (10.76.42.43 is the IP address of my solr server).

Normally this is some sort of file permission issue but I'm not really what file(s) could be causing the problem. I can't find anything written in the solr logs on the solr server.

I'm using the default setup for solr using java 1.8 and solr 5.4.1; jetty is the service (java -server owned by solr). The install directory is /opt/solr (owned by root) and the data directory is in /var/solr (owned by solr). I tried changing the owner for /opt/solr but get the same results.

Anybody face the same issue and if so what did you do to fix it? I really would appreciate any help I could get.


--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/788e89fc-344c-458b-ad92-747ef560ecdd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Permission Denied error when trying to connect to Solr running on a different server

Hassan Schroeder-2
On Mon, Aug 27, 2018 at 1:23 PM Cynde Rogers <[hidden email]> wrote:
>
> It was an apache config issue. The SELinux on the machine was not allowing apache to talk to port 8983. I verified this by temporarily turning off the enforcement (setenforce 0). Once I did this I was able to run search as expected.

Ah, does that mean you're running Passenger on Apache httpd?

Didn't think about SELinux either, but thanks for letting us know what
fixed it!

--
Hassan Schroeder ------------------------ [hidden email]
twitter: @hassan
Consulting Availability : Silicon Valley or remote

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CACmC4yDL5LA0KEx%3DD0pFV4B%2BRa7n3Q1JB6yy10Qbz0UfPCvtOQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Permission Denied error when trying to connect to Solr running on a different server

Cynde Rogers
Exactly . . .

On Monday, August 27, 2018 at 7:21:51 PM UTC-4, Hassan Schroeder wrote:
On Mon, Aug 27, 2018 at 1:23 PM Cynde Rogers <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="O0j4aYC9AwAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">cynde...@...> wrote:
>
> It was an apache config issue. The SELinux on the machine was not allowing apache to talk to port 8983. I verified this by temporarily turning off the enforcement (setenforce 0). Once I did this I was able to run search as expected.

Ah, does that mean you're running Passenger on Apache httpd?

Didn't think about SELinux either, but thanks for letting us know what
fixed it!

--
Hassan Schroeder ------------------------ <a href="javascript:" target="_blank" gdf-obfuscated-mailto="O0j4aYC9AwAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">hassan.s...@...
twitter: @hassan
Consulting Availability : Silicon Valley or remote

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/0b2ca637-b316-48a7-ac56-2ded6586f880%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.