问题描述
我在与apache solr(5.2.1)相同的物理服务器上有一个drupal 8站点。 Drupal 8使用search_api_solr contrib模块,该模块使用Solarium(由composer安装)通过http api与solr服务器通信。
I have a drupal 8 site on the same physical server as apache solr (5.2.1). Drupal 8 uses the search_api_solr contrib module, which uses Solarium (installed by composer) to talk to the solr server using the http api.
我已经成功安装了solr并创建了一个核心。我可以在Linux命令行上使用cUrl使用各种Linux用户来查询核心。
I have successfully installed solr and created a core. I can query the core using cUrl on the linux command line, using various linux users.
我可以在浏览器中访问solr管理员屏幕(通过具有192.168 ip的vpn或域解析为此类的vpn)并查看我在cli上创建的核心。
I can access the solr admin screen in a browser (over vpn with 192.168 ip or domain resolving to such) and view the core I created on the cli.
但是,drupal solr模块无法连接到solr服务器核心,如果我使用drupal模块创建索引,则会抛出php错误:
However, the drupal solr module cannot connect to the solr server core, and if I create an index using the drupal module, it throws a php error:
[错误]未捕获的PHP异常Solarium\Exception\HttpException: modules / search_api_solr /中的 Solr HTTP错误:HTTP请求失败,无法连接到127.0.0.1:权限被拒绝 vendor / solarium / solarium / library / Solarium / Core / Client / Adapter / Curl.php第248行
[error] Uncaught PHP Exception Solarium\Exception\HttpException: "Solr HTTP error: HTTP request failed, Failed to connect to 127.0.0.1: Permission denied" at modules/search_api_solr/vendor/solarium/solarium/library/Solarium/Core/Client/Adapter/Curl.php line 248
我的网址是这样的:
I对于
或
<<
为什么日光浴室不能将http发送到本地ip?
Why should Solarium not be able to send http to a local ip?
请注意,什么也没有正在侦听8080,因此我怀疑此HTTP故障与solr服务器无关。
Note that nothing is listening on 8080, so I suspect that this http failure has nothing to do with the solr server.
推荐答案
问题原来是该CentOS6计算机上的SELinux不允许apache与端口8983通讯。
The problem turns out to be that SELinux on this CentOS6 machine is not allowing apache to talk to port 8983.
# setenforce 0
,我们的错误就消失了。
and our error goes away.
# setenforce 1
错误又回来了
检查/var/log/audit.log。
Check /var/log/audit.log.
此就是我们看到的:
type = AVC msg = audit(1457115397.149:224568):avc:拒绝了{name_connect}为pid = 4029 comm = httpd dest = 8983 scontext = unconfined_u:system_r:httpd_t:s0 tcontext = system_u:object_r:port_t:s0 tclass = tcp_socket
type=AVC msg=audit(1457115397.149:224568): avc: denied { name_connect } for pid=4029 comm="httpd" dest=8983 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
注意scontext是httpd_t(apache)
而tcontext是port_t(端口)
Notice scontext is httpd_t (apache)And tcontext is port_t (a port)
现在,默认情况下,apache只能监听http_port_t
Now by default apache can only listen on ports that are http_port_t
SO-我们检查是否需要我们的端口 8983
SO -- we check to see if our desired port "8983"
但是首先我们需要 semanage,它是由
But first we need "semanage" which is provided by :
yum install policycoreutils-python
yum install policycoreutils-python
现在检查现有的http_port_r:
Now check for existing http_port_r's:
# semanage port -l | grep 'http_port_t'
http_port_t tcp 80、81、443、488、8008、8009、8443、9000
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_http_port_t tcp 5988
现在让我们添加8983
Now let's add 8983
# semanage port -a -t http_port_t -p tcp 8983
然后再次检查-yup 8983是否存在
And check again -- yup 8983 is there
# semanage port -l | grep 'http_port_t'
http_port_t tcp 8983、80、81、443、488、8008、8009、8443 ,9000
http_port_t tcp 8983, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_http_port_t tcp 5988
SELinux强制执行没有更多错误
No more error with SELinux enforcing
这篇关于日光浴室被“许可被拒绝”。尝试在本地ip上连接apache solr时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!