Package Manager Internals
Salient Features
- Zero disruption deployment (hot deployment): Should be possible to install and update packages without node restarts or core reloads, and hence deployments should be quick and without failed requests or stale caches.
- Easy packaging:
- Standard plugin concepts, e.g. query parser, search component, request handler, URP etc., should be supported without any special code/packaging changes.
- Artifacts (jars containing custom plugins) that users have already deployed (and are using in production) should be compatible, without needing to recompile or re-package, for greater adoption.
- Should support single jar packages as well as multiple jar packages.
- Use familiar / standard naming
- Use industry standard concepts and terminology around package manager, similar to those like apt, dnf, homebrew etc.s
Classloaders
At the heart of the system, we have classloader isolation. To achieve this, the system is simplified into two layered classloaders: The root classloader which has all the jars from Solr classpath. This requires Solr node restart to change anything. A set of named classloaders that inherit from the root classloader. The life cycles of the named classloaders are tied to the package configuration in ZK. As soon as the configuration is modified, the corresponding classloaders are reloaded and components are asked to reload.
Package Loading Security
Packages are disabled by default. Start all your nodes with the system property -Denable.packages=true
to use this feature.
Example
$ bin/solr -c -Denable.packages=true
Upload Your Keys
Package binaries must be signed with your private keys and ensure your public keys are published in ZooKeeper.
Example
$ openssl genrsa -out my_key.pem 512
# create the public key in .der format
$ openssl rsa -in my_key.pem -pubout -outform DER -out my_key.der
# upload to ZooKeeper
$ server/scripts/cloud-scripts/zkcli.sh -zkhost 127.0.0.1:9983 -cmd makepath /keys/exe/
$ server/scripts/cloud-scripts/zkcli.sh -zkhost 127.0.0.1:9983 -cmd putfile /keys/exe/my_key.der my_key.der
Package Store
Package store is a distributed file store which can store arbitrary files in the file system.
- This is a fully replicated file system based repository.
- It lives at <solr.home>/filestore on each Solr node
- Every entry is a file + metadata. The metadata is named .<filename>.json
- The metadata file contains the sha256, signatures of the file
- Users can’t create files starting with period (.)
- It is agnostic of content type of files. You may store jars as well as other files.
How Does the Package Store Work?
When a file is uploaded to the PackageStore ,
- It’s saved to the local file system
- It’s saved along with the metadata. The metadata file stores the sha512 and signatures of the jar files too.
- Every live node in the cluster is asked to download it as well
Package Store APIs
The end points are
PUT /api/cluster/files/{full/path/to/file}
in each nodeGET /api/node/files/{full/path/to/file}
to download the fileGET /api/node/files/{full/path/to/file}?meta=true
get the metadata of the fileGET /api/node/files/{full/path/to/}
get the list of files in/full/path/to
Signing Your Artifacts
Use the following steps to upload a jar signed with your public key:
1) If you don’t have a jar file with plugins, download a sample from github
$ curl -o runtimelibs.jar -LO https://github.com/apache/lucene-solr/blob/master/solr/core/src/test-files/runtimecode/runtimelibs.jar.bin?raw=true
2) Sign the jar with your private key
$ openssl dgst -sha1 -sign my_key.pem runtimelibs.jar | openssl enc -base64 | sed 's/+/%2B/g' | tr -d \\n | sed
3) Upload your jar with signature. (replace the sig
param with the output you got from the previous command)
$ curl --data-binary @runtimelibs.jar -X PUT http://localhost:7574/api/cluster/files/mypkg/1.0/myplugins.jar?sig=<signature-of-jar>
4) Verify your jar upload
$ curl http://localhost:7574/api/node/files/mypkg/1.0?omitHeader=true
{
"files":{"/mypkg/1.0":[{
"name":"myplugins.jar",
"timestamp":"2019-11-11T07:36:17.354Z",
"sha512":"d01b51de67ae1680a84a813983b1de3b592fc32f1a22b662fc9057da5953abd1b72476388ba342cad21671cd0b805503c78ab9075ff2f3951fdf75fa16981420",
"sig":["elNjhmWIOgTgbAzeZ+OcwR42N7vqL6Ig9eAqn4YoP2thT7FJuhiaZuCPivjMkD682EBo9gveSCTyXIsZKjOCbQ=="]}]}}
Packages
A Package have the following attributes:
- A unique name
- One or more versions with the following attributes:
version
: The version stringfiles
: An array of files from the package store
For every package / version in the packages definition, there is a unique SolrResourceLoader
instance. This is a child of the CoreContainer
resource loader.
packages.json
The package configurations live in a file called /packages.json in ZooKeeper. At any given moment we can have multiple versions of a given package in the package configuration. The system will always use the latest version . Versions are sorted by their numeric value and the biggest is the latest.
example:
{
"packages" : {
"mypkg" : {
"name": "mypkg",
"versions": [
{"version" : "0.1",
"files" : ["/path/to/myplugin/1.1/plugin.jar"]
},
{"version" : "0.2",
"files" : ["/path/to/myplugin/1.0/plugin.jar"]
}]}}}
API Endpoints
GET /api/cluster/package
Get the list of packagesPOST /api/cluster/package
edit packagesadd
command: add a version of a packagedelete
command : delete a version of a package
How to Upgrade?
Use the add command to add a version that is bigger than the current version
How to Downgrade ?
Use the delete command to delete a version that is the highest and the next highest version will be chosen
Using Multiple Versions in Parallel
We use the params.json
in the collection config to store a version of a package it uses. by default it is the $LATEST.
{"params":{
"PKG_VERSIONS": {
"mypkg": "0.1",
"pkg2" : "$LATEST",
}}}
- for
mypkg
use the version0.1
irrespective of whether there is a newer version is available or not - for
pkg2
use the latest. This is optional. The default is ‘$LATEST’
The Workflow
- A new version of a package is added
- The package loader loads the classes and notifies every plugin holder of the availability of the new version
- It checks if it is supposed to use a specific version, Ignore the update
- If not, reload the plugin
Using Them in Plugins
Any class name can be prefixed with the packagename e.g : mypkg:fully.qualified.ClassName
and Solr would use the latest version of the package to load the classes from. The plugins loaded from packages cannot depend on core level classes.
Plugin declaration in solrconfig.xml
<requestHandler name="/myhandler" class="mypkg:full.path.to.MyClass">
</requestHandler>
Full Working Example
1) create a package
curl http://localhost:8983/api/cluster/package -H 'Content-type:application/json' -d '
{"add": {
"package" : "mypkg",
"version":"1.0",
"files" :["/mypkg/1.0/myplugins.jar"]}}'
2) Verify the created package
curl http://localhost:8983/api/cluster/package?omitHeader=true
{"result":{
"znodeVersion":0,
"packages":{"mypkg":[{
"version":"1.0",
"files":["/mypkg/1.0/myplugins.jar"]}]}}}
3) The Package is ready to use now. Now, register a plugin in your collection from the package. Note the "mypkg"
prefix applied to the class
attribute. The same result can be achieved by editing your solrconfig.xml
as well
curl http://localhost:8983/solr/gettingstarted/config -H 'Content-type:application/json' -d '{
"create-requesthandler" : { "name" : "/test",
"class": "mypkg:org.apache.solr.core.RuntimeLibReqHandler" }}'
4) Verify that the component is created and it is using the correct version of the package to load classes from
curl http://localhost:8983/solr/gettingstarted/config/requestHandler?componentName=/test&meta=true&omitHeader=true
{
"config":{"requestHandler":{"/test":{
"name":"/test",
"class":"mypkg:org.apache.solr.core.RuntimeLibReqHandler",
"_packageinfo_":{
"package":"mypkg",
"version":"1.0",
"files":["/mypkg/1.0/myplugins.jar"]}}}}}
5) Test the request handler
$ curl http://localhost:8983/solr/gettingstarted/test?omitHeader=true
{
"params":{
"omitHeader":"true"},
"context":{
"webapp":"/solr",
"path":"/test",
"httpMethod":"GET"},
"class":"org.apache.solr.core.RuntimeLibReqHandler",
"loader":"java.net.FactoryURLClassLoader"}
6) Update the version of our component
Get a new version of the jar, sign and upload it
$ curl -o runtimelibs3.jar -LO https://github.com/apache/lucene-solr/blob/master/solr/core/src/test-files/runtimecode/runtimelibs_v3.jar.bin?raw=true
$ openssl dgst -sha1 -sign my_key.pem runtimelibs.jar | openssl enc -base64 | sed 's/+/%2B/g' | tr -d \\n | sed
$ curl --data-binary @runtimelibs3.jar -X PUT http://localhost:8983/api/cluster/files/mypkg/2.0/myplugins.jar?sig=<signature>
7) Verify it
$ curl http://localhost:8983/api/node/files/mypkg/2.0?omitHeader=true
{
"files":{"/mypkg/2.0":[{
"name":"myplugins.jar",
"timestamp":"2019-11-11T11:46:14.771Z",
"sha512":"60ec88c2a2e9b409f7afc309273383810a0d07a078b482434eda9674f7e25b8adafa8a67c9913c996cbfb78a7f6ad2b9db26dbd4fe0ca4068f248d5db563f922",
"sig":["ICkC+nGE+AqiANM0ajhVPNCQsbPbHLSWlIe5ETV5835e5HqndWrFHiV2R6nLVjDCxov/wLPo1uK0VzvAPIioUQ=="]}]}}
8) Add a new version of the package
$ curl http://localhost:8983/api/cluster/package -H 'Content-type:application/json' -d '
{"add": {
"package" : "mypkg",
"version":"2.0",
"files" :["/mypkg/2.0/myplugins.jar"]}}'
9) Verify the plugin to see if the correct version of the package is being used
$ curl http://localhost:8983/solr/gettingstarted/config/requestHandler?componentName=/test&meta=true&omitHeader=true
{
"config": {
"requestHandler": {
"/test": {
"name": "/test",
"class": "mypkg:org.apache.solr.core.RuntimeLibReqHandler",
"_packageinfo_": {
"package": "mypkg",
"version": "2.0",
"files": [
"/mypkg/2.0/myplugins.jar"
]
}}}}}
10) Test the plugin
$ curl http://localhost:8983/solr/gettingstarted/test?omitHeader=true
{
"params": {
"omitHeader": "true"
},
"context": {
"webapp": "/solr",
"path": "/test",
"httpMethod": "GET"
},
"class": "org.apache.solr.core.RuntimeLibReqHandler",
"loader": "java.net.FactoryURLClassLoader",
"Version": "2"
}
Note that the Version
value is "2"
. So the plugin is updated
How to Avoid Automatic Upgrade
The default version used in any collection is always the latest. However, setting a per-collection property in the params.json
ensures that the versions are always fixed irrespective of the new versions added
$ curl http://localhost:8983/solr/gettingstarted/config/params -H 'Content-type:application/json' -d '{
"set":{
"PKG_VERSIONS":{
"mypkg":"2.0"
}
}}'