add new parameter $jetty_host

CHANGELOG.md

@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+
+### Added
+- Add new parameter `$jetty_host`
+
 ## [4.0.0] - 2024-04-03
 
 ### Added

REFERENCE.md

@@ -46,6 +46,7 @@ The following parameters are available in the `solr` class:
 * [`gc_tune`](#-solr--gc_tune)
 * [`java_home`](#-solr--java_home)
 * [`java_mem`](#-solr--java_mem)
+* [`jetty_host`](#-solr--jetty_host)
 * [`limit_file_max`](#-solr--limit_file_max)
 * [`limit_proc_max`](#-solr--limit_proc_max)
 * [`log_dir`](#-solr--log_dir)
@@ -163,6 +164,12 @@ Data type: `String`
 
 Sets JVM memory settings for Solr.
 
+##### <a name="-solr--jetty_host"></a>`jetty_host`
+
+Data type: `Optional[String]`
+
+Sets the IP address that Solr binds to.
+
 ##### <a name="-solr--limit_file_max"></a>`limit_file_max`
 
 Data type: `Integer`

data/common.yaml

@@ -23,6 +23,7 @@ solr::gc_tune:
   - '-XX:+ParallelRefProcEnabled'
 solr::java_home: ~
 solr::java_mem: '-Xms512m -Xmx512m'
+solr::jetty_host: ~
 solr::limit_file_max: 65000
 solr::limit_proc_max: 65000
 solr::log_dir: '/var/log/solr'

manifests/init.pp

@@ -43,6 +43,9 @@
 # @param java_mem
 #   Sets JVM memory settings for Solr.
 #
+# @param jetty_host
+#   Sets the IP address that Solr binds to.
+#
 # @param limit_file_max
 #   Sets the maximum number of file descriptors.
 #
@@ -188,6 +191,7 @@
   Optional[Array] $gc_log_opts,
   Optional[Array] $gc_tune,
   Optional[Stdlib::Absolutepath] $java_home,
+  Optional[String] $jetty_host,
 ) {
   Class { 'solr::install': }
   -> Class { 'solr::config': }

spec/classes/solr_spec.rb

@@ -226,6 +226,27 @@
 
           it { is_expected.to contain_file('/var/solr/solr.in.sh').with_content(%r{-Duser.language=de}) }
         end
+
+        context 'solr class when jetty_host is empty' do
+          let(:params) do
+            {
+              version: '9.4.1',
+            }
+          end
+
+          it { is_expected.to contain_file('/var/solr/solr.in.sh').with_content(%r{#SOLR_JETTY_HOST="127.0.0.1"}) }
+        end
+
+        context 'solr class when jetty_host is not empty' do
+          let(:params) do
+            {
+              jetty_host: '10.1.2.3',
+              version: '9.4.1',
+            }
+          end
+
+          it { is_expected.to contain_file('/var/solr/solr.in.sh').with_content(%r{SOLR_JETTY_HOST="10.1.2.3"}) }
+        end
       end
     end
   end

templates/solr.in.sh.epp

@@ -111,16 +111,88 @@ SOLR_LOGS_DIR=<%= $solr::log_dir %>
 # Sets the port Solr binds to, default is 8983
 SOLR_PORT=<%= $solr::solr_port %>
 
-# Uncomment to set SSL-related system properties
-# Be sure to update the paths to the correct keystore for your environment
-#SOLR_SSL_OPTS="-Djavax.net.ssl.keyStore=etc/solr-ssl.keystore.jks \
-#-Djavax.net.ssl.keyStorePassword=secret \
-#-Djavax.net.ssl.trustStore=etc/solr-ssl.keystore.jks \
-#-Djavax.net.ssl.trustStorePassword=secret"
-
-# Uncomment to set a specific SSL port (-Djetty.ssl.port=N); if not set
-# and you are using SSL, then the start script will use SOLR_PORT for the SSL port
-#SOLR_SSL_PORT=
 <% if $solr::cloud {-%>
 SOLR_MODE="solrcloud"
 <% } -%>
+
+# Restrict access to solr by IP address.
+# Specify a comma-separated list of addresses or networks, for example:
+#   127.0.0.1, 192.168.0.0/24, [::1], [2000:123:4:5::]/64
+#SOLR_IP_ALLOWLIST=
+
+# Block access to solr from specific IP addresses.
+# Specify a comma-separated list of addresses or networks, for example:
+#   127.0.0.1, 192.168.0.0/24, [::1], [2000:123:4:5::]/64
+#SOLR_IP_DENYLIST=
+
+# Sets the network interface the Solr binds to. To prevent administrators from
+# accidentally exposing Solr more widely than intended, this defaults to 127.0.0.1.
+# Administrators should think carefully about their deployment environment and
+# set this value as narrowly as required before going to production. In
+# environments where security is not a concern, 0.0.0.0 can be used to allow
+# Solr to accept connections on all network interfaces.
+<% if $solr::jetty_host {-%>
+SOLR_JETTY_HOST="<%= $solr::jetty_host %>"
+<% } else {-%>
+#SOLR_JETTY_HOST="127.0.0.1"
+<% } -%>
+# Sets the network interface the Embedded ZK binds to.
+#SOLR_ZK_EMBEDDED_HOST="127.0.0.1"
+
+# Enables HTTPS. It is implictly true if you set SOLR_SSL_KEY_STORE. Use this config
+# to enable https module with custom jetty configuration.
+#SOLR_SSL_ENABLED=true
+# Uncomment to set SSL-related system properties
+# Be sure to update the paths to the correct keystore for your environment
+#SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.p12
+#SOLR_SSL_KEY_STORE_PASSWORD=secret
+#SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.p12
+#SOLR_SSL_TRUST_STORE_PASSWORD=secret
+# Require clients to authenticate
+#SOLR_SSL_NEED_CLIENT_AUTH=false
+# Enable clients to authenticate (but not require)
+#SOLR_SSL_WANT_CLIENT_AUTH=false
+# Verify client's hostname during SSL handshake
+#SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=false
+# SSL Certificates contain host/ip "peer name" information that is validated by default. Setting
+# this to false can be useful to disable these checks when re-using a certificate on many hosts.
+# This will also be used for the default value of whether SNI Host checking should be enabled.
+#SOLR_SSL_CHECK_PEER_NAME=true
+# Override Key/Trust Store types if necessary
+#SOLR_SSL_KEY_STORE_TYPE=PKCS12
+#SOLR_SSL_TRUST_STORE_TYPE=PKCS12
+
+# Uncomment if you want to override previously defined SSL values for HTTP client
+# otherwise keep them commented and the above values will automatically be set for HTTP clients
+#SOLR_SSL_CLIENT_KEY_STORE=
+#SOLR_SSL_CLIENT_KEY_STORE_PASSWORD=
+#SOLR_SSL_CLIENT_TRUST_STORE=
+#SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD=
+#SOLR_SSL_CLIENT_KEY_STORE_TYPE=
+#SOLR_SSL_CLIENT_TRUST_STORE_TYPE=
+
+# Sets path of Hadoop credential provider (hadoop.security.credential.provider.path property) and
+# enables usage of credential store.
+# Credential provider should store the following keys:
+# * solr.jetty.keystore.password
+# * solr.jetty.truststore.password
+# Set the two below if you want to set specific store passwords for HTTP client
+# * javax.net.ssl.keyStorePassword
+# * javax.net.ssl.trustStorePassword
+# More info: https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html
+#SOLR_HADOOP_CREDENTIAL_PROVIDER_PATH=localjceks://file/home/solr/hadoop-credential-provider.jceks
+#SOLR_OPTS=" -Dsolr.ssl.credential.provider.chain=hadoop"
+
+# Settings for authentication
+# Please configure only one of SOLR_AUTHENTICATION_CLIENT_BUILDER or SOLR_AUTH_TYPE parameters
+#SOLR_AUTHENTICATION_CLIENT_BUILDER="org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory"
+#SOLR_AUTH_TYPE="basic"
+#SOLR_AUTHENTICATION_OPTS="-Dbasicauth=solr:SolrRocks"
+
+# Settings for ZK ACL
+#SOLR_ZK_CREDS_AND_ACLS="-DzkACLProvider=org.apache.solr.common.cloud.DigestZkACLProvider \
+#  -DzkCredentialsProvider=org.apache.solr.common.cloud.DigestZkCredentialsProvider \
+#  -DzkCredentialsInjector=org.apache.solr.common.cloud.VMParamsZkCredentialsInjector \
+#  -DzkDigestUsername=admin-user -DzkDigestPassword=CHANGEME-ADMIN-PASSWORD \
+#  -DzkDigestReadonlyUsername=readonly-user -DzkDigestReadonlyPassword=CHANGEME-READONLY-PASSWORD"
+#SOLR_OPTS="$SOLR_OPTS $SOLR_ZK_CREDS_AND_ACLS"