SSL between java client and zookeeper?

classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|

SSL between java client and zookeeper?

Vaibhav Devekar
Hi all,

I'm using zookeeper for dynamic config management among spring apps hosted
on many servers. I'm trying to employ SSL for communication between these
java app and zookeeper since these properties can be sensitive information
such as database passwords.

Based on this guide -
https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide,
I was able to test out SSL for zkCli and zookeeper. I was also able to
verify that two java web apps can do 2-way SSL with each other. I'm now
trying to do the same with a java client(spring webapp) and zookeeper.
However, it hasn't worked so far. The zookeeper log says:

2016-06-16 14:42:56,379 [myid:] - WARN  [New I/O worker
#21:NettyServerCnxnFactory$CnxnChannelHandler@141] - Exception caught [id:
0x265bca3f, /fe80:0:0:0:0:0:0:1%1:61137 => /fe80:0:0:0:0:0:0:1%1:2281]
EXCEPTION: org.jboss.netty.handler.ssl.NotSslRecordException: not an
SSL/TLS record:
0000002d0000000000000000000000000000ea600000000000000000000000100000000000000000000000000000000000
org.jboss.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:
0000002d0000000000000000000000000000ea600000000000000000000000100000000000000000000000000000000000


Any pointers would be great. Does java API for zookeeper even support SSL?

Code example: https://github.com/devekar/sslDemo

Thank you.

---
Vaibhav Devekar
Reply | Threaded
Open this post in threaded view
|

Re: SSL between java client and zookeeper?

Vaibhav Devekar
Re-sending since I probably wasn't subscribed before.

---
Vaibhav Devekar



On Thu, Jun 16, 2016 at 4:23 PM, Vaibhav Devekar <[hidden email]>
wrote:

> Hi all,
>
> I'm using zookeeper for dynamic config management among spring apps hosted
> on many servers. I'm trying to employ SSL for communication between these
> java app and zookeeper since these properties can be sensitive information
> such as database passwords.
>
> Based on this guide -
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide,
> I was able to test out SSL for zkCli and zookeeper. I was also able to
> verify that two java web apps can do 2-way SSL with each other. I'm now
> trying to do the same with a java client(spring webapp) and zookeeper.
> However, it hasn't worked so far. The zookeeper log says:
>
> 2016-06-16 14:42:56,379 [myid:] - WARN  [New I/O worker
> #21:NettyServerCnxnFactory$CnxnChannelHandler@141] - Exception caught
> [id: 0x265bca3f, /fe80:0:0:0:0:0:0:1%1:61137 => /fe80:0:0:0:0:0:0:1%1:2281]
> EXCEPTION: org.jboss.netty.handler.ssl.NotSslRecordException: not an
> SSL/TLS record:
> 0000002d0000000000000000000000000000ea600000000000000000000000100000000000000000000000000000000000
> org.jboss.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:
> 0000002d0000000000000000000000000000ea600000000000000000000000100000000000000000000000000000000000
>
>
> Any pointers would be great. Does java API for zookeeper even support SSL?
>
> Code example: https://github.com/devekar/sslDemo
>
> Thank you.
>
> ---
> Vaibhav Devekar
>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: SSL between java client and zookeeper?

Flavio Junqueira-3
Hi there,

Which version of the client are you using? This is available only on the 3.5 branch and trunk.

-Flavio
 

> On 17 Jun 2016, at 00:29, Vaibhav Devekar <[hidden email]> wrote:
>
> Re-sending since I probably wasn't subscribed before.
>
> ---
> Vaibhav Devekar
>
>
>
> On Thu, Jun 16, 2016 at 4:23 PM, Vaibhav Devekar <[hidden email]>
> wrote:
>
>> Hi all,
>>
>> I'm using zookeeper for dynamic config management among spring apps hosted
>> on many servers. I'm trying to employ SSL for communication between these
>> java app and zookeeper since these properties can be sensitive information
>> such as database passwords.
>>
>> Based on this guide -
>> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide,
>> I was able to test out SSL for zkCli and zookeeper. I was also able to
>> verify that two java web apps can do 2-way SSL with each other. I'm now
>> trying to do the same with a java client(spring webapp) and zookeeper.
>> However, it hasn't worked so far. The zookeeper log says:
>>
>> 2016-06-16 14:42:56,379 [myid:] - WARN  [New I/O worker
>> #21:NettyServerCnxnFactory$CnxnChannelHandler@141] - Exception caught
>> [id: 0x265bca3f, /fe80:0:0:0:0:0:0:1%1:61137 => /fe80:0:0:0:0:0:0:1%1:2281]
>> EXCEPTION: org.jboss.netty.handler.ssl.NotSslRecordException: not an
>> SSL/TLS record:
>> 0000002d0000000000000000000000000000ea600000000000000000000000100000000000000000000000000000000000
>> org.jboss.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:
>> 0000002d0000000000000000000000000000ea600000000000000000000000100000000000000000000000000000000000
>>
>>
>> Any pointers would be great. Does java API for zookeeper even support SSL?
>>
>> Code example: https://github.com/devekar/sslDemo
>>
>> Thank you.
>>
>> ---
>> Vaibhav Devekar
>>
>>
>>

Reply | Threaded
Open this post in threaded view
|

Re: SSL between java client and zookeeper?

Devekar, Vaibhav
I¹m using 3.5.1-alpha. I did forget to update the version for the java
library. Thank you for pointing that out. However, I still get the same
error after using the latest.
Is the zookeeper API supposed to work out of the box? The only thing I did
was add keystore and trustore values as JVM arguments to tomcat. I also
configured them in tomcat¹s server.xml


--
Vaibhav Devekar
Dotcom-Search | Seattle Dev Lab




On 6/17/16, 1:39 AM, "Flavio Junqueira" <[hidden email]> wrote:

>Hi there,
>
>Which version of the client are you using? This is available only on the
>3.5 branch and trunk.
>
>-Flavio
>
>> On 17 Jun 2016, at 00:29, Vaibhav Devekar <[hidden email]>
>>wrote:
>>
>> Re-sending since I probably wasn't subscribed before.
>>
>> ---
>> Vaibhav Devekar
>>
>>
>>
>> On Thu, Jun 16, 2016 at 4:23 PM, Vaibhav Devekar
>><[hidden email]>
>> wrote:
>>
>>> Hi all,
>>>
>>> I'm using zookeeper for dynamic config management among spring apps
>>>hosted
>>> on many servers. I'm trying to employ SSL for communication between
>>>these
>>> java app and zookeeper since these properties can be sensitive
>>>information
>>> such as database passwords.
>>>
>>> Based on this guide -
>>>
>>>https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User
>>>+Guide,
>>> I was able to test out SSL for zkCli and zookeeper. I was also able to
>>> verify that two java web apps can do 2-way SSL with each other. I'm now
>>> trying to do the same with a java client(spring webapp) and zookeeper.
>>> However, it hasn't worked so far. The zookeeper log says:
>>>
>>> 2016-06-16 14:42:56,379 [myid:] - WARN  [New I/O worker
>>> #21:NettyServerCnxnFactory$CnxnChannelHandler@141] - Exception caught
>>> [id: 0x265bca3f, /fe80:0:0:0:0:0:0:1%1:61137 =>
>>>/fe80:0:0:0:0:0:0:1%1:2281]
>>> EXCEPTION: org.jboss.netty.handler.ssl.NotSslRecordException: not an
>>> SSL/TLS record:
>>>
>>>0000002d0000000000000000000000000000ea6000000000000000000000001000000000
>>>00000000000000000000000000
>>> org.jboss.netty.handler.ssl.NotSslRecordException: not an SSL/TLS
>>>record:
>>>
>>>0000002d0000000000000000000000000000ea6000000000000000000000001000000000
>>>00000000000000000000000000
>>>
>>>
>>> Any pointers would be great. Does java API for zookeeper even support
>>>SSL?
>>>
>>> Code example: https://github.com/devekar/sslDemo
>>>
>>> Thank you.
>>>
>>> ---
>>> Vaibhav Devekar
>>>
>>>
>>>
>

Reply | Threaded
Open this post in threaded view
|

Re: SSL between java client and zookeeper?

Vaibhav Devekar
Never mind, I figured that out. Quite silly of me. I did not realize that
CLIENT_JVMFLAGS was meant not just for zkCli but also for java clients!

I was providing the keystore and trustore values via the java.net.ssl
arguments. Having these separate JVM arguments does make sense. One may
want the SSL to be limited to zookeeper connections only.


---
Vaibhav Devekar



On Fri, Jun 17, 2016 at 1:14 PM, Devekar, Vaibhav <
[hidden email]> wrote:

> I¹m using 3.5.1-alpha. I did forget to update the version for the java
> library. Thank you for pointing that out. However, I still get the same
> error after using the latest.
> Is the zookeeper API supposed to work out of the box? The only thing I did
> was add keystore and trustore values as JVM arguments to tomcat. I also
> configured them in tomcat¹s server.xml
>
>
> --
> Vaibhav Devekar
> Dotcom-Search | Seattle Dev Lab
>
>
>
>
> On 6/17/16, 1:39 AM, "Flavio Junqueira" <[hidden email]> wrote:
>
> >Hi there,
> >
> >Which version of the client are you using? This is available only on the
> >3.5 branch and trunk.
> >
> >-Flavio
> >
> >> On 17 Jun 2016, at 00:29, Vaibhav Devekar <[hidden email]>
> >>wrote:
> >>
> >> Re-sending since I probably wasn't subscribed before.
> >>
> >> ---
> >> Vaibhav Devekar
> >>
> >>
> >>
> >> On Thu, Jun 16, 2016 at 4:23 PM, Vaibhav Devekar
> >><[hidden email]>
> >> wrote:
> >>
> >>> Hi all,
> >>>
> >>> I'm using zookeeper for dynamic config management among spring apps
> >>>hosted
> >>> on many servers. I'm trying to employ SSL for communication between
> >>>these
> >>> java app and zookeeper since these properties can be sensitive
> >>>information
> >>> such as database passwords.
> >>>
> >>> Based on this guide -
> >>>
> >>>
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User
> >>>+Guide,
> >>> I was able to test out SSL for zkCli and zookeeper. I was also able to
> >>> verify that two java web apps can do 2-way SSL with each other. I'm now
> >>> trying to do the same with a java client(spring webapp) and zookeeper.
> >>> However, it hasn't worked so far. The zookeeper log says:
> >>>
> >>> 2016-06-16 14:42:56,379 [myid:] - WARN  [New I/O worker
> >>> #21:NettyServerCnxnFactory$CnxnChannelHandler@141] - Exception caught
> >>> [id: 0x265bca3f, /fe80:0:0:0:0:0:0:1%1:61137 =>
> >>>/fe80:0:0:0:0:0:0:1%1:2281]
> >>> EXCEPTION: org.jboss.netty.handler.ssl.NotSslRecordException: not an
> >>> SSL/TLS record:
> >>>
> >>>0000002d0000000000000000000000000000ea6000000000000000000000001000000000
> >>>00000000000000000000000000
> >>> org.jboss.netty.handler.ssl.NotSslRecordException: not an SSL/TLS
> >>>record:
> >>>
> >>>0000002d0000000000000000000000000000ea6000000000000000000000001000000000
> >>>00000000000000000000000000
> >>>
> >>>
> >>> Any pointers would be great. Does java API for zookeeper even support
> >>>SSL?
> >>>
> >>> Code example: https://github.com/devekar/sslDemo
> >>>
> >>> Thank you.
> >>>
> >>> ---
> >>> Vaibhav Devekar
> >>>
> >>>
> >>>
> >
>
>
Reply | Threaded
Open this post in threaded view
|

Re: SSL between java client and zookeeper?

Flavio Junqueira-2
Thanks for reporting back, Vaibhav.

-Flavio

> On 17 Jun 2016, at 22:04, Vaibhav Devekar <[hidden email]> wrote:
>
> Never mind, I figured that out. Quite silly of me. I did not realize that
> CLIENT_JVMFLAGS was meant not just for zkCli but also for java clients!
>
> I was providing the keystore and trustore values via the java.net.ssl
> arguments. Having these separate JVM arguments does make sense. One may
> want the SSL to be limited to zookeeper connections only.
>
>
> ---
> Vaibhav Devekar
>
>
>
> On Fri, Jun 17, 2016 at 1:14 PM, Devekar, Vaibhav <
> [hidden email]> wrote:
>
>> I¹m using 3.5.1-alpha. I did forget to update the version for the java
>> library. Thank you for pointing that out. However, I still get the same
>> error after using the latest.
>> Is the zookeeper API supposed to work out of the box? The only thing I did
>> was add keystore and trustore values as JVM arguments to tomcat. I also
>> configured them in tomcat¹s server.xml
>>
>>
>> --
>> Vaibhav Devekar
>> Dotcom-Search | Seattle Dev Lab
>>
>>
>>
>>
>> On 6/17/16, 1:39 AM, "Flavio Junqueira" <[hidden email]> wrote:
>>
>>> Hi there,
>>>
>>> Which version of the client are you using? This is available only on the
>>> 3.5 branch and trunk.
>>>
>>> -Flavio
>>>
>>>> On 17 Jun 2016, at 00:29, Vaibhav Devekar <[hidden email]>
>>>> wrote:
>>>>
>>>> Re-sending since I probably wasn't subscribed before.
>>>>
>>>> ---
>>>> Vaibhav Devekar
>>>>
>>>>
>>>>
>>>> On Thu, Jun 16, 2016 at 4:23 PM, Vaibhav Devekar
>>>> <[hidden email]>
>>>> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> I'm using zookeeper for dynamic config management among spring apps
>>>>> hosted
>>>>> on many servers. I'm trying to employ SSL for communication between
>>>>> these
>>>>> java app and zookeeper since these properties can be sensitive
>>>>> information
>>>>> such as database passwords.
>>>>>
>>>>> Based on this guide -
>>>>>
>>>>>
>> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User
>>>>> +Guide,
>>>>> I was able to test out SSL for zkCli and zookeeper. I was also able to
>>>>> verify that two java web apps can do 2-way SSL with each other. I'm now
>>>>> trying to do the same with a java client(spring webapp) and zookeeper.
>>>>> However, it hasn't worked so far. The zookeeper log says:
>>>>>
>>>>> 2016-06-16 14:42:56,379 [myid:] - WARN  [New I/O worker
>>>>> #21:NettyServerCnxnFactory$CnxnChannelHandler@141] - Exception caught
>>>>> [id: 0x265bca3f, /fe80:0:0:0:0:0:0:1%1:61137 =>
>>>>> /fe80:0:0:0:0:0:0:1%1:2281]
>>>>> EXCEPTION: org.jboss.netty.handler.ssl.NotSslRecordException: not an
>>>>> SSL/TLS record:
>>>>>
>>>>> 0000002d0000000000000000000000000000ea6000000000000000000000001000000000
>>>>> 00000000000000000000000000
>>>>> org.jboss.netty.handler.ssl.NotSslRecordException: not an SSL/TLS
>>>>> record:
>>>>>
>>>>> 0000002d0000000000000000000000000000ea6000000000000000000000001000000000
>>>>> 00000000000000000000000000
>>>>>
>>>>>
>>>>> Any pointers would be great. Does java API for zookeeper even support
>>>>> SSL?
>>>>>
>>>>> Code example: https://github.com/devekar/sslDemo
>>>>>
>>>>> Thank you.
>>>>>
>>>>> ---
>>>>> Vaibhav Devekar
>>>>>
>>>>>
>>>>>
>>>
>>
>>

Reply | Threaded
Open this post in threaded view
|

Re: SSL between java client and zookeeper?

jsmullin
Hi there, I've been struggling for some time to get SSL working with my 3.5.1 version of Zookeeper. My end goal is to secure my communication between zookeeper and mesos, I am trying a simple technique of adding everything detailed in the SSL dedicated user guide to my zkEnv.sh. I then run my server feeding it everything such as secureClientPort = 2281 etc in the zoo.cfg. I then run my bin/zkCli.sh -server localhost:2281 and seem to be running into issues there, the logs spit out,
2016-08-11 19:40:20,602 [myid:] - INFO  [main-SendThread(localhost:2281):ClientCnxnSocketNetty$ZKClientPipelineFactory@363] - SSL handler added for channel: null
2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker #2:ClientCnxn$SendThread@980] - Socket connection established, initiating session, client: /0:0:0:0:0:0:0:1:60824, server: localhost/0:0:0:0:0:0:0:1:2281
2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker #2:ClientCnxnSocketNetty$1@146] - channel is connected: [id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 => localhost/0:0:0:0:0:0:0:1:2281]
2016-08-11 19:40:35,610 [myid:] - INFO  [main-SendThread(localhost:2281):ClientCnxn$SendThread@1251] - Client session timed out, have not heard from server in 15002ms for sessionid 0x0, closing socket connection and attempting reconnect
2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker #2:ClientCnxnSocketNetty$ZKClientHandler@377] - channel is disconnected: [id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker #2:ClientCnxnSocketNetty@201] - channel is told closing
2016-08-11 19:40:35,612 [myid:] - WARN  [New I/O worker #2:ClientCnxnSocketNetty$ZKClientHandler@432] - Exception caught: [id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281] EXCEPTION: java.nio.channels.ClosedChannelException
java.nio.channels.ClosedChannelException
        at org.jboss.netty.handler.ssl.SslHandler$6.run(SslHandler.java:1580)
        at org.jboss.netty.channel.socket.ChannelRunnableWrapper.run(ChannelRunnableWrapper.java:40)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(AbstractNioWorker.java:71)
        at org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.java:36)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(AbstractNioWorker.java:57)
        at org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.java:36)
        at org.jboss.netty.channel.socket.nio.AbstractNioChannelSink.execute(AbstractNioChannelSink.java:34)
        at org.jboss.netty.handler.ssl.SslHandler.channelClosed(SslHandler.java:1566)
        at org.jboss.netty.channel.Channels.fireChannelClosed(Channels.java:468)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.close(AbstractNioWorker.java:376)
        at org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink.eventSunk(NioClientSocketPipelineSink.java:58)
        at org.jboss.netty.channel.Channels.close(Channels.java:828)
        at org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operationComplete(SslHandler.java:1485)
        at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:427)
        at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:418)
        at org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFuture.java:362)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.write0(AbstractNioWorker.java:221)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.writeFromTaskLoop(AbstractNioWorker.java:152)
        at org.jboss.netty.channel.socket.nio.AbstractNioChannel$WriteTask.run(AbstractNioChannel.java:335)
        at org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(AbstractNioSelector.java:366)
        at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:290)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:90)
        at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Any help or guidance to my long term goal would be very appreciated as the info about zookeeper and enabling SSL is slim to none. I can post my configs etc, anything you need!
Reply | Threaded
Open this post in threaded view
|

Re: SSL between java client and zookeeper?

jsmullin
Hi there, I've been struggling for some time to get SSL working with my 3.5.1 version of Zookeeper. My end goal is to secure my communication between zookeeper and mesos, I am trying a simple technique of adding everything detailed in the SSL dedicated user guide to my zkEnv.sh. I then run my server feeding it everything such as secureClientPort = 2281 etc in the zoo.cfg. I then run my bin/zkCli.sh -server localhost:2281 and seem to be running into issues there, the logs spit out,
2016-08-11 19:40:20,602 [myid:] - INFO  [main-SendThread(localhost:2281):ClientCnxnSocketNetty$ZKClientPipelineFactory@363] - SSL handler added for channel: null
2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker #2:ClientCnxn$SendThread@980] - Socket connection established, initiating session, client: /0:0:0:0:0:0:0:1:60824, server: localhost/0:0:0:0:0:0:0:1:2281
2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker #2:ClientCnxnSocketNetty$1@146] - channel is connected: [id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 => localhost/0:0:0:0:0:0:0:1:2281]
2016-08-11 19:40:35,610 [myid:] - INFO  [main-SendThread(localhost:2281):ClientCnxn$SendThread@1251] - Client session timed out, have not heard from server in 15002ms for sessionid 0x0, closing socket connection and attempting reconnect
2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker #2:ClientCnxnSocketNetty$ZKClientHandler@377] - channel is disconnected: [id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker #2:ClientCnxnSocketNetty@201] - channel is told closing
2016-08-11 19:40:35,612 [myid:] - WARN  [New I/O worker #2:ClientCnxnSocketNetty$ZKClientHandler@432] - Exception caught: [id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281] EXCEPTION: java.nio.channels.ClosedChannelException
java.nio.channels.ClosedChannelException
        at org.jboss.netty.handler.ssl.SslHandler$6.run(SslHandler.java:1580)
        at org.jboss.netty.channel.socket.ChannelRunnableWrapper.run(ChannelRunnableWrapper.java:40)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(AbstractNioWorker.java:71)
        at org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.java:36)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(AbstractNioWorker.java:57)
        at org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.java:36)
        at org.jboss.netty.channel.socket.nio.AbstractNioChannelSink.execute(AbstractNioChannelSink.java:34)
        at org.jboss.netty.handler.ssl.SslHandler.channelClosed(SslHandler.java:1566)
        at org.jboss.netty.channel.Channels.fireChannelClosed(Channels.java:468)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.close(AbstractNioWorker.java:376)
        at org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink.eventSunk(NioClientSocketPipelineSink.java:58)
        at org.jboss.netty.channel.Channels.close(Channels.java:828)
        at org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operationComplete(SslHandler.java:1485)
        at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:427)
        at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:418)
        at org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFuture.java:362)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.write0(AbstractNioWorker.java:221)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.writeFromTaskLoop(AbstractNioWorker.java:152)
        at org.jboss.netty.channel.socket.nio.AbstractNioChannel$WriteTask.run(AbstractNioChannel.java:335)
        at org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(AbstractNioSelector.java:366)
        at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:290)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:90)
        at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Any help or guidance to my long term goal would be very appreciated as the info about zookeeper and enabling SSL is slim to none. I can post my configs etc, anything you need!
Reply | Threaded
Open this post in threaded view
|

Re: SSL between java client and zookeeper?

Devekar, Vaibhav
Hi Jacob,

Did you check logs for zookeeper server?
I would suggest adding -Djavax.net.debug=ssl to JVM arguments for both
zookeeper server and zkCli. This will give you an idea if connection fails
during SSL handshake.

--



On 8/11/16, 12:54 PM, "jsmullin" <[hidden email]> wrote:

>Hi there, I've been struggling for some time to get SSL working with my
>3.5.1
>version of Zookeeper. My end goal is to secure my communication between
>zookeeper and mesos, I am trying a simple technique of adding everything
>detailed in the SSL dedicated user guide to my zkEnv.sh. I then run my
>server feeding it everything such as secureClientPort = 2281 etc in the
>zoo.cfg. I then run my bin/zkCli.sh -server localhost:2281 and seem to be
>running into issues there, the logs spit out,
>2016-08-11 19:40:20,602 [myid:] - INFO
>[main-SendThread(localhost:2281):ClientCnxnSocketNetty$ZKClientPipelineFac
>tory@363]
>- SSL handler added for channel: null
>2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
>#2:ClientCnxn$SendThread@980] - Socket connection established, initiating
>session, client: /0:0:0:0:0:0:0:1:60824, server:
>localhost/0:0:0:0:0:0:0:1:2281
>2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
>#2:ClientCnxnSocketNetty$1@146] - channel is connected: [id: 0x053cfca8,
>/0:0:0:0:0:0:0:1:60824 => localhost/0:0:0:0:0:0:0:1:2281]
>2016-08-11 19:40:35,610 [myid:] - INFO
>[main-SendThread(localhost:2281):ClientCnxn$SendThread@1251] - Client
>session timed out, have not heard from server in 15002ms for sessionid
>0x0,
>closing socket connection and attempting reconnect
>2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
>#2:ClientCnxnSocketNetty$ZKClientHandler@377] - channel is disconnected:
>[id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
>2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
>#2:ClientCnxnSocketNetty@201] - channel is told closing
>2016-08-11 19:40:35,612 [myid:] - WARN  [New I/O worker
>#2:ClientCnxnSocketNetty$ZKClientHandler@432] - Exception caught: [id:
>0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
>EXCEPTION: java.nio.channels.ClosedChannelException
>java.nio.channels.ClosedChannelException
>        at
>org.jboss.netty.handler.ssl.SslHandler$6.run(SslHandler.java:1580)
>        at
>org.jboss.netty.channel.socket.ChannelRunnableWrapper.run(ChannelRunnableW
>rapper.java:40)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
>tractNioWorker.java:71)
>        at
>org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
>ava:36)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
>tractNioWorker.java:57)
>        at
>org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
>ava:36)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioChannelSink.execute(Abstract
>NioChannelSink.java:34)
>        at
>org.jboss.netty.handler.ssl.SslHandler.channelClosed(SslHandler.java:1566)
>        at
>org.jboss.netty.channel.Channels.fireChannelClosed(Channels.java:468)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.close(AbstractNioWork
>er.java:376)
>        at
>org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink.eventSunk(N
>ioClientSocketPipelineSink.java:58)
>        at org.jboss.netty.channel.Channels.close(Channels.java:828)
>        at
>org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operat
>ionComplete(SslHandler.java:1485)
>        at
>org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannel
>Future.java:427)
>        at
>org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChanne
>lFuture.java:418)
>        at
>org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFutu
>re.java:362)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.write0(AbstractNioWor
>ker.java:221)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.writeFromTaskLoop(Abs
>tractNioWorker.java:152)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioChannel$WriteTask.run(Abstra
>ctNioChannel.java:335)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(Ab
>stractNioSelector.java:366)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSele
>ctor.java:290)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker
>.java:90)
>        at
>org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
>        at
>java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:
>1142)
>        at
>java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
>:617)
>        at java.lang.Thread.run(Thread.java:745)
>Any help or guidance to my long term goal would be very appreciated as the
>info about zookeeper and enabling SSL is slim to none. I can post my
>configs
>etc, anything you need!
>
>
>
>--
>View this message in context:
>http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zoo
>keeper-tp7582421p7582558.html
>Sent from the zookeeper-user mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|

Re: SSL between java client and zookeeper?

jsmullin

Hi Vaibhav,


I've only been able to see those logs I've sent, I'm just trying to enable SSL in a really trivial situation. Here's what I've done and which files I've utilized.

The tarball contains the new 3.5.1-alpha version of zookeeper and I stick it in /usr/lib/zookeeper-3.5.1-alpha.

Within /usr/lib/zookeeper-3.5.1-alpha is 3 more important directories with the scripts, conf/, bin/, and ssl/.

I put java.env, my zoo.cfg, etc into the conf/ directory, and the zkServer.sh, zkCli.sh, zkEnv.sh, etc are within the bin/ directory, and then I've put my keystore and truststore within the ssl/ directory.

I attached my zkServer.sh, zkCli.sh, zkEnv.sh, java.env, zoo.cfg files for you to take a look. This is just to get SSL working with a basic zookeeper tutorial at http://www.tutorialspoint.com/zookeeper/zookeeper_installation.htm and once I've got that connecting and handling SSL I'll add it to my infrastructure with securing mesos/zookeeper communication. Please do take a look at my scripts and configs as I'm obviously very stuck and have exhausted all of the resources online about zookeeper/Netty/SSL. Note though I do have one script that changes the zoo.cfg I sent you to properly put the secureClientPort and necessary changes to zoo.cfg.


I first launch into a box, start zookeeper from the /usr/lib/zookeeper-3.5.1-alpha/bin/zkServer.sh start

then I run the client like so /usr/lib/zookeeper-3.5.1-alpha/bin/zkCli.sh -server localhost:2281



It wouldn't let me send you the zokeeper-3.5.1-alpha.tar.gz but that's just on the mirror site I'm sure where you got yours.(Over 10MB outlook limit)

Thanks!

Jacob




From: Devekar, Vaibhav [via zookeeper-user] <ml-node+[hidden email]>
Sent: Thursday, August 11, 2016 2:17 PM
To: jsmullin
Subject: Re: SSL between java client and zookeeper?
 
Hi Jacob,

Did you check logs for zookeeper server?
I would suggest adding -Djavax.net.debug=ssl to JVM arguments for both
zookeeper server and zkCli. This will give you an idea if connection fails
during SSL handshake.

--



On 8/11/16, 12:54 PM, "jsmullin" <[hidden email]> wrote:

>Hi there, I've been struggling for some time to get SSL working with my
>3.5.1
>version of Zookeeper. My end goal is to secure my communication between
>zookeeper and mesos, I am trying a simple technique of adding everything
>detailed in the SSL dedicated user guide to my zkEnv.sh. I then run my
>server feeding it everything such as secureClientPort = 2281 etc in the
>zoo.cfg. I then run my bin/zkCli.sh -server localhost:2281 and seem to be
>running into issues there, the logs spit out,
>2016-08-11 19:40:20,602 [myid:] - INFO
>[main-SendThread(localhost:2281):ClientCnxnSocketNetty$ZKClientPipelineFac
>tory@363]
>- SSL handler added for channel: null
>2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
>#2:ClientCnxn$SendThread@980] - Socket connection established, initiating
>session, client: /0:0:0:0:0:0:0:1:60824, server:
>localhost/0:0:0:0:0:0:0:1:2281
>2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
>#2:ClientCnxnSocketNetty$1@146] - channel is connected: [id: 0x053cfca8,
>/0:0:0:0:0:0:0:1:60824 => localhost/0:0:0:0:0:0:0:1:2281]
>2016-08-11 19:40:35,610 [myid:] - INFO
>[main-SendThread(localhost:2281):ClientCnxn$SendThread@1251] - Client
>session timed out, have not heard from server in 15002ms for sessionid
>0x0,
>closing socket connection and attempting reconnect
>2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
>#2:ClientCnxnSocketNetty$ZKClientHandler@377] - channel is disconnected:
>[id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
>2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
>#2:ClientCnxnSocketNetty@201] - channel is told closing
>2016-08-11 19:40:35,612 [myid:] - WARN  [New I/O worker
>#2:ClientCnxnSocketNetty$ZKClientHandler@432] - Exception caught: [id:
>0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
>EXCEPTION: java.nio.channels.ClosedChannelException
>java.nio.channels.ClosedChannelException
>        at
>org.jboss.netty.handler.ssl.SslHandler$6.run(SslHandler.java:1580)
>        at
>org.jboss.netty.channel.socket.ChannelRunnableWrapper.run(ChannelRunnableW
>rapper.java:40)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
>tractNioWorker.java:71)
>        at
>org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
>ava:36)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
>tractNioWorker.java:57)
>        at
>org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
>ava:36)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioChannelSink.execute(Abstract
>NioChannelSink.java:34)
>        at
>org.jboss.netty.handler.ssl.SslHandler.channelClosed(SslHandler.java:1566)
>        at
>org.jboss.netty.channel.Channels.fireChannelClosed(Channels.java:468)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.close(AbstractNioWork
>er.java:376)
>        at
>org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink.eventSunk(N
>ioClientSocketPipelineSink.java:58)
>        at org.jboss.netty.channel.Channels.close(Channels.java:828)
>        at
>org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operat
>ionComplete(SslHandler.java:1485)
>        at
>org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannel
>Future.java:427)
>        at
>org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChanne
>lFuture.java:418)
>        at
>org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFutu
>re.java:362)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.write0(AbstractNioWor
>ker.java:221)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.writeFromTaskLoop(Abs
>tractNioWorker.java:152)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioChannel$WriteTask.run(Abstra
>ctNioChannel.java:335)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(Ab
>stractNioSelector.java:366)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSele
>ctor.java:290)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker
>.java:90)
>        at
>org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
>        at
>java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:
>1142)
>        at
>java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
>:617)
>        at java.lang.Thread.run(Thread.java:745)
>Any help or guidance to my long term goal would be very appreciated as the
>info about zookeeper and enabling SSL is slim to none. I can post my
>configs
>etc, anything you need!
>
>
>
>--
>View this message in context:
>http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zoo
>keeper-tp7582421p7582558.html
>Sent from the zookeeper-user mailing list archive at Nabble.com.




If you reply to this email, your message will be added to the discussion below:
http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582559.html
To unsubscribe from SSL between java client and zookeeper?, click here.
NAML

zkCli.sh (2K) Download Attachment
zkEnv.sh (5K) Download Attachment
zkServer.sh (12K) Download Attachment
java.env (1K) Download Attachment
zoo.cfg (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SSL between java client and zookeeper?

jsmullin
This post has NOT been accepted by the mailing list yet.
In reply to this post by Devekar, Vaibhav

Also any further explanation or even a walkthrough of how your SSL demo correctly uses the secureClientPort 2281 would be really helpful, I'd love to get this working!!! I've spent near 2 weeks stuck on adding SSL ontop of my infrastructure.




From: Devekar, Vaibhav [via zookeeper-user] <ml-node+[hidden email]>
Sent: Thursday, August 11, 2016 2:17 PM
To: jsmullin
Subject: Re: SSL between java client and zookeeper?
 
Hi Jacob,

Did you check logs for zookeeper server?
I would suggest adding -Djavax.net.debug=ssl to JVM arguments for both
zookeeper server and zkCli. This will give you an idea if connection fails
during SSL handshake.

--



On 8/11/16, 12:54 PM, "jsmullin" <[hidden email]> wrote:

>Hi there, I've been struggling for some time to get SSL working with my
>3.5.1
>version of Zookeeper. My end goal is to secure my communication between
>zookeeper and mesos, I am trying a simple technique of adding everything
>detailed in the SSL dedicated user guide to my zkEnv.sh. I then run my
>server feeding it everything such as secureClientPort = 2281 etc in the
>zoo.cfg. I then run my bin/zkCli.sh -server localhost:2281 and seem to be
>running into issues there, the logs spit out,
>2016-08-11 19:40:20,602 [myid:] - INFO
>[main-SendThread(localhost:2281):ClientCnxnSocketNetty$ZKClientPipelineFac
>tory@363]
>- SSL handler added for channel: null
>2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
>#2:ClientCnxn$SendThread@980] - Socket connection established, initiating
>session, client: /0:0:0:0:0:0:0:1:60824, server:
>localhost/0:0:0:0:0:0:0:1:2281
>2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
>#2:ClientCnxnSocketNetty$1@146] - channel is connected: [id: 0x053cfca8,
>/0:0:0:0:0:0:0:1:60824 => localhost/0:0:0:0:0:0:0:1:2281]
>2016-08-11 19:40:35,610 [myid:] - INFO
>[main-SendThread(localhost:2281):ClientCnxn$SendThread@1251] - Client
>session timed out, have not heard from server in 15002ms for sessionid
>0x0,
>closing socket connection and attempting reconnect
>2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
>#2:ClientCnxnSocketNetty$ZKClientHandler@377] - channel is disconnected:
>[id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
>2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
>#2:ClientCnxnSocketNetty@201] - channel is told closing
>2016-08-11 19:40:35,612 [myid:] - WARN  [New I/O worker
>#2:ClientCnxnSocketNetty$ZKClientHandler@432] - Exception caught: [id:
>0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
>EXCEPTION: java.nio.channels.ClosedChannelException
>java.nio.channels.ClosedChannelException
>        at
>org.jboss.netty.handler.ssl.SslHandler$6.run(SslHandler.java:1580)
>        at
>org.jboss.netty.channel.socket.ChannelRunnableWrapper.run(ChannelRunnableW
>rapper.java:40)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
>tractNioWorker.java:71)
>        at
>org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
>ava:36)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
>tractNioWorker.java:57)
>        at
>org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
>ava:36)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioChannelSink.execute(Abstract
>NioChannelSink.java:34)
>        at
>org.jboss.netty.handler.ssl.SslHandler.channelClosed(SslHandler.java:1566)
>        at
>org.jboss.netty.channel.Channels.fireChannelClosed(Channels.java:468)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.close(AbstractNioWork
>er.java:376)
>        at
>org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink.eventSunk(N
>ioClientSocketPipelineSink.java:58)
>        at org.jboss.netty.channel.Channels.close(Channels.java:828)
>        at
>org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operat
>ionComplete(SslHandler.java:1485)
>        at
>org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannel
>Future.java:427)
>        at
>org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChanne
>lFuture.java:418)
>        at
>org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFutu
>re.java:362)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.write0(AbstractNioWor
>ker.java:221)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.writeFromTaskLoop(Abs
>tractNioWorker.java:152)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioChannel$WriteTask.run(Abstra
>ctNioChannel.java:335)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(Ab
>stractNioSelector.java:366)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSele
>ctor.java:290)
>        at
>org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker
>.java:90)
>        at
>org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
>        at
>java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:
>1142)
>        at
>java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
>:617)
>        at java.lang.Thread.run(Thread.java:745)
>Any help or guidance to my long term goal would be very appreciated as the
>info about zookeeper and enabling SSL is slim to none. I can post my
>configs
>etc, anything you need!
>
>
>
>--
>View this message in context:
>http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zoo
>keeper-tp7582421p7582558.html
>Sent from the zookeeper-user mailing list archive at Nabble.com.




If you reply to this email, your message will be added to the discussion below:
http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582559.html
To unsubscribe from SSL between java client and zookeeper?, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

RE: SSL between java client and zookeeper?

Martin Gainty
In reply to this post by jsmullin
MG>where are attachments?

> Date: Thu, 11 Aug 2016 14:48:13 -0700
> From: [hidden email]
> To: [hidden email]
> Subject: Re: SSL between java client and zookeeper?
>
> Hi Vaibhav,
>
>
> I've only been able to see those logs I've sent, I'm just trying to enable SSL in a really trivial situation. Here's what I've done and which files I've utilized.
>
> The tarball contains the new 3.5.1-alpha version of zookeeper and I stick it in /usr/lib/zookeeper-3.5.1-alpha.
>
> Within /usr/lib/zookeeper-3.5.1-alpha is 3 more important directories with the scripts, conf/, bin/, and ssl/.
>
> I put java.env, my zoo.cfg, etc into the conf/ directory, and the zkServer.sh, zkCli.sh, zkEnv.sh, etc are within the bin/ directory, and then I've put my keystore and truststore within the ssl/ directory.
>
> I attached my zkServer.sh, zkCli.sh, zkEnv.sh, java.env, zoo.cfg files for you to take a look. MG>Where are attachments?
This is just to get SSL working with a basic zookeeper tutorial at http://www.tutorialspoint.com/zookeeper/zookeeper_installation.htm and once I've got that connecting and handling SSL I'll add it to my infrastructure with securing mesos/zookeeper communication. Please do take a look at my scripts and configs as I'm obviously very stuck and have exhausted all of the resources online about zookeeper/Netty/SSL. Note though I do have one script that changes the zoo.cfg I sent you to properly put the secureClientPort and necessary changes to zoo.cfg.

>
>
> I first launch into a box, start zookeeper from the /usr/lib/zookeeper-3.5.1-alpha/bin/zkServer.sh start
>
> then I run the client like so /usr/lib/zookeeper-3.5.1-alpha/bin/zkCli.sh -server localhost:2281
>
>
>
> It wouldn't let me send you the zokeeper-3.5.1-alpha.tar.gz but that's just on the mirror site I'm sure where you got yours.(Over 10MB outlook limit)
>
> Thanks!
>
> Jacob
>
>
>
> ________________________________
> From: Devekar, Vaibhav [via zookeeper-user] <[hidden email]>
> Sent: Thursday, August 11, 2016 2:17 PM
> To: jsmullin
> Subject: Re: SSL between java client and zookeeper?
>
> Hi Jacob,
>
> Did you check logs for zookeeper server?
> I would suggest adding -Djavax.net.debug=ssl to JVM arguments for both
> zookeeper server and zkCli. This will give you an idea if connection fails
> during SSL handshake.
>
> --
>
>
>
> On 8/11/16, 12:54 PM, "jsmullin" <[hidden email]</user/SendEmail.jtp?type=node&node=7582559&i=0>> wrote:
>
> >Hi there, I've been struggling for some time to get SSL working with my
> >3.5.1
> >version of Zookeeper. My end goal is to secure my communication between
> >zookeeper and mesos, I am trying a simple technique of adding everything
> >detailed in the SSL dedicated user guide to my zkEnv.sh. I then run my
> >server feeding it everything such as secureClientPort = 2281 etc in the
> >zoo.cfg. I then run my bin/zkCli.sh -server localhost:2281 and seem to be
> >running into issues there, the logs spit out,
> >2016-08-11 19:40:20,602 [myid:] - INFO
> >[main-SendThread(localhost:2281):ClientCnxnSocketNetty$ZKClientPipelineFac
> >tory@363]
> >- SSL handler added for channel: null
> >2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxn$SendThread@980] - Socket connection established, initiating
> >session, client: /0:0:0:0:0:0:0:1:60824, server:
> >localhost/0:0:0:0:0:0:0:1:2281
> >2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxnSocketNetty$1@146] - channel is connected: [id: 0x053cfca8,
> >/0:0:0:0:0:0:0:1:60824 => localhost/0:0:0:0:0:0:0:1:2281]
> >2016-08-11 19:40:35,610 [myid:] - INFO
> >[main-SendThread(localhost:2281):ClientCnxn$SendThread@1251] - Client
> >session timed out, have not heard from server in 15002ms for sessionid
> >0x0,
> >closing socket connection and attempting reconnect
> >2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxnSocketNetty$ZKClientHandler@377] - channel is disconnected:
> >[id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
> >2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxnSocketNetty@201] - channel is told closing
> >2016-08-11 19:40:35,612 [myid:] - WARN  [New I/O worker
> >#2:ClientCnxnSocketNetty$ZKClientHandler@432] - Exception caught: [id:
> >0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
> >EXCEPTION: java.nio.channels.ClosedChannelException
> >java.nio.channels.ClosedChannelException
> >        at
> >org.jboss.netty.handler.ssl.SslHandler$6.run(SslHandler.java:1580)
> >        at
> >org.jboss.netty.channel.socket.ChannelRunnableWrapper.run(ChannelRunnableW
> >rapper.java:40)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
> >tractNioWorker.java:71)
> >        at
> >org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
> >ava:36)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
> >tractNioWorker.java:57)
> >        at
> >org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
> >ava:36)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioChannelSink.execute(Abstract
> >NioChannelSink.java:34)
> >        at
> >org.jboss.netty.handler.ssl.SslHandler.channelClosed(SslHandler.java:1566)
> >        at
> >org.jboss.netty.channel.Channels.fireChannelClosed(Channels.java:468)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.close(AbstractNioWork
> >er.java:376)
> >        at
> >org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink.eventSunk(N
> >ioClientSocketPipelineSink.java:58)
> >        at org.jboss.netty.channel.Channels.close(Channels.java:828)
> >        at
> >org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operat
> >ionComplete(SslHandler.java:1485)
> >        at
> >org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannel
> >Future.java:427)
> >        at
> >org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChanne
> >lFuture.java:418)
> >        at
> >org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFutu
> >re.java:362)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.write0(AbstractNioWor
> >ker.java:221)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.writeFromTaskLoop(Abs
> >tractNioWorker.java:152)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioChannel$WriteTask.run(Abstra
> >ctNioChannel.java:335)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(Ab
> >stractNioSelector.java:366)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSele
> >ctor.java:290)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker
> >.java:90)
> >        at
> >org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
> >        at
> >java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:
> >1142)
> >        at
> >java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
> >:617)
> >        at java.lang.Thread.run(Thread.java:745)
> >Any help or guidance to my long term goal would be very appreciated as the
> >info about zookeeper and enabling SSL is slim to none. I can post my
> >configs
> >etc, anything you need!
> >
> >
> >
> >--
> >View this message in context:
> >http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zoo
> >keeper-tp7582421p7582558.html
> >Sent from the zookeeper-user mailing list archive at Nabble.com.
>
>
>
> ________________________________
> If you reply to this email, your message will be added to the discussion below:
> http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582559.html
> To unsubscribe from SSL between java client and zookeeper?, click here<
> NAML<
http://zookeeper-user.578899.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
>
> zkCli.sh (2K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/0/zkCli.sh>
> zkEnv.sh (5K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/1/zkEnv.sh>
> zkServer.sh (12K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/2/zkServer.sh>
> java.env (1K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/3/java.env>
> zoo.cfg (1K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/4/zoo.cfg>
>
>
>
>
> --
> View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582560.html
> Sent from the zookeeper-user mailing list archive at Nabble.com.
     
Reply | Threaded
Open this post in threaded view
|

Re: SSL between java client and zookeeper?

jsmullin
Let me re send them

Sent from my iPhone

On Aug 12, 2016, at 2:10 AM, Martin Gainty [via zookeeper-user] <[hidden email]> wrote:

MG>where are attachments?

> Date: Thu, 11 Aug 2016 14:48:13 -0700
> From: [hidden email]
> To: [hidden email]
> Subject: Re: SSL between java client and zookeeper?
>
> Hi Vaibhav,
>
>
> I've only been able to see those logs I've sent, I'm just trying to enable SSL in a really trivial situation. Here's what I've done and which files I've utilized.
>
> The tarball contains the new 3.5.1-alpha version of zookeeper and I stick it in /usr/lib/zookeeper-3.5.1-alpha.
>
> Within /usr/lib/zookeeper-3.5.1-alpha is 3 more important directories with the scripts, conf/, bin/, and ssl/.
>
> I put java.env, my zoo.cfg, etc into the conf/ directory, and the zkServer.sh, zkCli.sh, zkEnv.sh, etc are within the bin/ directory, and then I've put my keystore and truststore within the ssl/ directory.
>
> I attached my zkServer.sh, zkCli.sh, zkEnv.sh, java.env, zoo.cfg files for you to take a look. MG>Where are attachments?
This is just to get SSL working with a basic zookeeper tutorial at http://www.tutorialspoint.com/zookeeper/zookeeper_installation.htm and once I've got that connecting and handling SSL I'll add it to my infrastructure with securing mesos/zookeeper communication. Please do take a look at my scripts and configs as I'm obviously very stuck and have exhausted all of the resources online about zookeeper/Netty/SSL. Note though I do have one script that changes the zoo.cfg I sent you to properly put the secureClientPort and necessary changes to zoo.cfg.

>
>
> I first launch into a box, start zookeeper from the /usr/lib/zookeeper-3.5.1-alpha/bin/zkServer.sh start
>
> then I run the client like so /usr/lib/zookeeper-3.5.1-alpha/bin/zkCli.sh -server localhost:2281
>
>
>
> It wouldn't let me send you the zokeeper-3.5.1-alpha.tar.gz but that's just on the mirror site I'm sure where you got yours.(Over 10MB outlook limit)
>
> Thanks!
>
> Jacob
>
>
>
> ________________________________
> From: Devekar, Vaibhav [via zookeeper-user] <[hidden email]>
> Sent: Thursday, August 11, 2016 2:17 PM
> To: jsmullin
> Subject: Re: SSL between java client and zookeeper?
>
> Hi Jacob,
>
> Did you check logs for zookeeper server?
> I would suggest adding -Djavax.net.debug=ssl to JVM arguments for both
> zookeeper server and zkCli. This will give you an idea if connection fails
> during SSL handshake.
>
> --
>
>
>
> On 8/11/16, 12:54 PM, "jsmullin" <[hidden email]</user/SendEmail.jtp?type=node&node=7582559&i=0>> wrote:
>
> >Hi there, I've been struggling for some time to get SSL working with my
> >3.5.1
> >version of Zookeeper. My end goal is to secure my communication between
> >zookeeper and mesos, I am trying a simple technique of adding everything
> >detailed in the SSL dedicated user guide to my zkEnv.sh. I then run my
> >server feeding it everything such as secureClientPort = 2281 etc in the
> >zoo.cfg. I then run my bin/zkCli.sh -server localhost:2281 and seem to be
> >running into issues there, the logs spit out,
> >2016-08-11 19:40:20,602 [myid:] - INFO
> >[main-SendThread(localhost:2281):ClientCnxnSocketNetty$ZKClientPipelineFac
> >tory@363]
> >- SSL handler added for channel: null
> >2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxn$SendThread@980] - Socket connection established, initiating
> >session, client: /0:0:0:0:0:0:0:1:60824, server:
> >localhost/0:0:0:0:0:0:0:1:2281
> >2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxnSocketNetty$1@146] - channel is connected: [id: 0x053cfca8,
> >/0:0:0:0:0:0:0:1:60824 => localhost/0:0:0:0:0:0:0:1:2281]
> >2016-08-11 19:40:35,610 [myid:] - INFO
> >[main-SendThread(localhost:2281):ClientCnxn$SendThread@1251] - Client
> >session timed out, have not heard from server in 15002ms for sessionid
> >0x0,
> >closing socket connection and attempting reconnect
> >2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxnSocketNetty$ZKClientHandler@377] - channel is disconnected:
> >[id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
> >2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxnSocketNetty@201] - channel is told closing
> >2016-08-11 19:40:35,612 [myid:] - WARN  [New I/O worker
> >#2:ClientCnxnSocketNetty$ZKClientHandler@432] - Exception caught: [id:
> >0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
> >EXCEPTION: java.nio.channels.ClosedChannelException
> >java.nio.channels.ClosedChannelException
> >        at
> >org.jboss.netty.handler.ssl.SslHandler$6.run(SslHandler.java:1580)
> >        at
> >org.jboss.netty.channel.socket.ChannelRunnableWrapper.run(ChannelRunnableW
> >rapper.java:40)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
> >tractNioWorker.java:71)
> >        at
> >org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
> >ava:36)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
> >tractNioWorker.java:57)
> >        at
> >org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
> >ava:36)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioChannelSink.execute(Abstract
> >NioChannelSink.java:34)
> >        at
> >org.jboss.netty.handler.ssl.SslHandler.channelClosed(SslHandler.java:1566)
> >        at
> >org.jboss.netty.channel.Channels.fireChannelClosed(Channels.java:468)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.close(AbstractNioWork
> >er.java:376)
> >        at
> >org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink.eventSunk(N
> >ioClientSocketPipelineSink.java:58)
> >        at org.jboss.netty.channel.Channels.close(Channels.java:828)
> >        at
> >org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operat
> >ionComplete(SslHandler.java:1485)
> >        at
> >org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannel
> >Future.java:427)
> >        at
> >org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChanne
> >lFuture.java:418)
> >        at
> >org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFutu
> >re.java:362)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.write0(AbstractNioWor
> >ker.java:221)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.writeFromTaskLoop(Abs
> >tractNioWorker.java:152)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioChannel$WriteTask.run(Abstra
> >ctNioChannel.java:335)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(Ab
> >stractNioSelector.java:366)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSele
> >ctor.java:290)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker
> >.java:90)
> >        at
> >org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
> >        at
> >java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:
> >1142)
> >        at
> >java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
> >:617)
> >        at java.lang.Thread.run(Thread.java:745)
> >Any help or guidance to my long term goal would be very appreciated as the
> >info about zookeeper and enabling SSL is slim to none. I can post my
> >configs
> >etc, anything you need!
> >
> >
> >
> >--
> >View this message in context:
> >http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zoo
> >keeper-tp7582421p7582558.html
> >Sent from the zookeeper-user mailing list archive at Nabble.com.
>
>
>
> ________________________________
> If you reply to this email, your message will be added to the discussion below:
> http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582559.html
> To unsubscribe from SSL between java client and zookeeper?, click here<
> NAML<
http://zookeeper-user.578899.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
>
> zkCli.sh (2K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/0/zkCli.sh>
> zkEnv.sh (5K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/1/zkEnv.sh>
> zkServer.sh (12K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/2/zkServer.sh>
> java.env (1K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/3/java.env>
> zoo.cfg (1K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/4/zoo.cfg>
>
>
>
>
> --
> View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582560.html
> Sent from the zookeeper-user mailing list archive at Nabble.com.
     


If you reply to this email, your message will be added to the discussion below:
http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582562.html
To unsubscribe from SSL between java client and zookeeper?, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

RE: SSL between java client and zookeeper?

jsmullin
In reply to this post by Martin Gainty
Reply | Threaded
Open this post in threaded view
|

RE: SSL between java client and zookeeper?

jsmullin
But I run a script to change from that zoo.cfg and I add the secureClinetPort=2281
Reply | Threaded
Open this post in threaded view
|

RE: SSL between java client and zookeeper?

Martin Gainty
can anyone besides mullin access:http://zookeeper-user.578899.n2.nabble.com/file/n7582565/zoo.cfg
?
Martin
______________________________________________



> Date: Fri, 12 Aug 2016 08:54:03 -0700
> From: [hidden email]
> To: [hidden email]
> Subject: RE: SSL between java client and zookeeper?
>
> But I run a script to change from that zoo.cfg and I add the
> secureClinetPort=2281
>
>
>
> --
> View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582566.html
> Sent from the zookeeper-user mailing list archive at Nabble.com.
     
Reply | Threaded
Open this post in threaded view
|

RE: SSL between java client and zookeeper?

jsmullin
Martin if you scroll up a bit in the convo as well you will see my files with "download attachment" besides them, that may work better.

Jacob
Reply | Threaded
Open this post in threaded view
|

RE: SSL between java client and zookeeper?

Cantrell, Curtis
In reply to this post by Martin Gainty
I can!

-----Original Message-----
From: Martin Gainty [mailto:[hidden email]]
Sent: Friday, August 12, 2016 12:45 PM
To: [hidden email]
Subject: RE: SSL between java client and zookeeper?

can anyone besides mullin access:http://zookeeper-user.578899.n2.nabble.com/file/n7582565/zoo.cfg
?
Martin
______________________________________________



> Date: Fri, 12 Aug 2016 08:54:03 -0700
> From: [hidden email]
> To: [hidden email]
> Subject: RE: SSL between java client and zookeeper?
>
> But I run a script to change from that zoo.cfg and I add the
> secureClinetPort=2281
>
>
>
> --
> View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582566.html
> Sent from the zookeeper-user mailing list archive at Nabble.com.
     
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.

Reply | Threaded
Open this post in threaded view
|

Re: SSL between java client and zookeeper?

Devekar, Vaibhav
From your java.env:
-Dzookeeper.ssl.keyStore.location=/vagrant/opt/zookeeper-3.5.1-alpha/ssl/te
stTrustStore.jks

Did you mean to put testKeyStore.jks?


On other note, I think you will also need to use same password for both
key and keystore. I don¹t recall exactly but Zookeeper doesn¹t support
separate config option for key and uses Dzookeeper.ssl.keyStore.password
for both.
 
--
Vaibhav






On 8/12/16, 9:48 AM, "Cantrell, Curtis" <[hidden email]> wrote:

>I can!
>
>-----Original Message-----
>From: Martin Gainty [mailto:[hidden email]]
>Sent: Friday, August 12, 2016 12:45 PM
>To: [hidden email]
>Subject: RE: SSL between java client and zookeeper?
>
>can anyone besides mullin
>access:http://zookeeper-user.578899.n2.nabble.com/file/n7582565/zoo.cfg
>?
>Martin
>______________________________________________
>
>
>
>> Date: Fri, 12 Aug 2016 08:54:03 -0700
>> From: [hidden email]
>> To: [hidden email]
>> Subject: RE: SSL between java client and zookeeper?
>>
>> But I run a script to change from that zoo.cfg and I add the
>> secureClinetPort=2281
>>
>>
>>
>> --
>> View this message in context:
>>http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zo
>>okeeper-tp7582421p7582566.html
>> Sent from the zookeeper-user mailing list archive at Nabble.com.
>    
>The information contained in this message is proprietary and/or
>confidential. If you are not the intended recipient, please: (i) delete
>the message and all copies; (ii) do not disclose, distribute or use the
>message in any manner; and (iii) notify the sender immediately. In
>addition, please be aware that any message addressed to our domain is
>subject to archiving and review by persons other than the intended
>recipient. Thank you.
>

Reply | Threaded
Open this post in threaded view
|

Re: SSL between java client and zookeeper?

jsmullin
So I got SSL wit hzookeeper working with the zkCli.sh script, but my next question is how do I use the new secure SSL feature with mesos? The error I get is that zookeeper times out and is receiving something that is not a SSL/TLS record even with mesos-SSL enabled? Any help would really be appreciated on the matter.
12