zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abraham Fine <af...@apache.org>
Subject Requesting reviews for ZOOKEEPER-236: SSL Support for Atomic Broadcast protocol
Date Thu, 20 Apr 2017 21:22:51 GMT

I have been continuing work on ZOOKEEPER-236 and it would be great to
get feedback from the community on the patch. The pull request can be
found here: https://github.com/apache/zookeeper/pull/184

ZOOKEEPER-236 provides the ability to use SSL/TLS to secure
communication within the ZooKeeper quorum.

Documentation will be handled in another pull request but the usage is
very similar to our existing Client <-> Quorum functionality, here is an
overview of the basic configuration. 

System properties are set on each member of the quorum, for example:

A flag is set in the cfg files:

The best way to see all the functionality provided by this patch is to
take a look at the integration tests:
The integration tests contain examples showing how hostname
verification, rolling upgrades, cipher configuration, protocol
configuration, and certificate revocation are handled.

There is a current outstanding question regarding hostname verification,
please provide input here:

Looking forward to hearing everyone's thoughts.

Abraham Fine

View raw message