zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Flavio Junqueira <fpjunque...@yahoo.com.INVALID>
Subject Re: SSL between java client and zookeeper?
Date Mon, 20 Jun 2016 08:51:54 GMT
Thanks for reporting back, Vaibhav.

-Flavio

> On 17 Jun 2016, at 22:04, Vaibhav Devekar <vaibhav.devekar@gmail.com> wrote:
> 
> Never mind, I figured that out. Quite silly of me. I did not realize that
> CLIENT_JVMFLAGS was meant not just for zkCli but also for java clients!
> 
> I was providing the keystore and trustore values via the java.net.ssl
> arguments. Having these separate JVM arguments does make sense. One may
> want the SSL to be limited to zookeeper connections only.
> 
> 
> ---
> Vaibhav Devekar
> 
> 
> 
> On Fri, Jun 17, 2016 at 1:14 PM, Devekar, Vaibhav <
> Vaibhav.Devekar@staples.com> wrote:
> 
>> I¹m using 3.5.1-alpha. I did forget to update the version for the java
>> library. Thank you for pointing that out. However, I still get the same
>> error after using the latest.
>> Is the zookeeper API supposed to work out of the box? The only thing I did
>> was add keystore and trustore values as JVM arguments to tomcat. I also
>> configured them in tomcat¹s server.xml
>> 
>> 
>> --
>> Vaibhav Devekar
>> Dotcom-Search | Seattle Dev Lab
>> 
>> 
>> 
>> 
>> On 6/17/16, 1:39 AM, "Flavio Junqueira" <fpj@apache.org> wrote:
>> 
>>> Hi there,
>>> 
>>> Which version of the client are you using? This is available only on the
>>> 3.5 branch and trunk.
>>> 
>>> -Flavio
>>> 
>>>> On 17 Jun 2016, at 00:29, Vaibhav Devekar <vaibhav.devekar@gmail.com>
>>>> wrote:
>>>> 
>>>> Re-sending since I probably wasn't subscribed before.
>>>> 
>>>> ---
>>>> Vaibhav Devekar
>>>> 
>>>> 
>>>> 
>>>> On Thu, Jun 16, 2016 at 4:23 PM, Vaibhav Devekar
>>>> <vaibhav.devekar@gmail.com>
>>>> wrote:
>>>> 
>>>>> Hi all,
>>>>> 
>>>>> I'm using zookeeper for dynamic config management among spring apps
>>>>> hosted
>>>>> on many servers. I'm trying to employ SSL for communication between
>>>>> these
>>>>> java app and zookeeper since these properties can be sensitive
>>>>> information
>>>>> such as database passwords.
>>>>> 
>>>>> Based on this guide -
>>>>> 
>>>>> 
>> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User
>>>>> +Guide,
>>>>> I was able to test out SSL for zkCli and zookeeper. I was also able to
>>>>> verify that two java web apps can do 2-way SSL with each other. I'm now
>>>>> trying to do the same with a java client(spring webapp) and zookeeper.
>>>>> However, it hasn't worked so far. The zookeeper log says:
>>>>> 
>>>>> 2016-06-16 14:42:56,379 [myid:] - WARN  [New I/O worker
>>>>> #21:NettyServerCnxnFactory$CnxnChannelHandler@141] - Exception caught
>>>>> [id: 0x265bca3f, /fe80:0:0:0:0:0:0:1%1:61137 =>
>>>>> /fe80:0:0:0:0:0:0:1%1:2281]
>>>>> EXCEPTION: org.jboss.netty.handler.ssl.NotSslRecordException: not an
>>>>> SSL/TLS record:
>>>>> 
>>>>> 0000002d0000000000000000000000000000ea6000000000000000000000001000000000
>>>>> 00000000000000000000000000
>>>>> org.jboss.netty.handler.ssl.NotSslRecordException: not an SSL/TLS
>>>>> record:
>>>>> 
>>>>> 0000002d0000000000000000000000000000ea6000000000000000000000001000000000
>>>>> 00000000000000000000000000
>>>>> 
>>>>> 
>>>>> Any pointers would be great. Does java API for zookeeper even support
>>>>> SSL?
>>>>> 
>>>>> Code example: https://github.com/devekar/sslDemo
>>>>> 
>>>>> Thank you.
>>>>> 
>>>>> ---
>>>>> Vaibhav Devekar
>>>>> 
>>>>> 
>>>>> 
>>> 
>> 
>> 


Mime
View raw message