zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jsmullin <js.1...@live.com>
Subject Re: SSL between java client and zookeeper?
Date Fri, 12 Aug 2016 14:24:49 GMT
Let me re send them

Sent from my iPhone

On Aug 12, 2016, at 2:10 AM, Martin Gainty [via zookeeper-user] <ml-node+s578899n7582562h6@n2.nabble.com<mailto:ml-node+s578899n7582562h6@n2.nabble.com>>
wrote:

MG>where are attachments?

> Date: Thu, 11 Aug 2016 14:48:13 -0700
> From: [hidden email]</user/SendEmail.jtp?type=node&node=7582562&i=0>
> To: [hidden email]</user/SendEmail.jtp?type=node&node=7582562&i=1>
> Subject: Re: SSL between java client and zookeeper?
>
> Hi Vaibhav,
>
>
> I've only been able to see those logs I've sent, I'm just trying to enable SSL in a really
trivial situation. Here's what I've done and which files I've utilized.
>
> The tarball contains the new 3.5.1-alpha version of zookeeper and I stick it in /usr/lib/zookeeper-3.5.1-alpha.
>
> Within /usr/lib/zookeeper-3.5.1-alpha is 3 more important directories with the scripts,
conf/, bin/, and ssl/.
>
> I put java.env, my zoo.cfg, etc into the conf/ directory, and the zkServer.sh, zkCli.sh,
zkEnv.sh, etc are within the bin/ directory, and then I've put my keystore and truststore
within the ssl/ directory.
>
> I attached my zkServer.sh, zkCli.sh, zkEnv.sh, java.env, zoo.cfg files for you to take
a look. MG>Where are attachments?
This is just to get SSL working with a basic zookeeper tutorial at http://www.tutorialspoint.com/zookeeper/zookeeper_installation.htm
and once I've got that connecting and handling SSL I'll add it to my infrastructure with securing
mesos/zookeeper communication. Please do take a look at my scripts and configs as I'm obviously
very stuck and have exhausted all of the resources online about zookeeper/Netty/SSL. Note
though I do have one script that changes the zoo.cfg I sent you to properly put the secureClientPort
and necessary changes to zoo.cfg.

>
>
> I first launch into a box, start zookeeper from the /usr/lib/zookeeper-3.5.1-alpha/bin/zkServer.sh
start
>
> then I run the client like so /usr/lib/zookeeper-3.5.1-alpha/bin/zkCli.sh -server localhost:2281
>
>
>
> It wouldn't let me send you the zokeeper-3.5.1-alpha.tar.gz but that's just on the mirror
site I'm sure where you got yours.(Over 10MB outlook limit)
>
> Thanks!
>
> Jacob
>
>
>
> ________________________________
> From: Devekar, Vaibhav [via zookeeper-user] <[hidden email]</user/SendEmail.jtp?type=node&node=7582562&i=2>>
> Sent: Thursday, August 11, 2016 2:17 PM
> To: jsmullin
> Subject: Re: SSL between java client and zookeeper?
>
> Hi Jacob,
>
> Did you check logs for zookeeper server?
> I would suggest adding -Djavax.net.debug=ssl to JVM arguments for both
> zookeeper server and zkCli. This will give you an idea if connection fails
> during SSL handshake.
>
> --
>
>
>
> On 8/11/16, 12:54 PM, "jsmullin" <[hidden email]</user/SendEmail.jtp?type=node&node=7582559&i=0>>
wrote:
>
> >Hi there, I've been struggling for some time to get SSL working with my
> >3.5.1
> >version of Zookeeper. My end goal is to secure my communication between
> >zookeeper and mesos, I am trying a simple technique of adding everything
> >detailed in the SSL dedicated user guide to my zkEnv.sh. I then run my
> >server feeding it everything such as secureClientPort = 2281 etc in the
> >zoo.cfg. I then run my bin/zkCli.sh -server localhost:2281 and seem to be
> >running into issues there, the logs spit out,
> >2016-08-11 19:40:20,602 [myid:] - INFO
> >[main-SendThread(localhost:2281):ClientCnxnSocketNetty$ZKClientPipelineFac
> >tory@363]
> >- SSL handler added for channel: null
> >2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxn$SendThread@980] - Socket connection established, initiating
> >session, client: /0:0:0:0:0:0:0:1:60824, server:
> >localhost/0:0:0:0:0:0:0:1:2281
> >2016-08-11 19:40:20,608 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxnSocketNetty$1@146] - channel is connected: [id: 0x053cfca8,
> >/0:0:0:0:0:0:0:1:60824 => localhost/0:0:0:0:0:0:0:1:2281]
> >2016-08-11 19:40:35,610 [myid:] - INFO
> >[main-SendThread(localhost:2281):ClientCnxn$SendThread@1251] - Client
> >session timed out, have not heard from server in 15002ms for sessionid
> >0x0,
> >closing socket connection and attempting reconnect
> >2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxnSocketNetty$ZKClientHandler@377] - channel is disconnected:
> >[id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
> >2016-08-11 19:40:35,611 [myid:] - INFO  [New I/O worker
> >#2:ClientCnxnSocketNetty@201] - channel is told closing
> >2016-08-11 19:40:35,612 [myid:] - WARN  [New I/O worker
> >#2:ClientCnxnSocketNetty$ZKClientHandler@432] - Exception caught: [id:
> >0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281]
> >EXCEPTION: java.nio.channels.ClosedChannelException
> >java.nio.channels.ClosedChannelException
> >        at
> >org.jboss.netty.handler.ssl.SslHandler$6.run(SslHandler.java:1580)
> >        at
> >org.jboss.netty.channel.socket.ChannelRunnableWrapper.run(ChannelRunnableW
> >rapper.java:40)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
> >tractNioWorker.java:71)
> >        at
> >org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
> >ava:36)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs
> >tractNioWorker.java:57)
> >        at
> >org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j
> >ava:36)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioChannelSink.execute(Abstract
> >NioChannelSink.java:34)
> >        at
> >org.jboss.netty.handler.ssl.SslHandler.channelClosed(SslHandler.java:1566)
> >        at
> >org.jboss.netty.channel.Channels.fireChannelClosed(Channels.java:468)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.close(AbstractNioWork
> >er.java:376)
> >        at
> >org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink.eventSunk(N
> >ioClientSocketPipelineSink.java:58)
> >        at org.jboss.netty.channel.Channels.close(Channels.java:828)
> >        at
> >org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operat
> >ionComplete(SslHandler.java:1485)
> >        at
> >org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannel
> >Future.java:427)
> >        at
> >org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChanne
> >lFuture.java:418)
> >        at
> >org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFutu
> >re.java:362)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.write0(AbstractNioWor
> >ker.java:221)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.writeFromTaskLoop(Abs
> >tractNioWorker.java:152)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioChannel$WriteTask.run(Abstra
> >ctNioChannel.java:335)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(Ab
> >stractNioSelector.java:366)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSele
> >ctor.java:290)
> >        at
> >org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker
> >.java:90)
> >        at
> >org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
> >        at
> >java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:
> >1142)
> >        at
> >java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
> >:617)
> >        at java.lang.Thread.run(Thread.java:745)
> >Any help or guidance to my long term goal would be very appreciated as the
> >info about zookeeper and enabling SSL is slim to none. I can post my
> >configs
> >etc, anything you need!
> >
> >
> >
> >--
> >View this message in context:
> >http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zoo
> >keeper-tp7582421p7582558.html
> >Sent from the zookeeper-user mailing list archive at Nabble.com<http://nabble.com>.
>
>
>
> ________________________________
> If you reply to this email, your message will be added to the discussion below:
> http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582559.html
> To unsubscribe from SSL between java client and zookeeper?, click here<
> NAML<http://zookeeper-user.578899.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
>
> zkCli.sh (2K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/0/zkCli.sh>
> zkEnv.sh (5K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/1/zkEnv.sh>
> zkServer.sh (12K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/2/zkServer.sh>
> java.env (1K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/3/java.env>
> zoo.cfg (1K) <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/4/zoo.cfg>
>
>
>
>
> --
> View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582560.html
> Sent from the zookeeper-user mailing list archive at Nabble.com<http://nabble.com>.


________________________________
If you reply to this email, your message will be added to the discussion below:
http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582562.html
To unsubscribe from SSL between java client and zookeeper?, click here<http://zookeeper-user.578899.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=7582421&code=anMuMTk5MkBsaXZlLmNvbXw3NTgyNDIxfDE0NzIyMTY2MTE=>.
NAML<http://zookeeper-user.578899.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>




--
View this message in context: http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582563.html
Sent from the zookeeper-user mailing list archive at Nabble.com.
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message