zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rakesh Radhakrishnan <rake...@apache.org>
Subject Re: security
Date Fri, 16 Dec 2016 09:13:08 GMT
I believe with the community support, will be able to reach to a 3.5.x beta
version soon.
FYI, please refer the release discussion thread https://qnalist.com/que
stions/7887505/upcoming-3-4-3-5-releases

Rakesh

On Fri, Dec 16, 2016 at 1:06 PM, FaXin Zhong <faxin.zhong@ericsson.com>
wrote:

> Hi,
>
> OK.  3.5.x are still alpha or being beta version, when will the formal
> stable version release, can you foresee?  Thanks.
>
> BRs/Faxin
>
> -----Original Message-----
> From: Michael Han [mailto:hanm@cloudera.com]
> Sent: den 15 december 2016 19:48
> To: UserZooKeeper <user@zookeeper.apache.org>
> Subject: Re: security
>
> >> is there any plan to support SSL
> There is ZOOKEEPER-1000
> <https://issues.apache.org/jira/browse/ZOOKEEPER-1000>, but no one is
> actively pushing this.
>
> >>  Does zookeeper provide KDC HA as off-shelf support?
> HA of KDC is not part of ZooKeeper's responsibility. KDC has its own HA
> solutions (i.e. through master slave replication). The test report is a
> record of what's done for the purpose of testing, and is not a reference
> for a product deployment.
>
>
> On Thu, Dec 15, 2016 at 2:34 AM, FaXin Zhong <faxin.zhong@ericsson.com>
> wrote:
>
> > Hi,
> >
> > Many thanks for the info.  For the server-server communication, is
> > there any plan to support SSL as well?  We better have one security
> > approach for client and server.
> >
> > The test report mentions installing the KDC on sever 1, how to secure
> > the KDC HA? Does zookeeper provide KDC HA as off-shelf support?
> >
> > BRs/Faxin
> >
> > -----Original Message-----
> > From: Rakesh Radhakrishnan [mailto:rakeshr@apache.org]
> > Sent: den 14 december 2016 14:24
> > To: user@zookeeper.apache.org
> > Subject: Re: security
> >
> > Hi,
> >
> > Adding one more point to the above. Please refer the test report here,
> > https://goo.gl/qNR45M
> >
> > Both the issues mentioned in the report has been discussed.
> > Problem-1)  This has been taken care and corrected the document
> > Problem-2) This is a deployment mistake. Please go through the
> > analysis section and has to be taken care during deployment.
> >
> > Thanks,
> > Rakesh
> >
> > On Wed, Dec 14, 2016 at 6:41 PM, Rakesh Radhakrishnan
> > <rakeshr@apache.org>
> > wrote:
> >
> > > 1 => AFAIK, there are many companies adopted 3.5.x latest alpha
> > > version and no major issues reported so far. I hope beta release
> > > will be out soon at the first quarter of next year if there is no
> > > blockers/critical issues by anyone. IIUC, 3.5.3 release discussion
> > > is in progress. Probably, you can do a trial run and start
> > > analyzing/understanding the changes in 3.5.x latest version
> > (3.5.2-alpha) for smooth adoption to your eco system.
> > >
> > > 2 => Thanks for the interest on this feature. This work has been
> > > committed into the branch 3.4 recently(two weeks back) and planning
> > > 3.4.10 release asap including this feature. Again, the release
> > discussion is in progress.
> > > This feature has been tested by multiple folks and the test reports
> > > are available. Please go through the below links to understand more
> > > on
> > this.
> > > I'd really appreciate if you could test this feature and publish
> > feedback.
> > > Thanks! Please feel free to contact or discuss issues, some of us
> > > will help you. There are plans to forward port this feature to
> > > branch 3.5 via
> > > ZOOKEEPER-2639 task.
> > >
> > > https://qnalist.com/questions/7332914/test-plan-for-zk-1045-
> > > call-for-volunteers
> > > https://issues.apache.org/jira/secure/attachment/12834567/ZO
> > > OKEEPER-1045%20Test%20Plan.pdf - The problems mentioned in this test
> > > report is already taken care.
> > >
> > > Feature documentation is getting ready and draft version is
> > > available
> > here.
> > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKee
> > > per+and+SASL+authentication
> > > Documentation review is going on.
> > >
> > > Regards,
> > > Rakesh
> > >
> > > On Wed, Dec 14, 2016 at 5:54 PM, FaXin Zhong
> > > <faxin.zhong@ericsson.com>
> > > wrote:
> > >
> > >> Hi,
> > >>
> > >> Our product is using zookeeper. I have some security questions
> > >> about zookeeper as below.
> > >>
> > >>
> > >> 1.       We want to use ssl for the client-server communication,
> > >> zookeeper supports it since 3.5.1, while it's alpha version,  is it
> > >> OK to upgrade zookeeper to 3.5.1 or latest? We are currently using
> > >> 3.4.8 for customers.
> > >>
> > >>
> > >> 2.       Does zookeeper support server-server secure communication as
> > >> well?  Or any plan? I don't find it in zookeeper documents, but
> > >> found some JIRA stuff
> > >> "ZOOKEEPER-1045<https://issues.apache.org/jira/browse/ZOOKEE
> > >> PER-1045> covers server-server mutual authentication by SASL", what
> > >> PER-1045> do
> > >> you think of it for commercial usage?
> > >>
> > >>
> > >> Thanks a lot!
> > >>
> > >> BRs/Faxin
> > >>
> > >
> > >
> >
>
>
>
> --
> Cheers
> Michael.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message