zookeeper-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From an...@apache.org
Subject [zookeeper] branch website updated: More doc enhancements for release 3.5.5
Date Mon, 20 May 2019 16:49:28 GMT
This is an automated email from the ASF dual-hosted git repository.

andor pushed a commit to branch website
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/website by this push:
     new cdf98d6  More doc enhancements for release 3.5.5
cdf98d6 is described below

commit cdf98d6888a6f4da1bd91b81c270d9b081e4b773
Author: Andor Molnar <andor@apache.org>
AuthorDate: Mon May 20 18:49:10 2019 +0200

    More doc enhancements for release 3.5.5
---
 _released_docs/r3.5.5/zookeeperAdmin.html | 53 +++++++++++++++----------------
 src/main/resources/markdown/releases.md   |  7 ++++
 2 files changed, 32 insertions(+), 28 deletions(-)

diff --git a/_released_docs/r3.5.5/zookeeperAdmin.html b/_released_docs/r3.5.5/zookeeperAdmin.html
index 6b7bda9..dd6f756 100644
--- a/_released_docs/r3.5.5/zookeeperAdmin.html
+++ b/_released_docs/r3.5.5/zookeeperAdmin.html
@@ -427,69 +427,66 @@ server.3=zoo3:2888:3888
 </ul><p><a name="Communication+using+the+Netty+framework"></a></p><h3>Communication
using the Netty framework</h3><p><a href="http://netty.io">Netty</a>
is an NIO based client/server communication framework, it simplifies (over NIO being used
directly) many of the complexities of network level communication for java applications. Additionally
the Netty framework has built in support for encryption (SSL) and authentication (certificates).
These are optional features and can be turned on o [...]
 <ol>
   <li>Create SSL keystore JKS to store local credentials</li>
-</ol><p>One keystore should be created for each ZK instance.</p><p>In
this example we generate a self-signed certificate and store it together with the private
key in <code>keystore.jks</code>. This is suitable for testing purposes, but you
probably need an official certificate to sign your keys in a production environment.</p><p>Please
note that the alias (<code>-alias</code>) and the distinguished name (<code>-dname</code>)
must match the hostname of the machine that is associated with [...]
-keytool -genkeypair -alias $(hostname -f) -keyalg RSA -keysize 2048 -dname &quot;cn=$(hostname
-f)&quot; -keypass password -keystore keystore.jks -storepass password
-</code></p>
+</ol><p>One keystore should be created for each ZK instance.</p><p>In
this example we generate a self-signed certificate and store it together with the private
key in <code>keystore.jks</code>. This is suitable for testing purposes, but you
probably need an official certificate to sign your keys in a production environment.</p><p>Please
note that the alias (<code>-alias</code>) and the distinguished name (<code>-dname</code>)
must match the hostname of the machine that is associated with [...]
+<pre><code>keytool -genkeypair -alias $(hostname -f) -keyalg RSA -keysize 2048
-dname &quot;cn=$(hostname -f)&quot; -keypass password -keystore keystore.jks -storepass
password</code></pre>
 <ol>
   <li>Extract the signed public key (certificate) from keystore</li>
-</ol><p><em>This step might only necessary for self-signed certificates.</em></p><p><code>
-keytool -exportcert -alias $(hostname -f) -keystore keystore.jks -file $(hostname -f).cer
-rfc
-</code></p>
+</ol><p><em>This step might only necessary for self-signed certificates.</em></p>
+<pre><code>keytool -exportcert -alias $(hostname -f) -keystore keystore.jks -file
$(hostname -f).cer -rfc</code></pre>
 <ol>
   <li>Create SSL truststore JKS containing certificates of all ZooKeeper instances</li>
-</ol><p>The same truststore (storing all accepted certs) should be shared on
participants of the ensemble. You need to use different aliases to store multiple certificates
in the same truststore. Name of the aliases doesn't matter.</p><p><code>
-keytool -importcert -alias [host1..3] -file [host1..3].cer -keystore truststore.jks -storepass
password
-</code></p>
+</ol><p>The same truststore (storing all accepted certs) should be shared on
participants of the ensemble. You need to use different aliases to store multiple certificates
in the same truststore. Name of the aliases doesn't matter.</p>
+<pre><code>keytool -importcert -alias [host1..3] -file [host1..3].cer -keystore
truststore.jks -storepass password</code></pre>
 <ol>
   <li>You need to use <code>NettyServerCnxnFactory</code> as serverCnxnFactory,
because SSL is not supported by NIO. Add the following configuration settings to your <code>zoo.cfg</code>
config file:</li>
-</ol><p><code>
-sslQuorum=true
+</ol>
+<pre><code>sslQuorum=true
 serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
 ssl.quorum.keyStore.location=/path/to/keystore.jks
 ssl.quorum.keyStore.password=password
 ssl.quorum.trustStore.location=/path/to/truststore.jks
 ssl.quorum.trustStore.password=password
-</code></p>
+</code></pre>
 <ol>
   <li>Verify in the logs that your ensemble is running on TLS:</li>
-</ol><p><code>
-INFO  [main:QuorumPeer@1789] - Using TLS encrypted quorum communication
+</ol>
+<pre><code>INFO  [main:QuorumPeer@1789] - Using TLS encrypted quorum communication
 INFO  [main:QuorumPeer@1797] - Port unification disabled
 ...
 INFO  [QuorumPeerListener:QuorumCnxManager$Listener@877] - Creating TLS-only quorum server
socket
-</code></p><p><a name="Upgrading+existing+nonTLS+cluster"></a></p><h4>Upgrading
existing non-TLS cluster with no downtime</h4><p><em>New in 3.5.5</em></p><p>Here
are the steps needed to upgrade an already running ZooKeeper ensemble to TLS without downtime
by taking advantage of port unification functionality.</p>
+</code></pre><p><a name="Upgrading+existing+nonTLS+cluster"></a></p><h4>Upgrading
existing non-TLS cluster with no downtime</h4><p><em>New in 3.5.5</em></p><p>Here
are the steps needed to upgrade an already running ZooKeeper ensemble to TLS without downtime
by taking advantage of port unification functionality.</p>
 <ol>
   <li><p>Create the necessary keystores and truststores for all ZK participants
as described in the previous section</p></li>
   <li><p>Add the following config settings and restart the first node</p></li>
-</ol><p><code>
-sslQuorum=false
+</ol>
+<pre><code>sslQuorum=false
 portUnification=true
 serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
 ssl.quorum.keyStore.location=/path/to/keystore.jks
 ssl.quorum.keyStore.password=password
 ssl.quorum.trustStore.location=/path/to/truststore.jks
 ssl.quorum.trustStore.password=password
-</code></p><p>Note that TLS is not yet enabled, but we turn on port unification.</p>
+</code></pre><p>Note that TLS is not yet enabled, but we turn on port unification.</p>
 <ol>
   <li>Repeat step #2 on the remaining nodes. Verify that you see the following entries
in the logs:</li>
-</ol><p><code>
-INFO  [main:QuorumPeer@1791] - Using insecure (non-TLS) quorum communication
+</ol>
+<pre><code>INFO  [main:QuorumPeer@1791] - Using insecure (non-TLS) quorum communication
 INFO  [main:QuorumPeer@1797] - Port unification enabled
 ...
 INFO  [QuorumPeerListener:QuorumCnxManager$Listener@874] - Creating TLS-enabled quorum server
socket
-</code></p><p>You should also double check after each node restart that
the quorum become healthy again.</p>
+</code></pre><p>You should also double check after each node restart that
the quorum become healthy again.</p>
 <ol>
   <li>Enable Quorum TLS on each node and do rolling restart:</li>
-</ol><p><code>
-sslQuorum=true
+</ol>
+<pre><code>sslQuorum=true
 portUnification=true
-</code></p>
+</code></pre>
 <ol>
   <li>Once you verified that your entire ensemble is running on TLS, you could disable
port unification and do another rolling restart</li>
-</ol><p><code>
-sslQuorum=true
+</ol>
+<pre><code>sslQuorum=true
 portUnification=false
-</code> </p><p><a name="sc_zkCommands"></a></p><h3>ZooKeeper
Commands</h3><p><a name="sc_4lw"></a></p><h4>The Four
Letter Words</h4><p>ZooKeeper responds to a small set of commands. Each command
is composed of four letters. You issue the commands to ZooKeeper via telnet or nc, at the
client port.</p><p>Three of the more interesting commands: "stat" gives some general
information about the server and connected clients, while "srvr" and "cons" give extended
details on server and connection [...]
+</code></pre><p><a name="sc_zkCommands"></a></p><h3>ZooKeeper
Commands</h3><p><a name="sc_4lw"></a></p><h4>The Four
Letter Words</h4><p>ZooKeeper responds to a small set of commands. Each command
is composed of four letters. You issue the commands to ZooKeeper via telnet or nc, at the
client port.</p><p>Three of the more interesting commands: "stat" gives some general
information about the server and connected clients, while "srvr" and "cons" give extended
details on server and connectio [...]
 <ul>
   <li><p><em>conf</em> : <strong>New in 3.3.0:</strong>
Print details about serving configuration.</p></li>
   <li><p><em>cons</em> : <strong>New in 3.3.0:</strong>
List full connection/session details for all clients connected to this server. Includes information
on numbers of packets received/sent, session id, operation latencies, last operation performed,
etc...</p></li>
@@ -656,4 +653,4 @@ Recovery file log.100000001.fixed has been written with 1 fixed CRC error(s)
     <div id="logos"></div>
 </div>
 </body>
-</html>
\ No newline at end of file
+</html>
diff --git a/src/main/resources/markdown/releases.md b/src/main/resources/markdown/releases.md
index da3853d..a8dad34 100644
--- a/src/main/resources/markdown/releases.md
+++ b/src/main/resources/markdown/releases.md
@@ -55,6 +55,13 @@ It contains 950 commits, resolves 744 issues, fixes 470 bugs and includes
the fo
 
 Various performance and stability improvements.
 
+Please also note:
+
+* Minimum recommended JDK version is now 1.8
+* Release artifacts have been changed considerably to be more Apache and Maven friendly:
+    * apache-zookeeper-X.Y.Z.tar.gz is standard source-only release,
+    * apache-zookeeper-X.Y.Z-bin.tar.gz is the convenience tarball which contains the binaries
+
 Thanks to the contributors for their tremendous efforts to make this release happen.
 
 See [ZooKeeper 3.5.5 Release Notes](https://zookeeper.apache.org/doc/r3.5.5/releasenotes.html)
for details.


Mime
View raw message