zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Enrico Olivelli - Diennea <enrico.olive...@diennea.com>
Subject Re: ZooKeeper in secure mode
Date Thu, 16 Jan 2020 09:31:40 GMT
Praveen
In order to use Netty it is better for you to use 3.5.6 that contains Netty 4, ZooKeeper 3.4.x
uses the deprecated Netty 3. For TSL, and it is known to have security flaws and it is no
more maintained

Btw your problem looks like there is a missing class and it is weird

Enrico

Il giorno 16/01/20, 10:25 "Praveen Kumar K S" <praveen@securelyshare.com> ha scritto:

    Hello,

    I'm looking for help on enabling authentication in zookeeper. Please note
    below approach I have tried.

    1. I followed
    https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide
    2. I'm deploying zookeeper as single node using docker
    3. Zookeeper version is 3.4.13
    4. Below are some important environmental variables in zookeeper container

    CLIENT_JVMFLAGS=-Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
    -Dzookeeper.client.secure=true
    -Dzookeeper.ssl.keyStore.location=/opt/vault/zookeeper/ssl/KeyStore.jks
    -Dzookeeper.ssl.keyStore.password=XX@123
    -Dzookeeper.ssl.trustStore.location=/opt/vault/zookeeper/ssl/truststore.jks
    -Dzookeeper.ssl.trustStore.password=XX@123

    SERVER_JVMFLAGS=-Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
    -Dzookeeper.ssl.keyStore.location=/opt/vault/zookeeper/ssl/KeyStore.jks
    -Dzookeeper.ssl.keyStore.password=XX@123
    -Dzookeeper.ssl.trustStore.location=/opt/vault/zookeeper/ssl/truststore.jks
    -Dzookeeper.ssl.trustStore.password=XX@123

    zookeeper.serverCnxnFactory="org.apache.zookeeper.server.NettyServerCnxnFactory"

    5. Below is conf file
    server.1=0.0.0.0:2888:3888
    secureClientPort=2281
    initLimit=5
    syncLimit=2
    tickTime=2000
    clientPort=2181
    clientPortAddress=zookeeper
    dataLogDir=/opt/vault/zookeeper/logs
    dataDir=/opt/vault/zookeeper/data

    6. Zookeeper is healthy
    7. I tried connecting to Zookeeper server from my machine using zkCli.sh.
    But getting below error

    2020-01-16 14:21:27,798 [myid:] - INFO  [main:ZooKeeper@442] - Initiating
    client connection, connectString=zookeeper:2281 sessionTimeout=30000
    watcher=org.apache.zookeeper.ZooKeeperMain$MyWatcher@531d72ca
    Exception in thread "main" java.io.IOException: Couldn't instantiate
    org.apache.zookeeper.ClientCnxnSocketNetty
    at org.apache.zookeeper.ZooKeeper.getClientCnxnSocket(ZooKeeper.java:1851)
    at org.apache.zookeeper.ZooKeeper.<init>(ZooKeeper.java:453)
    at org.apache.zookeeper.ZooKeeperMain.connectToZK(ZooKeeperMain.java:283)
    at org.apache.zookeeper.ZooKeeperMain.<init>(ZooKeeperMain.java:297)
    at org.apache.zookeeper.ZooKeeperMain.main(ZooKeeperMain.java:290)
    Caused by: java.lang.ClassNotFoundException:
    org.apache.zookeeper.ClientCnxnSocketNetty
    at java.net.URLClassLoader.findClass(URLClassLoader.java:382)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
    at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:264)
    at org.apache.zookeeper.ZooKeeper.getClientCnxnSocket(ZooKeeper.java:1848)
    ... 4 more

    8.Zookeeper is working fine on 2181
    9.I tried to connect Kafka to Zookeeper on port 2281. Getting below error

    [2020-01-16 09:12:07,477] INFO Initiating client connection,
    connectString=zookeeper:2281 sessionTimeout=6000
    watcher=kafka.zookeeper.ZooKeeperClient$ZooKeeperClientWatcher$@5c33f1a9
    (org.apache.zookeeper.ZooKeeper)
    [2020-01-16 09:12:07,488] INFO [ZooKeeperClient] Waiting until connected.
    (kafka.zookeeper.ZooKeeperClient)
    [2020-01-16 09:12:07,489] INFO Opening socket connection to server
    zookeeper/172.16.13.2:2281. Will not attempt to authenticate using SASL
    (unknown error) (org.apache.zookeeper.ClientCnxn)
    [2020-01-16 09:12:07,493] INFO Socket error occurred: zookeeper/
    172.16.13.2:2281: Connection refused (org.apache.zookeeper.ClientCnxn)
    [2020-01-16 09:12:08,599] INFO Opening socket connection to server
    zookeeper/172.16.13.2:2281. Will not attempt to authenticate using SASL
    (unknown error) (org.apache.zookeeper.ClientCnxn)

    Please help and advice.

    Regards,
    Praveen Kumar K S
    +91-9986855625



________________________________

CONFIDENTIALITY & PRIVACY NOTICE
This e-mail (including any attachments) is strictly confidential and may also contain privileged
information. If you are not the intended recipient you are not authorised to read, print,
save, process or disclose this message. If you have received this message by mistake, please
inform the sender immediately and destroy this e-mail, its attachments and any copies. Any
use, distribution, reproduction or disclosure by any person other than the intended recipient
is strictly prohibited and the person responsible may incur in penalties.
The use of this e-mail is only for professional purposes; there is no guarantee that the correspondence
towards this e-mail will be read only by the recipient, because, under certain circumstances,
there may be a need to access this email by third subjects belonging to the Company.
Mime
View raw message