From user-return-12531-archive-asf-public=cust-asf.ponee.io@zookeeper.apache.org Thu Jan 16 09:25:13 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 13AE818060E for ; Thu, 16 Jan 2020 10:25:12 +0100 (CET) Received: (qmail 36839 invoked by uid 500); 16 Jan 2020 09:25:11 -0000 Mailing-List: contact user-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@zookeeper.apache.org Delivered-To: mailing list user@zookeeper.apache.org Received: (qmail 36821 invoked by uid 99); 16 Jan 2020 09:25:11 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Jan 2020 09:25:11 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 240A8181364 for ; Thu, 16 Jan 2020 09:25:10 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.002 X-Spam-Level: X-Spam-Status: No, score=0.002 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.2, NUMERIC_HTTP_ADDR=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, WEIRD_PORT=0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=securelyshare.com Received: from mx1-ec2-va.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id nZUYNMLccngF for ; Thu, 16 Jan 2020 09:25:05 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.217.45; helo=mail-vs1-f45.google.com; envelope-from=praveen@securelyshare.com; receiver= Received: from mail-vs1-f45.google.com (mail-vs1-f45.google.com [209.85.217.45]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 37EC6BC5C3 for ; Thu, 16 Jan 2020 09:25:05 +0000 (UTC) Received: by mail-vs1-f45.google.com with SMTP id s16so12232032vsc.10 for ; Thu, 16 Jan 2020 01:25:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=securelyshare.com; s=google; h=mime-version:from:date:message-id:subject:to; bh=ApnXeLmDSATqwroV5iX1JMaWV/1xwGBOvSMuKqgKzno=; b=fuL2QyBDilDEzUSvHPOJnN3x2IlV8hGQgvR6wJfj4+SbQPcc/hyRehiWMHEuAeGONa cq9pe5kahz+B9b5s0pMrSvcNFCJ8TJhaX1czRtSQZBa+N2at7JRnodn5jB6Lc55a+sIk x/Eg+Gzg4NY69iqBZfHRQc8hxmcvU/PgSElhSXaQtH0/LaFTGIt0IqX1Mcukz77SQ+Fg +VE9FFzTHQYthTxCSPQQY38mWpEr36Z7rMNlYY5IiQ2FrWrTx5hiZnehAEPIL8NbwH1k +me+VvDdUgr4RDtXOIj4kiT+QpbUy58VKNLxmfMgPbjc7pJxaYbZ10/9QJGn4r+RPyj/ fsgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ApnXeLmDSATqwroV5iX1JMaWV/1xwGBOvSMuKqgKzno=; b=pAVFR6QGiVIU6CfXDqA8krdFHLSrcYGqfGRGAQozb2NVRfZvbXvndM4JfTgVpaTwXt aVArjCFREtwE8ixEuh+PEd0qQYzuRg720u8U7ltK80ozZ0pdU0aFb3w1/bGFT/GfKECQ h6ulta/ibkJlrtbLRkRxabZjhM/L0u2k87eb/s0HhGU4qKTQyrDFERdtcNhP+uSMfrWJ VNVu7Zi4OFgF0+aCRwzSNScXR5pKYklMnBHepLGMZJ0Io95uerJQiK3KDJr6qn0YB4bE 6b+OWoAMGCm/JsxkX83zysRgjOJiuFZ32GelLVFow77qK01rXhcEVmBRDoKRrhhWIFYo hmCA== X-Gm-Message-State: APjAAAXlJkusmcnSIU7evFj8OMcL0BKV9+YQNVS24ryIqBI2JWdDsMDX C8t/qiije1QicQ3zGfN3TmqbnoF7bcTWA236Rgcq/hMpAZU= X-Google-Smtp-Source: APXvYqzi1t5J0C8Vlw7kNTBRUnntpSOEM+WA+9Vqog3P5m/sWlPJACmxat6O+IDBWdvX0sGncfHTA4xKf7bsGGXg+uM= X-Received: by 2002:a05:6102:3105:: with SMTP id e5mr803496vsh.133.1579166699258; Thu, 16 Jan 2020 01:24:59 -0800 (PST) MIME-Version: 1.0 From: Praveen Kumar K S Date: Thu, 16 Jan 2020 14:54:48 +0530 Message-ID: Subject: ZooKeeper in secure mode To: user@zookeeper.apache.org Content-Type: multipart/alternative; boundary="000000000000269b91059c3e6643" --000000000000269b91059c3e6643 Content-Type: text/plain; charset="UTF-8" Hello, I'm looking for help on enabling authentication in zookeeper. Please note below approach I have tried. 1. I followed https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide 2. I'm deploying zookeeper as single node using docker 3. Zookeeper version is 3.4.13 4. Below are some important environmental variables in zookeeper container CLIENT_JVMFLAGS=-Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location=/opt/vault/zookeeper/ssl/KeyStore.jks -Dzookeeper.ssl.keyStore.password=XX@123 -Dzookeeper.ssl.trustStore.location=/opt/vault/zookeeper/ssl/truststore.jks -Dzookeeper.ssl.trustStore.password=XX@123 SERVER_JVMFLAGS=-Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory -Dzookeeper.ssl.keyStore.location=/opt/vault/zookeeper/ssl/KeyStore.jks -Dzookeeper.ssl.keyStore.password=XX@123 -Dzookeeper.ssl.trustStore.location=/opt/vault/zookeeper/ssl/truststore.jks -Dzookeeper.ssl.trustStore.password=XX@123 zookeeper.serverCnxnFactory="org.apache.zookeeper.server.NettyServerCnxnFactory" 5. Below is conf file server.1=0.0.0.0:2888:3888 secureClientPort=2281 initLimit=5 syncLimit=2 tickTime=2000 clientPort=2181 clientPortAddress=zookeeper dataLogDir=/opt/vault/zookeeper/logs dataDir=/opt/vault/zookeeper/data 6. Zookeeper is healthy 7. I tried connecting to Zookeeper server from my machine using zkCli.sh. But getting below error 2020-01-16 14:21:27,798 [myid:] - INFO [main:ZooKeeper@442] - Initiating client connection, connectString=zookeeper:2281 sessionTimeout=30000 watcher=org.apache.zookeeper.ZooKeeperMain$MyWatcher@531d72ca Exception in thread "main" java.io.IOException: Couldn't instantiate org.apache.zookeeper.ClientCnxnSocketNetty at org.apache.zookeeper.ZooKeeper.getClientCnxnSocket(ZooKeeper.java:1851) at org.apache.zookeeper.ZooKeeper.(ZooKeeper.java:453) at org.apache.zookeeper.ZooKeeperMain.connectToZK(ZooKeeperMain.java:283) at org.apache.zookeeper.ZooKeeperMain.(ZooKeeperMain.java:297) at org.apache.zookeeper.ZooKeeperMain.main(ZooKeeperMain.java:290) Caused by: java.lang.ClassNotFoundException: org.apache.zookeeper.ClientCnxnSocketNetty at java.net.URLClassLoader.findClass(URLClassLoader.java:382) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:264) at org.apache.zookeeper.ZooKeeper.getClientCnxnSocket(ZooKeeper.java:1848) ... 4 more 8.Zookeeper is working fine on 2181 9.I tried to connect Kafka to Zookeeper on port 2281. Getting below error [2020-01-16 09:12:07,477] INFO Initiating client connection, connectString=zookeeper:2281 sessionTimeout=6000 watcher=kafka.zookeeper.ZooKeeperClient$ZooKeeperClientWatcher$@5c33f1a9 (org.apache.zookeeper.ZooKeeper) [2020-01-16 09:12:07,488] INFO [ZooKeeperClient] Waiting until connected. (kafka.zookeeper.ZooKeeperClient) [2020-01-16 09:12:07,489] INFO Opening socket connection to server zookeeper/172.16.13.2:2281. Will not attempt to authenticate using SASL (unknown error) (org.apache.zookeeper.ClientCnxn) [2020-01-16 09:12:07,493] INFO Socket error occurred: zookeeper/ 172.16.13.2:2281: Connection refused (org.apache.zookeeper.ClientCnxn) [2020-01-16 09:12:08,599] INFO Opening socket connection to server zookeeper/172.16.13.2:2281. Will not attempt to authenticate using SASL (unknown error) (org.apache.zookeeper.ClientCnxn) Please help and advice. Regards, Praveen Kumar K S +91-9986855625 --000000000000269b91059c3e6643--