This is an automated email from the ASF dual-hosted git repository.
andor pushed a commit to branch website
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/website by this push:
new cdf98d6 More doc enhancements for release 3.5.5
cdf98d6 is described below
commit cdf98d6888a6f4da1bd91b81c270d9b081e4b773
Author: Andor Molnar <[email protected]>
AuthorDate: Mon May 20 18:49:10 2019 +0200
More doc enhancements for release 3.5.5
---
_released_docs/r3.5.5/zookeeperAdmin.html | 53 +++++++++++++++----------------
src/main/resources/markdown/releases.md | 7 ++++
2 files changed, 32 insertions(+), 28 deletions(-)
diff --git a/_released_docs/r3.5.5/zookeeperAdmin.html
b/_released_docs/r3.5.5/zookeeperAdmin.html
index 6b7bda9..dd6f756 100644
--- a/_released_docs/r3.5.5/zookeeperAdmin.html
+++ b/_released_docs/r3.5.5/zookeeperAdmin.html
@@ -427,69 +427,66 @@ server.3=zoo3:2888:3888
</ul><p><a
name="Communication+using+the+Netty+framework"></a></p><h3>Communication using
the Netty framework</h3><p><a href="http://netty.io";>Netty</a> is an NIO based
client/server communication framework, it simplifies (over NIO being used
directly) many of the complexities of network level communication for java
applications. Additionally the Netty framework has built in support for
encryption (SSL) and authentication (certificates). These are optional features
and can be turned on o [...]
<ol>
<li>Create SSL keystore JKS to store local credentials</li>
-</ol><p>One keystore should be created for each ZK instance.</p><p>In this
example we generate a self-signed certificate and store it together with the
private key in <code>keystore.jks</code>. This is suitable for testing
purposes, but you probably need an official certificate to sign your keys in a
production environment.</p><p>Please note that the alias (<code>-alias</code>)
and the distinguished name (<code>-dname</code>) must match the hostname of the
machine that is associated with [...]
-keytool -genkeypair -alias $(hostname -f) -keyalg RSA -keysize 2048 -dname
"cn=$(hostname -f)" -keypass password -keystore keystore.jks
-storepass password
-</code></p>
+</ol><p>One keystore should be created for each ZK instance.</p><p>In this
example we generate a self-signed certificate and store it together with the
private key in <code>keystore.jks</code>. This is suitable for testing
purposes, but you probably need an official certificate to sign your keys in a
production environment.</p><p>Please note that the alias (<code>-alias</code>)
and the distinguished name (<code>-dname</code>) must match the hostname of the
machine that is associated with [...]
+<pre><code>keytool -genkeypair -alias $(hostname -f) -keyalg RSA -keysize 2048
-dname "cn=$(hostname -f)" -keypass password -keystore keystore.jks
-storepass password</code></pre>
<ol>
<li>Extract the signed public key (certificate) from keystore</li>
-</ol><p><em>This step might only necessary for self-signed
certificates.</em></p><p><code>
-keytool -exportcert -alias $(hostname -f) -keystore keystore.jks -file
$(hostname -f).cer -rfc
-</code></p>
+</ol><p><em>This step might only necessary for self-signed
certificates.</em></p>
+<pre><code>keytool -exportcert -alias $(hostname -f) -keystore keystore.jks
-file $(hostname -f).cer -rfc</code></pre>
<ol>
<li>Create SSL truststore JKS containing certificates of all ZooKeeper
instances</li>
-</ol><p>The same truststore (storing all accepted certs) should be shared on
participants of the ensemble. You need to use different aliases to store
multiple certificates in the same truststore. Name of the aliases doesn't
matter.</p><p><code>
-keytool -importcert -alias [host1..3] -file [host1..3].cer -keystore
truststore.jks -storepass password
-</code></p>
+</ol><p>The same truststore (storing all accepted certs) should be shared on
participants of the ensemble. You need to use different aliases to store
multiple certificates in the same truststore. Name of the aliases doesn't
matter.</p>
+<pre><code>keytool -importcert -alias [host1..3] -file [host1..3].cer
-keystore truststore.jks -storepass password</code></pre>
<ol>
<li>You need to use <code>NettyServerCnxnFactory</code> as
serverCnxnFactory, because SSL is not supported by NIO. Add the following
configuration settings to your <code>zoo.cfg</code> config file:</li>
-</ol><p><code>
-sslQuorum=true
+</ol>
+<pre><code>sslQuorum=true
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
ssl.quorum.keyStore.location=/path/to/keystore.jks
ssl.quorum.keyStore.password=password
ssl.quorum.trustStore.location=/path/to/truststore.jks
ssl.quorum.trustStore.password=password
-</code></p>
+</code></pre>
<ol>
<li>Verify in the logs that your ensemble is running on TLS:</li>
-</ol><p><code>
-INFO [main:QuorumPeer@1789] - Using TLS encrypted quorum communication
+</ol>
+<pre><code>INFO [main:QuorumPeer@1789] - Using TLS encrypted quorum
communication
INFO [main:QuorumPeer@1797] - Port unification disabled
...
INFO [QuorumPeerListener:QuorumCnxManager$Listener@877] - Creating TLS-only
quorum server socket
-</code></p><p><a
name="Upgrading+existing+nonTLS+cluster"></a></p><h4>Upgrading existing non-TLS
cluster with no downtime</h4><p><em>New in 3.5.5</em></p><p>Here are the steps
needed to upgrade an already running ZooKeeper ensemble to TLS without downtime
by taking advantage of port unification functionality.</p>
+</code></pre><p><a
name="Upgrading+existing+nonTLS+cluster"></a></p><h4>Upgrading existing non-TLS
cluster with no downtime</h4><p><em>New in 3.5.5</em></p><p>Here are the steps
needed to upgrade an already running ZooKeeper ensemble to TLS without downtime
by taking advantage of port unification functionality.</p>
<ol>
<li><p>Create the necessary keystores and truststores for all ZK
participants as described in the previous section</p></li>
<li><p>Add the following config settings and restart the first node</p></li>
-</ol><p><code>
-sslQuorum=false
+</ol>
+<pre><code>sslQuorum=false
portUnification=true
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
ssl.quorum.keyStore.location=/path/to/keystore.jks
ssl.quorum.keyStore.password=password
ssl.quorum.trustStore.location=/path/to/truststore.jks
ssl.quorum.trustStore.password=password
-</code></p><p>Note that TLS is not yet enabled, but we turn on port
unification.</p>
+</code></pre><p>Note that TLS is not yet enabled, but we turn on port
unification.</p>
<ol>
<li>Repeat step #2 on the remaining nodes. Verify that you see the following
entries in the logs:</li>
-</ol><p><code>
-INFO [main:QuorumPeer@1791] - Using insecure (non-TLS) quorum communication
+</ol>
+<pre><code>INFO [main:QuorumPeer@1791] - Using insecure (non-TLS) quorum
communication
INFO [main:QuorumPeer@1797] - Port unification enabled
...
INFO [QuorumPeerListener:QuorumCnxManager$Listener@874] - Creating
TLS-enabled quorum server socket
-</code></p><p>You should also double check after each node restart that the
quorum become healthy again.</p>
+</code></pre><p>You should also double check after each node restart that the
quorum become healthy again.</p>
<ol>
<li>Enable Quorum TLS on each node and do rolling restart:</li>
-</ol><p><code>
-sslQuorum=true
+</ol>
+<pre><code>sslQuorum=true
portUnification=true
-</code></p>
+</code></pre>
<ol>
<li>Once you verified that your entire ensemble is running on TLS, you could
disable port unification and do another rolling restart</li>
-</ol><p><code>
-sslQuorum=true
+</ol>
+<pre><code>sslQuorum=true
portUnification=false
-</code> </p><p><a name="sc_zkCommands"></a></p><h3>ZooKeeper
Commands</h3><p><a name="sc_4lw"></a></p><h4>The Four Letter
Words</h4><p>ZooKeeper responds to a small set of commands. Each command is
composed of four letters. You issue the commands to ZooKeeper via telnet or nc,
at the client port.</p><p>Three of the more interesting commands: "stat" gives
some general information about the server and connected clients, while "srvr"
and "cons" give extended details on server and connection [...]
+</code></pre><p><a name="sc_zkCommands"></a></p><h3>ZooKeeper
Commands</h3><p><a name="sc_4lw"></a></p><h4>The Four Letter
Words</h4><p>ZooKeeper responds to a small set of commands. Each command is
composed of four letters. You issue the commands to ZooKeeper via telnet or nc,
at the client port.</p><p>Three of the more interesting commands: "stat" gives
some general information about the server and connected clients, while "srvr"
and "cons" give extended details on server and connectio [...]
<ul>
<li><p><em>conf</em> : <strong>New in 3.3.0:</strong> Print details about
serving configuration.</p></li>
<li><p><em>cons</em> : <strong>New in 3.3.0:</strong> List full
connection/session details for all clients connected to this server. Includes
information on numbers of packets received/sent, session id, operation
latencies, last operation performed, etc...</p></li>
@@ -656,4 +653,4 @@ Recovery file log.100000001.fixed has been written with 1
fixed CRC error(s)
<div id="logos"></div>
</div>
</body>
-</html>
\ No newline at end of file
+</html>
diff --git a/src/main/resources/markdown/releases.md
b/src/main/resources/markdown/releases.md
index da3853d..a8dad34 100644
--- a/src/main/resources/markdown/releases.md
+++ b/src/main/resources/markdown/releases.md
@@ -55,6 +55,13 @@ It contains 950 commits, resolves 744 issues, fixes 470 bugs
and includes the fo
Various performance and stability improvements.
+Please also note:
+
+* Minimum recommended JDK version is now 1.8
+* Release artifacts have been changed considerably to be more Apache and Maven
friendly:
+ * apache-zookeeper-X.Y.Z.tar.gz is standard source-only release,
+ * apache-zookeeper-X.Y.Z-bin.tar.gz is the convenience tarball which
contains the binaries
+
Thanks to the contributors for their tremendous efforts to make this release
happen.
See [ZooKeeper 3.5.5 Release
Notes](https://zookeeper.apache.org/doc/r3.5.5/releasenotes.html) for details.
