[jira] [Updated] (ZOOKEEPER-3516) Zookeeper not working with enabling ssl and remote authentication

Rohit Singh (Jira) Fri, 23 Aug 2019 13:46:38 -0700


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-3516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Rohit Singh updated ZOOKEEPER-3516:
-----------------------------------
    Description: 
 
{code:java}
-Dcom.sun.management.jmxremote.authenticate=true 
-Dcom.sun.management.jmxremote.port=9992 
-Dcom.sun.management.jmxremote.rmi.port=9993 
-Dcom.sun.management.jmxremote.password.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-password
 
-Dcom.sun.management.jmxremote.access.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-access
 -Dcom.sun.management.jmxremote.ssl=true 
-Djavax.net.ssl.keyStore=/opt/zookeeper/certificate.ks 
-Djavax.net.ssl.keyStorePassword=YmM1NTkwZTVlZDg0 
-Djavax.net.ssl.trustStore=/opt/zookeeper/serviceCA.ts 
-Djavax.net.ssl.trustStorePassword=YmM1NTkwZTVlZDg0 
-Dcom.sun.management.jmxremote.registry.ssl=true -Dzookeeper.jmx.log4j.disable= 
-Djava.rmi.server.hostname=<hostname> 
org.apache.zookeeper.server.quorum.QuorumPeerMain
{code}
When zookeeper is brought with above options following error is seen
{code:java}
Error: Exception thrown by the agent : java.lang.IllegalArgumentException: 
Expected word at end of line [readwrite ]
{code}
However when Dcom.sun.management.jmxremote.authenticate=false is set to false 
then zookeeper  starts without any errors, but remote authentication is 
disabled and ssl works.
{code:java}
-Dcom.sun.management.jmxremote.authenticate=false 
-Dcom.sun.management.jmxremote.port=9992 
-Dcom.sun.management.jmxremote.rmi.port=9993 
-Dcom.sun.management.jmxremote.password.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-password
 
-Dcom.sun.management.jmxremote.access.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-access
 -Dcom.sun.management.jmxremote.ssl=true 
-Djavax.net.ssl.keyStore=/opt/zookeeper/certificate.ks 
-Djavax.net.ssl.keyStorePassword=YzJhZjIxN2Q2ODQ4 
-Djavax.net.ssl.trustStore=/opt/zookeeper/serviceCA.ts 
-Djavax.net.ssl.trustStorePassword=YzJhZjIxN2Q2ODQ4 
-Dcom.sun.management.jmxremote.registry.ssl=true -Dzookeeper.jmx.log4j.disable= 
-Djava.rmi.server.hostname=<hostname> 
org.apache.zookeeper.server.quorum.QuorumPeerMain
{code}
Is this behavior expected. 

 

 

  was:
 
{code:java}
-Dcom.sun.management.jmxremote.authenticate=true 
-Dcom.sun.management.jmxremote.port=9992 
-Dcom.sun.management.jmxremote.rmi.port=9993 
-Dcom.sun.management.jmxremote.password.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-password
 
-Dcom.sun.management.jmxremote.access.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-access
 -Dcom.sun.management.jmxremote.ssl=false 
-Djavax.net.ssl.keyStore=/opt/zookeeper/certificate.ks 
-Djavax.net.ssl.keyStorePassword=YmM1NTkwZTVlZDg0 
-Djavax.net.ssl.trustStore=/opt/zookeeper/serviceCA.ts 
-Djavax.net.ssl.trustStorePassword=YmM1NTkwZTVlZDg0 
-Dcom.sun.management.jmxremote.registry.ssl=true -Dzookeeper.jmx.log4j.disable= 
-Djava.rmi.server.hostname=<hostname> 
org.apache.zookeeper.server.quorum.QuorumPeerMain
{code}
When zookeeper is brought with above options following error is seen
{code:java}
Error: Exception thrown by the agent : java.lang.IllegalArgumentException: 
Expected word at end of line [readwrite ]
{code}
However when Dcom.sun.management.jmxremote.authenticate=false is set to false 
then zookeeper  starts without any errors, but remote authentication is 
disabled and ssl works.
{code:java}
-Dcom.sun.management.jmxremote.authenticate=false 
-Dcom.sun.management.jmxremote.port=9992 
-Dcom.sun.management.jmxremote.rmi.port=9993 
-Dcom.sun.management.jmxremote.password.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-password
 
-Dcom.sun.management.jmxremote.access.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-access
 -Dcom.sun.management.jmxremote.ssl=false 
-Djavax.net.ssl.keyStore=/opt/zookeeper/certificate.ks 
-Djavax.net.ssl.keyStorePassword=YzJhZjIxN2Q2ODQ4 
-Djavax.net.ssl.trustStore=/opt/zookeeper/serviceCA.ts 
-Djavax.net.ssl.trustStorePassword=YzJhZjIxN2Q2ODQ4 
-Dcom.sun.management.jmxremote.registry.ssl=true -Dzookeeper.jmx.log4j.disable= 
-Djava.rmi.server.hostname=<hostname> 
org.apache.zookeeper.server.quorum.QuorumPeerMain
{code}
Is this behavior expected. 

 

 


> Zookeeper not working with enabling ssl and remote authentication
> -----------------------------------------------------------------
>
>                 Key: ZOOKEEPER-3516
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3516
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: jmx
>    Affects Versions: 3.4.8
>            Reporter: Rohit Singh
>            Priority: Major
>
>  
> {code:java}
> -Dcom.sun.management.jmxremote.authenticate=true 
> -Dcom.sun.management.jmxremote.port=9992 
> -Dcom.sun.management.jmxremote.rmi.port=9993 
> -Dcom.sun.management.jmxremote.password.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-password
>  
> -Dcom.sun.management.jmxremote.access.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-access
>  -Dcom.sun.management.jmxremote.ssl=true 
> -Djavax.net.ssl.keyStore=/opt/zookeeper/certificate.ks 
> -Djavax.net.ssl.keyStorePassword=YmM1NTkwZTVlZDg0 
> -Djavax.net.ssl.trustStore=/opt/zookeeper/serviceCA.ts 
> -Djavax.net.ssl.trustStorePassword=YmM1NTkwZTVlZDg0 
> -Dcom.sun.management.jmxremote.registry.ssl=true 
> -Dzookeeper.jmx.log4j.disable= -Djava.rmi.server.hostname=<hostname> 
> org.apache.zookeeper.server.quorum.QuorumPeerMain
> {code}
> When zookeeper is brought with above options following error is seen
> {code:java}
> Error: Exception thrown by the agent : java.lang.IllegalArgumentException: 
> Expected word at end of line [readwrite ]
> {code}
> However when Dcom.sun.management.jmxremote.authenticate=false is set to false 
> then zookeeper  starts without any errors, but remote authentication is 
> disabled and ssl works.
> {code:java}
> -Dcom.sun.management.jmxremote.authenticate=false 
> -Dcom.sun.management.jmxremote.port=9992 
> -Dcom.sun.management.jmxremote.rmi.port=9993 
> -Dcom.sun.management.jmxremote.password.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-password
>  
> -Dcom.sun.management.jmxremote.access.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-access
>  -Dcom.sun.management.jmxremote.ssl=true 
> -Djavax.net.ssl.keyStore=/opt/zookeeper/certificate.ks 
> -Djavax.net.ssl.keyStorePassword=YzJhZjIxN2Q2ODQ4 
> -Djavax.net.ssl.trustStore=/opt/zookeeper/serviceCA.ts 
> -Djavax.net.ssl.trustStorePassword=YzJhZjIxN2Q2ODQ4 
> -Dcom.sun.management.jmxremote.registry.ssl=true 
> -Dzookeeper.jmx.log4j.disable= -Djava.rmi.server.hostname=<hostname> 
> org.apache.zookeeper.server.quorum.QuorumPeerMain
> {code}
> Is this behavior expected. 
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

[jira] [Updated] (ZOOKEEPER-3516) Zookeeper not working with enabling ssl and remote authentication

Reply via email to