Re: Need help installing Zookeeper service in Ubuntu 16.04

2018-04-11 Thread Gregorius Soedharmo 
Shawn, Norbert,

Thanks for the advice, I'll give it a go.


On Wed, Apr 11, 2018 at 4:37 PM, Norbert Kalmar 
wrote:

> Hi Greg,
>
> I second Shawn, can you try by installing the current supported package, ZK
> 3.4.8 on ubuntu 16.04?
> End of April the new LTS Ubuntu should be released (see
> https://wiki.ubuntu.com/BionicBeaver/ReleaseSchedule), which has the
> 3.4.10
> zookeeper version (https://packages.ubuntu.com/bionic/zookeeper).
> You could upgrade then.
>
> Best regards,
> Norbert
>
> On Wed, Apr 11, 2018 at 4:09 AM, Shawn Heisey  wrote:
>
> > On 4/10/2018 7:43 PM, Gregorius Soedharmo wrote:
> >
> >> Thank you for your help, but unfortunately, it all sounds gibberish to
> me.
> >> As stated in the stack exchange question, I'm a complete Linux newbie
> that
> >> couldn't even properly install a piece of software in Ubuntu. I did
> >> include
> >> all of my efforts so far in the question.
> >>
> >> Do you think it is best to scrap it and try a different installation
> >> approach instead?
> >>
> >
> > Unless you're absolutely certain that you need a new feature only
> > available in 3.4.9 or newer, I would just run "apt-get install zookeeper"
> > and use the 3.4.8 version provided by Ubuntu.  I do not know where that
> > package will install its configuration, but it probably won't be all that
> > hard to find.
> >
> > It is likely that some of the bug fixes from later versions have been
> > incorporated into the debian/ubuntu package by the people who maintain
> that
> > package.  Usually new functionality is not backported, but bug fixes
> often
> > are.
> >
> > Thanks,
> > Shawn
> >
> >
>

Re: Client-Server authentication with DIGEST-MD5

2018-04-11 Thread Martin Gainty 




From: Remi Serrano 
Sent: Wednesday, April 11, 2018 6:02 AM
To: user@zookeeper.apache.org
Subject: RE: Client-Server authentication with DIGEST-MD5

Perfect. Thanks Enrico. It is the 'setAcl /  ' that I was missing.

Rémi

MG>DIGEST acl would need to be added prior to set (as the doc suggests)
MG>Note this is NOT sasl
addAcl / digest:user:tpUq/4Pn5A64fVZyQ0gOJ8ZWqkY=:cdrwa
MG>https://cwiki.apache.org/confluence/display/ZOOKEEPER/Client-Server+mutual+authenticatio

MG>the other way is to CREATE ACL in setACL and then reference the createdACL 
as 2nd param

zookeeper.setACL(
'/test/demo',
[
new zookeeper.ACL(
zookeeeper.Permission.ADMIN,
new zookeeper.Id('ip', '127.0.0.1')
)
]

MG>question is how could setACL be applied to root if ACL was not previous 
created?


-Message d'origine-
De : Enrico Olivelli [mailto:eolive...@gmail.com]
Envoyé : Wednesday, April 11, 2018 11:12
À : UserZooKeeper 
Objet : Re: Client-Server authentication with DIGEST-MD5

2018-04-11 11:08 GMT+02:00 Remi Serrano :

> Thank you very much Enrico,
>
> So let's move at ACL level. If I create a new node as :
>
> Create /mynode content sasl:myuser:mydigest:crdwa
>
> Indeed only the authenticated myuser is able to READ /mynode... BUT
> any other non authenticated user can DELETE the node. How can I prevent this ?
> I Could not find explicit solution in the doc.
>


I am not sure but I think that in order to prevent deletion you have to set 
ACLs on the parent, in this case '/', and I don't know if is is possible.
If a node has children it cannot be deleted, so maybe the solution for you is 
to create a special "root" node, like /myapp and set ACLs on it and on every 
children.

This is actually what I am doing.
Hope that helps

Enrico



>
> Regards,
>
> Rémi
>
> -Message d'origine-
> De : Enrico Olivelli [mailto:eolive...@gmail.com] Envoyé : Tuesday,
> April 10, 2018 15:51 À : UserZooKeeper 
> Objet : Re: Client-Server authentication with DIGEST-MD5
>
> 2018-04-10 15:22 GMT+02:00 Remi Serrano :
>
> > Hello
> >
> > I'm trying to secure my ZK cluster. To do so I'm trying to leverage
> > both
> :
> > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwi
> > ki
> > .apache.org%2Fconfluence%2Fdisplay%2FZOOKEEPER%2F=02%7C01%7Crse
> > rr
> > ano%40pros.com%7Cb7666ab58a2b4380d6a108d59eea2387%7C094cfb7ad1314637
> > 90
> > 47e339e7d04359%7C0%7C0%7C636589650815046832=kKnxsghiwmRKgCdwTZ
> > XV
> > 88thlMICx%2BF8Ha38ESUW9Zc%3D=0
> > Server-Server+mutual+authentication
> > and
> > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwi
> > ki
> > .apache.org%2Fconfluence%2Fdisplay%2FZOOKEEPER%2F=02%7C01%7Crse
> > rr
> > ano%40pros.com%7Cb7666ab58a2b4380d6a108d59eea2387%7C094cfb7ad1314637
> > 90
> > 47e339e7d04359%7C0%7C0%7C636589650815046832=kKnxsghiwmRKgCdwTZ
> > XV
> > 88thlMICx%2BF8Ha38ESUW9Zc%3D=0
> > Client-Server+mutual+authentication
> >
> > The Server to Server works fine. However, the Client to Server seems
> > to be useless as here is the behavior I get :
> >
> >   *   Client using a declared user on the server + good password CAN
> > connect
> >   *   Client using a declared user on the server + bad password CANNOT
> > connect
> >   *   Client using a non  declared user on the Server CANNOT connect
> > so far so good... but :
> >
> >   *   Client using NO user at all CAN connect !!!
> >
>
>
> This is expected. Client auth is mostly used together with ACLs,
> otherwise AFAIK is pretty useless in ZK.
>
> Please not that MD5 is not "secure" at all, and consider using
> SASL/Kerberos for a production environment.
>
> Cheers
> Enrico
>
>
> >
> > Any hint ?
> >
> >
>

RE: Client-Server authentication with DIGEST-MD5

2018-04-11 Thread Remi Serrano 
Perfect. Thanks Enrico. It is the 'setAcl /  ' that I was missing.

Rémi


-Message d'origine-
De : Enrico Olivelli [mailto:eolive...@gmail.com] 
Envoyé : Wednesday, April 11, 2018 11:12
À : UserZooKeeper 
Objet : Re: Client-Server authentication with DIGEST-MD5

2018-04-11 11:08 GMT+02:00 Remi Serrano :

> Thank you very much Enrico,
>
> So let's move at ACL level. If I create a new node as :
>
> Create /mynode content sasl:myuser:mydigest:crdwa
>
> Indeed only the authenticated myuser is able to READ /mynode... BUT 
> any other non authenticated user can DELETE the node. How can I prevent this ?
> I Could not find explicit solution in the doc.
>


I am not sure but I think that in order to prevent deletion you have to set 
ACLs on the parent, in this case '/', and I don't know if is is possible.
If a node has children it cannot be deleted, so maybe the solution for you is 
to create a special "root" node, like /myapp and set ACLs on it and on every 
children.

This is actually what I am doing.
Hope that helps

Enrico



>
> Regards,
>
> Rémi
>
> -Message d'origine-
> De : Enrico Olivelli [mailto:eolive...@gmail.com] Envoyé : Tuesday, 
> April 10, 2018 15:51 À : UserZooKeeper  
> Objet : Re: Client-Server authentication with DIGEST-MD5
>
> 2018-04-10 15:22 GMT+02:00 Remi Serrano :
>
> > Hello
> >
> > I'm trying to secure my ZK cluster. To do so I'm trying to leverage 
> > both
> :
> > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwi
> > ki 
> > .apache.org%2Fconfluence%2Fdisplay%2FZOOKEEPER%2F=02%7C01%7Crse
> > rr
> > ano%40pros.com%7Cb7666ab58a2b4380d6a108d59eea2387%7C094cfb7ad1314637
> > 90 
> > 47e339e7d04359%7C0%7C0%7C636589650815046832=kKnxsghiwmRKgCdwTZ
> > XV
> > 88thlMICx%2BF8Ha38ESUW9Zc%3D=0
> > Server-Server+mutual+authentication
> > and
> > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwi
> > ki 
> > .apache.org%2Fconfluence%2Fdisplay%2FZOOKEEPER%2F=02%7C01%7Crse
> > rr
> > ano%40pros.com%7Cb7666ab58a2b4380d6a108d59eea2387%7C094cfb7ad1314637
> > 90 
> > 47e339e7d04359%7C0%7C0%7C636589650815046832=kKnxsghiwmRKgCdwTZ
> > XV
> > 88thlMICx%2BF8Ha38ESUW9Zc%3D=0
> > Client-Server+mutual+authentication
> >
> > The Server to Server works fine. However, the Client to Server seems 
> > to be useless as here is the behavior I get :
> >
> >   *   Client using a declared user on the server + good password CAN
> > connect
> >   *   Client using a declared user on the server + bad password CANNOT
> > connect
> >   *   Client using a non  declared user on the Server CANNOT connect
> > so far so good... but :
> >
> >   *   Client using NO user at all CAN connect !!!
> >
>
>
> This is expected. Client auth is mostly used together with ACLs, 
> otherwise AFAIK is pretty useless in ZK.
>
> Please not that MD5 is not "secure" at all, and consider using 
> SASL/Kerberos for a production environment.
>
> Cheers
> Enrico
>
>
> >
> > Any hint ?
> >
> >
>

RE: stable 3.5 release

2018-04-11 Thread Remi Serrano 
Thanks Andor !

-Message d'origine-
De : Andor Molnar [mailto:an...@cloudera.com] 
Envoyé : Wednesday, April 11, 2018 11:17
À : user@zookeeper.apache.org
Objet : Re: stable 3.5 release

The optimistic answer is couple of months I would say.
But given that how reluctant the community is these days, I'm afraid of being 
too optimistic.

Anyway I think this is very important and valuable for the users, therefore 
I'll make every effort to get it out as soon as possible. Will see how it goes.

Regards,
Andor





On Wed, Apr 11, 2018 at 9:44 AM, Remi Serrano  wrote:

> Thank you very much Andor.
> Just to have an estimate, are we talking couple of weeks ?  couple of 
> months ? or probably more than 3 months ?
>
> Thanks
>
> Rémi
>
> -Message d'origine-
> De : Andor Molnar [mailto:an...@cloudera.com] Envoyé : Tuesday, April 
> 10, 2018 17:35 À : user@zookeeper.apache.org Objet : Re: stable 3.5 
> release
>
> Hi Remi / Ansel,
>
> We have a quite impressive list of blockers to get out of the way:
>
> https://na01.safelinks.protection.outlook.com/?url=
> https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FZOOKEEPER-1549%3Ffil
> ter% 3D12343244=02%7C01%7Crserrano%40pros.com%
> 7C40524549c0af49856e4308d59ef8a24a%7C094cfb7ad13146379047e339e7d0
> 4359%7C0%7C0%7C636589713067158062=EPudToyCNDaDB4Avg7SC9LFMfgbbhN
> W5q4kMmFbK%2F0Q%3D=0
>
> Additionally we have to get the following PRs merged:
>
> https://na01.safelinks.protection.outlook.com/?url=
> https%3A%2F%2Fgithub.com%2Fapache%2Fzookeeper%2Fpull%
> 2F377=02%7C01%7Crserrano%40pros.com%7C40524549c0af49856e4308d59ef
> 8 a24a%7C094cfb7ad13146379047e339e7d04359%7C0%7C0%
> 7C636589713067158062=aZjNc5uks6yWMPPksZzBOjX7yt9b3V
> bMB4e06rpKvPg%3D=0
> https://na01.safelinks.protection.outlook.com/?url=
> https%3A%2F%2Fgithub.com%2Fapache%2Fzookeeper%2Fpull%
> 2F184=02%7C01%7Crserrano%40pros.com%7C40524549c0af49856e4308d59ef
> 8 a24a%7C094cfb7ad13146379047e339e7d04359%7C0%7C0%
> 7C636589713067158062=Z2qGgfBye9Z4%2FqL9CVN3n%
> 2F2iQc6IU4MSAyxnjGQKDhs%3D=0
>
> Personally, I'm working on getting it released as soon as possible, 
> but presumably this won't happen tomorrow.
>
> Regards,
> Andor
>
>
>
>
> On Tue, Apr 10, 2018 at 10:40 AM, Ansel Zandegran < 
> ansel.zandeg...@infor.com
> > wrote:
>
> > Yes please, If anyone knows.
> >
> > // Ansel
> >
> > > On 10 Apr 2018, at 10:04, Remi Serrano  wrote:
> > >
> > > Hello,
> > >
> > > Does anyone know when will be released the stable 3.5 version ?
> > >
> > > Rémi
> > >
> >
> >
>

Re: Need help installing Zookeeper service in Ubuntu 16.04

2018-04-11 Thread Norbert Kalmar 
Hi Greg,

I second Shawn, can you try by installing the current supported package, ZK
3.4.8 on ubuntu 16.04?
End of April the new LTS Ubuntu should be released (see
https://wiki.ubuntu.com/BionicBeaver/ReleaseSchedule), which has the 3.4.10
zookeeper version (https://packages.ubuntu.com/bionic/zookeeper).
You could upgrade then.

Best regards,
Norbert

On Wed, Apr 11, 2018 at 4:09 AM, Shawn Heisey  wrote:

> On 4/10/2018 7:43 PM, Gregorius Soedharmo wrote:
>
>> Thank you for your help, but unfortunately, it all sounds gibberish to me.
>> As stated in the stack exchange question, I'm a complete Linux newbie that
>> couldn't even properly install a piece of software in Ubuntu. I did
>> include
>> all of my efforts so far in the question.
>>
>> Do you think it is best to scrap it and try a different installation
>> approach instead?
>>
>
> Unless you're absolutely certain that you need a new feature only
> available in 3.4.9 or newer, I would just run "apt-get install zookeeper"
> and use the 3.4.8 version provided by Ubuntu.  I do not know where that
> package will install its configuration, but it probably won't be all that
> hard to find.
>
> It is likely that some of the bug fixes from later versions have been
> incorporated into the debian/ubuntu package by the people who maintain that
> package.  Usually new functionality is not backported, but bug fixes often
> are.
>
> Thanks,
> Shawn
>
>

Re: stable 3.5 release

2018-04-11 Thread Andor Molnar 
The optimistic answer is couple of months I would say.
But given that how reluctant the community is these days, I'm afraid of
being too optimistic.

Anyway I think this is very important and valuable for the users, therefore
I'll make every effort to get it out as soon as possible. Will see how it
goes.

Regards,
Andor





On Wed, Apr 11, 2018 at 9:44 AM, Remi Serrano  wrote:

> Thank you very much Andor.
> Just to have an estimate, are we talking couple of weeks ?  couple of
> months ? or probably more than 3 months ?
>
> Thanks
>
> Rémi
>
> -Message d'origine-
> De : Andor Molnar [mailto:an...@cloudera.com]
> Envoyé : Tuesday, April 10, 2018 17:35
> À : user@zookeeper.apache.org
> Objet : Re: stable 3.5 release
>
> Hi Remi / Ansel,
>
> We have a quite impressive list of blockers to get out of the way:
>
> https://na01.safelinks.protection.outlook.com/?url=
> https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FZOOKEEPER-1549%3Ffilter%
> 3D12343244=02%7C01%7Crserrano%40pros.com%
> 7C40524549c0af49856e4308d59ef8a24a%7C094cfb7ad13146379047e339e7d0
> 4359%7C0%7C0%7C636589713067158062=EPudToyCNDaDB4Avg7SC9LFMfgbbhN
> W5q4kMmFbK%2F0Q%3D=0
>
> Additionally we have to get the following PRs merged:
>
> https://na01.safelinks.protection.outlook.com/?url=
> https%3A%2F%2Fgithub.com%2Fapache%2Fzookeeper%2Fpull%
> 2F377=02%7C01%7Crserrano%40pros.com%7C40524549c0af49856e4308d59ef8
> a24a%7C094cfb7ad13146379047e339e7d04359%7C0%7C0%
> 7C636589713067158062=aZjNc5uks6yWMPPksZzBOjX7yt9b3V
> bMB4e06rpKvPg%3D=0
> https://na01.safelinks.protection.outlook.com/?url=
> https%3A%2F%2Fgithub.com%2Fapache%2Fzookeeper%2Fpull%
> 2F184=02%7C01%7Crserrano%40pros.com%7C40524549c0af49856e4308d59ef8
> a24a%7C094cfb7ad13146379047e339e7d04359%7C0%7C0%
> 7C636589713067158062=Z2qGgfBye9Z4%2FqL9CVN3n%
> 2F2iQc6IU4MSAyxnjGQKDhs%3D=0
>
> Personally, I'm working on getting it released as soon as possible, but
> presumably this won't happen tomorrow.
>
> Regards,
> Andor
>
>
>
>
> On Tue, Apr 10, 2018 at 10:40 AM, Ansel Zandegran <
> ansel.zandeg...@infor.com
> > wrote:
>
> > Yes please, If anyone knows.
> >
> > // Ansel
> >
> > > On 10 Apr 2018, at 10:04, Remi Serrano  wrote:
> > >
> > > Hello,
> > >
> > > Does anyone know when will be released the stable 3.5 version ?
> > >
> > > Rémi
> > >
> >
> >
>

Re: Client-Server authentication with DIGEST-MD5

2018-04-11 Thread Enrico Olivelli 
2018-04-11 11:08 GMT+02:00 Remi Serrano :

> Thank you very much Enrico,
>
> So let's move at ACL level. If I create a new node as :
>
> Create /mynode content sasl:myuser:mydigest:crdwa
>
> Indeed only the authenticated myuser is able to READ /mynode... BUT any
> other non authenticated user can DELETE the node. How can I prevent this ?
> I Could not find explicit solution in the doc.
>


I am not sure but I think that in order to prevent deletion you have to set
ACLs on the parent, in this case '/', and I don't know if is is possible.
If a node has children it cannot be deleted, so maybe the solution for you
is to create a special "root" node, like
/myapp and set ACLs on it and on every children.

This is actually what I am doing.
Hope that helps

Enrico



>
> Regards,
>
> Rémi
>
> -Message d'origine-
> De : Enrico Olivelli [mailto:eolive...@gmail.com]
> Envoyé : Tuesday, April 10, 2018 15:51
> À : UserZooKeeper 
> Objet : Re: Client-Server authentication with DIGEST-MD5
>
> 2018-04-10 15:22 GMT+02:00 Remi Serrano :
>
> > Hello
> >
> > I'm trying to secure my ZK cluster. To do so I'm trying to leverage both
> :
> > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki
> > .apache.org%2Fconfluence%2Fdisplay%2FZOOKEEPER%2F=02%7C01%7Crserr
> > ano%40pros.com%7Cb7666ab58a2b4380d6a108d59eea2387%7C094cfb7ad131463790
> > 47e339e7d04359%7C0%7C0%7C636589650815046832=kKnxsghiwmRKgCdwTZXV
> > 88thlMICx%2BF8Ha38ESUW9Zc%3D=0
> > Server-Server+mutual+authentication
> > and
> > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki
> > .apache.org%2Fconfluence%2Fdisplay%2FZOOKEEPER%2F=02%7C01%7Crserr
> > ano%40pros.com%7Cb7666ab58a2b4380d6a108d59eea2387%7C094cfb7ad131463790
> > 47e339e7d04359%7C0%7C0%7C636589650815046832=kKnxsghiwmRKgCdwTZXV
> > 88thlMICx%2BF8Ha38ESUW9Zc%3D=0
> > Client-Server+mutual+authentication
> >
> > The Server to Server works fine. However, the Client to Server seems
> > to be useless as here is the behavior I get :
> >
> >   *   Client using a declared user on the server + good password CAN
> > connect
> >   *   Client using a declared user on the server + bad password CANNOT
> > connect
> >   *   Client using a non  declared user on the Server CANNOT connect
> > so far so good... but :
> >
> >   *   Client using NO user at all CAN connect !!!
> >
>
>
> This is expected. Client auth is mostly used together with ACLs, otherwise
> AFAIK is pretty useless in ZK.
>
> Please not that MD5 is not "secure" at all, and consider using
> SASL/Kerberos for a production environment.
>
> Cheers
> Enrico
>
>
> >
> > Any hint ?
> >
> >
>

RE: Client-Server authentication with DIGEST-MD5

2018-04-11 Thread Remi Serrano 
Thank you very much Enrico,

So let's move at ACL level. If I create a new node as : 

Create /mynode content sasl:myuser:mydigest:crdwa

Indeed only the authenticated myuser is able to READ /mynode... BUT any other 
non authenticated user can DELETE the node. How can I prevent this ?  I Could 
not find explicit solution in the doc. 

Regards,

Rémi

-Message d'origine-
De : Enrico Olivelli [mailto:eolive...@gmail.com] 
Envoyé : Tuesday, April 10, 2018 15:51
À : UserZooKeeper 
Objet : Re: Client-Server authentication with DIGEST-MD5

2018-04-10 15:22 GMT+02:00 Remi Serrano :

> Hello
>
> I'm trying to secure my ZK cluster. To do so I'm trying to leverage both :
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki
> .apache.org%2Fconfluence%2Fdisplay%2FZOOKEEPER%2F=02%7C01%7Crserr
> ano%40pros.com%7Cb7666ab58a2b4380d6a108d59eea2387%7C094cfb7ad131463790
> 47e339e7d04359%7C0%7C0%7C636589650815046832=kKnxsghiwmRKgCdwTZXV
> 88thlMICx%2BF8Ha38ESUW9Zc%3D=0
> Server-Server+mutual+authentication
> and
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki
> .apache.org%2Fconfluence%2Fdisplay%2FZOOKEEPER%2F=02%7C01%7Crserr
> ano%40pros.com%7Cb7666ab58a2b4380d6a108d59eea2387%7C094cfb7ad131463790
> 47e339e7d04359%7C0%7C0%7C636589650815046832=kKnxsghiwmRKgCdwTZXV
> 88thlMICx%2BF8Ha38ESUW9Zc%3D=0
> Client-Server+mutual+authentication
>
> The Server to Server works fine. However, the Client to Server seems 
> to be useless as here is the behavior I get :
>
>   *   Client using a declared user on the server + good password CAN
> connect
>   *   Client using a declared user on the server + bad password CANNOT
> connect
>   *   Client using a non  declared user on the Server CANNOT connect
> so far so good... but :
>
>   *   Client using NO user at all CAN connect !!!
>


This is expected. Client auth is mostly used together with ACLs, otherwise 
AFAIK is pretty useless in ZK.

Please not that MD5 is not "secure" at all, and consider using SASL/Kerberos 
for a production environment.

Cheers
Enrico


>
> Any hint ?
>
>

RE: stable 3.5 release

2018-04-11 Thread Remi Serrano 
Thank you very much Andor.
Just to have an estimate, are we talking couple of weeks ?  couple of months ? 
or probably more than 3 months ?  

Thanks 

Rémi

-Message d'origine-
De : Andor Molnar [mailto:an...@cloudera.com] 
Envoyé : Tuesday, April 10, 2018 17:35
À : user@zookeeper.apache.org
Objet : Re: stable 3.5 release

Hi Remi / Ansel,

We have a quite impressive list of blockers to get out of the way:

https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FZOOKEEPER-1549%3Ffilter%3D12343244=02%7C01%7Crserrano%40pros.com%7C40524549c0af49856e4308d59ef8a24a%7C094cfb7ad13146379047e339e7d04359%7C0%7C0%7C636589713067158062=EPudToyCNDaDB4Avg7SC9LFMfgbbhNW5q4kMmFbK%2F0Q%3D=0

Additionally we have to get the following PRs merged:

https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fzookeeper%2Fpull%2F377=02%7C01%7Crserrano%40pros.com%7C40524549c0af49856e4308d59ef8a24a%7C094cfb7ad13146379047e339e7d04359%7C0%7C0%7C636589713067158062=aZjNc5uks6yWMPPksZzBOjX7yt9b3VbMB4e06rpKvPg%3D=0
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fzookeeper%2Fpull%2F184=02%7C01%7Crserrano%40pros.com%7C40524549c0af49856e4308d59ef8a24a%7C094cfb7ad13146379047e339e7d04359%7C0%7C0%7C636589713067158062=Z2qGgfBye9Z4%2FqL9CVN3n%2F2iQc6IU4MSAyxnjGQKDhs%3D=0

Personally, I'm working on getting it released as soon as possible, but 
presumably this won't happen tomorrow.

Regards,
Andor




On Tue, Apr 10, 2018 at 10:40 AM, Ansel Zandegran  wrote:

> Yes please, If anyone knows.
>
> // Ansel
>
> > On 10 Apr 2018, at 10:04, Remi Serrano  wrote:
> >
> > Hello,
> >
> > Does anyone know when will be released the stable 3.5 version ?
> >
> > Rémi
> >
>
>

RE: IllegalStateException: instance must be started before calling this method

2018-04-11 Thread VALLASTER Stefan 
Hi,

getting back to this topic in more detail. The container meant here is a normal 
Java VM running a specific middleware which offers a "container" concept. It 
has nothing to do with docker.

The config is read from disc.

Best regards
Stefan

-Original Message-
From: Yuval Dori [mailto:yuval.d...@gigaspaces.com] 
Sent: Dienstag, 10. April 2018 14:34
To: user@zookeeper.apache.org
Cc: LEONHARTSBERGER Stefan
Subject: Re: IllegalStateException: instance must be started before calling 
this method

Hi,

I have answered the following at March 26:

Hi Martin,

Not in a Docker. We are using the word container for one of our services.

Thanks,

Yuval




> On Apr 10, 2018, at 2:40 PM, Martin Gainty  wrote:
> 
> MG>waiting for Yuval to answer:
> 
> 
> in docker  container?
> if so how do you resolve hosts (.hosts file, kubernetes, swarm)?
> 
> 
> MG>?
> 
> 
> From: VALLASTER Stefan 
> Sent: Tuesday, April 10, 2018 4:46 AM
> To: user@zookeeper.apache.org
> Subject: RE: IllegalStateException: instance must be started before calling 
> this method
> 
> How can we get this topic forward again? It seems the mail thread is 
> currently stalled for no obvious reason. Anyone willing to help us out here 
> again?
> 
> Best regards
> Stefan
> 
> -Original Message-
> From: Martin Gainty [mailto:mgai...@hotmail.com]
> Sent: Sonntag, 25. März 2018 22:58
> To: user@zookeeper.apache.org
> Subject: Re: IllegalStateException: instance must be started before calling 
> this method
> 
> 
> 
> in docker  container?
> 
> if so how do you resolve hosts (.hosts file, kubernetes, swarm)?
> 
> M
> 
> From: Yuval Dori 
> Sent: Sunday, March 25, 2018 5:34 AM
> To: user@zookeeper.apache.org
> Cc: Yuval Dori
> Subject: IllegalStateException: instance must be started before calling this 
> method
> 
> Hi,
> 
> Our customer is using ZK 3.4.3 and got IllegalStateException: instance must 
> be started before calling this method
> 
> 
> with the following stack trace:
> 2018-02-15T09:58:12.094+0100; ERROR; WSOSTSLXWIT01/MANAGER; P3424/T194; 
> [SPACE/LearnerHandler-/10.17.46.142:49336/LearnerHandler];
>  Unexpected exception causing shutdown while sock still open
> java.net.SocketTimeoutException: Read timed out
> at java.net.SocketInputStream.socketRead0(Native Method)
> at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
> at java.net.SocketInputStream.read(SocketInputStream.java:171)
> at java.net.SocketInputStream.read(SocketInputStream.java:141)
> at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
> at java.io.BufferedInputStream.read(BufferedInputStream.java:265)
> at java.io.DataInputStream.readInt(DataInputStream.java:387)
> at org.apache.jute.BinaryInputArchive.readInt(BinaryInputArchive.java:63)
> at 
> org.apache.zookeeper.server.quorum.QuorumPacket.deserialize(QuorumPacket.java:83)
> at org.apache.jute.BinaryInputArchive.readRecord(BinaryInputArchive.java:99)
> at 
> org.apache.zookeeper.server.quorum.LearnerHandler.run(LearnerHandler.java:542)
> 
> 
> This is the description:
> 
> At first ps-main.1 is started as primary on WSOSTSLXBMS01 GSC 3.
> 
> 24.01.2018 11:31:04,947 +01:00 INFO WSOSTSLXBMS01/GSC/3 P1280/T120 
> SPACE/Curator-LeaderSelector-0/1 Space instance is Primary
> 
> After some relocation of ps-main instances a new backup instance is started 
> on the same GSC.
> 
> 24.01.2018 11:32:59,886 +01:00 INFO WSOSTSLXBMS01/GSC/3 P1280/T146 
> SPACE/GS-LRMI Connection-pool-1-thread-6/1 Space instance [ 
> frqMain_container1:frqMain ] has been selected as Backup
> 
> Later a failover test is performed by shutting down WSOSTSLXBMS02 and 
> WSOSTSLXMSS02.
> We would expect that ps-main.1 backup will be elected as primary because the 
> former primary was located at WSOSTSLXBMS02 but no election happend. In the 
> end in the whole cluster there was no primary of ps-main.1 running.
> 
> We found suspicious exception in the logs:
> 24.01.2018 11:32:44,987 +01:00 INFO WSOSTSLXBMS01/GSC/3 P1280/T120 
> SPACE/Curator-LeaderSelector-0/frqMain_container1:frqMain Lost leadership 
> [sessionId=0x36128253b820001]
> 24.01.2018 11:32:44,987 +01:00 INFO WSOSTSLXBMS01/GSC/3 P1280/T98 
> SPACE/Curator-Framework-0/CuratorFrameworkImpl backgroundOperationsLoop 
> exiting
> 24.01.2018 11:32:44,990 +01:00 INFO WSOSTSLXBMS01/GSC/3 P1280/T120 
> SPACE/Curator-LeaderSelector-0/1 Quiesce state set to SUSPENDED
> 24.01.2018 11:32:44,991 +01:00 INFO WSOSTSLXBMS01/GSC/3 P1280/T24 
> SPACE/GS-LRMI Connection-pool-1-thread-1/ZooKeeper Session: 0x36128253b820001 
> closed
> 24.01.2018 11:32:44,991 +01:00 ERROR WSOSTSLXBMS01/GSC/3 P1280/T120 
> SPACE/Curator-LeaderSelector-0/LeaderSelector The leader threw an exception
> 24.01.2018 11:32:44,991 +01:00 ERROR WSOSTSLXBMS01/GSC/3 P1280/T120 
>