[ https://issues.apache.org/jira/browse/ZOOKEEPER-3516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17823537#comment-17823537 ]
Angelo Polo commented on ZOOKEEPER-3516: ---------------------------------------- The JMX remote access file expects a username followed by an access level. So instead of just "readwrite", this file should contain a line like: {code:java} someusername readwrite {code} where "someusername" should be replaced with whatever username is defined in the JMX remote password file. > Zookeeper not working with enabling ssl and remote authentication > ----------------------------------------------------------------- > > Key: ZOOKEEPER-3516 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3516 > Project: ZooKeeper > Issue Type: Bug > Components: jmx > Affects Versions: 3.4.8 > Reporter: Rohit Singh > Priority: Major > > > {code:java} > -Dcom.sun.management.jmxremote.authenticate=true > -Dcom.sun.management.jmxremote.port=9992 > -Dcom.sun.management.jmxremote.rmi.port=9993 > -Dcom.sun.management.jmxremote.password.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-password > > -Dcom.sun.management.jmxremote.access.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-access > -Dcom.sun.management.jmxremote.ssl=true > -Djavax.net.ssl.keyStore=/opt/zookeeper/certificate.ks > -Djavax.net.ssl.keyStorePassword=YmM1NTkwZTVlZDg0 > -Djavax.net.ssl.trustStore=/opt/zookeeper/serviceCA.ts > -Djavax.net.ssl.trustStorePassword=YmM1NTkwZTVlZDg0 > -Dcom.sun.management.jmxremote.registry.ssl=true > -Dzookeeper.jmx.log4j.disable= -Djava.rmi.server.hostname=<hostname> > org.apache.zookeeper.server.quorum.QuorumPeerMain > {code} > When zookeeper is brought with above options following error is seen > {code:java} > Error: Exception thrown by the agent : java.lang.IllegalArgumentException: > Expected word at end of line [readwrite ] > {code} > However when Dcom.sun.management.jmxremote.authenticate=false is set to false > then zookeeper starts without any errors, but remote authentication is > disabled and ssl works. > {code:java} > -Dcom.sun.management.jmxremote.authenticate=false > -Dcom.sun.management.jmxremote.port=9992 > -Dcom.sun.management.jmxremote.rmi.port=9993 > -Dcom.sun.management.jmxremote.password.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-password > > -Dcom.sun.management.jmxremote.access.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-access > -Dcom.sun.management.jmxremote.ssl=true > -Djavax.net.ssl.keyStore=/opt/zookeeper/certificate.ks > -Djavax.net.ssl.keyStorePassword=YzJhZjIxN2Q2ODQ4 > -Djavax.net.ssl.trustStore=/opt/zookeeper/serviceCA.ts > -Djavax.net.ssl.trustStorePassword=YzJhZjIxN2Q2ODQ4 > -Dcom.sun.management.jmxremote.registry.ssl=true > -Dzookeeper.jmx.log4j.disable= -Djava.rmi.server.hostname=<hostname> > org.apache.zookeeper.server.quorum.QuorumPeerMain > {code} > Is this behavior expected. > > -- This message was sent by Atlassian Jira (v8.20.10#820010)