[jira] [Commented] (ZOOKEEPER-3516) Zookeeper not working with enabling ssl and remote authentication

Tue, 05 Mar 2024 02:25:33 -0800 


    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-3516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17823537#comment-17823537
 ] 

Angelo Polo commented on ZOOKEEPER-3516:
----------------------------------------

The JMX remote access file expects a username followed by an access level. So 
instead of just "readwrite", this file should contain a line like:
{code:java}
someusername readwrite
{code}
where "someusername" should be replaced with whatever username is defined in 
the JMX remote password file.

> Zookeeper not working with enabling ssl and remote authentication
> -----------------------------------------------------------------
>
>                 Key: ZOOKEEPER-3516
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3516
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: jmx
>    Affects Versions: 3.4.8
>            Reporter: Rohit Singh
>            Priority: Major
>
>  
> {code:java}
> -Dcom.sun.management.jmxremote.authenticate=true 
> -Dcom.sun.management.jmxremote.port=9992 
> -Dcom.sun.management.jmxremote.rmi.port=9993 
> -Dcom.sun.management.jmxremote.password.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-password
>  
> -Dcom.sun.management.jmxremote.access.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-access
>  -Dcom.sun.management.jmxremote.ssl=true 
> -Djavax.net.ssl.keyStore=/opt/zookeeper/certificate.ks 
> -Djavax.net.ssl.keyStorePassword=YmM1NTkwZTVlZDg0 
> -Djavax.net.ssl.trustStore=/opt/zookeeper/serviceCA.ts 
> -Djavax.net.ssl.trustStorePassword=YmM1NTkwZTVlZDg0 
> -Dcom.sun.management.jmxremote.registry.ssl=true 
> -Dzookeeper.jmx.log4j.disable= -Djava.rmi.server.hostname=<hostname> 
> org.apache.zookeeper.server.quorum.QuorumPeerMain
> {code}
> When zookeeper is brought with above options following error is seen
> {code:java}
> Error: Exception thrown by the agent : java.lang.IllegalArgumentException: 
> Expected word at end of line [readwrite ]
> {code}
> However when Dcom.sun.management.jmxremote.authenticate=false is set to false 
> then zookeeper  starts without any errors, but remote authentication is 
> disabled and ssl works.
> {code:java}
> -Dcom.sun.management.jmxremote.authenticate=false 
> -Dcom.sun.management.jmxremote.port=9992 
> -Dcom.sun.management.jmxremote.rmi.port=9993 
> -Dcom.sun.management.jmxremote.password.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-password
>  
> -Dcom.sun.management.jmxremote.access.file=/zookeeper/zookeeper-3.4.8/conf/jmxremote-access
>  -Dcom.sun.management.jmxremote.ssl=true 
> -Djavax.net.ssl.keyStore=/opt/zookeeper/certificate.ks 
> -Djavax.net.ssl.keyStorePassword=YzJhZjIxN2Q2ODQ4 
> -Djavax.net.ssl.trustStore=/opt/zookeeper/serviceCA.ts 
> -Djavax.net.ssl.trustStorePassword=YzJhZjIxN2Q2ODQ4 
> -Dcom.sun.management.jmxremote.registry.ssl=true 
> -Dzookeeper.jmx.log4j.disable= -Djava.rmi.server.hostname=<hostname> 
> org.apache.zookeeper.server.quorum.QuorumPeerMain
> {code}
> Is this behavior expected. 
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to