Re: upgrade from 3.4.5 to 3.5.6
1. sh zkCli.sh --config /etc/zookeeper -server localhost:2281 2. addauth ztpasswd zooadmin: Thanks, - Kuldeep Singh Budania On Thu, Jul 2, 2020 at 9:56 AM kuldeep singh wrote: > Hi Team, > > Any update on this? > > Thanks, > - > Kuldeep Singh Budania > > > > On Wed, Jul 1, 2020 at 6:43 PM kuldeep singh > wrote: > >> Sorry this is my bad, there were server setting like below >> >> export SERVER_JVMFLAGS=" >> >> >> -Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory >> >> -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks >> -Dzookeeper.ssl.keyStore.password=testpass >> -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks >> -Dzookeeper.ssl.trustStore.password=testpass" >> >> >> >> export CLIENT_JVMFLAGS=" >> >> -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty >> -Dzookeeper.client.secure=true >> -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks >> -Dzookeeper.ssl.keyStore.password=testpass >> -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks >> -Dzookeeper.ssl.trustStore.password=testpass" >> >> I want to have SSL between client to server communication >> >> I am already following the same link which you have shared with me but >> that is not working. >> >> Zoo.cfg >> >> secureClientPort=2281 >> initLimit=10 >> syncLimit=5 >> dataDir=/var/lib/zookeeper/data >> tickTime=2000 >> autopurge.snapRetainCount=3 >> autopurge.purgeInterval=1 >> admin.enableServer=false >> standaloneEnabled=false >> jute.maxbuffer=2147483648 >> serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory >> server.1=host1_priv:10288:10388 >> server.2=host2_priv:10288:10388 >> server.3=host3_priv:10288:10388 >> >> >> command to connect using zkcli >> >> 1. zkcli zoo.cfg localhost:2281 >> 2. addauth ztpasswd usernaem:password >> >> after second step we are getting below error >> >> WatchedEvent state:AuthFailed type:None path:null >> >> >> Zookeeper logs :- *2020-07-01 07:38:09,342 - WARN >> [nioEventLoopGroup-4-2:ZooKeeperServer@1119] - No authentication provider >> for scheme: ztpasswd has x509 ip digest* >> >> Thanks, >> - >> Kuldeep Singh Budania >> >> >> >> On Wed, Jul 1, 2020 at 6:25 PM Szalay-Bekő Máté < >> szalay.beko.m...@gmail.com> wrote: >> >>> > No authentication provider for scheme: ztpasswd has x509 ip digest* >>> >>> This suggest you have some configuration error... Where did you use the >>> "ztpasswd" string in your configs / commands? >>> >>> On Wed, Jul 1, 2020 at 2:53 PM Szalay-Bekő Máté < >>> szalay.beko.m...@gmail.com> >>> wrote: >>> >>> > > My ZK server is up and running in secure mode >>> > >>> > What is your goal? You want to setup client-server SSL connection? >>> > >>> > see: >>> > >>> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide >>> > >>> > (or you want to have both SSL and SASL enabled?) >>> > >>> > Anyway, please remove the following line from the SERVER_JVMFLAGS: >>> > -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty >>> > This is a configuration that makes sense only for the ZooKeeper client, >>> > not for the server. For the server, use the following: >>> > >>> > >>> -Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory >>> > >>> > If it doesn't solve the issue, then can you please send your zoo.cfg >>> file? >>> > Also can you please send the zkCli command you execute? (you need to >>> > connect to the secure ZooKeeper port, unless portUnification is >>> enabled) >>> > >>> > Kind regards, >>> > Mate >>> > >>> > On Wed, Jul 1, 2020 at 9:48 AM kuldeep singh < >>> kuldeep.sing...@gmail.com> >>> > wrote: >>> > >>> >> Hi, >>> >> >>> >> we have done below changes in java.env file >>> >> >>> >> export SERVER_JVMFLAGS=" >>> >> >>> >> >>> -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty >>> >> -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks >>> >> -Dzookeeper.ssl.keyStore.password=testpass >>> >> >>> -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks >>> >> -Dzookeeper.ssl.trustStore.password=testpass" >>> >> >>> >> >>> >> >>> >> export CLIENT_JVMFLAGS=" >>> >> >>> >> >>> -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty >>> >> -Dzookeeper.client.secure=true >>> >> -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks >>> >> -Dzookeeper.ssl.keyStore.password=testpass >>> >> >>> -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks >>> >> -Dzookeeper.ssl.trustStore.password=testpass" >>> >> >>> >> I have started the ZK server and it is up without any issue. >>> >> >>> >> But now when I login to ZkCli then it gives the below error. >>> >> >>> >> WatchedEvent state:AuthFailed type:None path:null >>> >> >>> >> >>> >> Zookeeper logs :- *2020-07-01 07:38:09,342 - WARN >>> >>
Re: upgrade from 3.4.5 to 3.5.6
Hi Team, Any update on this? Thanks, - Kuldeep Singh Budania On Wed, Jul 1, 2020 at 6:43 PM kuldeep singh wrote: > Sorry this is my bad, there were server setting like below > > export SERVER_JVMFLAGS=" > > > -Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory > > -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks > -Dzookeeper.ssl.keyStore.password=testpass > -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks > -Dzookeeper.ssl.trustStore.password=testpass" > > > > export CLIENT_JVMFLAGS=" > > -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty > -Dzookeeper.client.secure=true > -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks > -Dzookeeper.ssl.keyStore.password=testpass > -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks > -Dzookeeper.ssl.trustStore.password=testpass" > > I want to have SSL between client to server communication > > I am already following the same link which you have shared with me but > that is not working. > > Zoo.cfg > > secureClientPort=2281 > initLimit=10 > syncLimit=5 > dataDir=/var/lib/zookeeper/data > tickTime=2000 > autopurge.snapRetainCount=3 > autopurge.purgeInterval=1 > admin.enableServer=false > standaloneEnabled=false > jute.maxbuffer=2147483648 > serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory > server.1=host1_priv:10288:10388 > server.2=host2_priv:10288:10388 > server.3=host3_priv:10288:10388 > > > command to connect using zkcli > > 1. zkcli zoo.cfg localhost:2281 > 2. addauth ztpasswd usernaem:password > > after second step we are getting below error > > WatchedEvent state:AuthFailed type:None path:null > > > Zookeeper logs :- *2020-07-01 07:38:09,342 - WARN > [nioEventLoopGroup-4-2:ZooKeeperServer@1119] - No authentication provider > for scheme: ztpasswd has x509 ip digest* > > Thanks, > - > Kuldeep Singh Budania > > > > On Wed, Jul 1, 2020 at 6:25 PM Szalay-Bekő Máté < > szalay.beko.m...@gmail.com> wrote: > >> > No authentication provider for scheme: ztpasswd has x509 ip digest* >> >> This suggest you have some configuration error... Where did you use the >> "ztpasswd" string in your configs / commands? >> >> On Wed, Jul 1, 2020 at 2:53 PM Szalay-Bekő Máté < >> szalay.beko.m...@gmail.com> >> wrote: >> >> > > My ZK server is up and running in secure mode >> > >> > What is your goal? You want to setup client-server SSL connection? >> > >> > see: >> > >> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide >> > >> > (or you want to have both SSL and SASL enabled?) >> > >> > Anyway, please remove the following line from the SERVER_JVMFLAGS: >> > -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty >> > This is a configuration that makes sense only for the ZooKeeper client, >> > not for the server. For the server, use the following: >> > >> > >> -Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory >> > >> > If it doesn't solve the issue, then can you please send your zoo.cfg >> file? >> > Also can you please send the zkCli command you execute? (you need to >> > connect to the secure ZooKeeper port, unless portUnification is enabled) >> > >> > Kind regards, >> > Mate >> > >> > On Wed, Jul 1, 2020 at 9:48 AM kuldeep singh > > >> > wrote: >> > >> >> Hi, >> >> >> >> we have done below changes in java.env file >> >> >> >> export SERVER_JVMFLAGS=" >> >> >> >> -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty >> >> -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks >> >> -Dzookeeper.ssl.keyStore.password=testpass >> >> >> -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks >> >> -Dzookeeper.ssl.trustStore.password=testpass" >> >> >> >> >> >> >> >> export CLIENT_JVMFLAGS=" >> >> >> >> -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty >> >> -Dzookeeper.client.secure=true >> >> -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks >> >> -Dzookeeper.ssl.keyStore.password=testpass >> >> >> -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks >> >> -Dzookeeper.ssl.trustStore.password=testpass" >> >> >> >> I have started the ZK server and it is up without any issue. >> >> >> >> But now when I login to ZkCli then it gives the below error. >> >> >> >> WatchedEvent state:AuthFailed type:None path:null >> >> >> >> >> >> Zookeeper logs :- *2020-07-01 07:38:09,342 - WARN >> >> [nioEventLoopGroup-4-2:ZooKeeperServer@1119] - No authentication >> provider >> >> for scheme: ztpasswd has x509 ip digest* >> >> >> >> Please help me on this issue >> >> >> >> Thanks, >> >> - >> >> Kuldeep Singh Budania >> >> Software Architect >> >> >> >> >> >> On Wed, Jul 1, 2020 at 12:05 PM kuldeep singh < >> kuldeep.sing...@gmail.com> >> >> wrote: >> >> >> >> > Hi, >> >> > >> >> > My ZK server
Re: ZK not starting during upgrade to use 3.6.1 with SSL communication
I have been getting the same error, can you share your zoo.cfg, is it the same as what you posted before? Also your ssl.quorum.keyStore/trustStore and ssl.keyStore/trustStore do they set to the same values? Do you need the client ssl information in the zoo.cfg? Do you need SERVER_JVMFLAGS set anywhere? Thanks! -- Sent from: http://zookeeper-user.578899.n2.nabble.com/
Re: upgrade from 3.4.5 to 3.5.6
Sorry this is my bad, there were server setting like below export SERVER_JVMFLAGS=" -Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks -Dzookeeper.ssl.keyStore.password=testpass -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks -Dzookeeper.ssl.trustStore.password=testpass" export CLIENT_JVMFLAGS=" -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks -Dzookeeper.ssl.keyStore.password=testpass -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks -Dzookeeper.ssl.trustStore.password=testpass" I want to have SSL between client to server communication I am already following the same link which you have shared with me but that is not working. Zoo.cfg secureClientPort=2281 initLimit=10 syncLimit=5 dataDir=/var/lib/zookeeper/data tickTime=2000 autopurge.snapRetainCount=3 autopurge.purgeInterval=1 admin.enableServer=false standaloneEnabled=false jute.maxbuffer=2147483648 serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory server.1=host1_priv:10288:10388 server.2=host2_priv:10288:10388 server.3=host3_priv:10288:10388 command to connect using zkcli 1. zkcli zoo.cfg localhost:2281 2. addauth ztpasswd usernaem:password after second step we are getting below error WatchedEvent state:AuthFailed type:None path:null Zookeeper logs :- *2020-07-01 07:38:09,342 - WARN [nioEventLoopGroup-4-2:ZooKeeperServer@1119] - No authentication provider for scheme: ztpasswd has x509 ip digest* Thanks, - Kuldeep Singh Budania On Wed, Jul 1, 2020 at 6:25 PM Szalay-Bekő Máté wrote: > > No authentication provider for scheme: ztpasswd has x509 ip digest* > > This suggest you have some configuration error... Where did you use the > "ztpasswd" string in your configs / commands? > > On Wed, Jul 1, 2020 at 2:53 PM Szalay-Bekő Máté < > szalay.beko.m...@gmail.com> > wrote: > > > > My ZK server is up and running in secure mode > > > > What is your goal? You want to setup client-server SSL connection? > > > > see: > > > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide > > > > (or you want to have both SSL and SASL enabled?) > > > > Anyway, please remove the following line from the SERVER_JVMFLAGS: > > -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty > > This is a configuration that makes sense only for the ZooKeeper client, > > not for the server. For the server, use the following: > > > > > -Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory > > > > If it doesn't solve the issue, then can you please send your zoo.cfg > file? > > Also can you please send the zkCli command you execute? (you need to > > connect to the secure ZooKeeper port, unless portUnification is enabled) > > > > Kind regards, > > Mate > > > > On Wed, Jul 1, 2020 at 9:48 AM kuldeep singh > > wrote: > > > >> Hi, > >> > >> we have done below changes in java.env file > >> > >> export SERVER_JVMFLAGS=" > >> > >> -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty > >> -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks > >> -Dzookeeper.ssl.keyStore.password=testpass > >> > -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks > >> -Dzookeeper.ssl.trustStore.password=testpass" > >> > >> > >> > >> export CLIENT_JVMFLAGS=" > >> > >> -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty > >> -Dzookeeper.client.secure=true > >> -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks > >> -Dzookeeper.ssl.keyStore.password=testpass > >> > -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks > >> -Dzookeeper.ssl.trustStore.password=testpass" > >> > >> I have started the ZK server and it is up without any issue. > >> > >> But now when I login to ZkCli then it gives the below error. > >> > >> WatchedEvent state:AuthFailed type:None path:null > >> > >> > >> Zookeeper logs :- *2020-07-01 07:38:09,342 - WARN > >> [nioEventLoopGroup-4-2:ZooKeeperServer@1119] - No authentication > provider > >> for scheme: ztpasswd has x509 ip digest* > >> > >> Please help me on this issue > >> > >> Thanks, > >> - > >> Kuldeep Singh Budania > >> Software Architect > >> > >> > >> On Wed, Jul 1, 2020 at 12:05 PM kuldeep singh < > kuldeep.sing...@gmail.com> > >> wrote: > >> > >> > Hi, > >> > > >> > My ZK server is up and running in secure mode, But When I am trying > to > >> > connect to the ZK server using ZKCli, it gives the below error. > >> > > >> > WatchedEvent state:AuthFailed type:None path:null > >> > > >> > > >> > Zookeeper logs :- *2020-07-01 07:38:09,342 - WARN > >> > [nioEventLoopGroup-4-2:ZooKeeperServer@1119] - No authentication > >> provider > >> > for scheme:
Re: upgrade from 3.4.5 to 3.5.6
> No authentication provider for scheme: ztpasswd has x509 ip digest* This suggest you have some configuration error... Where did you use the "ztpasswd" string in your configs / commands? On Wed, Jul 1, 2020 at 2:53 PM Szalay-Bekő Máté wrote: > > My ZK server is up and running in secure mode > > What is your goal? You want to setup client-server SSL connection? > > see: > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide > > (or you want to have both SSL and SASL enabled?) > > Anyway, please remove the following line from the SERVER_JVMFLAGS: > -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty > This is a configuration that makes sense only for the ZooKeeper client, > not for the server. For the server, use the following: > > -Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory > > If it doesn't solve the issue, then can you please send your zoo.cfg file? > Also can you please send the zkCli command you execute? (you need to > connect to the secure ZooKeeper port, unless portUnification is enabled) > > Kind regards, > Mate > > On Wed, Jul 1, 2020 at 9:48 AM kuldeep singh > wrote: > >> Hi, >> >> we have done below changes in java.env file >> >> export SERVER_JVMFLAGS=" >> >> -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty >> -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks >> -Dzookeeper.ssl.keyStore.password=testpass >> -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks >> -Dzookeeper.ssl.trustStore.password=testpass" >> >> >> >> export CLIENT_JVMFLAGS=" >> >> -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty >> -Dzookeeper.client.secure=true >> -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks >> -Dzookeeper.ssl.keyStore.password=testpass >> -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks >> -Dzookeeper.ssl.trustStore.password=testpass" >> >> I have started the ZK server and it is up without any issue. >> >> But now when I login to ZkCli then it gives the below error. >> >> WatchedEvent state:AuthFailed type:None path:null >> >> >> Zookeeper logs :- *2020-07-01 07:38:09,342 - WARN >> [nioEventLoopGroup-4-2:ZooKeeperServer@1119] - No authentication provider >> for scheme: ztpasswd has x509 ip digest* >> >> Please help me on this issue >> >> Thanks, >> - >> Kuldeep Singh Budania >> Software Architect >> >> >> On Wed, Jul 1, 2020 at 12:05 PM kuldeep singh >> wrote: >> >> > Hi, >> > >> > My ZK server is up and running in secure mode, But When I am trying to >> > connect to the ZK server using ZKCli, it gives the below error. >> > >> > WatchedEvent state:AuthFailed type:None path:null >> > >> > >> > Zookeeper logs :- *2020-07-01 07:38:09,342 - WARN >> > [nioEventLoopGroup-4-2:ZooKeeperServer@1119] - No authentication >> provider >> > for scheme: ztpasswd has x509 ip digest* >> > >> > Can someone please help me on this issue. we are using the 3.5.6 >> version. >> > >> > I appreciate if I will get a response as soon as possible, as I am stuck >> > at this point. >> > >> > Thanks, >> > - >> > Kuldeep Singh Budania >> > Software Architect >> > >> > >> > >> > On Thu, Jun 25, 2020 at 11:54 AM Enrico Olivelli - Diennea >> > wrote: >> > >> >> I mean in zoo.cfg >> >> Not as a system property >> >> >> >> Enrico >> >> >> >> Il giorno 25/06/20, 08:19 "Enrico Olivelli - Diennea" < >> >> enrico.olive...@diennea.com.INVALID> ha scritto: >> >> >> >> Hi >> >> You have to enable Netty on the server side >> >> >> >> Something like: >> >> >> serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory >> >> >> >> Hope that helps >> >> Enrico >> >> >> >> Il giorno 24/06/20, 19:17 "kuldeep singh" < >> kuldeep.sing...@gmail.com> >> >> ha scritto: >> >> >> >> Hi, >> >> >> >> I got below error while setting SSL properties in zkEnv.sh >> >> >> >> >> >> >> >> >> >> >> == >> >> >> >> 2020-06-24 15:49:35,864 - INFO [main:QuorumPeerConfig@133] - >> >> Reading >> >> configuration from: /etc/zookeeper/zoo.cfg >> >> >> >> 2020-06-24 15:49:35,874 - INFO [main:QuorumPeerConfig@385] - >> >> clientPortAddress is 0.0.0.0/0.0.0.0:10181 >> >> >> >> 2020-06-24 15:49:35,874 - INFO [main:QuorumPeerConfig@399] - >> >> secureClientPortAddress is 0.0.0.0/0.0.0.0:2281 >> >> >> >> 2020-06-24 15:49:35,878 - INFO [main:X509Util@79] - Setting >> -D >> >> jdk.tls.rejectClientInitiatedRenegotiation=true to disable >> >> client-initiated >> >> TLS renegotiation >> >> >> >> 2020-06-24 15:49:35,897 - INFO [main:DatadirCleanupManager@78] >> - >> >> autopurge.snapRetainCount set to 3 >> >> >> >> 2020-06-24 15:49:35,897 - INFO [main:DatadirCleanupManager@79] >> - >>
Re: upgrade from 3.4.5 to 3.5.6
> My ZK server is up and running in secure mode What is your goal? You want to setup client-server SSL connection? see: https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide (or you want to have both SSL and SASL enabled?) Anyway, please remove the following line from the SERVER_JVMFLAGS: -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty This is a configuration that makes sense only for the ZooKeeper client, not for the server. For the server, use the following: -Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory If it doesn't solve the issue, then can you please send your zoo.cfg file? Also can you please send the zkCli command you execute? (you need to connect to the secure ZooKeeper port, unless portUnification is enabled) Kind regards, Mate On Wed, Jul 1, 2020 at 9:48 AM kuldeep singh wrote: > Hi, > > we have done below changes in java.env file > > export SERVER_JVMFLAGS=" > > -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty > -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks > -Dzookeeper.ssl.keyStore.password=testpass > -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks > -Dzookeeper.ssl.trustStore.password=testpass" > > > > export CLIENT_JVMFLAGS=" > > -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty > -Dzookeeper.client.secure=true > -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks > -Dzookeeper.ssl.keyStore.password=testpass > -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks > -Dzookeeper.ssl.trustStore.password=testpass" > > I have started the ZK server and it is up without any issue. > > But now when I login to ZkCli then it gives the below error. > > WatchedEvent state:AuthFailed type:None path:null > > > Zookeeper logs :- *2020-07-01 07:38:09,342 - WARN > [nioEventLoopGroup-4-2:ZooKeeperServer@1119] - No authentication provider > for scheme: ztpasswd has x509 ip digest* > > Please help me on this issue > > Thanks, > - > Kuldeep Singh Budania > Software Architect > > > On Wed, Jul 1, 2020 at 12:05 PM kuldeep singh > wrote: > > > Hi, > > > > My ZK server is up and running in secure mode, But When I am trying to > > connect to the ZK server using ZKCli, it gives the below error. > > > > WatchedEvent state:AuthFailed type:None path:null > > > > > > Zookeeper logs :- *2020-07-01 07:38:09,342 - WARN > > [nioEventLoopGroup-4-2:ZooKeeperServer@1119] - No authentication > provider > > for scheme: ztpasswd has x509 ip digest* > > > > Can someone please help me on this issue. we are using the 3.5.6 version. > > > > I appreciate if I will get a response as soon as possible, as I am stuck > > at this point. > > > > Thanks, > > - > > Kuldeep Singh Budania > > Software Architect > > > > > > > > On Thu, Jun 25, 2020 at 11:54 AM Enrico Olivelli - Diennea > > wrote: > > > >> I mean in zoo.cfg > >> Not as a system property > >> > >> Enrico > >> > >> Il giorno 25/06/20, 08:19 "Enrico Olivelli - Diennea" < > >> enrico.olive...@diennea.com.INVALID> ha scritto: > >> > >> Hi > >> You have to enable Netty on the server side > >> > >> Something like: > >> serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory > >> > >> Hope that helps > >> Enrico > >> > >> Il giorno 24/06/20, 19:17 "kuldeep singh" < > kuldeep.sing...@gmail.com> > >> ha scritto: > >> > >> Hi, > >> > >> I got below error while setting SSL properties in zkEnv.sh > >> > >> > >> > >> > >> > == > >> > >> 2020-06-24 15:49:35,864 - INFO [main:QuorumPeerConfig@133] - > >> Reading > >> configuration from: /etc/zookeeper/zoo.cfg > >> > >> 2020-06-24 15:49:35,874 - INFO [main:QuorumPeerConfig@385] - > >> clientPortAddress is 0.0.0.0/0.0.0.0:10181 > >> > >> 2020-06-24 15:49:35,874 - INFO [main:QuorumPeerConfig@399] - > >> secureClientPortAddress is 0.0.0.0/0.0.0.0:2281 > >> > >> 2020-06-24 15:49:35,878 - INFO [main:X509Util@79] - Setting -D > >> jdk.tls.rejectClientInitiatedRenegotiation=true to disable > >> client-initiated > >> TLS renegotiation > >> > >> 2020-06-24 15:49:35,897 - INFO [main:DatadirCleanupManager@78] > - > >> autopurge.snapRetainCount set to 3 > >> > >> 2020-06-24 15:49:35,897 - INFO [main:DatadirCleanupManager@79] > - > >> autopurge.purgeInterval set to 1 > >> > >> 2020-06-24 15:49:35,898 - INFO [ > >> PurgeTask:DatadirCleanupManager$PurgeTask@138] - Purge task > >> started. > >> > >> 2020-06-24 15:49:35,899 - INFO [main:ManagedUtil@46] - Log4j > >> found with > >> jmx enabled. > >> > >> 2020-06-24 15:49:35,903 - INFO [PurgeTask:FileTxnSnapLog@103] > - > >>
Re: upgrade from 3.4.5 to 3.5.6
Hi, we have done below changes in java.env file export SERVER_JVMFLAGS=" -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks -Dzookeeper.ssl.keyStore.password=testpass -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks -Dzookeeper.ssl.trustStore.password=testpass" export CLIENT_JVMFLAGS=" -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks -Dzookeeper.ssl.keyStore.password=testpass -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks -Dzookeeper.ssl.trustStore.password=testpass" I have started the ZK server and it is up without any issue. But now when I login to ZkCli then it gives the below error. WatchedEvent state:AuthFailed type:None path:null Zookeeper logs :- *2020-07-01 07:38:09,342 - WARN [nioEventLoopGroup-4-2:ZooKeeperServer@1119] - No authentication provider for scheme: ztpasswd has x509 ip digest* Please help me on this issue Thanks, - Kuldeep Singh Budania Software Architect On Wed, Jul 1, 2020 at 12:05 PM kuldeep singh wrote: > Hi, > > My ZK server is up and running in secure mode, But When I am trying to > connect to the ZK server using ZKCli, it gives the below error. > > WatchedEvent state:AuthFailed type:None path:null > > > Zookeeper logs :- *2020-07-01 07:38:09,342 - WARN > [nioEventLoopGroup-4-2:ZooKeeperServer@1119] - No authentication provider > for scheme: ztpasswd has x509 ip digest* > > Can someone please help me on this issue. we are using the 3.5.6 version. > > I appreciate if I will get a response as soon as possible, as I am stuck > at this point. > > Thanks, > - > Kuldeep Singh Budania > Software Architect > > > > On Thu, Jun 25, 2020 at 11:54 AM Enrico Olivelli - Diennea > wrote: > >> I mean in zoo.cfg >> Not as a system property >> >> Enrico >> >> Il giorno 25/06/20, 08:19 "Enrico Olivelli - Diennea" < >> enrico.olive...@diennea.com.INVALID> ha scritto: >> >> Hi >> You have to enable Netty on the server side >> >> Something like: >> serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory >> >> Hope that helps >> Enrico >> >> Il giorno 24/06/20, 19:17 "kuldeep singh" >> ha scritto: >> >> Hi, >> >> I got below error while setting SSL properties in zkEnv.sh >> >> >> >> >> == >> >> 2020-06-24 15:49:35,864 - INFO [main:QuorumPeerConfig@133] - >> Reading >> configuration from: /etc/zookeeper/zoo.cfg >> >> 2020-06-24 15:49:35,874 - INFO [main:QuorumPeerConfig@385] - >> clientPortAddress is 0.0.0.0/0.0.0.0:10181 >> >> 2020-06-24 15:49:35,874 - INFO [main:QuorumPeerConfig@399] - >> secureClientPortAddress is 0.0.0.0/0.0.0.0:2281 >> >> 2020-06-24 15:49:35,878 - INFO [main:X509Util@79] - Setting -D >> jdk.tls.rejectClientInitiatedRenegotiation=true to disable >> client-initiated >> TLS renegotiation >> >> 2020-06-24 15:49:35,897 - INFO [main:DatadirCleanupManager@78] - >> autopurge.snapRetainCount set to 3 >> >> 2020-06-24 15:49:35,897 - INFO [main:DatadirCleanupManager@79] - >> autopurge.purgeInterval set to 1 >> >> 2020-06-24 15:49:35,898 - INFO [ >> PurgeTask:DatadirCleanupManager$PurgeTask@138] - Purge task >> started. >> >> 2020-06-24 15:49:35,899 - INFO [main:ManagedUtil@46] - Log4j >> found with >> jmx enabled. >> >> 2020-06-24 15:49:35,903 - INFO [PurgeTask:FileTxnSnapLog@103] - >> zookeeper.snapshot.trust.empty : false >> >> 2020-06-24 15:49:35,910 - INFO [ >> PurgeTask:DatadirCleanupManager$PurgeTask@144] - Purge task >> completed. >> >> 2020-06-24 15:49:35,975 - INFO [main:QuorumPeerMain@141] - >> Starting quorum >> peer >> >> 2020-06-24 15:49:35,983 - INFO [main:ServerCnxnFactory@135] - >> Using >> org.apache.zookeeper.server.NIOServerCnxnFactory as server >> connection >> factory >> >> 2020-06-24 15:49:35,986 - INFO [main:NIOServerCnxnFactory@673] - >> Configuring NIO connection handler with 10s sessionless >> connection timeout, >> 2 selector thread(s), 16 worker threads, and 64 kB direct buffers. >> >> 2020-06-24 15:49:35,992 - INFO [main:NIOServerCnxnFactory@686] >> - binding >> to port 0.0.0.0/0.0.0.0:10181 >> >> 2020-06-24 15:49:35,994 - INFO [main:ServerCnxnFactory@135] - >> Using >> org.apache.zookeeper.server.NIOServerCnxnFactory as server >> connection >> factory >> >> 2020-06-24 15:49:35,995 - ERROR [main:QuorumPeerMain@101] - >> Unexpected >> exception, exiting abnormally >> >>
Re: upgrade from 3.4.5 to 3.5.6
Hi, My ZK server is up and running in secure mode, But When I am trying to connect to the ZK server using ZKCli, it gives the below error. WatchedEvent state:AuthFailed type:None path:null Zookeeper logs :- *2020-07-01 07:38:09,342 - WARN [nioEventLoopGroup-4-2:ZooKeeperServer@1119] - No authentication provider for scheme: ztpasswd has x509 ip digest* Can someone please help me on this issue. we are using the 3.5.6 version. I appreciate if I will get a response as soon as possible, as I am stuck at this point. Thanks, - Kuldeep Singh Budania Software Architect On Thu, Jun 25, 2020 at 11:54 AM Enrico Olivelli - Diennea wrote: > I mean in zoo.cfg > Not as a system property > > Enrico > > Il giorno 25/06/20, 08:19 "Enrico Olivelli - Diennea" < > enrico.olive...@diennea.com.INVALID> ha scritto: > > Hi > You have to enable Netty on the server side > > Something like: > serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory > > Hope that helps > Enrico > > Il giorno 24/06/20, 19:17 "kuldeep singh" > ha scritto: > > Hi, > > I got below error while setting SSL properties in zkEnv.sh > > > > > == > > 2020-06-24 15:49:35,864 - INFO [main:QuorumPeerConfig@133] - > Reading > configuration from: /etc/zookeeper/zoo.cfg > > 2020-06-24 15:49:35,874 - INFO [main:QuorumPeerConfig@385] - > clientPortAddress is 0.0.0.0/0.0.0.0:10181 > > 2020-06-24 15:49:35,874 - INFO [main:QuorumPeerConfig@399] - > secureClientPortAddress is 0.0.0.0/0.0.0.0:2281 > > 2020-06-24 15:49:35,878 - INFO [main:X509Util@79] - Setting -D > jdk.tls.rejectClientInitiatedRenegotiation=true to disable > client-initiated > TLS renegotiation > > 2020-06-24 15:49:35,897 - INFO [main:DatadirCleanupManager@78] - > autopurge.snapRetainCount set to 3 > > 2020-06-24 15:49:35,897 - INFO [main:DatadirCleanupManager@79] - > autopurge.purgeInterval set to 1 > > 2020-06-24 15:49:35,898 - INFO [ > PurgeTask:DatadirCleanupManager$PurgeTask@138] - Purge task > started. > > 2020-06-24 15:49:35,899 - INFO [main:ManagedUtil@46] - Log4j > found with > jmx enabled. > > 2020-06-24 15:49:35,903 - INFO [PurgeTask:FileTxnSnapLog@103] - > zookeeper.snapshot.trust.empty : false > > 2020-06-24 15:49:35,910 - INFO [ > PurgeTask:DatadirCleanupManager$PurgeTask@144] - Purge task > completed. > > 2020-06-24 15:49:35,975 - INFO [main:QuorumPeerMain@141] - > Starting quorum > peer > > 2020-06-24 15:49:35,983 - INFO [main:ServerCnxnFactory@135] - > Using > org.apache.zookeeper.server.NIOServerCnxnFactory as server > connection > factory > > 2020-06-24 15:49:35,986 - INFO [main:NIOServerCnxnFactory@673] - > Configuring NIO connection handler with 10s sessionless connection > timeout, > 2 selector thread(s), 16 worker threads, and 64 kB direct buffers. > > 2020-06-24 15:49:35,992 - INFO [main:NIOServerCnxnFactory@686] - > binding > to port 0.0.0.0/0.0.0.0:10181 > > 2020-06-24 15:49:35,994 - INFO [main:ServerCnxnFactory@135] - > Using > org.apache.zookeeper.server.NIOServerCnxnFactory as server > connection > factory > > 2020-06-24 15:49:35,995 - ERROR [main:QuorumPeerMain@101] - > Unexpected > exception, exiting abnormally > > java.lang.UnsupportedOperationException: SSL isn't supported in > NIOServerCnxn > > at > > org.apache.zookeeper.server.NIOServerCnxnFactory.configure(NIOServerCnxnFactory.java:644) > > at > > org.apache.zookeeper.server.quorum.QuorumPeerMain.runFromConfig(QuorumPeerMain.java:155) > > at > > org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:123) > > at > > org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:82) > > > > > > I have set the following properties in SERVER_JVMFLAGS in zkEnv.sh > file : > > "-Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory > > -Dzookeeper.ssl.keyStore.location=/var/opt/vs/SecureInterface/keystore/CassSpkkeystore.p12 > -Dzookeeper.ssl.keyStore.password=EvaiKiO1@123456 > > -Dzookeeper.ssl.trustStore.location=/var/opt/vs/SecureInterface/keystore/CassSpkTrustStore.jks > -Dzookeeper.ssl.trustStore.password=EvaiKiO1@123456" > > Thanks, > - > Kuldeep Singh Budania > > > > On Mon, Jun 22, 2020 at 8:08 PM Jordan Zimmerman < > jor...@jordanzimmerman.com> > wrote: > > > It's the same as the normal ZooKeeper client: > > > https://zookeeper.apache.org/doc/r3.6.1/zookeeperAdmin.html#sc_authOptions > > < >
