Re: upgrade from 3.4.5 to 3.5.6
Sounds like a bug or a configuration issue... can you share the configs (before and after the scale-up) and the logs? also: does the truststores recognise all the keys used on all the 5 nodes? (e.g. the truststores on the old nodes accept the new keys?) Best Regards, Mate On Thu, Oct 8, 2020 at 2:31 PM kuldeep singh wrote: > > Hi, > > Yes, My client and server both are using certificate and have added in ZK > and client as well. > > Thanks, > - > Kuldeep Singh Budania > > > > On Thu, Oct 8, 2020 at 5:56 PM Enrico Olivelli wrote: > > > Il giorno gio 8 ott 2020 alle ore 14:17 kuldeep singh < > > kuldeep.sing...@gmail.com> ha scritto: > > > > > Hi Team, > > > > > > I am facing one issue in SSL communication between client and zookeeper > > > server. > > > > > > ZK 3.5.6 version > > > > > > 1. Mi on 3 node > > > 2. Applying SSL and 3 nodes cluster is working fine > > > 3. Scaled my cluster with 2 nodes and now my cluster have 5 nodes over > > SSL > > > > > > but after scaling my SSL is not working between client and ZK server and > > > even not able to login using zkCli as well. > > > > > > Can someone provide the details please why it is happening? > > > > > > > Is your client configured to use SSL ? > > > > Enrico > > > > > > > > > > > > Thanks, > > > - > > > Kuldeep Singh Budania > > > Software Architect > > > > > > > > > > > > On Mon, Jul 13, 2020 at 2:19 PM Enrico Olivelli - Diennea > > > wrote: > > > > > > > It looks like we ported it to 3.5. > > > > > > > > See the subtask > > > > https://issues.apache.org/jira/browse/ZOOKEEPER-2792 > > > > > > > > Enrico > > > > > > > > Il giorno 13/07/20, 10:37 "kuldeep singh" > > > ha > > > > scritto: > > > > > > > > Hi Team, > > > > > > > > I appreciate it if I will get a response as soon as possible, as I > > am > > > > stuck > > > > at this point. > > > > > > > > Thanks, > > > > - > > > > Kuldeep Singh Budania > > > > > > > > > > > > > > > > On Mon, Jul 13, 2020 at 11:10 AM kuldeep singh < > > > > kuldeep.sing...@gmail.com> > > > > wrote: > > > > > > > > > Hi Team, > > > > > > > > > > Server to Server communication is not supported in 3.5.6 version > > > as > > > > per > > > > > below JIRA issue? > > > > > > > > > > https://issues.apache.org/jira/browse/ZOOKEEPER-2639 > > > > > > > > > > Thanks, > > > > > - > > > > > Kuldeep Singh Budania > > > > > > > > > > > > > > > > > > > > On Thu, Jul 2, 2020 at 4:24 PM kuldeep singh < > > > > kuldeep.sing...@gmail.com> > > > > > wrote: > > > > > > > > > >> Thanks for the reply. > > > > >> > > > > >> Now my ZKCli cmd is working fine as we use some our customized > > > > >> authentication and we resolve the issue. > > > > >> > > > > >> Now I am going to implement Server to Server communication. > > > > >> > > > > >> Thanks, > > > > >> - > > > > >> Kuldeep Singh Budania > > > > >> > > > > >> > > > > >> > > > > >> On Thu, Jul 2, 2020 at 3:53 PM Szalay-Bekő Máté < > > > > >> szalay.beko.m...@gmail.com> wrote: > > > > >> > > > > >>> I think SSL is working for you already... If you managed to > > start > > > > the > > > > >>> zkCli.sh and be able to connect to ZooKeeper on the secure port > > > > and issue > > > > >>> any kind of command (like: " ls / "), then the wire encryption > > is > > > > working > > > > >>> and your server/client communication is secured by ZooKeeper. > > > > >>> > > > > >>> Why you want to run the following command? > > > > >>> addauth ztpasswd zooadmin: > > > > >>> > > > > >>> Do you also want to configure a superDigest user in ZooKeeper? > > > > Please > > > > >>> note > > > > >>> that this command is independent from SSL. If you need to > > create > > > a > > > > >>> username-password pair for digest authentication then please > > use > > > > the > > > > >>> command in the following way: > > > > >>> addauth digest zooadmin:yourSuperSecretPassword > > > > >>> > > > > >>> Kind regards, > > > > >>> Mate > > > > >>> > > > > >>> On Thu, Jul 2, 2020 at 6:59 AM kuldeep singh < > > > > kuldeep.sing...@gmail.com> > > > > >>> wrote: > > > > >>> > > > > >>> > 1. sh zkCli.sh --config /etc/zookeeper -server localhost:2281 > > > > >>> > > > > > >>> > 2. addauth ztpasswd zooadmin: > > > > >>> > > > > > >>> > > > > > >>> > Thanks, > > > > >>> > - > > > > >>> > Kuldeep Singh Budania > > > > >>> > > > > > >>> > > > > > >>> > > > > > >>> > On Thu, Jul 2, 2020 at 9:56 AM kuldeep singh < > > > > >>> kuldeep.sing...@gmail.com> > > > > >>> > wrote: > > > > >>> > > > > > >>> > > Hi Team, > > > > >>> > > > > > > >>> > > Any update on this? > > > > >>> > > > > > > >>> > > Thanks, > > >
Re: upgrade from 3.4.5 to 3.5.6
Hi, Yes, My client and server both are using certificate and have added in ZK and client as well. Thanks, - Kuldeep Singh Budania On Thu, Oct 8, 2020 at 5:56 PM Enrico Olivelli wrote: > Il giorno gio 8 ott 2020 alle ore 14:17 kuldeep singh < > kuldeep.sing...@gmail.com> ha scritto: > > > Hi Team, > > > > I am facing one issue in SSL communication between client and zookeeper > > server. > > > > ZK 3.5.6 version > > > > 1. Mi on 3 node > > 2. Applying SSL and 3 nodes cluster is working fine > > 3. Scaled my cluster with 2 nodes and now my cluster have 5 nodes over > SSL > > > > but after scaling my SSL is not working between client and ZK server and > > even not able to login using zkCli as well. > > > > Can someone provide the details please why it is happening? > > > > Is your client configured to use SSL ? > > Enrico > > > > > > > Thanks, > > - > > Kuldeep Singh Budania > > Software Architect > > > > > > > > On Mon, Jul 13, 2020 at 2:19 PM Enrico Olivelli - Diennea > > wrote: > > > > > It looks like we ported it to 3.5. > > > > > > See the subtask > > > https://issues.apache.org/jira/browse/ZOOKEEPER-2792 > > > > > > Enrico > > > > > > Il giorno 13/07/20, 10:37 "kuldeep singh" > > ha > > > scritto: > > > > > > Hi Team, > > > > > > I appreciate it if I will get a response as soon as possible, as I > am > > > stuck > > > at this point. > > > > > > Thanks, > > > - > > > Kuldeep Singh Budania > > > > > > > > > > > > On Mon, Jul 13, 2020 at 11:10 AM kuldeep singh < > > > kuldeep.sing...@gmail.com> > > > wrote: > > > > > > > Hi Team, > > > > > > > > Server to Server communication is not supported in 3.5.6 version > > as > > > per > > > > below JIRA issue? > > > > > > > > https://issues.apache.org/jira/browse/ZOOKEEPER-2639 > > > > > > > > Thanks, > > > > - > > > > Kuldeep Singh Budania > > > > > > > > > > > > > > > > On Thu, Jul 2, 2020 at 4:24 PM kuldeep singh < > > > kuldeep.sing...@gmail.com> > > > > wrote: > > > > > > > >> Thanks for the reply. > > > >> > > > >> Now my ZKCli cmd is working fine as we use some our customized > > > >> authentication and we resolve the issue. > > > >> > > > >> Now I am going to implement Server to Server communication. > > > >> > > > >> Thanks, > > > >> - > > > >> Kuldeep Singh Budania > > > >> > > > >> > > > >> > > > >> On Thu, Jul 2, 2020 at 3:53 PM Szalay-Bekő Máté < > > > >> szalay.beko.m...@gmail.com> wrote: > > > >> > > > >>> I think SSL is working for you already... If you managed to > start > > > the > > > >>> zkCli.sh and be able to connect to ZooKeeper on the secure port > > > and issue > > > >>> any kind of command (like: " ls / "), then the wire encryption > is > > > working > > > >>> and your server/client communication is secured by ZooKeeper. > > > >>> > > > >>> Why you want to run the following command? > > > >>> addauth ztpasswd zooadmin: > > > >>> > > > >>> Do you also want to configure a superDigest user in ZooKeeper? > > > Please > > > >>> note > > > >>> that this command is independent from SSL. If you need to > create > > a > > > >>> username-password pair for digest authentication then please > use > > > the > > > >>> command in the following way: > > > >>> addauth digest zooadmin:yourSuperSecretPassword > > > >>> > > > >>> Kind regards, > > > >>> Mate > > > >>> > > > >>> On Thu, Jul 2, 2020 at 6:59 AM kuldeep singh < > > > kuldeep.sing...@gmail.com> > > > >>> wrote: > > > >>> > > > >>> > 1. sh zkCli.sh --config /etc/zookeeper -server localhost:2281 > > > >>> > > > > >>> > 2. addauth ztpasswd zooadmin: > > > >>> > > > > >>> > > > > >>> > Thanks, > > > >>> > - > > > >>> > Kuldeep Singh Budania > > > >>> > > > > >>> > > > > >>> > > > > >>> > On Thu, Jul 2, 2020 at 9:56 AM kuldeep singh < > > > >>> kuldeep.sing...@gmail.com> > > > >>> > wrote: > > > >>> > > > > >>> > > Hi Team, > > > >>> > > > > > >>> > > Any update on this? > > > >>> > > > > > >>> > > Thanks, > > > >>> > > - > > > >>> > > Kuldeep Singh Budania > > > >>> > > > > > >>> > > > > > >>> > > > > > >>> > > On Wed, Jul 1, 2020 at 6:43 PM kuldeep singh < > > > >>> kuldeep.sing...@gmail.com> > > > >>> > > wrote: > > > >>> > > > > > >>> > >> Sorry this is my bad, there were server setting like below > > > >>> > >> > > > >>> > >> export SERVER_JVMFLAGS=" > > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > > > > >>> > > > > > > -Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory > > > >>> > >> > > > >>> > >> > > > >>> > > >
Re: upgrade from 3.4.5 to 3.5.6
Il giorno gio 8 ott 2020 alle ore 14:17 kuldeep singh < kuldeep.sing...@gmail.com> ha scritto: > Hi Team, > > I am facing one issue in SSL communication between client and zookeeper > server. > > ZK 3.5.6 version > > 1. Mi on 3 node > 2. Applying SSL and 3 nodes cluster is working fine > 3. Scaled my cluster with 2 nodes and now my cluster have 5 nodes over SSL > > but after scaling my SSL is not working between client and ZK server and > even not able to login using zkCli as well. > > Can someone provide the details please why it is happening? > Is your client configured to use SSL ? Enrico > > Thanks, > - > Kuldeep Singh Budania > Software Architect > > > > On Mon, Jul 13, 2020 at 2:19 PM Enrico Olivelli - Diennea > wrote: > > > It looks like we ported it to 3.5. > > > > See the subtask > > https://issues.apache.org/jira/browse/ZOOKEEPER-2792 > > > > Enrico > > > > Il giorno 13/07/20, 10:37 "kuldeep singh" > ha > > scritto: > > > > Hi Team, > > > > I appreciate it if I will get a response as soon as possible, as I am > > stuck > > at this point. > > > > Thanks, > > - > > Kuldeep Singh Budania > > > > > > > > On Mon, Jul 13, 2020 at 11:10 AM kuldeep singh < > > kuldeep.sing...@gmail.com> > > wrote: > > > > > Hi Team, > > > > > > Server to Server communication is not supported in 3.5.6 version > as > > per > > > below JIRA issue? > > > > > > https://issues.apache.org/jira/browse/ZOOKEEPER-2639 > > > > > > Thanks, > > > - > > > Kuldeep Singh Budania > > > > > > > > > > > > On Thu, Jul 2, 2020 at 4:24 PM kuldeep singh < > > kuldeep.sing...@gmail.com> > > > wrote: > > > > > >> Thanks for the reply. > > >> > > >> Now my ZKCli cmd is working fine as we use some our customized > > >> authentication and we resolve the issue. > > >> > > >> Now I am going to implement Server to Server communication. > > >> > > >> Thanks, > > >> - > > >> Kuldeep Singh Budania > > >> > > >> > > >> > > >> On Thu, Jul 2, 2020 at 3:53 PM Szalay-Bekő Máté < > > >> szalay.beko.m...@gmail.com> wrote: > > >> > > >>> I think SSL is working for you already... If you managed to start > > the > > >>> zkCli.sh and be able to connect to ZooKeeper on the secure port > > and issue > > >>> any kind of command (like: " ls / "), then the wire encryption is > > working > > >>> and your server/client communication is secured by ZooKeeper. > > >>> > > >>> Why you want to run the following command? > > >>> addauth ztpasswd zooadmin: > > >>> > > >>> Do you also want to configure a superDigest user in ZooKeeper? > > Please > > >>> note > > >>> that this command is independent from SSL. If you need to create > a > > >>> username-password pair for digest authentication then please use > > the > > >>> command in the following way: > > >>> addauth digest zooadmin:yourSuperSecretPassword > > >>> > > >>> Kind regards, > > >>> Mate > > >>> > > >>> On Thu, Jul 2, 2020 at 6:59 AM kuldeep singh < > > kuldeep.sing...@gmail.com> > > >>> wrote: > > >>> > > >>> > 1. sh zkCli.sh --config /etc/zookeeper -server localhost:2281 > > >>> > > > >>> > 2. addauth ztpasswd zooadmin: > > >>> > > > >>> > > > >>> > Thanks, > > >>> > - > > >>> > Kuldeep Singh Budania > > >>> > > > >>> > > > >>> > > > >>> > On Thu, Jul 2, 2020 at 9:56 AM kuldeep singh < > > >>> kuldeep.sing...@gmail.com> > > >>> > wrote: > > >>> > > > >>> > > Hi Team, > > >>> > > > > >>> > > Any update on this? > > >>> > > > > >>> > > Thanks, > > >>> > > - > > >>> > > Kuldeep Singh Budania > > >>> > > > > >>> > > > > >>> > > > > >>> > > On Wed, Jul 1, 2020 at 6:43 PM kuldeep singh < > > >>> kuldeep.sing...@gmail.com> > > >>> > > wrote: > > >>> > > > > >>> > >> Sorry this is my bad, there were server setting like below > > >>> > >> > > >>> > >> export SERVER_JVMFLAGS=" > > >>> > >> > > >>> > >> > > >>> > >> > > >>> > > > >>> > > > -Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory > > >>> > >> > > >>> > >> > > >>> > > -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks > > >>> > >> -Dzookeeper.ssl.keyStore.password=testpass > > >>> > >> > > >>> > > > >>> > > > -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks > > >>> > >> -Dzookeeper.ssl.trustStore.password=testpass" > > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> export CLIENT_JVMFLAGS=" > > >>> > >> > > >>> > >> > > >>> > > -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty > > >>> > >>
Re: upgrade from 3.4.5 to 3.5.6
Hi Team, I am facing one issue in SSL communication between client and zookeeper server. ZK 3.5.6 version 1. Mi on 3 node 2. Applying SSL and 3 nodes cluster is working fine 3. Scaled my cluster with 2 nodes and now my cluster have 5 nodes over SSL but after scaling my SSL is not working between client and ZK server and even not able to login using zkCli as well. Can someone provide the details please why it is happening? Thanks, - Kuldeep Singh Budania Software Architect On Mon, Jul 13, 2020 at 2:19 PM Enrico Olivelli - Diennea wrote: > It looks like we ported it to 3.5. > > See the subtask > https://issues.apache.org/jira/browse/ZOOKEEPER-2792 > > Enrico > > Il giorno 13/07/20, 10:37 "kuldeep singh" ha > scritto: > > Hi Team, > > I appreciate it if I will get a response as soon as possible, as I am > stuck > at this point. > > Thanks, > - > Kuldeep Singh Budania > > > > On Mon, Jul 13, 2020 at 11:10 AM kuldeep singh < > kuldeep.sing...@gmail.com> > wrote: > > > Hi Team, > > > > Server to Server communication is not supported in 3.5.6 version as > per > > below JIRA issue? > > > > https://issues.apache.org/jira/browse/ZOOKEEPER-2639 > > > > Thanks, > > - > > Kuldeep Singh Budania > > > > > > > > On Thu, Jul 2, 2020 at 4:24 PM kuldeep singh < > kuldeep.sing...@gmail.com> > > wrote: > > > >> Thanks for the reply. > >> > >> Now my ZKCli cmd is working fine as we use some our customized > >> authentication and we resolve the issue. > >> > >> Now I am going to implement Server to Server communication. > >> > >> Thanks, > >> - > >> Kuldeep Singh Budania > >> > >> > >> > >> On Thu, Jul 2, 2020 at 3:53 PM Szalay-Bekő Máté < > >> szalay.beko.m...@gmail.com> wrote: > >> > >>> I think SSL is working for you already... If you managed to start > the > >>> zkCli.sh and be able to connect to ZooKeeper on the secure port > and issue > >>> any kind of command (like: " ls / "), then the wire encryption is > working > >>> and your server/client communication is secured by ZooKeeper. > >>> > >>> Why you want to run the following command? > >>> addauth ztpasswd zooadmin: > >>> > >>> Do you also want to configure a superDigest user in ZooKeeper? > Please > >>> note > >>> that this command is independent from SSL. If you need to create a > >>> username-password pair for digest authentication then please use > the > >>> command in the following way: > >>> addauth digest zooadmin:yourSuperSecretPassword > >>> > >>> Kind regards, > >>> Mate > >>> > >>> On Thu, Jul 2, 2020 at 6:59 AM kuldeep singh < > kuldeep.sing...@gmail.com> > >>> wrote: > >>> > >>> > 1. sh zkCli.sh --config /etc/zookeeper -server localhost:2281 > >>> > > >>> > 2. addauth ztpasswd zooadmin: > >>> > > >>> > > >>> > Thanks, > >>> > - > >>> > Kuldeep Singh Budania > >>> > > >>> > > >>> > > >>> > On Thu, Jul 2, 2020 at 9:56 AM kuldeep singh < > >>> kuldeep.sing...@gmail.com> > >>> > wrote: > >>> > > >>> > > Hi Team, > >>> > > > >>> > > Any update on this? > >>> > > > >>> > > Thanks, > >>> > > - > >>> > > Kuldeep Singh Budania > >>> > > > >>> > > > >>> > > > >>> > > On Wed, Jul 1, 2020 at 6:43 PM kuldeep singh < > >>> kuldeep.sing...@gmail.com> > >>> > > wrote: > >>> > > > >>> > >> Sorry this is my bad, there were server setting like below > >>> > >> > >>> > >> export SERVER_JVMFLAGS=" > >>> > >> > >>> > >> > >>> > >> > >>> > > >>> > -Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory > >>> > >> > >>> > >> > >>> > -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks > >>> > >> -Dzookeeper.ssl.keyStore.password=testpass > >>> > >> > >>> > > >>> > -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks > >>> > >> -Dzookeeper.ssl.trustStore.password=testpass" > >>> > >> > >>> > >> > >>> > >> > >>> > >> export CLIENT_JVMFLAGS=" > >>> > >> > >>> > >> > >>> > -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty > >>> > >> -Dzookeeper.client.secure=true > >>> > >> > >>> > -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks > >>> > >> -Dzookeeper.ssl.keyStore.password=testpass > >>> > >> > >>> > > >>> > -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks > >>> > >> -Dzookeeper.ssl.trustStore.password=testpass" > >>> > >> > >>> > >> I want to have SSL between client to server communication > >>> > >> > >>> > >> I am already