Yes Mutual Auth and TLS.
Sent from my iPhone
> On 21 Dec 2019, at 3:51 PM, Enrico Olivelli wrote:
>
> Srikant
> What do you mean with MTLS? Mutual auth and TLS?
>
> Enrico
>
> Il ven 20 dic 2019, 09:49 shrikant kalani ha
> scritto:
>
>> Hi
>&
Hi
Can someone help me in configuring Zookeeper with MTLS ?
Thanks
Srikant Kalani
Sent from my iPhone
Hi Everyone ,
Our application is getting hung while acquiring Zookeeper lock. The below
thread is never released which cause application outage as it never acquires a
lock on a node.
We recently upgraded our Zookeeper server to 3.5.5 but the client is still
using 3.4.13 version. Anyone aware
Hi Allen
We recently upgrade our Zookeeper clusters from 3.4.13 to 3.5.5.
Yes the rolling upgrade are possible and it is backward compatible meaning
zkclient running on version 3.4.13 can still interact with zkserver 3.5.5.
Unless you want to leverage dynamic reconfiguration options , the
Hi Zookeeper Users
I have implemented TLS authentication in my cluster. Right now the
authentication is done based on host name (X509).
Now I want to implement authorisation based on user I’d like only my system
account should be able to read write data to znodes.
How I can do that ? Is ACLs
sab 11 gen 2020, 03:48 shrikant kalani ha
> scritto:
>
>> Hi Zookeeper Users
>>
>> I have implemented TLS authentication in my cluster. Right now the
>> authentication is done based on host name (X509).
>>
>> Now I want to implement authorisation based o
Subject: Re: Authorisation in Zookeeper
Il giorno sab 11 gen 2020 alle ore 09:31 shrikant kalani <
shrikantkal...@gmail.com> ha scritto:
>
> My system account means a client process running with unix user id.
>
> I want user A to have full access while all other users should onl
t;> Just want to make sure my settings are correct.
>>
>> Thanks
>>
>>> On Mon, Dec 30, 2019 at 12:47 PM Enrico Olivelli
>>> wrote:
>>>
>>> Arpit,
>>> Up to 3.5.x you can only leverage auth only in conjunction with ACLs.
>>>
Couple of things which you can check -
1) if your Zookeeper server is not running with Zookeeper I’d then you need to
set Zookeeper.sasl.client.username
2) set java.security.auth.login.config
And I also faced the same issue that there is no strict enforcement to allow
only authenticated client.
For Kafka you can use Kafka Manager and for Zookeeper i am not sure how much
Zookeeper Admin UI in version 3.5 helps you.
Thanks
Srikant Kalani
Sent from my iPhone
> On 6 Jan 2020, at 9:11 PM, Andor Molnar wrote:
>
> Hi,
>
> There’s no such User Interface built-in for ZooKeeper and I’m not
password or
actual password.
Sent from my iPhone
> On 21 Dec 2019, at 8:22 PM, Enrico Olivelli wrote:
>
> Yes it does
>
> Check
> http://zookeeper.apache.org/doc/r3.5.6/zookeeperAdmin.html#sc_authOptions
>
> Hope that helps
> Enrico
>
> Il sab 21 dic 2019, 09
Hello Everyone,
We are using Zookeeper 3.5.5 in our environment. We don’t take frequent
snapshots as our snap count value is 10M.
When we restart our cluster, follower node tries to read the snapshot from the
disk which is too old while the latest transaction are in txlog. While the
leader
Can anyone confirm if below Jira affected 3.5.5 version also ?
https://issues.apache.org/jira/browse/ZOOKEEPER-2355
Thanks
Srikant Kalani
Sent from my iPhone
Hi Users,
We are seeing an issue in our cluster where one follower which loads an old
snapshot doesn’t sync with leader.
Can you tell me do follower read txlog file while coming up or they are
dependent on leader to provide the difference ? If they are dependent on
leaders how the
Hi
I am running a zookeeper cluster with SSL turned on.
The client connecting to the cluster has encrypted keystore , is there a
way we can use encrypted keystore ? The property zookeeper.ssl.keystore
expects a plain keystore
Thanks
Srikant Kalani
Adding one more email list
On Mon, 13 Jul 2020 at 10:49 PM, shrikant kalani
wrote:
> Hi
>
> We are seeing a very uncommon behaviour. We implemented SSL for quorum
> communication in version 3.5.5. After the change we are seeing ZK client
> applications are frequently
Hi
We are seeing a very uncommon behaviour. We implemented SSL for quorum
communication in version 3.5.5. After the change we are seeing ZK client
applications are frequently getting crashed with session expired message.
While there are no signs of GC in the application, it is hard to figure out
is well under controlled.
Thanks
Srikant Kalani
On Mon, 13 Jul 2020 at 11:21 PM, shrikant kalani
wrote:
> Adding one more email list
>
> On Mon, 13 Jul 2020 at 10:49 PM, shrikant kalani
> wrote:
>
>> Hi
>>
>> We are seeing a very uncommon behaviour. We implemente
Currently our production is running with 3.5.5 and it will take time to
move to 3.6.1.
When I dig more into this it seems to be related to Netty protocol and it’s
limitation. The system is stable when I fail back to NIO and without SSL.
As soon as I turned on Netty we are seeing sessions getting
netty limitations.
Thanks
Srikant Kalani
On Thu, 30 Jul 2020 at 9:08 PM, Scott Guminy wrote:
> Srikant,
>
> Did you ever resolve this issue? I might be seeing something similar. I'm
> also on 3.5.5 with quorum SSL enabled.
>
> On Mon, Jul 13, 2020 at 10:42 PM shrikant
Hello Everyone,
We are also using zookeeper 3.6.2 with ssl turned on both sides. We
observed the same behaviour where under high write load the ZK server
starts expiring the session. There are no jvm related issues. During high
load the max latency increases significantly.
Also the session
be successful.
>
> shrikant,
> ZK 3.6 has throttling for both client connections and requests. Request
> throttling can be disabled and it’s disabled by default, but connection
> throttling is not. From the log messages we can tell which throttling is in
> effect for your scena
Hi Will,
I remember there was a discussion in the past that starting 3.6 the
performance is reduced because of Prometheus metrics endpoint enabled. May
be you can try disabling metrics.
Recently we compared performance between 3.6.2 and 3.8.0 and found 3.8.0
performing way better than 3.6.2.
I don’t think you need a third data Center. You can still go with 2 DC with
3 and 2 ZK nodes. A cluster with 5 nodes. You can keep 1 node in each dc as
observer node. This will make sure only 3 nodes are participating in leader
election process and hence a quorum of 3 will work.
On Mon, 24 Jul
24 matches
Mail list logo
