I'm sorry to say that my understanding on how to connect to ZooKeeper using SSL is non-existent at this time. Perhaps somebody else can jump in?
-- Christopher L Tubbs II http://gravatar.com/ctubbsii On Tue, Jul 7, 2015 at 12:47 PM, pundu tech <[email protected]> wrote: > Thanks a lot, Chrstopher. One step forward. > I am wondering if for the SSL configuration I also need to do something with > Zookeeper. I configured the client with: > > clientConf = new ClientConfiguration(new File ("myfilePath")); > > clientConf.withSsl(true); > > clientConf.withTruststore("pathToTrustStore.jks"); > > clientConf.withKeystore(pathToKeyStore, "KeyStorePassword", "JKS"); > > clientConf.withInstance("InstanceName"); > > clientConf.withZkHosts("server1, server2,server3"); > > > when I try to connect I get: > > 2015-07-07 12:37:52,591 INFO [main] zookeeper.ZooKeeper > (ZooKeeper.java:<init>(438)) - Initiating client connection, > connectString=server1,server2,server3,server4 sessionTimeout=30000 > watcher=org.apache.accumulo.fate.zookeeper.ZooSession$ZooWatcher@1dab5fd5 > > 2015-07-07 12:37:52,619 INFO [main-SendThread(server1:2181)] > zookeeper.ClientCnxn (ClientCnxn.java:logStartConnect(975)) - Opening socket > connection to server server1/x.x.x.x:2181. Will not attempt to authenticate > using SASL (unknown error) > > 2015-07-07 12:37:52,627 INFO [main-SendThread(server1:2181)] > zookeeper.ClientCnxn (ClientCnxn.java:primeConnection(852)) - Socket > connection established to server1/x.x.x.x:2181, initiating session > > 2015-07-07 12:37:52,636 INFO [main-SendThread(server1:2181)] > zookeeper.ClientCnxn (ClientCnxn.java:onConnected(1235)) - Session > establishment complete on server server1/x.x.x.x:2181, sessionid = > 0x14e0cc457500039, negotiated timeout = 30000 > > 2015-07-07 12:37:52,876 WARN [main] impl.ServerClient > (ServerClient.java:getConnection(152)) - Failed to find an available server > in the list of servers: [ssl:server2:9997 (120000), ssl:server3:9997 > (120000), ssl:server4:9997 (120000), ssl:server1:9997 (120000)] > > > Am I missing something in the configuration? > > I appreciate any pointer. > > pundutech > > > On Mon, Jul 6, 2015 at 2:46 PM, Christopher <[email protected]> wrote: >> >> The values for ClientProperty.RPC_SSL_KEYSTORE_TYPE should be >> something like "JKS" or "PKCS12". >> Now, you can connect to an SSL-enabled instance using: >> >> Instance instance = new ZooKeeperInstance(clientConfig); >> Connector conn = instance.getConnector(...); >> >> -- >> Christopher L Tubbs II >> http://gravatar.com/ctubbsii >> >> >> On Mon, Jul 6, 2015 at 2:41 PM, pundu tech <[email protected]> wrote: >> > I am setting up a metadata configuration service on Accumulo. >> > Setting it up was a breeze. Doing a simple tests against the cluster was >> > easy. i am not finding much documentation on how to write Java client >> > with >> > SSL support. >> > >> > Could someone please point me in some direction? >> > >> > For instance, I have created a ClientConfiguraiton object with what I >> > believe are all the required SSL properties (I am not sure what are the >> > values for ClientProperty.RPC_SSL_KEYSTORE_TYPE). What should I do with >> > this object now? >> > >> > >> > Thanks, >> > pundutech > >
