MG>where are attachments?
> Date: Thu, 11 Aug 2016 14:48:13 -0700 > From: [email protected] > To: [email protected] > Subject: Re: SSL between java client and zookeeper? > > Hi Vaibhav, > > > I've only been able to see those logs I've sent, I'm just trying to enable > SSL in a really trivial situation. Here's what I've done and which files I've > utilized. > > The tarball contains the new 3.5.1-alpha version of zookeeper and I stick it > in /usr/lib/zookeeper-3.5.1-alpha. > > Within /usr/lib/zookeeper-3.5.1-alpha is 3 more important directories with > the scripts, conf/, bin/, and ssl/. > > I put java.env, my zoo.cfg, etc into the conf/ directory, and the > zkServer.sh, zkCli.sh, zkEnv.sh, etc are within the bin/ directory, and then > I've put my keystore and truststore within the ssl/ directory. > > I attached my zkServer.sh, zkCli.sh, zkEnv.sh, java.env, zoo.cfg files for > you to take a look. MG>Where are attachments? This is just to get SSL working with a basic zookeeper tutorial at http://www.tutorialspoint.com/zookeeper/zookeeper_installation.htm and once I've got that connecting and handling SSL I'll add it to my infrastructure with securing mesos/zookeeper communication. Please do take a look at my scripts and configs as I'm obviously very stuck and have exhausted all of the resources online about zookeeper/Netty/SSL. Note though I do have one script that changes the zoo.cfg I sent you to properly put the secureClientPort and necessary changes to zoo.cfg. > > > I first launch into a box, start zookeeper from the > /usr/lib/zookeeper-3.5.1-alpha/bin/zkServer.sh start > > then I run the client like so /usr/lib/zookeeper-3.5.1-alpha/bin/zkCli.sh > -server localhost:2281 > > > > It wouldn't let me send you the zokeeper-3.5.1-alpha.tar.gz but that's just > on the mirror site I'm sure where you got yours.(Over 10MB outlook limit) > > Thanks! > > Jacob > > > > ________________________________ > From: Devekar, Vaibhav [via zookeeper-user] > <[email protected]> > Sent: Thursday, August 11, 2016 2:17 PM > To: jsmullin > Subject: Re: SSL between java client and zookeeper? > > Hi Jacob, > > Did you check logs for zookeeper server? > I would suggest adding -Djavax.net.debug=ssl to JVM arguments for both > zookeeper server and zkCli. This will give you an idea if connection fails > during SSL handshake. > > -- > > > > On 8/11/16, 12:54 PM, "jsmullin" <[hidden > email]</user/SendEmail.jtp?type=node&node=7582559&i=0>> wrote: > > >Hi there, I've been struggling for some time to get SSL working with my > >3.5.1 > >version of Zookeeper. My end goal is to secure my communication between > >zookeeper and mesos, I am trying a simple technique of adding everything > >detailed in the SSL dedicated user guide to my zkEnv.sh. I then run my > >server feeding it everything such as secureClientPort = 2281 etc in the > >zoo.cfg. I then run my bin/zkCli.sh -server localhost:2281 and seem to be > >running into issues there, the logs spit out, > >2016-08-11 19:40:20,602 [myid:] - INFO > >[main-SendThread(localhost:2281):ClientCnxnSocketNetty$ZKClientPipelineFac > >tory@363] > >- SSL handler added for channel: null > >2016-08-11 19:40:20,608 [myid:] - INFO [New I/O worker > >#2:ClientCnxn$SendThread@980] - Socket connection established, initiating > >session, client: /0:0:0:0:0:0:0:1:60824, server: > >localhost/0:0:0:0:0:0:0:1:2281 > >2016-08-11 19:40:20,608 [myid:] - INFO [New I/O worker > >#2:ClientCnxnSocketNetty$1@146] - channel is connected: [id: 0x053cfca8, > >/0:0:0:0:0:0:0:1:60824 => localhost/0:0:0:0:0:0:0:1:2281] > >2016-08-11 19:40:35,610 [myid:] - INFO > >[main-SendThread(localhost:2281):ClientCnxn$SendThread@1251] - Client > >session timed out, have not heard from server in 15002ms for sessionid > >0x0, > >closing socket connection and attempting reconnect > >2016-08-11 19:40:35,611 [myid:] - INFO [New I/O worker > >#2:ClientCnxnSocketNetty$ZKClientHandler@377] - channel is disconnected: > >[id: 0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281] > >2016-08-11 19:40:35,611 [myid:] - INFO [New I/O worker > >#2:ClientCnxnSocketNetty@201] - channel is told closing > >2016-08-11 19:40:35,612 [myid:] - WARN [New I/O worker > >#2:ClientCnxnSocketNetty$ZKClientHandler@432] - Exception caught: [id: > >0x053cfca8, /0:0:0:0:0:0:0:1:60824 :> localhost/0:0:0:0:0:0:0:1:2281] > >EXCEPTION: java.nio.channels.ClosedChannelException > >java.nio.channels.ClosedChannelException > > at > >org.jboss.netty.handler.ssl.SslHandler$6.run(SslHandler.java:1580) > > at > >org.jboss.netty.channel.socket.ChannelRunnableWrapper.run(ChannelRunnableW > >rapper.java:40) > > at > >org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs > >tractNioWorker.java:71) > > at > >org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j > >ava:36) > > at > >org.jboss.netty.channel.socket.nio.AbstractNioWorker.executeInIoThread(Abs > >tractNioWorker.java:57) > > at > >org.jboss.netty.channel.socket.nio.NioWorker.executeInIoThread(NioWorker.j > >ava:36) > > at > >org.jboss.netty.channel.socket.nio.AbstractNioChannelSink.execute(Abstract > >NioChannelSink.java:34) > > at > >org.jboss.netty.handler.ssl.SslHandler.channelClosed(SslHandler.java:1566) > > at > >org.jboss.netty.channel.Channels.fireChannelClosed(Channels.java:468) > > at > >org.jboss.netty.channel.socket.nio.AbstractNioWorker.close(AbstractNioWork > >er.java:376) > > at > >org.jboss.netty.channel.socket.nio.NioClientSocketPipelineSink.eventSunk(N > >ioClientSocketPipelineSink.java:58) > > at org.jboss.netty.channel.Channels.close(Channels.java:828) > > at > >org.jboss.netty.handler.ssl.SslHandler$ClosingChannelFutureListener.operat > >ionComplete(SslHandler.java:1485) > > at > >org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannel > >Future.java:427) > > at > >org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChanne > >lFuture.java:418) > > at > >org.jboss.netty.channel.DefaultChannelFuture.setSuccess(DefaultChannelFutu > >re.java:362) > > at > >org.jboss.netty.channel.socket.nio.AbstractNioWorker.write0(AbstractNioWor > >ker.java:221) > > at > >org.jboss.netty.channel.socket.nio.AbstractNioWorker.writeFromTaskLoop(Abs > >tractNioWorker.java:152) > > at > >org.jboss.netty.channel.socket.nio.AbstractNioChannel$WriteTask.run(Abstra > >ctNioChannel.java:335) > > at > >org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(Ab > >stractNioSelector.java:366) > > at > >org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSele > >ctor.java:290) > > at > >org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker > >.java:90) > > at > >org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) > > at > >java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java: > >1142) > > at > >java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java > >:617) > > at java.lang.Thread.run(Thread.java:745) > >Any help or guidance to my long term goal would be very appreciated as the > >info about zookeeper and enabling SSL is slim to none. I can post my > >configs > >etc, anything you need! > > > > > > > >-- > >View this message in context: > >http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zoo > >keeper-tp7582421p7582558.html > >Sent from the zookeeper-user mailing list archive at Nabble.com. > > > > ________________________________ > If you reply to this email, your message will be added to the discussion > below: > http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582559.html > To unsubscribe from SSL between java client and zookeeper?, click > here<http://zookeeper-user.578899.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=7582421&code=anMuMTk5MkBsaXZlLmNvbXw3NTgyNDIxfDE0NzIyMTY2MTE=>. > NAML<http://zookeeper-user.578899.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > > > zkCli.sh (2K) > <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/0/zkCli.sh> > zkEnv.sh (5K) > <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/1/zkEnv.sh> > zkServer.sh (12K) > <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/2/zkServer.sh> > java.env (1K) > <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/3/java.env> > zoo.cfg (1K) > <http://zookeeper-user.578899.n2.nabble.com/attachment/7582560/4/zoo.cfg> > > > > > -- > View this message in context: > http://zookeeper-user.578899.n2.nabble.com/SSL-between-java-client-and-zookeeper-tp7582421p7582560.html > Sent from the zookeeper-user mailing list archive at Nabble.com.
