[ https://issues.apache.org/jira/browse/ZOOKEEPER-2125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14351315#comment-14351315 ]
Hadoop QA commented on ZOOKEEPER-2125: -------------------------------------- -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12703189/ZOOKEEPER-2125.patch against trunk revision 1663127. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 14 new or modified tests. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 1 new Findbugs (version 2.0.3) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2545//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2545//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2545//console This message is automatically generated. > SSL on Netty client-server communication > ---------------------------------------- > > Key: ZOOKEEPER-2125 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2125 > Project: ZooKeeper > Issue Type: Sub-task > Reporter: Hongchao Deng > Assignee: Hongchao Deng > Fix For: 3.5.1 > > Attachments: ZOOKEEPER-2125.patch, ZOOKEEPER-2125.patch, > ZOOKEEPER-2125.patch, ZOOKEEPER-2125.patch, ZOOKEEPER-2125.patch, > ZOOKEEPER-2125.patch, ZOOKEEPER-2125.patch, ZOOKEEPER-2125.patch, > ZOOKEEPER-2125.patch > > > Supporting SSL on Netty client-server communication. > 1. It supports keystore and trustore usage. > 2. It adds an additional ZK server port which supports SSL. This would be > useful for rolling upgrade. > RB: https://reviews.apache.org/r/31277/ > h2. How to use it > You need to set some parameters on both ZK server and client. > h3. Server > You need to specify a listening SSL port in "zoo.cfg": > {code} > secureClientPort=2281 > {code} > Just like what you did with "clientPort". And then set some jvm flags: > {code} > export > SERVER_JVMFLAGS="-Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory > -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks > -Dzookeeper.ssl.keyStore.password=testpass > -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks > -Dzookeeper.ssl.trustStore.password=testpass" > {code} > Please change keystore and truststore parameters accordingly. > h3. Client > You need to set jvm flags: > {code} > export > CLIENT_JVMFLAGS="-Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty > -Dzookeeper.client.secure=true > -Dzookeeper.ssl.keyStore.location=/root/zookeeper/ssl/testKeyStore.jks > -Dzookeeper.ssl.keyStore.password=testpass > -Dzookeeper.ssl.trustStore.location=/root/zookeeper/ssl/testTrustStore.jks > -Dzookeeper.ssl.trustStore.password=testpass" > {code} > change keystore and truststore parameters accordingly. > And then connect to the server's SSL port, in this case: > {code} > bin/zkCli.sh -server 127.0.0.1:2281 > {code} > If you have any feedback, you are more than welcome to discuss it here! -- This message was sent by Atlassian JIRA (v6.3.4#6332)